Privacy Policy
Last updated 05-03-2026
1. INTRODUCTION
4mation Group B.V. and its affiliated entities (referred to collectively as “Plat4mation,” “we,” “us,” or
“our”) are committed to protecting your privacy and ensuring the responsible use of your personal data.
This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you
interact with us, including through our websites, platforms, and the services we offer.
2. SCOPE
This Privacy Policy applies to all individuals who interact with Plat4mation, including website visitors,
employees, contractors, customers and vendors whose personal data may be collected through the website
or while doing business with Plat4mation
This Privacy Policy applies to Plat4mation Group and the following affiliated companies:
| Country | Entity Name | Address |
|---|---|---|
| Netherlands | Plat4mation B.V. |
Arthur van Schendelstraat 650 3511 MJ Utrecht The Netherlands +31 30 760 26 70 |
| Belgium | Plat4mation B.V. |
Schaliënhoevedreef 20C 2800 Mechelen Belgium +32 15 27 27 34 |
| Germany | Plat4mation GmbH |
An der Dammheide 10 60486 Frankfurt am Main Germany +49 1512 883 1504 |
| United States | Plat4mation LLC |
303 Wyman Street Suite 300 Waltham MA 02451 United States of America +1 781 577 6501 |
| India | 4mation Technologies India Pvt. Ltd. |
Cessna Business Park. Embassy Signet. Kadubeesanahalli Village, Outer Ring Road. Bengaluru 560103. India +31 6 18697272 |
| Switzerland | Plat4mation GmbH |
Technoparkstrasse 2 8406 Winterthur Switzerland +41 58 689 65 00 |
| Poland | Plat4mation Sp. z. o. o. |
UL. ŚW. MIKOŁAJA 8/11 50-125 WROCŁAW Poland +31 30 760 26 70 |
| Saudi Arabia | Taufeer Information Systems LLC (Unikomm) |
2985, 6245, 30 Street, As Sahafah District, Riyadh 13321 Saudi Arabia +966 11 4654863 |
| Sweden | Plat4mation AB |
c/o BDO MÄLARDALEN BOX 6343, Att Skatteavdelningen 102 35 STOCKHOLM +46 79-348 04 74 |
By accessing or using our website (Site), you acknowledge and agree to the terms set out in this Privacy Policy.
You also consent to the collection and use of your personal data as described herein. Continued use of the Site
constitutes acceptance of any updates to this Privacy Policy.
Our privacy practices are designed to ensure transparency and accountability. If any material changes are made,
we will notify users by posting prominent notice on the Site. We encourage you to review this Policy regularly to
stay informed about how we protect your personal data.
3. WHO WE ARE
At Plat4mation, we are a global digital transformation partner and a leading ServiceNow implementation specialist.
We work with enterprise-sized multinational clients to deliver innovative, scalable workflow solutions that enhance
operational efficiency and business agility.
This Privacy Policy outlines how we collect, use, and protect your information when you visit our website or interact
with our services. As a Netherlands based company serving clients across the globe, we comply with all applicable data
privacy laws including the General Data Protection Regulation (EU) 2016/679 (GDPR), the Digital Personal Data Protection
Act, 2023 (“DPDPA), Massachusetts Data Privacy Act 2025 (MDPA) and any applicable laws.
By using our services, you agree to the collection and use of information in accordance with this Privacy Policy
4. DEFINITIONS
In this Policy, the following definitions are used:
-
Data Subject: An identifiable natural person who can be identified, directly or indirectly, by reference to an
identifier such as name, identification number, location data, an online identifier or to one or more factors specific to the
physical, physiological, genetic, economic, cultural or social identity of that natural person. (Also referred to as ‘individuals’
across the Policy) -
Personal Data: Personal Data encompasses any information that can be used to identify an individual, including
but not limited to their full name, physical address, email address, phone number, date of birth, and even online identifiers like
IP addresses. -
Consent: Consent signifies the voluntary agreement given by a data subject for an organization to collect, process and
use their Personal Data for specific purposes. This agreement should be informed, unambiguous, and can be withdrawn at any time. -
Legitimate Interests: Legitimate interests refer to the justifiable and lawful reasons an organization may have for
collecting and processing Personal Data without the explicit consent of Data Subject. These reasons could include fulfilling a
contract, complying with legal obligations, ensuring network and information security, or pursuing the organization’s legitimate
business interests, if they do not override the individual’s rights and interests. -
Employee: Any individual working at any level and grade, including senior managers, officers, directors, employees
(whether permanent, fixed-term, or temporary), consultants, contractors, trainees, seconded staff, homeworkers, part-time and
fixed-term employees, causal and agency staff, volunteers, interns, or any other person associated with the business. -
Data Subject Rights: Data Subject Rights are the entitlements granted to individuals over their Personal Data. These
rights typically include the right to access their data, correct inaccuracies, erase information (the “right to be forgotten’), and
object to or restrict the processing of their data, among others. -
Data Controller: A Data Controller is an entity or organization responsible for determining the purposes and means
of processing Personal Data. They have a primary role in ensuring that data processing activities comply with data protection regulations. -
Data Processor: A data processor is an organization or entity that processes Personal Data on behalf of the data controller.
They act according to the controller’s instructions and are also subject to data protection regulations. -
Data Protection Laws: These are the data protection and privacy laws applicable to the respective jurisdiction in connection
with the processing of Personal Data including but not limited to (each as amended or replaced from time to time) (a) EU Data Protection Laws,
(b) Digital Personal Data Protection Act, 2023 (“DPDPA), and any applicable laws worldwide relevant to the Vendor, Plat4mation Entity, Data Processor,
Data Fiduciary, or the Third Parties. -
International Data Transfer: International Data transfer refers to the movement of Personal Data from one country to another,
especially from the European Economic Area (EEA) to a country outside these regions. Such transfers often require special safeguards to ensure data
protection compliance. -
Binding Corporate Rules (BCRs): Binding Corporate Rules are a set of internal regulation withing a multinational organization
that establishes a consistent framework for transferring Personal Data across borders. BCRs ensure that the data receives adequate protection,
even when moving between different parts of the same organization. -
Standard Contractual Clauses (SCCs): Standard Contractual Clauses are pre-defined contractual provisions adopted to facilitate
the secure international transfer of Personal Data. These clauses ensure that the data enjoys a level of protection similar to that provided within
the originating region, such as the EEA.
5. INFORMATION WE COLLECT
Plat4mation collects and processes personal data in various capabilities, depending on the nature of our relationship with the
individual and the service context. This may include the following categories:
6. LAWFUL BASIS FOR PROCESSING PERSONAL DATA
Plat4mation processes data only when there is a valid legal basis under applicable data protection laws. Depending on the context
in which the data is collected and used, we rely on one or more of the following lawful bases:
6.1 Consent
We process your personal data when you have given clear and informed consent for a specific purpose which includes, when you subscribe
to our newsletter, register for events or opt-in to receive marketing communications. You have the right to withdraw your consent at any time.
6.2 Contractual Obligation
Where it is necessary to perform a contract or take steps prior to entering a contract. This applies to client onboarding, service delivery,
employee onboarding or vendor engagement.
6.3 Legal Obligation
Where processing is necessary to comply with legal and regulatory requirements, such as tax, labor, or corporate compliance obligations,
or responding to lawful data access requests from authorities.
6.4 Legitimate Interest
Where processing is necessary for Plat4mation’s legitimate business interests such as ensuring IT security, maintaining business relationships
or improving service quality provided such interests are not overridden by individuals’ fundamental rights and freedoms.
7. HOW WE USE YOUR INFORMATION
Plat4mation is committed to protecting the privacy of individuals and ensuring that personal data is collected and processed only for specified, explicit and legitimate purposes. We do not process personal data in a manner that is incompatible with these purposes.
Plat4mation may process personal data for the following purposes:
- To deliver our services: Including the provision, configuration, customization and support of ServiceNow platforms and digital transformation solutions.
- To respond to inquiries and manage customer relationships: This includes responding to web form submissions (e.g., “Contact Us”, “Book an Expert Call”), managing sales or project discussions and handling client communication.
- To improve service quality and platform experience: By analyzing user interaction with our platforms and websites to enhance usability, performance and support capabilities.
- To manage recruitment and employment obligations: Including the processing of job applications, interviews, onboarding documentation and performance-related data.
- To comply with legal and regulatory requirements: Such as obligations under applicable employment, corporate, tax or other laws, in response to lawful requests by public authorities.
- To defend legal rights: Including establishing, exercising or defending against legal claims, disputes or investigations.
- To conduct marketing and communication campaigns: Including event invitations, service announcements or feedback requests to individuals.
- To ensure platform security and prevent fraud: Including access logging, threat defection and security audits.
- To verify the authenticity of customer or user information: As required during project onboarding or platform access management.
We only process your personal data for the purposes described above and ensure that the processing is necessary, proportionate and limited to what is necessary for the purposes for which it was collected. All processing is conducted in accordance with applicable data protection laws, including the GDPR, and based on lawful grounds.
8. THIRD PARTY TRANSFERS
Plat4mation may engage external service providers and third-party vendors, who may process Personal Data on behalf of Plat4mation strictly for the purposes defined and authorized by Plat4mation through the execution of a Data Processing Agreement (DPA).
Plat4mation ensures that:
- All such third parties are contractually bound to comply with GDPR and other applicable data protection laws and are required to implement appropriate technical and organizational measures to protect the confidentiality, integrity, and security of the Personal Data they process, if any.
- Personal Data shared with third-party is processed only under Plat4mation’s documented instructions and for specified and legitimate business purposes.
- Regular reviews and audits are conducted to verify that Personal Data shared with vendors is handled securely and in compliance with contractual and regulatory obligations.
Plat4mation does not allow its third-party processors to engage additional sub-processors without prior written approval.
9. CROSS-BORDER DATA TRANSFER
As a part of its global operations, Plat4mation may transfer personal data to its affiliated entities, service providers, or third-party partners located outside the European Economic Area (EEA). Any such transfer is conducted in a manner that ensures the protection of the personal data and upholds the rights and freedoms of the data subjects, in accordance with GDPR. Plat4mation is committed to safeguarding personal data through appropriate legal, contractual and technical measures for all operational data transfers between entities located outside the EEA. Plat4mation ensures adequate safeguards are in place for international transfers, including the use of Standard Contractual Clauses (SCCs). Plat4mation shall ensure that such SCCs are incorporated in all the relevant contracts and executed in accordance with the latest legal standards and data privacy best practices.
10. YOUR RIGHTS
Plat4mation acknowledges and affirms the rights of Data Subjects concerning their Personal Data. Depending on the applicable jurisdiction,
you may exercise your rights. We take all reasonable steps to ensure that the Personal Data we process is accurate, relevant and up to date.
You may exercise the following rights:
| Right | Description |
|---|---|
| Access | You can request copy of the personal data we hold about you. |
| Correction | You can ask us to correct or update inaccurate or incomplete personal data. |
| Erasure | You can ask us to delete your personal data when it is no longer necessary, where you withdraw consent or where required by law. |
| Restriction | Under certain circumstances. you have the right to request that we limit how we process your personal data, or to object to specific uses of it. |
| Portability | Under certain conditions, you can request the personal data you have shared with us to be provided to you, potentially for transfer to another organization. |
| Objection | You can object to our processing of your personal data where it is based on legitimate interests or for direct marketing. |
| Withdrawal of Consent | Where processing is based on your consent, you can withdraw this at any time subject to applicable law. |
| Right to Grievance Redressal | You may raise a grievance regarding the processing of your Personal Data (as per Section 13 of DPDP Act, India) |
| Right to Nominate |
You may nominate another individual who will be authorised to exercise your rights on your behalf in the event of death or incapacity (as per Section 14 of DPDP Act, India) |
How to exercise your rights:
You can raise or exercise your rights by contacting us through any of the following channels:
-
By Email: You can contact our Data Protection Office at
privacy@plat4mation.com
to exercise your rights. Please include your name, contact details, and country of residence so we can process your request efficiently. -
By Post: You may also write to us at: Plat4mation B.V.
Arthur van Schendelstraat 650
3511 MJ Utrecht
The Netherlands
+31 30 760 26 70
11. PROTECTING YOUR PERSONAL DATA AT PLAT4MATION
At Plat4mation, we are committed to safeguarding the security and confidentiality of Personal Data. We employ a combination of technical, organizational and administrative safeguards to protect Personal Data from unauthorized access, unlawful processing and accidental loss, destruction or damage.
To uphold the highest standards of data protection, Plat4mation has implemented ISO/IEC 27001 controls, industry’s best practices and invested significantly in security of our infrastructure to ensure the safe data handling of personal data. When we share personal data with third parties, data processors, we ensure they adhere to equivalent security standards.
12. RETENTION OF YOUR PERSONAL DATA
Plat4mation retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected or processed, in accordance with applicable legal and contractual obligations. The specific retention periods are guided by internal data handling policies, statutory limitations periods, and industry best practices. Upon expiration of the relevant retention period, Personal Data is securely deleted to ensure compliance with applicable laws and to prevent unauthorized access or continued processing.
13. DATA BREACH REPORTING
Plat4mation is committed to protecting the personal data it processes. In the unlikely event of a personal data breach, we follow a structured and timely approach to contain the incident, assess its impact and take corrective actions in accordance with GDPR. Plat4mation will assess the breach and determine whether it presents risk to the rights and freedoms of affected individuals. If yes, we will notify the appropriate Data Protection Authority within 72 hours of becoming aware of the breach and we will also notify affected individuals according to the applicable legislations.
14. REVIEW AND UPDATE OF THIS PRIVACY POLICY
Plat4mation may revise or update this Privacy Policy from time to time to reflect changes in legal obligations or business practices, such updates will be posted prominently on this website. We encourage all the users to review this Privacy Policy periodically to remain informed about how we protect and process your information.
15. CONTACT US REGARDING YOUR PRIVACY
For any grievances, inquiries, concerns or requests regarding this Privacy Policy, you may contact the following:
Email- privacy@plat4mation.com.