Privacy Policy


Neo4Z, located at High Tech Campus 9, 5656 AE Eindhoven, is responsible for the processing of personal data as shown in this privacy statement.

Contact details

High Tech Campus
5656 AE Eindhoven
Tel: 085-1301472

The Data Protection Officer (DPO, Rob Mellegers) of Neo4Z can be reached via our contact form.
The Information Security Officer of Neo4Z can be reached via our contact form.

Compliance with the relevant legislation

Neo4Z declares to comply with the relevant EU Data Protection Law, Regulation 2016/679 on the protection of natural persons with regard to processing of personal data and the freedom of such data (GDPR).

The compliance with the GDPR is proven by respecting the relevant provisions: Article 5 GDPR, together with Articles 6, 7, 9, 12, 13, 15, 16, 17, 18, 20, 21, by processing data only based on consent or for the legitimate purpose of carrying out the mail goal of the product, by being transparent with the processing activities, and by informing the data subjects in a timely manner of all relevant matters concerning the processing of their data. Furthermore, Neo4Z states that the customers have been informed by all their relevant rights and will respect the use of any, at any time, by any data subject.

Personal data that we process

Neo4Z’s website processes your personal data by using our services and / or by providing this personal information to us. Below is an overview of the personal data we process:

  • First and last name;
  • Email address;
  • Content of your message;
  • IP address.

Neo4Z’s product processes your personal data by using our services and / or by providing this personal information to us.

For what purpose and on what basis we process personal data

Neo4Z processes your personal data for the following purposes:

  • Being able to contact you by e-mail to be able to perform our services by responding to your question / request, as well as receiving feedback on our product;
  • Being able to fulfil the purpose of the cloud service.

We use the following retention periods for the following (categories) of personal data:

For the website:

  • Personalia: max. 4 weeks > needed for feedback of your question;
  • Email address: max. 4 weeks > required for feedback of your question.

For the product:

The data is stored for as long as there is an active license of the client. The client has the right to set the storage periods and the purposes of processing. When the product license expires, the general data is not retained. Certain items such as the name of the users, time of using etc. may be retained for 1 month for legal purposes. Upon request, the data may be returned either to the data subject or to the cloud customer.

Where a customer wishes to lodge a complaint regarding the storage policies, it may do so by providing the relevant legal basis for such complaint. In response, Neo4Z declares to uphold the compliance with the legal obligation.

Locations concerning processing activities

If the locations concerning the processing activities of personal data are subject to any change, the cloud customers will be notified by email in a timely manner (before the change has officially been implemented), with the possibility of objecting to such change and seeking a remedy. If the cloud customer objects to the location changes, the customer is entitled to seek remedy. The customer may ask for the agreement between the cloud customer and the cloud service to be terminated, and thus their data to no longer be processed. In order to assure that the relevant objection does not impede the activities of the cloud service and that no data would be processed unlawfully, the cloud customer will launch such objection before the official implementation of the change.


Neo4Z declares that no engagement with another sub-processor or sub-contractor will be done without the written authorisation of the cloud customer, after the cloud customer has given a fully informed approval. If such approval is given (WPP 3.2), the sub-processor or sub-contractor is bound by the same data protection obligations (GDPR obligations) by means of an agreement between the cloud service and the relevant sub-processor or sub-contractor, as well as by them providing services on the territory of the EU, thus having an obligation to comply with the GDPR by themselves.

If requested by a customer, the cloud service may share the contents of the agreements with the sub-processors of sub-contractors, in full or in part, in order to prove compliance with the same level of protection. Furthermore, Neo4Z declares to remain fully liable to the cloud customers for the performance of the data protection obligations imposed upon the engaged sub-processors or sub-contractors.

If the engagement with the sub-processors or sub-contractors is subject to change, the customers will be informed in a timely manner, before the change has been implemented, with the possibility of objecting to such change, and the possibility of seeking an appropriate remedy. The cloud customer is entitled to ask for the termination of the agreement between the cloud customer and the cloud service, if the objection cannot be resolved to the customer’s satisfaction. Due to the fact that this process would take place before any change has been officially implemented, the cloud customer will be given sufficient time to arrange an alternative service.

Record of personal data

Neo4Z declares that a record of the personal data processing activities carried out in connection to our service is kept, which may be made available to supervisory authorities when requested. Such record shall include the contact details of Neo4Z, together with the contact details of each customer on behalf of which Neo4Z processes personal data, and the contact details of Neo4Z’s DPO. Furthermore, the record shall include a list of categories of personal data processing activities carried out in connection to our service, on behalf of each of our customers.

Data transfer

Neo4Z declares that no data transfer will take place outside the European Union to third countries.

Sharing personal data with third parties

Neo4Z provides exclusively to third parties and only if this is necessary for the execution of our agreement with you or to comply with a legal obligation.

Cookies, or similar techniques, that we use

Neo4Z uses all session cookies in order to record the normal movements of our users on the website.

How we protect personal data

Neo4Z takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. If you feel that your data is not properly secured or if there are indications of abuse, please contact us via our contact form.

Data breach

Neo4Z declares that in cases of data breaches, we uphold the obligation of informing the cloud customer of such breaches as soon as possible. Such declaration shall contain the description of the breach, the name and contact details of the DPO, the likely consequences of such a breach, including the measures taken to address the breach and possible measures of mitigating the possible adverse effects.

Restriction of processing

If requested by the data subject, a restriction on the further processing of data is possible, where the cloud service provider will stop processing, but might still store the data for legal reasons. Upon the consent of the data subject, further processing actions may be possible.

View, modify, transfer or delete data

You have the right to view, correct, transfer to another provider or delete your personal data. You also have the right to withdraw your consent for data processing at any time or to object to the processing of your personal data by Neo4Z.

Neo4Z declares that the cloud customer or data subject have the right to have the data they provided, in connection with our service, to be directly transferred to another service provider, in a structured, commonly used, machine readable and interoperable format.

You can send a request for access, correction or deletion of your personal data or a request for withdrawal of your consent or objection to the processing of your personal data to our contact form. We will respond to your request as quickly as possible, but within four weeks.

Neo4Z would also like to point out that you have the option to file a complaint with the national data protection authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can do this via the following link: persoonsgegevens/tip-ons.