A2Linx is a digital business card service operated by A2 Technology Group BV/SRL, Brussels, Belgium ("A2Linx", "we", "us"). We are the data controller for personal data processed through this service.
Contact: [email protected]
| Data | Why we collect it | Legal basis |
|---|---|---|
| Name, email, password hash | Account creation and authentication | Contract performance (Art. 6(1)(b) GDPR) |
| Card content (name, title, photo, contact info) | To create and display your digital business card | Contract performance |
| Contact submissions from card visitors | Provided to card owner; you are the controller for these | Legitimate interest of card owner |
| Hashed IP, device type, referrer | Anonymous analytics (views per card) | Legitimate interest (Art. 6(1)(f)) |
| Stripe customer ID | Payment processing (Pro plan) | Contract performance |
| GDPR consent timestamp | Evidence of lawful processing | Legal obligation (Art. 6(1)(c)) |
As a data subject under EU GDPR, you have the right to:
To exercise any right not covered by the self-service options above, email [email protected]. We will respond within 30 days.
When a visitor submits their contact details through a card's "Save Contact" form, those details are stored and provided to the card owner. The card owner becomes the data controller for that visitor's data. Before submitting, visitors are informed that their data will be shared with the card owner.
Visitors may request deletion of their submitted data by contacting [email protected] with the URL of the card they submitted to.
We use one cookie: an authentication session cookie (token) set when you log in. This cookie is:
This is a strictly necessary cookie required for the service to function. No consent is required under ePrivacy Directive Art. 5(3) for strictly necessary cookies.
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Stripe | Payment processing | USA / EU | Standard Contractual Clauses |
| DigitalOcean | Server hosting | Amsterdam, NL | EU-based, GDPR compliant |
| Google Fonts | Typography (loaded from Google CDN) | USA | No personal data transferred |
Your data is hosted on DigitalOcean's Amsterdam (AMS3) data centre within the EU/EEA. Stripe processes payment data and may transfer data to the USA under Standard Contractual Clauses. No other transfers outside the EEA occur.
We implement appropriate technical measures including: bcrypt password hashing (cost factor 12), HTTPS-only access, httpOnly cookies, helmet.js security headers, rate limiting on authentication endpoints, input sanitisation, and parameterised SQL queries (no SQL injection risk).
You have the right to lodge a complaint with the Belgian Data Protection Authority (APD/GBA): dataprotectionauthority.be · +32 2 274 48 00
We process hashed IP addresses, device type, and referrer data for analytics under legitimate interest. Our balancing assessment:
A2Linx is a professional networking tool intended for use by individuals aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has created an account, please contact [email protected] and we will delete the account promptly.
When business users ("card owners") use A2Linx to collect contact information from their clients and prospects, A2Linx acts as a data processor on behalf of the card owner (who is the data controller for those contacts).
By accepting these terms, business users agree to our Data Processing Agreement (DPA), which includes:
Card owners are responsible for ensuring they have a lawful basis to collect and process their contacts' personal data through A2Linx, and for providing their contacts with appropriate privacy information. For a full DPA document, email [email protected].
We will notify registered users by email of any material changes to this policy at least 30 days before they take effect.