On this page we inform you what data we collect when you use our NodeMapp Bike or NodeMapp Hike app for Android or iOS (hereinafter referred to as "app"), why we collect it and how we use it to improve your user experience. This Privacy Policy applies to the NodeMapp Android and iOS app. By using our app, you indicate your acceptance of this privacy policy. NodeMapp respects the privacy of all users of its services and ensures that the personal information you provide is treated confidentially.

NodeMapp is committed to your privacy and the protection of your personal data. In this privacy statement, we want to provide clear and transparent information on how we handle personal data that we process in our app. We are committed to protecting your privacy and are therefore careful with personal data. In all cases, NodeMapp observes the applicable laws and regulations, including the General Data Protection Regulation (also known as GDPR, Regulation EU 2016/679).

This implies that we have to:

• Process your personal data in accordance with the purposes for which they are provided, these purposes and types of personal data are described in this Privacy Policy.
• We limit the processing of your personal data to only those data that are necessary for the purposes for which they are processed.
• Please ask for your explicit permission if we need it for processing your personal data.
• Have taken appropriate technical and organisational measures to ensure the security of your personal data.
• Do not pass on personal data to other parties, unless this is necessary for the execution of the purposes for which they were provided.
• We are aware of your rights as a data subject regarding your personal data, want to draw your attention to them and want to respect them.

In our app we use your location (if you give us permission to do so in the app). Our app needs access to your location in order to display your position on the map when you are walking or cycling, or to find routes near you. If you give our app permission to access your location at all times, we can also use your location when you close or stop using the app, so that you can close the app to save battery power, for example, while you are walking or cycling.

Your personal data are processed by NodeMapp for one or more of the following purposes:

• Marketing: if you want to create an account to be able to use the app, you need to register and provide a number of personal details. When you give your explicit permission during registration, you will receive a regular newsletter from us (6 to 8 times a year). Each newsletter contains a link by which you can unsubscribe at any time.
• Service: when you register in our app, you get an account that allows you to log in to the app and use all its features.
• Analysis: We also use your personal data to analyse who our target audience is, where our audience comes from and what routes/regions are most popular with our users (average age and main places where our users come from). This allows us to further improve and tailor the service within our app to our target audience.

We may ask, store, collect and process the following personal data from you for the purposes specified in section 3 of this privacy policy:

• Identification data: name, first name
• Contact details: e-mail, postal code, country
• Personal characteristics: year of birth

We only collect personal data that you provide to us yourself via the registration form in the app. We do not collect personal data through third parties, with the exception of the information received from affiliated companies and/or suppliers of products and services in the context of executing our assignment.

Every time a user creates or downloads a route via the app, we store this route in our database. This data is completely anonymised: no link is kept between the routes you save and your personal data. This means that no one, not even us at NodeMapp, can link a downloaded route to a person (with the exception of routes that you store in your own account, but these routes are not included in our analysis). This data is only used for analysis and service improvement purposes: it gives us a picture of the most popular routes and helps us to know where to prioritise when we publish new routes. Third parties (such as Provincial Tourism Organisations) may have access to these data to carry out analyses, but in no case will personal data be transferred during this transaction.

We may provide the data you give us to third parties if this is necessary for the fulfilment of the purposes described above.

We use a third party (processor) for:

• Storing and processing data in the Cloud (via a Cloud Service Provider).
• Taking care of the internet environment (web hosting, e-mail hosting).
• Carrying out marketing activities (a platform for sending newsletters)

We never pass on personal data to processors (external service providers) other than those with whom we have concluded a processing agreement.

We never share personal data with external parties unless this is legally required and/or permitted, such as in the context of a police or legal investigation. We may share personal data with third parties if you give us permission to do so. This consent can be withdrawn at any time, without affecting the lawfulness of the processing before the withdrawal.

We do not provide personal data to parties located outside the European Economic Area.

NodeMapp does not store personal data longer than necessary to realise the purpose for which it was provided. However, retention periods may differ per purpose. NodeMapp commits itself to keep the data no longer than necessary.

The following appropriate technical and organisational measures are taken to protect personal data as best as possible against unlawful processing:

• All persons who have access to your data on behalf of NodeMapp are bound to secrecy.
• We have a username and password policy on all our systems.
• All connections between the app and our web services are made via SSL (HTTPS). This means that every time you send data to our servers (e.g. via a form) it is sent over a secure connection.
• We pseudonymise and encrypt personal data if necessary.
• We test and evaluate our measures at regular intervals and adjust them if necessary.

• You have the right to see your personal data.
• You have the right to correct and complete your data if it is incorrect or incomplete.
• You have the right to erase (remove) the personal data we have received from you, which are no longer strictly necessary for the purposes for which they were processed. We do, however, reserve the right to determine whether your request is justified.
• You have the right to restrict data processing: if you object to the processing of certain data, you can ask for this processing to be stopped. In practice, this usually means that your personal data will be deleted from all our systems.
• You can also object to the way in which certain of your personal data is processed. For example, you have the right to object to the use of your personal data for direct marketing purposes (via unsubscribe options in e-mails and in your account).
• You also have the right to have the data you provide transferred by us to yourself or on your behalf directly to another party.
• You can view and adjust your personal data by logging in on our website (www.nodemapp.com) with your account. In the navigation menu, under 'Account' > 'Profile', you can consult your data, adjust them and submit a request for deletion. If you want to remove your data completely from our systems or exercise other rights concerning data processing, you can do so by contacting us via the contact page: www.nodemapp.com/en/contact. We may ask you to identify yourself before we can comply with the aforementioned requests. In order to prevent abuse, we may ask you to provide adequate identification. Within 10 working days of your request for deletion, we will confirm that your data has been deleted from our systems.

If you have a complaint about the processing of your personal data or about the exercise of your rights, please contact us directly via our contact page: www.nodemapp.com/en/contact. You always have the right to complain to the Data Protection Authority (DPA).

NodeMapp may amend this privacy statement at any time.

We regularly check whether we comply with this privacy policy. If you have any questions about this privacy policy, please contact us:

NodeMapp BV
A. Van Looplein 19, 2235 Hulshout (Belgium)
KBO number 0834.906.219

You can contact us via our contact page:
www.nodemapp.com/en/contact