Effective Date: January 1, 2026
This Privacy & Cookie Notice explains how Ignaz Software B.V. (Ignaz, we, us, or our) processes personal data when you visit our website, use WinFactor, contact us, sign up for an account, book a call, receive marketing from us, or interact with a configurator or quotation request flow created by one of our business customers.
We are established in Zundert, the Netherlands.
This notice is intended to cover our website and WinFactor product for users in the European Economic Area (EEA), the United Kingdom (UK), the United States, and other regions where we operate.
Controller: Ignaz Software B.V. Registered office: Zundert, the Netherlands Email: [email protected] Website: https://winfactor.app
If you have questions about this notice or our use of personal data, you can contact us using the details above.
We have appointed a Data Protection Officer (DPO) who acts as a point of contact for data subjects and supervisory authorities on matters relating to the processing of personal data.
DPO contact: [email protected]
You may contact our DPO directly using the email address above for any questions about how we process personal data, or to exercise your privacy rights under Section 9.
Depending on how you interact with us, we may act either:
We generally act as controller for personal data relating to:
We generally act as processor when our business customers use WinFactor to collect, store, organize, or otherwise process personal data in their own accounts, including data relating to:
If we process your personal data on behalf of one of our customers, that customer is responsible for the relevant processing and should provide you with its own privacy information. Our processor role, obligations, and data protection commitments to customers are set out in Schedule 1 (Data Processing Terms) of our Website SaaS Terms.
The personal data we collect depends on how you interact with us and with WinFactor.
We may collect:
We may collect:
When our customers use WinFactor, we may process personal data stored in their account environments, including:
WinFactor is not intended for the routine processing of special categories of personal data or other highly sensitive personal data. Please do not submit such data to our website or Services unless we have expressly agreed otherwise in writing.
In addition to data you provide directly, we may obtain personal data from the following third-party sources, primarily for the purposes of business development, marketing, lead research, and enriching existing contact data:
Categories of personal data we may obtain from these sources typically include: name, job title, business email address, business phone number, company name, company address, company size, industry, LinkedIn profile URL, and similar publicly available professional information. We do not knowingly acquire special category personal data from these sources.
Where we obtain your personal data from a third party, our legal basis is generally our legitimate interest in conducting B2B business development and marketing (see Section 4.5). Where required by applicable law, we will provide you with the additional information required under Article 14 of the GDPR, including the source of the data, within a reasonable period and no later than one month after obtaining the data, or at the latest at the time of our first communication with you.
You can object to our processing of your personal data obtained from third parties at any time by contacting us at [email protected].
Where we act as controller and the GDPR or UK GDPR applies, we rely on one or more of the following legal bases under Article 6 of the GDPR: performance of a contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), consent (Art. 6(1)(a)), and legal obligations (Art. 6(1)(c)).
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You can object to processing based on legitimate interests at any time — see Section 9.
We use personal data to:
Legal basis: performance of a contract with the account holder. Where the individual is not the account holder (for example, an Authorized User acting on behalf of the Customer), our legal basis is our legitimate interest in operating our Services and maintaining our commercial relationship with the Customer.
We use personal data to:
Legal basis: performance of a contract with the Customer, legal obligation (for invoice retention, VAT, and tax-record keeping under Dutch law), and legitimate interest in preventing payment fraud and maintaining accurate financial records.
We use personal data to:
Legal basis: legitimate interest in operating a secure, reliable, and continually improving Service, and legal obligation (for security and breach-response obligations under the GDPR and other applicable laws). For non-essential analytics and similar technologies on our website, we rely on consent where required (see Sections 10–12).
We use personal data to:
Legal basis: taking steps at your request prior to entering into a contract (pre-contractual measures, Art. 6(1)(b)), or our legitimate interest in responding to business enquiries and developing our customer base.
We may use personal data to send:
Legal basis:
Every marketing email we send includes a clear opt-out (unsubscribe) link. You can opt out of marketing communications at any time by using the unsubscribe link, by contacting us at [email protected], or by replying to the email asking us to stop. Opting out of marketing does not affect service-related or transactional messages that are necessary to operate your account.
We may use personal data to:
Legal basis: legal obligation (for tax, accounting, and compliance requirements), and legitimate interest in protecting our business and enforcing our rights.
We do not use personal data to make decisions based solely on automated processing that produce legal effects or similarly significantly affect you, within the meaning of Article 22 of the GDPR.
The WinFactor Services may generate product configurations, quotes, price estimates, and similar outputs through algorithmic rules configured by our customers (the window dealers who use WinFactor). These outputs are non-binding estimates presented to support a human decision by our customer. Our customer remains responsible for reviewing outputs, confirming quotations, accepting orders, and issuing invoices, and no purchase, invoice, or binding commitment is created without an affirmative, manual action by our customer.
If you have questions about how automated processing is used within WinFactor in a specific context, you can contact us at [email protected].
Our customers may use WinFactor to collect and manage personal data relating to their own employees, contacts, prospects, and end customers. In those cases:
If you are an end customer or contact of one of our customers and want to exercise your privacy rights relating to data in that customer's account, you should normally contact that customer first.
We may share personal data with:
Our current core providers include:
We may also use additional analytics, communications, CRM, scheduling, or support tools from time to time.
When we act as a processor on behalf of our customers (see Section 2.2 and Section 5), we maintain a current list of sub-processors that process personal data on behalf of customers. The list is made available through the Services, on our website, or by another means reasonably accessible to customers, and is kept up to date in accordance with Schedule 1 (Data Processing Terms) of our Website SaaS Terms.
We do not sell personal data, and we do not share personal data for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and equivalent U.S. state privacy laws. We have not sold or shared personal data for those purposes in the preceding twelve (12) months.
We also do not knowingly sell or share personal data of minors under 16 years of age.
We are based in the Netherlands, and we may process personal data in the EEA, the UK, the United States, and other countries where we or our service providers operate.
Where required by applicable law, and where personal data is transferred to a country that is not subject to an adequacy decision or adequacy regulation, we use appropriate safeguards such as:
You can contact us if you would like more information about the safeguards we rely on for international transfers.
We retain personal data only for as long as reasonably necessary for the purposes described in this notice, including to provide the Services, maintain our business records, comply with legal obligations, resolve disputes, and enforce agreements.
The retention periods below are general guidelines. Actual retention may be shorter where the data is no longer needed, or longer where required by law or needed to exercise or defend legal claims.
Depending on where you are located and subject to applicable law, you may have rights such as the right to:
If the GDPR or UK GDPR applies to you, you have the rights listed above, and in particular the right to object to processing based on legitimate interests (including direct marketing). You also have the right to lodge a complaint with your local supervisory authority.
In the Netherlands, you can complain to the Autoriteit Persoonsgegevens (AP), Bezuidenhoutseweg 30, 2594 AV Den Haag. In the United Kingdom, you can complain to the Information Commissioner's Office (ICO).
Depending on your state of residence, U.S. state privacy laws (including the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and equivalent laws in Colorado, Connecticut, Virginia, Utah, Texas, and other states as they come into effect) may provide you with additional rights. Because WinFactor is primarily a B2B service, some state privacy laws may apply only in limited contexts (for example, to employment or consumer-facing interactions rather than purely business-to-business communications), and some exemptions may apply.
In the preceding twelve (12) months, we have collected the following categories of personal information, as defined by the CCPA/CPRA:
We do not knowingly collect sensitive personal information (as defined by the CCPA/CPRA) for the purpose of inferring characteristics about consumers, and we do not use or disclose sensitive personal information except for purposes permitted without the right to limit under the CCPA/CPRA.
The sources and purposes of the personal information we collect are described in Sections 3, 3.5, and 4 above.
As stated in Section 6.3, we do not sell personal information and we do not share personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding twelve (12) months.
Subject to applicable law and to applicable B2B exemptions, you may have the following rights:
You can submit a request by contacting us at [email protected]. We may need to verify your identity before responding, and for authorized-agent requests we may require documentation demonstrating that the agent is authorized to act on your behalf.
You can exercise your rights by contacting us at [email protected]. We may need to verify your identity before responding, and we may ask you for information sufficient to confirm that the request relates to your personal data.
We will respond to rights requests within thirty (30) days of receipt (or within forty-five (45) days for requests under the CCPA/CPRA). Where a request is particularly complex or where we have received a large number of requests, we may extend the response period by up to an additional sixty (60) days (GDPR) or forty-five (45) days (CCPA/CPRA), and we will inform you of the extension and the reasons for it.
There is no fee to exercise your rights, except where permitted by law for manifestly unfounded or excessive requests.
If we process your personal data on behalf of one of our customers (see Section 2.2 and Section 5), we may direct your request to that customer or ask you to contact them directly, and we will provide reasonable assistance to that customer in responding to your request.
We use cookies and similar technologies such as scripts, tags, local storage, and pixels on our website and, where relevant, within our Services.
These technologies help us:
These are required for the operation, security, and core functionality of the website or Services. They may include cookies or similar technologies used for:
Because these technologies are necessary for the website or Services to function properly, they cannot be turned off through our cookie settings tool.
These help remember preferences, improve usability, and provide enhanced but non-essential features.
These help us understand how visitors and users interact with our website and Services, such as which pages are visited, how features are used, where errors occur, and how performance can be improved.
In the EEA, the United Kingdom, and other jurisdictions that require consent for non-essential cookies, we obtain your consent before placing analytics cookies or using similar analytics technologies.
These may be used to measure campaign effectiveness, personalize marketing, or track interactions across websites or services.
In the EEA, the United Kingdom, and other jurisdictions that require consent for non-essential cookies, we obtain your consent before placing marketing cookies or using similar technologies.
In the EEA, the United Kingdom, and other jurisdictions that require prior consent for non-essential cookies and similar technologies (under the ePrivacy Directive, the Dutch Telecommunications Act (Telecommunicatiewet), the UK Privacy and Electronic Communications Regulations, and equivalent rules), we obtain your prior consent before placing or using non-essential cookies or similar technologies.
You can manage your preferences by:
You can withdraw your consent at any time, and withdrawal will take effect going forward (it does not affect the lawfulness of processing before the withdrawal).
If you reject or disable certain cookies, some optional features may not work properly.
Most browsers let you control cookies through their settings. You can usually delete cookies, block certain cookies, or configure alerts when cookies are placed.
Because there is no uniform standard for browser-based Do Not Track signals, our website may not respond to such signals unless and until a recognized legal or technical standard applies.
Our website or Services may contain links to third-party websites, plug-ins, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices before sharing personal data with them.
Our website and Services are not directed to children, and we do not knowingly collect personal data directly from children.
For the purposes of this notice, a "child" means a person under the age of sixteen (16) in the Netherlands and the European Economic Area (consistent with Article 8 of the GDPR as implemented in the Netherlands), under the age of thirteen (13) in the United States (consistent with the Children's Online Privacy Protection Act, COPPA), and as otherwise defined by applicable local law.
However, our customers may use WinFactor in ways that allow consumers to submit quotation requests or contact details to them. If personal data relating to a child is submitted through a customer's use of WinFactor, our role will usually be limited to processing that data on behalf of the customer, and the customer is responsible for any required age verification and parental consent.
If you believe that personal data relating to a child has been provided to us inappropriately, please contact us at [email protected] and we will take reasonable steps to delete the data.
We use reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access, taking into account the state of the art, the costs of implementation, the nature of the processing, and the risks to individuals.
These measures may include:
In the event of a personal data breach, we will notify the relevant supervisory authority and affected individuals to the extent required by applicable law.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
We may update this Privacy & Cookie Notice from time to time to reflect changes in our practices, in applicable law, or in the Services.
When we make changes, we will update the effective date at the top of this notice and post the updated version on our website. If we make material changes — for example, changes to the categories of personal data we collect, the purposes for which we use it, the legal bases we rely on, or the categories of recipients — we will provide additional notice before the changes take effect, such as by:
Where required by applicable law, we will provide the notice period required by law, and we will request renewed consent where required (for example, for cookies or other consent-based processing).
You can access historical versions of this notice by contacting us at [email protected].
If you have questions, requests, or complaints about this Privacy & Cookie Notice or our handling of personal data, contact us at:
Ignaz Software B.V. Zundert, the Netherlands Privacy email: [email protected] Data Protection Officer: [email protected] Website: https://winfactor.app
If you are located in the Netherlands, you also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (AP). If you are located in another EEA country, you may complain to your local data protection authority. If you are located in the UK, you may complain to the Information Commissioner's Office (ICO). If you are located in a U.S. state with applicable privacy law, you may contact your state attorney general or the relevant privacy agency (for example, the California Privacy Protection Agency).
This annex lists the cookies and similar technologies currently used on our website and within our Services. We may update this list from time to time as we add, remove, or change tools.
You can manage your cookie preferences at any time using the cookie settings link on our website. In the EEA, the UK, and other jurisdictions that require prior consent for non-essential cookies, non-essential cookies are only placed after you give consent through our consent banner.
These cookies are required for the operation, security, and core functionality of the website and Services. They cannot be turned off through our cookie settings tool.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
__session | Clerk, Inc. | Authenticated session token (JWT) used to keep you signed in | Short-lived (approximately 60 seconds); seamlessly refreshed while you are signed in |
__refresh_<id> | Clerk, Inc. | Refresh token used to renew your session | Duration of your authenticated session |
__client_uat | Clerk, Inc. | Client authentication timestamp used for session management | Duration of your authenticated session |
__client_uat_<id> | Clerk, Inc. | Instance-specific client authentication timestamp | Duration of your authenticated session |
__stripe_mid | Stripe, Inc. | Merchant identifier used for payment fraud prevention | 1 year |
These cookies help us remember your preferences and provide a better experience. Depending on the jurisdiction, they may require consent.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
NEXT_LOCALE | Ignaz Software B.V. (set by our website) | Remembers your selected language preference | 1 year |
These cookies help us understand how visitors interact with our website and Services.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
_ga | Google LLC (Google Analytics 4) | Distinguishes unique users | 2 years |
_ga_<container-id> (for example, _ga_7CGK1Q8F26) | Google LLC (Google Analytics 4) | Persists session state for Google Analytics 4 | 2 years |
Google Analytics data is transferred to the United States. See Section 7 for information about international data transfers.
Our Google Analytics configuration includes the following privacy-enhancing measures:
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
pscd | Set in connection with our ActivePieces workflow-automation integration | Attribution or integration-state data relating to our ActivePieces integration | Subject to the integration's configuration; typically up to 90 days |
Depending on the nature of your interaction with our website and the ActivePieces integration, this cookie may be categorized as functional or marketing. Where consent is required under applicable law, it is only placed after you give consent through our consent management platform.
We do not currently place marketing cookies on our website, other than any cookies set in connection with integrations as described in Section A.4. If we introduce additional marketing cookies in the future, we will update this annex and obtain your consent where required.
We use a consent management platform on our website to obtain, record, and manage your cookie preferences where consent is required under applicable law. The consent management platform stores a cookie or similar record on your device to remember your choices and to apply them on subsequent visits.
You can change or withdraw your consent at any time through the cookie settings link available on our website.