Privacy & Security

Privacy Policy

Last updated: July 18, 2025

Prime Contact Software Solutions B.V. processes personal data for WFM Buddy and related products and services with security, confidentiality and accountability in mind. Our privacy and information security practices are aligned with our ISO 27001 certified information security management approach and our SOC 2 Type II control environment.

What we collect

Within our products, we aim to process only the minimum data needed to operate the service, typically technical or functional identifiers rather than directly identifying personal data.

Why we use it

To provide, support, secure and improve our products and services, manage customer relationships and meet legal and contractual obligations.

How we protect it

Through access control, logging, vendor oversight, change management, incident response and periodic security reviews.

Your rights

You can request access, correction, deletion, restriction, objection or portability where applicable under GDPR.

1. Who we are

This Privacy Policy applies to WFM Buddy, the WFM Buddy mobile app, and related self-scheduling and task planning solutions provided by Prime Contact Software Solutions B.V. We act as controller for personal data processed in connection with these products and services unless a different role is explicitly stated for a specific customer deployment or service arrangement.

2. Scope of this policy

This policy explains how we collect, use, store, share and protect personal data in connection with WFM Buddy and related Prime Contact products and services, including demos, onboarding, delivery, support, account management, security operations and associated business communications.

Customer-specific processing in deployed environments may additionally be governed by separate contractual terms, data processing agreements and customer instructions.

3. Personal data we may collect

Product data model

  • Customer, agent, planner or manager identifiers
  • Technical account or integration identifiers
  • Operational or workflow-related status and transaction data linked to identifiers
  • Audit and security data needed to run and protect the service

What we do not store in the product by design

  • Names
  • Home or postal addresses
  • Email addresses
  • Other directly identifying profile data, unless explicitly and separately agreed for a specific implementation

In practice this means our products are designed to work primarily with IDs rather than directly identifying personal data. Where business contact details are exchanged for onboarding, contracting or support purposes, that information is handled outside the core product data model and only to the extent needed for the relevant business interaction.

4. Legal bases for processing

Depending on the interaction, we rely on one or more of the following legal bases:

  • Consent, for example where you actively submit a request or accept optional cookies.
  • Performance of a contract or pre-contractual steps, for example when you request a demo or information about our services.
  • Legitimate interests, such as securing our products and services, preventing misuse, improving our services and managing business communications.
  • Legal obligations, where retention or disclosure is required by applicable law.

5. How we use personal data

  • To provide, configure, operate and support WFM Buddy and related Prime Contact products and services.
  • To respond to demo requests, contact requests, support tickets and commercial inquiries.
  • To authenticate access, maintain auditability, secure our services and investigate misuse or other security events.
  • To manage customer relationships, invoicing, contract performance and service communications.
  • To improve functionality, reliability, support processes and operational performance.
  • To comply with legal, regulatory and contractual obligations.

For the product itself, these activities are generally carried out on pseudonymous or identifier-based records rather than directly identifying personal data.

6. Security and governance

We treat information security as an operational discipline, not only as a legal requirement. Our controls are designed to support confidentiality, integrity and availability, consistent with our ISO 27001 certified security management approach and our SOC 2 Type II audited control environment.

Data minimization is part of that design approach. By default, our products are intended to limit exposure to directly identifying personal data and operate mainly on IDs and operational records.

Examples of controls

  • Role-based access and least-privilege principles
  • Authentication and administrative access controls
  • Logging, monitoring and review of relevant systems
  • Controlled change and release management
  • Backup, continuity and recovery procedures

Governance practices

  • Risk assessment and periodic control review
  • Security incident response procedures
  • Vendor and subprocessor due diligence
  • Policy management and internal accountability
  • Ongoing improvement of security processes

No system can be guaranteed to be absolutely secure, but we maintain appropriate technical and organizational measures proportionate to the nature of the data and the services involved.

7. Sharing of personal data

We may share personal data only where needed for legitimate business purposes, including with:

  • Hosting, infrastructure, communication, support, monitoring or analytics providers acting on our instructions.
  • Professional advisers, auditors or certification-related parties where appropriate and subject to confidentiality obligations.
  • Authorities or other third parties when required by law or to protect rights, security or the continuity of our services.
  • Affiliated entities within Prime Contact where needed for sales, delivery, administration, customer support or security operations.

We do not sell personal data.

Because the product data model is generally identifier-based, the data shared in connection with product operations is also typically limited to IDs, operational metadata and service security records, unless a specific customer setup requires something different by agreement.

8. International transfers

If personal data is transferred outside the European Economic Area, we take appropriate steps to ensure an adequate level of protection. Depending on the transfer scenario, this may include contractual safeguards, vendor commitments, risk review and supplementary technical or organizational measures.

9. Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this policy, including to respond to requests, manage business relationships, secure our environment, comply with legal obligations and resolve disputes. Retention periods may vary depending on the type of data, the context in which it was collected and applicable legal or contractual requirements.

10. Your privacy rights

Where applicable under privacy law, including GDPR, you may have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of data
  • Request restriction of processing
  • Object to certain processing activities
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local supervisory authority

To exercise these rights, contact us at info@prime-contact.com.

11. Cookies and website analytics

Our products and services may use technical session controls, device or browser state, logging and similar mechanisms where needed for authentication, usability, reliability and security. Where a web interface is involved, browser-based technologies may be used only to the extent needed to operate and secure that service context.

12. Third-party links

This website may contain links to third-party websites or services. Those sites operate under their own privacy and security practices, and we recommend reviewing their policies separately.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal, operational, security or service changes. The latest version will always be published on this page with an updated revision date.

14. Contact

If you have questions about this Privacy Policy or our handling of personal data, contact us at info@prime-contact.com or write to Prime Contact Software Solutions B.V., Landdrostdreef 124, 1314 SK Almere, The Netherlands.