Pintura Labs Privacy Policy

Last updated: 2025-12-08

Welcome to Pintura Labs. We (Pintura Labs B.V.) can process personal data, as referred to in the General Data Protection Regulation (GDPR) (hereinafter: "Personal Data"), when you visit our website https://pqina.nl/pintura (hereinafter: the "Website") and/or when you make use of our software and/or services (hereinafter: the "Services").

In this privacy statement we explain to you which Personal Data we collect from you and for what purposes we do this.

1. When does this privacy statement apply?

This privacy statement applies to the visit of our Website and the use of our Services and only to the processing of Personal Data by us as controller. If an organization or a person processes your Personal Data through our Services, then this organization or person is the controller of Personal Data. We are then the processor of Personal Data. In that case, this privacy statement does not apply.

2. Your privacy is of great importance to us

We believe that careful handling of Personal Data is of great importance. Personal Data is therefore processed carefully and in accordance with this privacy statement and the applicable laws and regulations.

This means that we:

• Clearly define our purposes before we process your Personal Data – via this privacy statement
• Store as little Personal Data as possible and only process the Personal Data that is necessary for our purposes
• Only process Personal Data if there is a valid basis
• The necessary security measures are taken to protect your Personal Data. We also impose these obligations on parties that process Personal Data for us
• Respect your rights, such as the right to access, correction, data portability or deletion of your Personal Data processed by us

If you have any questions or would like to receive more information about the handling of your Personal Data, please contact us using the contact details provided in this privacy statement.

3. Personal Data

When we use the term "Personal Data" in this privacy statement, we mean information that relates to you.

4. Pintura Labs

For questions and/or comments about the processing of your Personal Data, you can contact us via our contact form

5. The Personal Data which we can process when you visit our Website

When you visit our Website as a visitor, we may process certain Personal Data about you.

You can contact us through our contact form (https://pqina.nl/pintura/contact) on the Website. In the form we request your email address.

The basis for this processing of Personal Data is Article 6 (1) f of the GDPR: we have a legitimate interest in this processing, because otherwise we will not be able to contact you and reply to you.

The message that you enter in the contact form can contain Personal Data. The basis for the processing of this Personal Data is Article 6 (1) a of the GDPR: you have given us permission to process this data, because you have chosen to send us the message with the data.

6. The Personal Data which we can process when you use our Services

When you use our Services, we may process the following Personal Data from you:

• Email address (*)
• Name

The information indicated with an asterisk (*) is mandatory for using our Services. The other information is optional.

After providing the above mentioned information, you can login to the client portal with your email address and you can download the software. We need the above mentioned information to know who you are and to provide you with the Services.

The basis for the processing of this Personal Data is Article 6 (1) b of the GDPR: the processing is necessary for the performance of the agreement between us and you. Without this information, we cannot provide our Services to you.

After registering an account, it is possible to enter or import additional data through our Services, including Personal Data. This is, however, not mandatory. This concerns, for example, the following data:

• Custom terms in your account
• Information in support tickets
• Product review

The basis for the processing of this Personal Data is Article 6 (1) a of the GDPR: you have given us permission to process this data, because you have chosen to enter or import this data through our Services. After all, this is not mandatory.

For the payment for our Services we make use of the payment service providers Gumroad and Lemon Squeezy. Your payment information stays with these payment services providers and we do not process this information as a controller. We recommend you to also read the privacy statements of Gumroad and Lemon Squeezy.

7. Security

We protect your Personal Data by taking technical and organizational measures against unauthorized, unlawful or accidental access, loss, destruction or damage to Personal Data. We are constantly taking steps to improve data security.

In this way we ensure that only the necessary persons have access to your Personal Data, that access to Personal Data is secured and that our security measures are regularly checked and evaluated. Among others, we take the following security measures:

• We have secured the connections to our Websites via Secure Socket Layer (SSL) technology.
• Databases with Personal Data are encrypted.
• Our IT facilities and equipment are physically protected against unauthorized access and against damage and malfunctions.
• Strong, unique passwords, multi-factor-authentication and password vaults are used. Activities that users perform (with Personal Data) are recorded in log files. The same applies to other relevant events, such as attempts to gain unauthorized access to Personal Data and disruptions that may lead to alteration or loss of Personal Data.
• Security measures are built into all application systems, including adequate access management.
• We ensure that our IT infrastructure is provided with security updates in a timely manner.
• We randomly check compliance with the policy.

The Personal Data is stored with parties that can ensure careful security. With these parties agreements have been made that are necessary for the processing of Personal Data. Insofar as the data centers of these parties are located outside the European Economic Area (EEA), appropriate safeguards have been put in place to make the transfer possible.

8. Retention period

We do not keep your Personal Data longer than necessary for the purposes for which they were collected or used. We only keep the Personal Data for a longer period if this is necessary to comply with a legal obligation, such as a tax retention obligation.

9. Third parties

We do not sell your data to third parties. We may, however, engage third parties who process certain Personal Data under our responsibility.

Some of these third parties are located in the EEA. Some third parties may be located in countries outside the EEA, such as the United States. In order to protect your Personal Data and to comply with our legal obligations, we will only engage third parties as processors if those third parties offer sufficient safeguards for the protection of your Personal Data. We will conclude a data processing agreement with these third parties, which provides appropriate protection with regard to your Personal Data. These third parties may only process the Personal Data in the context of the assignment we have given them, and not for other purposes.

One of the third parties we engaged for the processing of Personal Data is PQINA B.V., who we have engaged to provide us with a customer portal and to provide advertising services for us. PQINA B.V. is located in the EEA, in the Netherlands.

10. Updates or changes to this privacy statement

The way in which we process Personal Data, and the composition of the data we process, may change over time. We reserve the right to change this privacy statement at any time. For that reason, we encourage you to check the privacy statement on our Website regularly to stay informed of such changes. We make commercially reasonable efforts to inform you of major changes. In this way we ensure that you are aware of recent changes.

11. Your rights

In the context of our processing of your Personal Data, you have, among others, the following rights:

• The right to inspect the Personal Data that we process of you
• If you have given permission for the processing of your Personal Data, you also have the right to withdraw this permission
• The right to exercise data portability
• The right to have errors corrected
• The right to have outdated Personal Data deleted
• The right to object to a particular use of Personal Data

If you wish to exercise these rights, you can contact us. We request that you describe in your request as clearly as possible to which Personal Data your request relates.

You can only exercise your rights to the extent that the law grants you these rights. To ensure that a request has been made by you, we may ask you to send a copy of your identity document with this request. We only ask for this if we deem it necessary to identify you. We destroy the copy of your identity document immediately after we have identified you.

12. Other

This Privacy Statement does not apply to third-party websites that are linked to our Website and/or Services. We cannot guarantee that these third parties will handle your Personal Data in a reliable or secure manner. We recommend that you also read the privacy statements of these websites.

13. Complaints

If you have a complaint about the way we process your Personal Data, you can contact us. We then try to find a solution together.

You also have the right to lodge a complaint with the supervisory authority. In the Netherlands this is the Dutch Data Protection Authority (in Dutch: "Autoriteit Persoonsgegevens").