Privacy Policy

Welcome to Starling Suite. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how SIXTYNINE Digital ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use Starling Suite and our related services.

Starling Suite is an insurance management platform designed to help insurance agencies streamline their claims processing and policy management. We understand the sensitive nature of the data you entrust to us and take our responsibility to protect it seriously.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2.1 What is Personal Data?

Personal data means any information relating to an identified or identifiable natural person. This includes information such as your name, email address, phone number, IP address, or any other information that can be used to identify you directly or indirectly.

2.2 What is Processing?

Processing refers to any operation performed on personal data, whether or not by automated means. This includes collecting, recording, organizing, structuring, storing, adapting, retrieving, consulting, using, disclosing, aligning, combining, restricting, erasing, or destroying personal data.

Our processing of personal data is governed by the following regulations:

• General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council
• Dutch GDPR Implementation Act (UAVG) - Uitvoeringswet Algemene verordening gegevensbescherming, which implements the GDPR in the Netherlands
• EU AI Act - Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence, applicable to our AI-powered features

We ensure that all our data processing activities comply with these regulations and any other applicable data protection laws.

The data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.

We collect personal data through various means when you interact with our platform:

5.1 Information You Provide

• Account registration details (name, email, password)
• Contact form submissions (name, email, phone number, message)
• Insurance policy information uploaded to the platform
• Claims documentation and related files
• Support ticket communications

5.2 Information Collected Automatically

• IP address and device information
• Browser type and version
• Usage data and platform interactions
• Cookies and similar tracking technologies

5.3 Information from Third Parties

We may receive information about you from third parties, such as integration partners or insurance providers, when you authorize such data sharing.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

• Account data: Retained for the duration of your account and up to 30 days after deletion request
• Insurance data: Retained for the duration of your subscription plus any legally required retention period
• Support communications: Retained for 2 years after resolution
• Financial records: Retained for up to 8 years in accordance with Dutch tax and commercial law

6.2 Deletion

When personal data is no longer needed, we securely delete or anonymize it. You may request deletion of your data at any time, subject to legal retention requirements.

7.1 Contacting Us

When you contact us through our website or email, we collect your name, email address, phone number (if provided), and the content of your message. We use this information to respond to your inquiry and provide support.

7.2 Contracting with Us

When you subscribe to Starling Suite, we collect information necessary to establish and maintain our business relationship, including company details, billing information, and authorized user details.

7.3 Our Services

Through Starling Suite, you may upload and process insurance-related data including:

• Policy holder information
• Insurance policy details and documents
• Claims information and supporting documentation
• Communication records with clients

7.4 Support Tickets

When you submit a support request, we collect information about your issue, including any screenshots or files you share, to help resolve your problem effectively.

7.5 Administration

For administrative purposes, we process data related to invoicing, payments, and account management to maintain our business relationship with you.

7.6 AI Features & EU AI Act Compliance

Starling Suite incorporates artificial intelligence features to enhance claims processing and provide intelligent assistance. In compliance with the EU AI Act:

• Transparency: We clearly inform you when you are interacting with AI-powered features
• Human oversight: AI-generated recommendations are always subject to human review and decision-making
• Data minimization: AI features only process data necessary for their specific function
• No high-risk decisions: AI is used for assistance and efficiency, not for making final decisions on claims or policies
• Accuracy: We regularly test and validate our AI systems to ensure reliable outputs

8.1 Internal Transfers

Your data may be accessed by authorized employees and contractors of SIXTYNINE Digital who need access to perform their job functions. All personnel are bound by confidentiality obligations.

8.2 Service Providers

We may share data with trusted service providers who assist us in operating our platform, such as:

• Payment processors for billing
• Email service providers for communications
• Analytics providers (anonymized data only)

All service providers are contractually bound to protect your data and only use it for the purposes we specify.

8.3 Legal Requirements

We may disclose your data when required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

8.4 International Transfers

Your data is primarily stored and processed on our own dedicated servers located within the European Economic Area (EEA). If any transfer outside the EEA is necessary, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

We implement comprehensive security measures to protect your personal data:

9.1 Technical Measures

• SSL/TLS encryption for all data in transit
• Encryption at rest for stored data
• Secure authentication mechanisms
• Regular security audits and penetration testing
• Firewalls and intrusion detection systems

9.2 Organizational Measures

• Access control based on the principle of least privilege
• Regular security training for all employees
• Documented security policies and procedures
• Incident response procedures

9.3 Infrastructure

Starling Suite runs on our own dedicated servers, giving us complete control over the security of your data. We do not use shared hosting environments, ensuring isolation and enhanced protection for your sensitive information.

9.4 Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals as required by the GDPR.

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data in certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Object: You can object to certain types of processing, including direct marketing
• Right to Data Portability: You can request your data in a structured, machine-readable format
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two months, in which case we will notify you.

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is:

We encourage you to contact us first so we can address your concerns directly.

To protect your privacy, we commit to the following:

• No data from minors: Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from minors.
• No special category data without consent: We do not process sensitive personal data (such as health data, racial or ethnic origin, political opinions) unless you explicitly consent or it is necessary for the insurance services you request.
• No automated decision-making with legal effects: We do not make decisions based solely on automated processing that produce legal effects or significantly affect you. Human oversight is always maintained.
• No profiling for marketing: We do not create profiles about you for targeted advertising or marketing purposes.
• No selling of personal data: We never sell your personal data to third parties.
• No unnecessary data collection: We only collect data that is necessary for providing our services.

If you have any questions, concerns, or complaints about how we handle your personal data, please contact us:

We take all privacy concerns seriously and will work to resolve any issues promptly. If you are not satisfied with our response, you have the right to escalate your complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email if the changes significantly affect how we process your data
• Where required by law, seek your consent for new data processing activities

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.