Get in touch
Close


+ (31) 79-799-6190

contact@doroad.ai

Get in touch
Get in touch

Privacy Policy

Privacy Policy – DoROAD B.V. (Atlas and Atlas Data API)

Who we are and scope

This Privacy Policy explains how DoROAD B.V. (“DoROAD”, “we”, “us”) processes personal data in connection with our products and services, including the Atlas platform and Atlas Data API, related web portals, and support channels. DoROAD B.V. is established at Cyprus 65, Zoetermeer, The Netherlands, registered with the Dutch Chamber of Commerce (KvK) under 95199519, and VAT number NL 867038111B01. Our website is www.doroad.ai.

For privacy questions, contact us at privacy@doroad.ai or +31 79 799 6187.

Our role: controller and/or processor

Our role depends on the context. For our own websites, account management, billing, and product improvement, we act as a controller. When you use Atlas or the Atlas Data API to process your data, we typically act as a processor on behalf of your organization under a data processing agreement consistent with the NLdigital Processor Agreement. In that role, we process only on your documented instructions and implement appropriate safeguards and audit support.

Categories of personal data we process

Depending on your use, we may process:

  • Identification and contact details (such as name, email, organization).
  • Authentication and access data (roles, SSO claims, audit logs).
  • Usage and telemetry (API requests, performance and error metrics).
  • Content you submit or generate via the API or portals.
  • Support and communication data (tickets, chat, email).
  • Billing information.

Special categories of data are processed only if necessary and subject to your instructions when we act as processor.

Purposes and legal bases

We process personal data to:

  • Deliver and maintain services.
  • Provide customer support.
  • Manage billing and contracts.
  • Ensure security and fraud prevention.
  • Improve products and quality.
  • Comply with legal obligations.
  • Where permitted, communicate updates and relevant product information.

When we act as processor, we follow your written instructions. We design our platform with privacy-by-design principles, prioritize security, and do not monetize, sell, or use personal data for advertising.

Retention

We retain personal data only as long as needed for the purposes described or as required by law. Operational logs and telemetry are kept for security, auditing, and troubleshooting within proportionate periods. At the end of retention periods, we delete or anonymize data. We can align with your data retention policies and support “Right to Erasure” requests in coordination with the controller, where applicable.

Sharing and subprocessors

We share personal data only with:

  • Internal teams necessary for delivery and support.
  • Authorized subprocessors for hosting, identity, email, and support tooling.
  • Competent authorities where legally required.

Subprocessors are contractually bound to appropriate security, confidentiality, and processing terms consistent with the NLdigital Processor Agreement. We are guided by a zero‑compromise privacy and security philosophy across our platform.

International transfers

If personal data is processed outside the European Economic Area, we implement appropriate safeguards such as EU Standard Contractual Clauses and supplementary measures, consistent with GDPR. Where feasible, we offer data residency options to help you manage sovereignty and regulatory requirements.

Security

We implement technical and organizational measures to protect personal data against unauthorized or unlawful processing and accidental loss, destruction, or damage. Our approach is based on privacy-by-design and strong security controls across the stack, including appropriate access management, encryption in transit and at rest, logging, and periodic risk assessments commensurate with the nature and scope of processing.

Data subject rights

Subject to your role and applicable law, you have rights to access, rectification, erasure, restriction, portability, and to object. When we act as processor, we handle requests in coordination with the controller. Submit requests via privacy@doroad.ai. You may also lodge a complaint with the Dutch Data Protection Authority at www.autoriteitpersoonsgegevens.nl.

Cookies and tracking

Our websites and portals use cookies and similar technologies for essential functionality, security, and, where permitted, analytics. Where required, we request consent. See our Cookie Policy at [INSERT COOKIE POLICY LINK] for details.

Children

Our services are not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, please contact us so we can take appropriate action.

Changes to this Policy

We may update this Privacy Policy from time to time. The latest version is available at www.doroad.ai/privacy. Material changes will be communicated in a timely manner. This Policy is effective as of 15 October 2025, version 1.0.

Contact

For questions, requests, or complaints about this Policy or our data processing, contact: DoROAD B.V., Attn: Privacy, Cyprus 65, Zoetermeer, The Netherlands, privacy@doroad.ai, +31 79 799 6187.

Our Data Protection Officer is W. Elewaut (contact via privacy@doroad.ai).

For partnership inquiries, you can also reach us at partners@doroad.ai.