1. Controller

JBI Waterjet BV, based in the Netherlands, is the data controller responsible for processing data collected through the JetLink Pro Platform. Where Vendor Managed Inventory (VMI) or supplier integrations are enabled, an authorized supplier may act as a joint controller for supply-chain-related data sharing configured by the Customer.

2. Data We Collect

JetLink Pro processes operational data from connected industrial equipment and limited personal data from platform users. Depending on your configuration and connected modules, we may collect the following categories:

Where operational data contains personal data (for example, data attributable to identifiable users or contact persons), both operational and personal data categories may apply.

3. Purpose of Processing

We process data for the following purposes:

• Providing and operating the JetLink Pro Platform and Services
• Equipment monitoring, asset management, and fleet visibility
• Historical data storage, dashboards, reporting, and alarm management
• Maintenance tracking, predictive maintenance, and service optimization
• Inventory management and vendor integrations (including VMI where enabled)
• Multi-site management and organizational administration
• User authentication, access control, and audit logging
• Platform security, troubleshooting, and incident response
• Product improvement, analytics, and service optimization
• Compliance with legal obligations and contractual requirements

4. AI and Automated Processing

5. Edge Devices and Local Processing

6. Data Ownership

7. Data Export

8. Legal Basis

Processing is based on:

• Art. 6(1)(b) GDPR — processing necessary for the performance of a contract with the Customer or to take steps at the Customer's request prior to entering a contract
• Art. 6(1)(f) GDPR — our legitimate interest in ensuring platform security, operational reliability, service improvement, and efficient industrial operations, where such interests are not overridden by the rights of data subjects
• Art. 6(1)(c) GDPR — processing necessary to comply with legal obligations
• Art. 6(1)(a) GDPR — consent, where explicitly obtained for specific processing activities

9. Service Providers and Data Recipients

We share data only with recipients necessary to deliver JetLink Pro Services, including:

• JBI Waterjet BV and authorized personnel
• Cloud hosting and infrastructure providers (e.g. Google Cloud / Firebase)
• Authentication and identity providers
• Email and notification delivery providers
• Analytics, monitoring, and observability providers
• Authorized equipment vendors and abrasive suppliers (where integrations or VMI are enabled)
• Professional advisers where required by law

All service providers process data under contractual safeguards, data processing agreements, and applicable GDPR requirements. We do not sell Customer Data.

10. Data Retention

Data is retained only as long as necessary to provide JetLink Pro Services, fulfill contractual obligations, comply with legal requirements, and resolve disputes. Operational telemetry may be retained according to subscription tier and platform retention settings. After termination of the business relationship, data is deleted or anonymized within 90 days unless legal retention periods apply or the Customer requests earlier export within the applicable window.

11. Data Security

We implement appropriate technical and organizational measures (TOMs) to protect data, including:

• Encryption in transit (TLS 1.2+, preferably TLS 1.3)
• Encryption at rest (e.g. AES-256)
• Role-based access control and least-privilege principles
• Authentication controls and secure credential management
• Audit logging and access monitoring
• Security monitoring and incident response procedures
• Restricted access to authorized personnel only
• Primary data hosting in the EU (europe-west1, Belgium) where applicable

Security incidents affecting Customer Data will be handled in accordance with applicable law, including GDPR breach notification requirements where required.

12. Data Subject Rights

Under the GDPR, data subjects have the right to:

• Access personal data relating to them
• Request rectification of inaccurate personal data
• Request erasure ("right to be forgotten") where applicable
• Request restriction of processing
• Object to processing based on legitimate interests
• Data portability where applicable
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority (e.g. Autoriteit Persoonsgegevens in the Netherlands)

Requests can be submitted to: privacy@jbiwaterjet.com. Organization administrators may manage certain user data directly within the Platform.

13. International Data Transfers

Primary Platform data is hosted within the European Union, including cloud infrastructure in the europe-west1 region (Belgium). If future international transfers outside the European Economic Area become necessary — for example due to additional service providers or global infrastructure — such transfers will be protected through Standard Contractual Clauses (SCCs) approved by the European Commission or other equivalent legal mechanisms recognized under GDPR.

14. Future Platform Modules

This Privacy Policy applies to current and future JetLink Pro modules and services, including JetLink Edge, JetLink AI, JetLink Predictive Maintenance, JetLink Inventory, JetLink API, and additional analytics, automation, or integration capabilities. Where new processing activities materially change our practices, we will update this Policy accordingly.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, platform capabilities, or legal requirements. The latest version will always be available at jetlinkpro.com/jetlink-pro/privacy. Material changes will be communicated through reasonable means where appropriate.