Privacy Statement
1. Introduction
Databeamer is a secure file sharing platform developed and licensed by Full Join B.V., a software development and consultancy company based in Eindhoven, The Netherlands. At Full Join, protecting your privacy and securing your data is a core priority.
This Privacy Statement explains how we collect, use, store, and protect your personal data when you use Databeamer, our public website, and related services (collectively, the “Services”). It applies to situations in which Full Join acts as a data controller, meaning we determine the purposes and means of processing your personal data (for example, when you create an individual account or interact with us directly).
In some cases, we may also act as a data processor on behalf of business customers. In such situations, your data is processed based on the instructions of that business customer, who acts as the data controller. If you are using Databeamer as part of an organisation (such as your employer or school), we recommend reviewing your organisation’s privacy policy for more information.
We handle personal data with care and in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR). While we may share data with subprocessors necessary for delivering the Service, we do not sell personal data to advertisers or third parties.
For more information about how we handle your data, or to exercise your individual rights under data protection law, you can contact us at: support@databeamer.eu.
2. The Data We Collect
When you use our Services, we collect and process various types of personal data. The specific data we collect depends on how you use our Services and whether you are using Databeamer as an individual or on behalf of an organisation. This section describes the categories of data we collect, how we collect them, and for what purposes.
2.1 Information You Provide to Us
This includes information you actively provide when using our Services, creating an account, contacting support, or participating in optional features.
A) Account and User Information
When you create or use a Databeamer account, we may collect (*Required to use the Service):
- Full name*
- Email address*
- Organisation (if applicable)
- Profile details (e.g., photo, phone number, language preferences)
- Two-factor authentication settings
- Notification and email preferences
- Account identifiers
- Billing and Payment information (in case of purchasing a subscription)
B) Support and Communication
If you contact us for support, legal questions, send feedback, or participate in user research or surveys, we may collect:
- Your contact information (e.g., name, email, phone number)
- The content of your inquiry or feedback
- Your responses to surveys or product evaluations
- Metadata related to your interaction (e.g., timestamps).
Our website includes several forms that you can use to get in touch with us or request information. The personal data you provide through these forms will be stored in our Customer Relationship Management (CRM) system.
If you are not a client, we retain this data for no longer than two years following your last interaction with us, unless we are legally required to retain it for a longer period.
By submitting your information through these forms, you are entering into a (pre-)contractual relationship with us, which forms the legal basis for processing your data. For details on how we use cookies on our website, please refer to our Cookie Policy (/legal/cookie-policy)
2.2 Information We Collect Automatically
We collect certain information automatically when you access or interact with Databeamer to maintain service integrity, troubleshoot issues, and improve our product.
A) Technical and Device Information
- IP address
- Device type and operating system
- Browser type and version
- Language preferences
- Device identifiers (e.g., user agent, device ID)
B) Usage and Interaction Data
- Timestamps and logs of actions (e.g., file uploads/downloads)
- Login activity and session duration
- Navigation behaviour within the app
- Feature usage statistics
- Error and crash logs
C) Security and File Transfer Logs
- Metadata about file transfers (e.g., timestamps, file names, size)
- Encryption-related details
- Audit trails and proof of delivery (where applicable)
- Access logs (e.g., who accessed which file and when)
2.3 Transferred Data (User Content)
When you use Databeamer to share or transfer files, we process the content you upload or send. This data may include:
- Encrypted files and their metadata (file names, size, type)
- Descriptions or messages attached to transfers
- Information about the sender and recipients (e.g., email addresses)
Important: All file content is encrypted end-to-end. We implement strict technical and organisational measures to ensure we are technically unable to access your encrypted file contents at any time..
2.4 Information from Other Sources
In certain cases, we may receive personal data from third parties, including:
- Your organisation, if you use Databeamer through a business account
- Authentication providers, if you log in using a third-party service (e.g., Google, Microsoft)
- Security services, to support threat detection and fraud prevention
- Subprocessors, who provide services on our behalf (e.g., infrastructure or analytics)
- Law enforcement or regulators, in response to legal requests
2.5 Optional Features
If you use optional features of Databeamer, we may collect additional information such as:
- User information in automated workflows when using agents
- Proof of Delivery, including timestamps of when files were accessed or decrypted
- Threat protection features, which may involve scanning for viruses, malware or phishing
3. How We Use Your Data
We process your personal data solely for the purpose of delivering, maintaining, and improving our services. This includes both the secure operation of our software and the broader support and development activities associated with our consultancy services.
We always ensure that data is processed lawfully, fairly, and transparently, and we rely on one or more of the legal bases provided under the General Data Protection Regulation (GDPR), such as performance of a contract, compliance with legal obligations, legitimate interests, or your consent (where applicable).
3.1 Main purposes
The table below outlines the main purposes for which we process your data, the associated legal bases, and examples of how this applies in practice:
| Purpose | Legal Basis | Examples of Use |
|---|---|---|
| To provide and operate our Services | Performance of a contract | Enabling secure, encrypted file transfers; authenticating users; sending confirmation emails; providing access to your account. |
| To maintain the security and stability of our Services | Legitimate interestt | Preventing unauthorized access; detecting abuse or misuse; monitoring system performance; troubleshooting issues. |
| To support our clients and users | Performance of a contract / Legitimate interest | Responding to support requests or demo planning; communicating system updates or changes that affect service delivery. |
| To improve and develop our Services | Legitimate interest | Analysing usage patterns to improve product functionality, reliability, and user experience. |
| To comply with legal obligations | Legal obligation | Retaining data required for tax or audit purposes; responding to requests from authorities; keeping records of consent where applicable. |
| To respond to audits or regulatory inquiries | Legal obligation / Legitimate interest | Cooperating with supervisory authorities or auditors upon request, where relevant to our role as a controller or processor. |
| To communicate with you (not including direct marketing) | Legitimate interest / Consent (where needed) | Sending requested whitepapers, quotes, or updates related to your specific inquiry or account. |
| To send direct marketing communications (if applicable) | Consent | Sending you newsletters or event invites (only if you have opted in — you may withdraw consent at any time). |
4. How & When We Share Your Data
We do not sell, rent, or trade your personal data to third parties. We only share your information when it is necessary for the delivery of our services, when required by law, or when you have explicitly given us permission to do so.
Below is an overview of the situations in which we may share personal data, the types of third parties involved, and the reasons for doing so:
##$ 4.1 Service Providers We work with carefully selected third-party service providers who support the operation of our services. These providers only receive the data necessary to perform their specific tasks and are contractually bound to handle your data securely and in compliance with the GDPR.
This includes providers that offer:
- Cloud hosting and infrastructure
- Security and access control
- IT and product support services
4.2 Website Analytics (Plausible)
We use Plausible Analytics to collect anonymous usage data about visitors to our public website (not within Databeamer). Plausible is a privacy-friendly, GDPR-compliant analytics platform that does not use cookies, does not track personal data, and does not share data with third parties. Its sole purpose is to help us understand general website performance and visitor behavior in an anonymized way.
You can read more in our cookie policy.
4.3 Legal Obligations and Safety
We may share personal data if we are legally required to do so, or if we believe in good faith that such disclosure is necessary to:
- Comply with applicable laws or legal proceedings (e.g., court orders or subpoenas)
- Respond to lawful requests from law enforcement or government authorities
- Protect our users, our systems, or the public from harm or illegal activity
We always assess such requests carefully and only provide what is strictly necessary.
4.4 With Your Consent
In all other cases, we will only share your data with third parties when you have explicitly given us your consent to do so — for example, when integrating our services with a third-party application at your request.
5. Your Rights
As a user located in the European Union (EU), United Kingdom, Switzerland, or Norway, you have rights under the GDPR and similar laws in the UK, Norway, and Switzerland.. This section outlines your rights, how to exercise them, and any conditions that may apply. We take your privacy rights seriously and respond to all requests within the time limits required by law (typically within one month).
5.1 Overview of Your Rights
You may exercise the following rights with respect to your personal data:
Right of Access You have the right to access your personal data and receive a copy of the data we process about you.
Right to Rectification If the personal data we hold is inaccurate or incomplete, you have the right to request that we correct or update it.
Right to Erasure (Right to be Forgotten) You may request the deletion of your personal data. This right may be limited in cases where we need to retain certain data to comply with legal obligations, resolve disputes, enforce agreements, or prevent fraud.
Right to Restrict Processing You can ask us to limit the processing of your data in certain circumstances, for example if you contest the accuracy of the data or object to its processing.
Right to Object You may object to the processing of your personal data where we rely on our legitimate interests or those of a third party. We will assess your objection and stop the processing unless we have compelling legitimate grounds to continue.
Right to Data Portability Where processing is based on your consent or a contract and carried out by automated means, you have the right to request a copy of your data in a structured, commonly used, and machine-readable format. You may also ask us to transfer this data directly to another controller.
Right to Withdraw Consent If we rely on your consent to process personal data, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before the withdrawal.
Right to Submit a Complaint If you believe that your data protection rights have been violated, you have the right to file a complaint with your local data protection authority. Our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
5.2 Exercising Your Rights
To exercise any of your rights, please contact us at: legal@fulljoin.nl or use the Support form on our website
When submitting a request, we may ask you to verify your identity or provide additional information to ensure the security of your data and the authenticity of the request.
Please note: Some rights may be limited due to legal obligations or the nature of the data processing. If your use of our services is provided through an organisation (e.g. your employer), requests regarding your personal data should typically be directed to that organisation.
6. How We Protect Your Data
Protecting your personal data is a top priority for us. We implement industry-standard technical and organisational measures to ensure that your data is secure, confidential, and processed in accordance with applicable data protection laws, including the GDPR, UK GDPR, and relevant local regulations in Norway and Switzerland.
6.1 Data Security Measures
Within Databeamer we have implemented the following safeguards to protect your data from unauthorised access, loss, misuse, or alteration:
- End-to-End Encryption: All transferred files are encrypted both in transit and at rest. We use client-side encryption, meaning encryption keys are generated and stored locally and are not accessible to us.
- Temporary Storage: Files are retained only for as long as necessary to complete the requested transfer. After a transfer is completed or reaches its expiry time, files are automatically and permanently deleted.
- Access Control: Only authorised users and systems can access your transferred data. Strict role-based access controls are in place to minimise exposure.
- Secure Authentication: We support strong authentication mechanisms, including multi-factor authentication (MFA), to protect access to our services and administrative systems.
- Monitoring & Logging: We monitor access and activities on our systems to detect and prevent unauthorised actions or data breaches.
- Staff Confidentiality & Training: All our team members are bound by confidentiality obligations and receive regular training on information security and data protection best practices.
6.2 Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Statement, including to comply with legal, regulatory, tax, accounting, or reporting requirements. More specifically:
- Transferred Files: Are deleted automatically after a successful transfer or after a predefined expiry period.
- Metadata and Logs: We may retain limited metadata (such as timestamps and anonymised identifiers) for a limited time after transfer, for purposes of security, audit, and legal compliance.
- Personal Information: If you are not a customer, we will retain any personal data submitted through our website forms (e.g., contact or demo requests) for no more than two years after your last interaction with us.
- Where we process data on behalf of our business customers, we do so as a data processor, and retention is governed by our Data Processing Agreement (DPA) with the customer, subject to applicable legal requirements.
7. Updates to This Privacy Statement
We may update this Privacy Statement to reflect changes in our practices or legal requirements. We will notify users of significant updates. Please check this page periodically for the latest version.
About & Contact
Databeamer by Full Join
Databeamer is created and licensed by Full Join B.V. and is located in Eindhoven, The Netherlands. Full Join is a software and data development/consultancy agency. We develop applications and provide consultancy services, including advising organizations about data, privacy and development projects.
KVK: 71160620
BTW: NL 858 603 573 B01
Contact Us
For more information about this policy or other legal matters, contact us via our Contact Form