Legal

Privacy Policy

Last updated: May 20, 2026

1. Introduction

ErgoRisk ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our marketing website at ergorisk.net and use our application available at app.ergorisk.net (together, the "Service"). It also informs you about your privacy rights under applicable data protection laws, particularly the EU General Data Protection Regulation (GDPR), and how the law protects you. If you do not agree with the terms of this privacy policy, please do not access or use the Service.

2. Who We Are (Data Controller)

For the purposes of the GDPR and other applicable data protection laws, the Data Controller responsible for your personal data collected through the Service is:

  • Legal entity: ErgoRisk B.V.
  • Postal address: Paul van Vlissingenstraat 10 F, first floor, 1096 BE Amsterdam, The Netherlands
  • Chamber of Commerce (KvK): 96261358
  • VAT (BTW) number: NL867535386B01
  • Email: umut@ergorisk.net

If you have any questions about this privacy policy or our privacy practices, please contact us using the details above.

3. What Personal Data We Collect and Why

We collect and process your personal data for various purposes based on specific legal grounds.

Account creation and service provision

  • Data collected: name, email address, phone number, address, company name and address (if applicable), and payment details.
  • Purpose: to create and manage your account, provide access to our services, process payments, communicate about your account and service updates, and fulfill our contractual obligations.
  • Legal basis (GDPR): performance of a contract with you (Article 6(1)(b) GDPR), or to take steps at your request before entering into a contract.

Communications (marketing and product updates)

  • Data collected: name and email address.
  • Purpose: to send you product updates, newsletters, and marketing messages where you have opted in.
  • Legal basis (GDPR): your explicit consent (Article 6(1)(a) GDPR), given when you opt in.
  • Opt-out: you can withdraw your consent and unsubscribe at any time by clicking the "unsubscribe" link in any email you receive from us, or by contacting us directly at umut@ergorisk.net.

Customer support and enquiries

  • Data collected: name, email address, phone number, social media handle (if applicable), and the content of your communication.
  • Purpose: to respond to your enquiries, provide support, and address any issues you report.
  • Legal basis (GDPR): our legitimate interests (Article 6(1)(f) GDPR) to provide effective customer service.

Workplace assessment data

  • Data collected: videos and images uploaded by customer organizations for the purpose of ergonomic assessment, along with any derived analytics (pose estimation, risk scores, body part heatmaps).
  • Purpose: to generate ergonomic assessment results, action plans, and tracking dashboards for our customers.
  • Legal basis (GDPR): performance of a contract with our customer (Article 6(1)(b) GDPR). Where individual workers can be identified, our customer (acting as Data Controller for that data) is responsible for ensuring an appropriate legal basis under Article 6 and, where applicable, Article 9 GDPR.

Website usage analytics (via cookies)

  • Data collected: information about how you use our website (e.g. IP address, browser type, pages visited, time spent), collected through cookies and similar technologies.
  • Purpose: to understand how users interact with our website, improve functionality and user experience, and ensure website security.
  • Legal basis (GDPR): your consent (Article 6(1)(a) GDPR) for non-essential cookies. For essential cookies, our legitimate interest (Article 6(1)(f) GDPR). See our Cookie Policy for details and how to manage your preferences.

Business transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. Legal basis (GDPR): our legitimate interests (Article 6(1)(f) GDPR) to ensure business continuity. We will notify you of any such transfer and any resulting changes to this privacy policy.

4. Who We Share Your Data With

We do not sell your personal data. We may share your information with third parties only in the ways described below:

  • Service providers: trusted third-party vendors, consultants, and service providers who perform services on our behalf, including our primary cloud host Amazon Web Services (AWS), Frankfurt region, and our email delivery provider. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Legal obligations and safety: we may disclose your information if required by law, regulation, legal process, or governmental request, or where necessary to protect the rights, property, or safety of ErgoRisk, our users, or others.
  • Business transfers: in connection with a merger, sale of assets, financing, or acquisition.
  • With your consent: with other third parties where you have given explicit consent.

5. International Data Transfers

Your personal data is primarily stored and processed on AWS servers located in Frankfurt, Germany (AWS eu-central-1). If we transfer your personal data outside the European Economic Area (EEA) or the UK to countries not deemed to provide an adequate level of data protection, we ensure appropriate safeguards are in place as required by law. These safeguards typically include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office (ICO).
  • Transfers to countries that have received an adequacy decision from the European Commission or the UK government.
  • Binding Corporate Rules (BCRs) for intra-group transfers.

You can request more information about the specific safeguards we use by contacting us.

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data.
  • The potential risk of harm from unauthorized use or disclosure.
  • The purposes for which we process your data, and whether we can achieve those purposes through other means.
  • Applicable legal requirements.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use that information indefinitely without further notice.

7. Your Data Protection Rights (GDPR)

If you are within the EEA or the UK, you have the following rights regarding your personal data:

  • Right to access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete personal data.
  • Right to erasure (right to be forgotten): request deletion of your personal data where there is no compelling reason for us to continue using it.
  • Right to restrict processing: request suspension of processing under certain circumstances.
  • Right to data portability: request transfer of your personal data in a structured, commonly used, machine-readable format (applies to data processed based on consent or contract and processed by automated means).
  • Right to object: object to processing based on our legitimate interests or for direct marketing.
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
  • Automated decision-making: our ergonomic risk scoring uses automated processing of video data. You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects, except where necessary for contract performance, authorized by law, or based on your explicit consent. Customer organizations using our Service remain responsible for any decisions taken about workers based on our outputs.

To exercise any of these rights, contact us at umut@ergorisk.net. We may need to verify your identity. There is usually no fee, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

You also have the right to lodge a complaint with a data protection supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). In the EU more broadly, see edpb.europa.eu.

8. Cookies

Our websites use cookies. For detailed information on the cookies we use, the purposes for which we use them, and how you can manage your preferences, please refer to our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against accidental loss, unauthorized access, use, alteration, or disclosure. Transmission of information via the internet is, however, not completely secure, and we cannot guarantee the security of data sent to us before it reaches our infrastructure.

10. Changes to This Privacy Policy

We keep this privacy policy under regular review and may update it from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last updated" date at the top of this page.

11. Keeping Your Data Accurate

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.