Shaman Privacy Policy
Introduction
Last updated: May, 2026
Registered Address: Kennemerplein 6, 2011 MJ, Haarlem, The Netherlands
Contact: support@getshaman.com
Shaman BV ("we", "us", "our") is committed to protecting your personal data and upholding your privacy rights in accordance with the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), United States privacy laws (including the California Consumer Privacy Act (CCPA)), and other applicable legislation. This policy applies to all visitors and users of our website and services worldwide, including the European Union, United Kingdom, and the United States.
1. Who We Are – Data Controller Information
Shaman BV is a private limited company established under Dutch law, registered at Kennemerplein 6, 2011 MJ Haarlem, The Netherlands. We act as a data controller as defined by EU/UK law. For questions or privacy requests, contact support@getshaman.com or call +31 23 890 2510 (Mon-Fri, 09:00–17:00 CET).
2. What Personal Data We Collect
We collect and process the following categories of personal data:
● Identity and contact details: name, email address, and company name.
● Technical data: IP address, browser, device type, OS, time of access.
● Communication data: forms, live chat, email, or phone correspondence.Usage data: web navigation, page views, interactions.
● Cookie and tracking data: collected via cookies, pixels, analytics, ad technologies.
● For US visitors: data may be classified as "Personally Identifiable Information" (PII) under US privacy law.
3. Purposes and Legal Bases for Processing
We process your personal data for:
● Performance of contract or communicating with you (GDPR art. 6(1)(b), CCPA/CPRA-recognized business purpose, such as providing requested services);
● Website operation, security, analytics, and performance improvement (GDPR art. 6(1)(f), CPPA/CPRA-defined business purposes such as security, debugging, and analytics);
● Compliance with legal obligations (GDPR/UK GDPR art. 6(1)(c), CCPA sec. 1798.145);
● Marketing through cookies with your consent (GDPR art. 6(1)(a), CPRA sec. 1798.120 & sec. 1798.135, including opt-out rights for cross-context behavioral advertising).
You may be asked for consent for certain data processing (see Section 5, Cookies).
4. Data Sharing and Third Parties
We do not sell, rent, or disclose your personal information to unaffiliated third parties for commercial purposes. We share personal information with:
● Trusted subprocessors for services and hosting (see Section 6);
● Professional advisors for compliance and business operations;
● Regulators or law enforcement as required by law.
5. Cookies, Tracking & Consent
We use cookies and tracking technologies for analytics, performance, remarketing, and functionality, including:
● Google Analytics
● Google Adwords
● HubSpot Live Chat
Types of cookies:
● Necessary (functional)
● Analytical
● Marketing/advertising
We ask EU/UK users for active consent to non-essential cookies, per GDPR/UK GDPR, and provide cookie preference management. US users can opt out via browser settings. Disabling cookies may impact certain features.
6. Subprocessors and Data Transfers
We use the following third-party subprocessors:
● Amazon Web Services (AWS): secure website and cloud hosting; EU and US data centers.
● Web Labs: website development and technical support; processing limited to maintenance.
● Google: analytics and marketing; data processed in EU and US, with necessary contractual safeguards.
● HubSpot: live chat and marketing automation.
● JQN Business Services: Business development support.
● Data may be transmitted outside your jurisdiction (e.g. EU/UK to US, or vice versa). If necessary, we use Standard Contractual Clauses or equivalent safeguards. For US, we comply with federal and state data protection requirements.
7. Retention of Data
We retain your personal data only as long as is necessary to achieve the purposes for which it was collected, or to meet legal, accounting, or reporting obligations. Specifically:
● Account and service data are kept for no longer than 24 months after the end of the last user interaction or service request, unless a longer retention period is legally required (for example, under Dutch fiscal retention rules or statutory limitation periods);
● Communication, support, or contact data submitted via web forms, chat, or email is usually deleted within 24 months after closure or last contact, unless archiving is required for compliance or dispute resolution;
● Cookie and analytics data is kept in accordance with the cookie’s lifecycle (see cookie banner for durations);
● If data must be retained for legal claims, complaints, safety or regulatory inquiries, it will be kept in a secure, access restricted archive for as long as needed for such purposes, after which it will be securely erased or anonymized. All retention and deletion is regularly reviewed to ensure compliance, and data that is no longer necessary is deleted using secure methods.
8. Security Measures
We safeguard personal data using:
● SSL-encrypted data transmission
● Multifactor authentication for internal access
● Restricted access and staff training
● Regular security and privacy audits
9. Rights of Data Subjects/Consumers
Under de GDPR and UK GDPR, you enjoy a wide range of rights with respect to your personal data processed by Shaman B.V.
These include:
● Right of access: to receive a copy of your personal data and information on how and why it is processed.
● Right to rectification: to have incorrect or incomplete information corrected without undue delay.
● Right to erasure (right to be forgotten): to request deletion of your personal data when it is no longer necessary or there is no lawful reason for retention, unless laws require otherwise.
● Right to restriction: to request a limitation on the use of your data, e.g., pending correction or in cases of objection.
● Right to data portability: to receive and transmit your data in a structured, commonly used, machine-readable format, where technically feasible.
● Right to object: to object to processing based on legitimate interests or for direct marketing purposes.
● Right to withdraw consent: to revoke consent at any time when processing is based on consent; this will not affect processing already performed before withdrawal.
You may exercise your rights by emailing support@getshaman.com or writing to our address. We will respond to your request within one month, with possible extension per GDPR/UK GDPR. If you believe your request has not been addressed adequately, you may always lodge a complaint with the competent supervisory authority (see below).
Requests are answered within the time frames mandated by relevant laws (generally up to 1 month in EU/UK, up to 45 days in US).
10. Children’s Information
Our website and services are not directed to children under 16. We do not knowingly collect or process personal information of minors under 16. If you become aware that a minor’s data has been provided to us, please contact support@getshaman.com to have it removed.
11. Supervisory Authorities & Complaints
Users in the EU, UK or US may file complaints with:
● Netherlands: Autoriteit Persoonsgegevens
● UK: Information Commissioner’s Office
● USA: State Attorneys General or the Federal Trade Commission (FTC)
12. Changes to this Policy
We may update or amend this policy as legal, business, or technology requirements change. Notices of substantive changes will be published on our website or communicated by email.
Last updated 25 April 2025.
Contact Us
For questions, concerns, or rights requests, please contact support@getshaman.com or call +31 23 890 2510.
Registered Address: Kennemerplein 6, 2011 MJ, Haarlem, The Netherlands
Contact: support@getshaman.com
Shaman BV ("we", "us", "our") is committed to protecting your personal data and upholding your privacy rights in accordance with the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), United States privacy laws (including the California Consumer Privacy Act (CCPA)), and other applicable legislation. This policy applies to all visitors and users of our website and services worldwide, including the European Union, United Kingdom, and the United States.
1. Who We Are – Data Controller Information
Shaman BV is a private limited company established under Dutch law, registered at Kennemerplein 6, 2011 MJ Haarlem, The Netherlands. We act as a data controller as defined by EU/UK law. For questions or privacy requests, contact support@getshaman.com or call +31 23 890 2510 (Mon-Fri, 09:00–17:00 CET).
2. What Personal Data We Collect
We collect and process the following categories of personal data:
● Identity and contact details: name, email address, and company name.
● Technical data: IP address, browser, device type, OS, time of access.
● Communication data: forms, live chat, email, or phone correspondence.Usage data: web navigation, page views, interactions.
● Cookie and tracking data: collected via cookies, pixels, analytics, ad technologies.
● For US visitors: data may be classified as "Personally Identifiable Information" (PII) under US privacy law.
3. Purposes and Legal Bases for Processing
We process your personal data for:
● Performance of contract or communicating with you (GDPR art. 6(1)(b), CCPA/CPRA-recognized business purpose, such as providing requested services);
● Website operation, security, analytics, and performance improvement (GDPR art. 6(1)(f), CPPA/CPRA-defined business purposes such as security, debugging, and analytics);
● Compliance with legal obligations (GDPR/UK GDPR art. 6(1)(c), CCPA sec. 1798.145);
● Marketing through cookies with your consent (GDPR art. 6(1)(a), CPRA sec. 1798.120 & sec. 1798.135, including opt-out rights for cross-context behavioral advertising).
You may be asked for consent for certain data processing (see Section 5, Cookies).
4. Data Sharing and Third Parties
We do not sell, rent, or disclose your personal information to unaffiliated third parties for commercial purposes. We share personal information with:
● Trusted subprocessors for services and hosting (see Section 6);
● Professional advisors for compliance and business operations;
● Regulators or law enforcement as required by law.
5. Cookies, Tracking & Consent
We use cookies and tracking technologies for analytics, performance, remarketing, and functionality, including:
● Google Analytics
● Google Adwords
● HubSpot Live Chat
Types of cookies:
● Necessary (functional)
● Analytical
● Marketing/advertising
We ask EU/UK users for active consent to non-essential cookies, per GDPR/UK GDPR, and provide cookie preference management. US users can opt out via browser settings. Disabling cookies may impact certain features.
6. Subprocessors and Data Transfers
We use the following third-party subprocessors:
● Amazon Web Services (AWS): secure website and cloud hosting; EU and US data centers.
● Web Labs: website development and technical support; processing limited to maintenance.
● Google: analytics and marketing; data processed in EU and US, with necessary contractual safeguards.
● HubSpot: live chat and marketing automation.
● JQN Business Services: Business development support.
● Data may be transmitted outside your jurisdiction (e.g. EU/UK to US, or vice versa). If necessary, we use Standard Contractual Clauses or equivalent safeguards. For US, we comply with federal and state data protection requirements.
7. Retention of Data
We retain your personal data only as long as is necessary to achieve the purposes for which it was collected, or to meet legal, accounting, or reporting obligations. Specifically:
● Account and service data are kept for no longer than 24 months after the end of the last user interaction or service request, unless a longer retention period is legally required (for example, under Dutch fiscal retention rules or statutory limitation periods);
● Communication, support, or contact data submitted via web forms, chat, or email is usually deleted within 24 months after closure or last contact, unless archiving is required for compliance or dispute resolution;
● Cookie and analytics data is kept in accordance with the cookie’s lifecycle (see cookie banner for durations);
● If data must be retained for legal claims, complaints, safety or regulatory inquiries, it will be kept in a secure, access restricted archive for as long as needed for such purposes, after which it will be securely erased or anonymized. All retention and deletion is regularly reviewed to ensure compliance, and data that is no longer necessary is deleted using secure methods.
8. Security Measures
We safeguard personal data using:
● SSL-encrypted data transmission
● Multifactor authentication for internal access
● Restricted access and staff training
● Regular security and privacy audits
9. Rights of Data Subjects/Consumers
Under de GDPR and UK GDPR, you enjoy a wide range of rights with respect to your personal data processed by Shaman B.V.
These include:
● Right of access: to receive a copy of your personal data and information on how and why it is processed.
● Right to rectification: to have incorrect or incomplete information corrected without undue delay.
● Right to erasure (right to be forgotten): to request deletion of your personal data when it is no longer necessary or there is no lawful reason for retention, unless laws require otherwise.
● Right to restriction: to request a limitation on the use of your data, e.g., pending correction or in cases of objection.
● Right to data portability: to receive and transmit your data in a structured, commonly used, machine-readable format, where technically feasible.
● Right to object: to object to processing based on legitimate interests or for direct marketing purposes.
● Right to withdraw consent: to revoke consent at any time when processing is based on consent; this will not affect processing already performed before withdrawal.
You may exercise your rights by emailing support@getshaman.com or writing to our address. We will respond to your request within one month, with possible extension per GDPR/UK GDPR. If you believe your request has not been addressed adequately, you may always lodge a complaint with the competent supervisory authority (see below).
Requests are answered within the time frames mandated by relevant laws (generally up to 1 month in EU/UK, up to 45 days in US).
10. Children’s Information
Our website and services are not directed to children under 16. We do not knowingly collect or process personal information of minors under 16. If you become aware that a minor’s data has been provided to us, please contact support@getshaman.com to have it removed.
11. Supervisory Authorities & Complaints
Users in the EU, UK or US may file complaints with:
● Netherlands: Autoriteit Persoonsgegevens
● UK: Information Commissioner’s Office
● USA: State Attorneys General or the Federal Trade Commission (FTC)
12. Changes to this Policy
We may update or amend this policy as legal, business, or technology requirements change. Notices of substantive changes will be published on our website or communicated by email.
Last updated 25 April 2025.
Contact Us
For questions, concerns, or rights requests, please contact support@getshaman.com or call +31 23 890 2510.
Better Content. Better Results.
