Home
Privacy Policy | Sollit

Privacy Policy

About This Privacy Policy

Seed2Lead B.V. (“Sollit”, “we”, “us”, or “our”) is committed to protecting personal data and respecting privacy. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Personal data means any information relating to an identified or identifiable natural person for example a name, email address, phone number, IP address, or account credentials.

 

Who this policy is for

This policy applies to: visitors to sollit.com, prospective and existing clients of Sollit, named platform users from client organisations, job applicants, and marketing contacts who interact directly with Seed2Lead B.V. It does not govern personal data that our clients upload or manage within the Sollit platform to serve their own end customers. That data is governed by the client’s own privacy statement and our Data Processing Agreement (Appendix 1 of our General Terms and Conditions, available at https://sollit.com/terms-and-conditions/).

 

This policy applies to Seed2Lead B.V., registered in the Netherlands (KvK 53991389). It covers processing carried out by the Dutch entity only and is governed by Dutch law. Please read this policy together with our Cookie Policy at https://sollit.com/cookie-policy-sollit/.

 

1. How Sollit Acts: Controller, Processor, and the Three-Party Structure

Because Sollit is a B2B software platform, we operate in distinct roles depending on context. Understanding this is important for knowing who is responsible for your personal data.

Sollit as Data Controller: We act as data controller when we process personal data for our own business purposes. This includes managing our client relationships and contacts, operating and improving our website, marketing and communications, processing job applications, and fulfilling our legal and regulatory obligations.

Sollit as Data Processor: When our clients (businesses such as solar installation and HVAC companies) use the Sollit platform to manage data about their own end customers, employees, or contacts, Sollit acts solely as a data processor on behalf of that client. We process this data only according to the client’s documented instructions, as governed by our Data Processing Agreement. The client remains the data controller and is responsible for informing their own end users about how their data is used.

The Three-Party Structure: Sollit operates within a clear three-party structure: Sollit (platform provider and processor), the subscribing client business (data controller), and the individuals whose personal data the client chooses to process through the Sollit platform (such as customers, leads, contacts, or other relevant third parties). In relation to such client-controlled platform data, Sollit acts solely as a data processor and processes personal data only on the documented instructions of the client under the applicable Data Processing Agreement.

The client remains responsible for informing such individuals about how their personal data is used and for complying with all applicable GDPR transparency obligations. Where a data subject submits a request directly to Sollit regarding client-controlled platform data, Sollit will refer or forward that request to the relevant client organisation without undue delay.

Named platform users: individually identified employee of a client business granted unique login access. Sollit processes their account credentials (username, email address, role, and login information) to provide and secure platform access. This processing is governed under this Privacy Policy. Sollit acts as data controller for this processing.

Sollit Group Structure: Seed2Lead B.V. acts as data controller for all personal data processing across the Sollit group. The commercial entities Sollit Germany GmbH (Siemensstraße 31, 47533 Kleve, Germany), BV Sollit Belgium (Wolstraat 70, 1000 Brussels, Belgium), and Sollit Spain SL (Calle de Alfonso XII 62, 28014 Madrid, Spain) operate under the Sollit brand in their respective markets. All data processing activities are carried out by and under the responsibility of Seed2Lead B.V. as the group controller.

 

2. How We Collect Personal Data

We collect personal data directly from you through the following interactions with Seed2Lead B.V.:

  • Visiting or using our website (https://sollit.com)
  • Requesting a demo or registering for a free trial
  • Entering into or managing a subscription agreement with Sollit
  • Subscribing to our newsletter or registering for a webinar or event
  • Contacting us by phone, email, or via our web forms
  • Applying for a job with us
  • Executing a contract or agreement with Sollit electronically

Where consent is required - such as for certain cookies or direct marketing emails - we will request it separately and document it accordingly.

 

3. Personal Data We Collect (Sollit as Controller)

This section covers only personal data Sollit collects and controls directly. It does not describe data that clients upload to the platform to manage their own business operations - that data is covered by the Data Processing Agreement.
A. Identity and Contact Data: Name, title, email address, phone number, job role, and language preference collected when you interact with us directly.
B. Company and Commercial Data: Organisation name, postal and billing address, sector, and details of the commercial relationship with Sollit.
C. Account and Login Data: Username, password, and authentication credentials for named platform users granted access by their employer under a Sollit subscription.
D. Financial Data: Payment information, invoice details, transaction records, and billing history relating to Sollit’s own client contracts.
E. Contract and Agreement Data: Signed agreements, signer identity, timestamps, and associated metadata collected when Sollit uses electronic signature services to execute its own commercial contracts with clients and vendors. This refers to agreements to which Sollit is a direct party, not to the e-signature feature within the platform used by clients for their own customers.
F. Usage and Technical Data: IP address, browser type, device type, pages visited, session duration, and analytics data collected when you visit our website.
G. Recruitment Data: CVs, cover letters, interview notes, and hiring decisions when you apply for a position at Sollit.
H. Cookie and Tracking Data: Data collected via cookies and similar tracking technologies when you visit our website. Full details are in our Cookie Policy at https://sollit.com/cookie-policy-sollit/.
I. Marketing Interaction Data:  Records of marketing communications sent, opened, clicked, or responded to; event or webinar registrations; and records of direct contact with Sollit such as emails, phone calls, web chat conversations, and meeting notes arising from sales or marketing interactions.
We do not intentionally collect special categories of personal data (such as health data, biometric data, or data revealing racial or ethnic origin). Please do not submit such data to us unless we have specifically requested it.

4. Why We Process Your Data - Purposes and Legal Bases

We process personal data only for specified, explicit, and legitimate purposes. The table below sets out our main processing activities and the legal basis we rely upon under GDPR.

Processing Activity

Legal Basis (GDPR)

Provide and operate the Sollit platform and services

Contract performance (Art. 6(1)(b))

Respond to enquiries, demo requests, and support tickets

Contract / pre-contractual necessity (Art. 6(1)(b))

Send service and administrative communications

Legitimate interest (Art. 6(1)(f))

Improve and personalise our services

Legitimate interest / Consent where applicable (Art. 6(1)(a)(f))

Marketing and newsletters

Consent (Art. 6(1)(a)) or legitimate interest for existing clients

Recruitment and hiring

Pre-contractual / Legitimate interest (Art. 6(1)(b)(f))

Comply with legal obligations (e.g. financial records, GDPR)

Legal obligation (Art. 6(1)(c))

Website analytics and performance monitoring

Legitimate interest / Consent via cookie banner (Art. 6(1)(a)(f))

E-signature processing for Sollit’s own contracts

Contract performance / Legal obligation (Art. 6(1)(b)(c))

Where we rely on legitimate interests, we have considered the impact on individuals and are satisfied that our interests are not overridden by your privacy rights. If you have questions about the basis for any specific processing activity, you are welcome to contact us at security@sollit.com.

4.1 How to Withdraw Consent
Where our processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing. How you withdraw consent depends on the context:

  • Cookies and website tracking: Update your browser settings to block or delete cookies or adjust your preferences directly through your browser's privacy controls.
  • Marketing emails and newsletters: Click the unsubscribe link in any marketing email or send a written request to security@sollit.com.
  • Job application data: Contact us at security@sollit.com to withdraw consent for retention of your recruitment data beyond the standard period.
  • Platform data (processor context): Consent or data rights requests relating to data held within the Sollit platform on behalf of a client must be directed to that client organisation. Sollit cannot action these requests unilaterally.

5. Data Within the Sollit Platform - Processor Role

Where clients use the Sollit platform to store and manage their own business data, Sollit acts as a data processor under the terms of our Data Processing Agreement (Appendix 1 of our General Terms and Conditions). If you believe your data has been entered into the Sollit platform by one of our clients, please direct any privacy enquiries or data rights requests to that client organisation.


6.  Third-Party Service Providers

We use trusted third-party service providers to support our operations. We distinguish between two categories: platform infrastructure sub-processors (listed in Schedule 2 of our Data Processing Agreement, to which client data may flow) and controller-side service providers (used for Sollit’s own business operations). All providers handling personal data are bound by data processing agreements.

Platform Infrastructure Sub-Processors (DPA Schedule 2)
These providers are formally listed in the Data Processing Agreement and may process client data on Sollit’s behalf:

  • Oxilion Enterprise B.V. (M.H. Tromplaan 52, Enschede, Netherlands) - Primary cloud hosting and infrastructure. Safeguard: GDPR-compliant DPA, data stored within the Netherlands.
  • Amazon Web Services EMEA SARL (Luxembourg, with Dutch branch at Mr. Treublaan 7, Amsterdam, KvK 68579780) - Cloud hosting and infrastructure. Safeguard: Standard Contractual Clauses.
  • Snowflake Inc. (USA) / Snowflake Computing Netherlands B.V. (Gustav Mahlerlaan 300-314, Amsterdam) - Cloud data platform and analytics infrastructure. Safeguard: Standard Contractual Clauses.
  • DBT Labs (915 Spring Garden St, Philadelphia, PA, USA) - Data transformation. Safeguard: Standard Contractual Clauses.

The full and current list of platform sub-processors (DPA Schedule 2) is available upon request from security@sollit.com. Sollit will notify clients of any intended changes to sub-processors in advance, as required under the Data Processing Agreement.

Controller-Side Service Providers
These providers support Sollit’s own business operations and process data for which Sollit is the controller:

  • HubSpot (HubSpot Inc., USA) - CRM and sales pipeline management. Safeguard: Standard Contractual Clauses.
  • Google Analytics (Google LLC, USA) - Website analytics. Safeguard: Standard Contractual Clauses.
  • Amplitude (Amplitude Inc., USA) - Product analytics and user behaviour. Safeguard: Standard Contractual Clauses.
  • Intercom (Intercom R&D, Ireland) - Customer communications and in-app messaging. Safeguard: GDPR-compliant DPA.
  • Nmbrs (Visma Nmbrs B.V., Amsterdam, Netherlands) - HR and payroll processing for Sollit employees. Processes Sollit employee data under its own terms and privacy statement.

The full and current list of Controller-Side Service Providers is available upon request from security@sollit.com. Sollit will notify clients of any intended changes to service provider in advance, as required under the Data Processing Agreement.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law or our contractual obligations.

Data Type

Description

Retention Period

Recruitment Data

CVs, interview notes, hiring decisions

4 weeks after hiring decision, or up to 1 year with candidate consent

Website / Enquiry Data

Contact and enquiry information from sollit.com

While relationship is active or until deletion request

Client Account Contacts

Named platform users, admin contacts, roles

While account is active; deleted within 1 month of deactivation

Sales Pipeline & Lead Data

Leads, opportunities, campaign interactions

Until unsubscribe or end of inactive client lifecycle

Marketing Contact Data

Name, email, company, campaign interactions

Until unsubscribe or removal request

Contract & Agreement Data

Signed agreements, e-signature metadata

7 years (legal obligation)

Billing & Financial Data

Invoices, payment references, billing contacts

7 years (legal / tax obligation)

Support Ticket Data

Customer support records and communications

7 years

Website Analytics Data

IP address, cookies, device and browser data

While user is a client or until deletion request

 

After retention periods expire, data is securely deleted or anonymized unless a legal obligation requires longer retention. Where deletion is requested earlier and no overriding legal obligation applies, we will action it without undue delay.

 

8. How We Share Your Data

We do not sell your personal data. We may share it in the following circumstances:

  • Service providers: Hosting, analytics, communications, and support providers acting under data processing agreements (see Section 6).
  • Legal and regulatory authorities: Where required by law, court order, or regulatory obligation. We will not disclose personal data to law enforcement except where legally required, and will inform the relevant client where permitted under law.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may transfer as part of that transaction subject to equivalent data protection obligations.
  • With your consent: Where you have specifically agreed to a particular sharing arrangement.

All third parties who receive personal data from us are required to handle it in compliance with GDPR. Where transfers occur outside the EEA, appropriate safeguards are in place (see Section 10).

 

9. Cookies and Analytics

We use cookies and similar technologies on our website, managed through our website. These include strictly necessary cookies (which do not require consent), functional cookies, analytics cookies, and marketing or tracking cookies (the latter two only activated after you provide consent via the Website.
You can view, change, or withdraw your cookie preferences at any time using your browser's built-in privacy or cookie settings. For full details of the cookies we use, their purposes, durations, and how to manage your preferences, please see our Cookie Policy at https://sollit.com/cookie-policy-sollit/.


10. International Data Transfers

Some of our third-party service providers are based outside the EU/EEA (including the USA), meaning your personal data may be transferred internationally. Where this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions issued by the European Commission

These safeguards ensure that GDPR-level protection is maintained for any transfer outside the EEA. If you have a question related to any particular transfer feel free to contact us at security@sollit.com.


11. Your Rights Under GDPR

As a data subject, you have the following rights in relation to personal data for which Sollit acts as controller. These rights do not apply to data held within the platform on behalf of our clients for that data, please contact the relevant client organisation directly.

  • Right of access - To request confirmation of whether we process your personal data and to receive a copy.
  • Right to rectification - To have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”) - To request deletion of your data in certain circumstances.
  • Right to restriction of processing - To request that we temporarily limit how we use your data.
  • Right to object - To object to processing based on our legitimate interests, where we must stop unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to object to direct marketing - To object at any time to processing of your personal data for direct marketing purposes. This right is unconditional: no justification is required and we must stop immediately upon receipt of your objection.
  • Right to data portability - To receive your data in a structured, commonly used, machine-readable format (such as CSV), or to have it transmitted to another controller where technically feasible.
  • Right to withdraw consent - Where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing (see Section 4.1 for how to do this).
  • Right to lodge a complaint - With the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): www.autoriteitpersoonsgegevens.nl.
  • Data subjects in other EU member states may also lodge a complaint with their local supervisory authority - including the Bundesdatenschutzbehörde (BfDI) in Germany, the Gegevensbeschermingsautoriteit (GBA) in Belgium, and the Agencia Española de Protección de Datos (AEPD) in Spain.

Requests will be handled free of charge and responded to within 4 weeks of receipt. Where a request is complex, we may extend this by up to two further months and will notify you accordingly. Where a request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or decline to act, in accordance with Article 12 GDPR. We may need to verify your identity before actioning a request.

11.1 Automated Decision-Making and Profiling
Sollit does not carry out solely automated decision-making, including profiling, that produces legal or similarly significant effects on individuals as described under GDPR Article 22. All significant decisions affecting you involve human review.


12. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. Our measures include:

  • Encryption of data in transit .
  • Encryption of data at rest where applicable
  • Access controls based on least-privilege principles and role-based permissions
  • Security monitoring, vulnerability management, and regular security assessments
  • Employee confidentiality obligations and security awareness training
  • Incident response and breach notification procedures

Sollit holds ISO 27001 certification, independently certified by TÜV Rheinland, demonstrating our commitment to information security management. Details are available at https://sollit.com/iso27001/.

While we maintain high standards, no data transmission over the internet can be guaranteed 100% secure. You are responsible for keeping your login credentials confidential and must not share them with third parties.

12.1 Personal Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, Sollit will notify affected individuals without undue delay, in accordance with GDPR Article 34. We will also notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware of a qualifying breach, as required under GDPR Article 33.

 

13. Changes to This Policy

We review this Privacy Policy regularly to ensure it reflects current legal requirements and our operational practices. The latest version is always available at https://sollit.com/privacy-policy/. The version date is shown in the header of this document.
Where changes are material or where renewed consent is required, we will notify you by email or via a prominent notice on our website.

 

14.  Contact and Governing Law

For any questions or concerns about this Privacy Policy, or to exercise your data subject rights, please contact us:
Company: Seed2Lead B.V. (Sollit)
Address: Westerlaan 105, 8011 CA Zwolle, Netherlands
Chamber of Commerce (KvK): 53991389
Phone: +31 38 425 0900
General email: info@sollit.com
Privacy and general security enquiries: security@sollit.com
Website: https://sollit.com
General Terms and Conditions (incl. DPA): https://sollit.com/terms-and-conditions/

This Privacy Policy and any disputes arising from it are governed by Dutch law. Any disputes shall be submitted to the competent court of the District Court of Overijssel, location Zwolle, as per Clause 13 of our General Terms and Conditions.

For complaints, you also have the right to contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.