Privacy Statement


This privacy statement describes how our company complies with relevant data protection regulation. We protect all customer data or data of other stakeholders according to all relevant regulations to the best of our capabilities.

The appointed contact for privacy and IT Security matters is the Security Officer of Product League and can be contacted via

What data do we collect?

Our core business is to develop and manage OutSystems applications and infrastructure. From customers, prospects, suppliers and people who write or email us, we collect contact information, contract documentation and communication records such as email.

What do we do with data?

We process customer data to test functionalities of the OutSystems applications we develop and manage for our customers. We do not host customer data from our clients, but we have access to customer data. We will not make copies of customer data and will not sell data to other parties. We will not hand over data or data access to other parties other than what is legally required or required for the delivery of our products and services.

How is data protected?

Data is stored on secured systems and services that have been verified as having adequate protection. Specific controls include:

  • Encryption of storage on laptops
  • Encrypted backup
  • Implemented Role Base Access
  • Anonymized test data on other environments other than production
  • Handle data according to applicable legislation (see laws & regulation)

Where can you ask questions or make requests about data?

The following questions can all be directed to the appointed to our Security Officer:

  • The way we handle your data
  • Suspected data losses or breaches
  • Subject Access Requests, i.e. what data we keep on you
  • Data deletion requests


You can contact us if via if you have a complaint about the use of your personal data. Following, if you believe that we are not handling your complaint properly, you can go to court. Finally, you can also give a tip to the Dutch Data Protection Authority about the way in which we use your personal data. You can do this via the website of the Dutch Data Protection Authority.

All questions will be addressed to the best of our ability and in accordance with applicable law. When you are not satisfied with our answer you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), or the DPA in your own country.

This privacy statement can be changed. The most current version of the privacy statement can be found in the internal environment of Product League. A copy of the privacy statement can also be issued on request.

Who has access to the personal data?

The personal data concerning you will be provided by Product League to:

  • The employees of Product League who are responsible for the HR administration in the back-office department;
  • The employees of Product League who are your manager(s) or those involved, insofar as this is necessary for the performance of their role as manager;
  • Third parties, if they provide services on behalf of and for the benefit of Product League, but only if necessary and only if agreements have been made about this. Product League will in any case oblige these third parties to maintain strict confidentiality and adequate security of your personal data. The conclusion of a processing agreement will also always be part of the agreement with these third parties.

Your data will not be transferred outside the European Economic Area.


Product League handles your personal data with care. Product League will take adequate technical and organizational measures to protect and secure your data. However, it is never possible to keep your data 100% secure. Examples of the aforementioned measures are:

  • Encrypted sending of emails with personal data
  • Storing files personal data under lock and key
  • Applying a strict access policy to these personal data

Your personal data will only be used for the purposes stated in this privacy statement. If you notice a security vulnerability, you can report this to Product League. Correct reports are investigated by Product League as soon as possible and (if possible) solved. A security incident process is put up for this.

Provision of personal data to third parties

Product League can provide your personal information to third parties if:

  • To that end, there is an obligation or justification on the basis of the law or a court decision, or in an emergency, insofar as it is in your reasonable interest, in the opinion of Product League (for example to the police or medical personnel);
  • Product League transfers one or more parts of the company or assets to a third party;
  • If these third parties perform services on behalf of and for the benefit of Product League in accordance with an agreement with Product League.

If your personal information is provided to a third party, you will be notified in advance, unless this is not reasonably possible.

Register of processing activities

Our processes are registered in the register of processing activities. Product league maintains such a register.

Acknowledgment and improvement of your personal data

You can always contact Product League if you:

  • Want to view, change or delete the personal data concerning you that Product League processes;
  • Want to limit the processing of your personal data or object to the processing of your personal data;
  • Want to make use of your right to have your personal data transferred to a third party;
  • Have questions regarding this privacy statement.