Privacy policy

This privacy policy was last updated on August 18th, 2020

Base (“we“, ” us“ or ” our“) is an advanced link management tool developed by Four Dots DOO/a Four Dots. We are committed to the lawful, transparent, and fair handling of your personal data and your data privacy. Please read our privacy policy carefully to understand our practices regarding your personal data and how we will treat it. Since our lawful bases for collecting data are covered in our Base Legal Obligations section, and details on how we handle cookies in the Base Cookie Policy page, this privacy policy will illustrate your rights as a user, and explain what security measures we are taking in order to protect your data.

This privacy policy applies to your access to and use of:

  • the website (“Website”,” Service”) including all content, services, and products available at or through the website
  • Base web app
  • Base Chrome extension

(together the “Platform”, “Service”, “Website” )

This privacy policy, along with our Cookie Policy, sets out the basis on which any personal data we collect from you, or that you provide to us will be processed by us.

By accessing and/or using the Website, you are accepting and consenting to the practices described in this policy. This Privacy Policy is only applicable to the Website and Services available thereon, and not applicable to any other sites that you may be able to access from our Website via links, each of which may have data collection, storage, and use practices and policies that differ materially from this Privacy Policy.

Contact information Four Dots

Four Dots DOO, Mileticeva 28, 21000 Novi Sad, Serbia

Email: [email protected]

Contact information Base


Personal data – is any information relating to an identified or identifiable natural person (‘data subject’). In a nutshell, any data that can identify or point in the direction of a living person.

Usage Data – is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Processing – is any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means.

User/Client Data – for any personal data you upload, transmit or connect while using Base services – the natural person or persons to which this data relates are your data subjects and you are the data controller. In our Terms and Conditions and Privacy Policy, we refer to this data as User/Client Data.

Authorized Users – employees, agents, consultants, or independent contractors of the client who are authorized by the client to use the Services and the documentation

Controller – can be the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Base is a controller when handling data provided by our newsletter subscribers; data needed to communicate with our clients; and usage data meant to help us optimize the Website for our users.

Processor – can be a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Base is a processor, for instance, when analyzing User/Client Data to provide our clients with the services they requested.

Using Base to manage your data means that you have engaged Base as a data processor to carry out certain processing activities on your behalf.

About this Policy

This Policy sections and details:

What personal information do we collect?

How do we collect your information?

How long will Base retain your data?

How do we use the collected data?

Base as a processor of User/Client Data

Who processes your information?

Third-party service providers

How do we protect your data?

What do we do in case of data breach/loss?

Where and how is your data stored?

What are your rights regarding your personal data we process or control?


Our policy regarding minors and data relating to them

Links to other websites

Do Not Track

Privacy Policy updates and changes

What personal information do we collect, how do we collect it, and how long do we keep it?

We collect several different information types for various purposes in order to provide and improve our service to you.

Types of Data Collected:

1) Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address – Needed for us to contact you, send product updates and newsletters, report issues with your data, and prevent abuse. Under the Legitimate interest lawful basis, we sometimes retain customer emails, so as to prevent the abuse of our free trial system, as elaborated on our Legal Obligations page.
  • Full name – Needed for us to contact you, send product updates and newsletters, report issues with your data, and prevent abuse. We delete this data as soon as it’s no longer needed.
  • Cookies and Usage Data – We use cookies in order to provide a better service or identify which pages on the Website are of special interest. A cookie is a small piece of information that a website stores on your web browser and which can later be retrieved. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.

If you have previously opted in to receive these types of communiqués from us, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

2) Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

This data is not shared with others and is only used to help us provide our users with a better browsing experience. The data is periodically reviewed and erased or anonymized when no longer needed.

3) Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. They are used to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

4) Integration Data

When authorizing any of the integrations offered with the service, our code will have access to any data made available by the integrations API. If the integration requires a specific set of permission scopes to be authorized by the user, the API data accessed will also be limited to these scopes.

Data retrieved from certain integrations may be cached for a short period and may be stored on our servers to improve the deliverability of data with the service. The data obtained from integrations will only be used in the dashboard and reports that you and your users have access to. The data is not used internally or in any place that you do not have access to.

Base will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

How we use collected data

We use this data to provide you with information and services that you request or subscribe to; to send you information about our company or our products or services, or to contact you when necessary (i.e. notices relating to the Service; service alerts; respond to your questions and concerns). We also use your personal data to bill you for our paid Services. While we reserve the right to send you an email concerning your account billing status and service alerts, you may opt out of our general marketing and promotion emails.

Base as a processor of User/Client Data

Depending on the context of the personal information you provide, Base may be the data controller (“controller”) or data processor (“processor”) of your personal information under this policy. Base is a processor of Client Data, personal information submitted to the Service or collected through the Service on behalf of or at the direction of subscribers.

Article 28 of the GDPR specifies that the relationship between the controller and the processor should be made in writing (electronic form is acceptable under subsection (9) of the same Article). Base’s Terms and Conditions and Privacy Policy serve as your data processing agreement, setting out the instructions that you are giving to Base with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. Base will only process your Client Data based on your written instructions as the data controller unless required by law to act without such instructions.

You or other authorized users of Base may upload and transmit Client Data as part of the Service that contains personal data relating to you or other individuals. We do not view or control such Client Data and simply process the Client Data on behalf or you or the owner of the Application in accordance with our Terms and Conditions. You expressly acknowledge that you or the person uploading, connecting or transmitting the Client Data (as applicable) retain sole responsibility for the Client Data and for obtaining all relevant consents, from the individual to which any personal data contained within the Client Data relates to the processing of that personal data as part of the Service and that such personal data is not covered by this Privacy Policy. Client Data is processed in the EEA and in the US. It is the responsibility of the Client to ensure that it has a suitable privacy policy in place to cover the transmission and processing of the Client Data and any personal data that it contains.

Who processes your information?

We may disclose your personal data to the following persons:

1. Disclosure of information within Base: We limit access to your personal data to employees who reasonably need to process such information as described under this policy. In this situation we:

  • shall take commercially reasonable steps to ensure the reliability and appropriate training of any Authorized Employee.
  • shall ensure that all Authorized Employees are made aware of the confidential nature of Personal Data and have executed confidentiality agreements that prevent them from disclosing or otherwise processing, both during and after their engagement with Processor, any Personal Data except in accordance with their obligations in connection with the Services.
  • shall take commercially reasonable steps to limit access to Personal Data to only Authorized Individuals.

2. Disclosure of information to particular third parties: We may disclose your personal data to the following third parties:

  • other members of our group (which means our subsidiaries, our parent company and its subsidiaries, for the purposes outlined in this Privacy Policy
  • to contractors, service providers such as Intercom, and other third parties we use to support our business. These entities have to be GDPR compliant, are bound by contractual obligations to keep personal information confidential and can use it only for the purposes for which we disclose the information to them.

3. Disclosure of information in certain circumstances: We may also disclose your personal data:

  • in the event we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or asset;
  • if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligations, or in order to enforce or apply our terms for use of the Base Website and other agreements; or to protect the rights, property or safety of Base, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Beyond this, we will not share your personal data with any other person without your consent.

Third-party service providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We may use third-party Service Providers for:

1) Monitoring and analyzing the use of our Service.

  • Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

  • Hotjar

Hotjar is used to track and record user behavior on our Website and is meant to help us improve our service. You can view their GDPR compliance page here

2) Payments processing

  • FastSpring

We may provide paid products and/or services within the Service. In that case, we use a third-party service for payment processing – FastSpring.

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.

3) Customer management and communication

  • Intercom

We use Intercom to communicate with our customers and provide them with the necessary support. You can review their GDPR compliance info here.


How do we protect your data?

In order to ensure the correct use of information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect in association with the Service. Please be aware, however, that no data transmissions over the Internet or other networks can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security or integrity of any information you transmit to us or that you authorize us to collect on your behalf. You transmit information to us and authorize us to collect information on your behalf, at your own risk. Once we receive your information, we make reasonable efforts to protect it from unauthorized access, disclosure, alteration, or destruction. If you have any questions about security on our Site, you can contact us at [email protected].

What do we do in case of a personal data breach?

If we are the data controller, when Base learns of a security systems breach that is likely to result in a high risk to their rights and freedoms, we will attempt to notify the data subject electronically within 72 hours so they can take appropriate protective steps. If we are the data processor, we will attempt to inform the controller of the breach, without undue delay. Base may post a notice through the Service if a security breach occurs. If this happens, you will need a web browser enabling you to access the Service. Base may also notify you via email in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

Where and how is your data stored?

Your information collected through Base Services may be stored and processed in the United States, Europe, or any other country in which Base or its subsidiaries, affiliates or service providers maintain facilities. Base may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Economic Area (EEA) or other regions with laws governing data collection and use, please note that we will generally not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.

If such transfers to countries without an adequate decision by the European Commission turn out to be necessary, Base puts appropriate safeguards through contractual obligations.

What are your rights regarding your personal data we process or control?

As a data subject, ie. someone whose personal data we are using, you have the following rights (some of which are relevant to us only when we are in the position of the data controller):

Right to be informed

Refer to your right to be informed if we start collecting your data, why we are collecting it and where the data is coming from, in a timely and clear fashion. As consent or contract is the most common basis for our data collection, in most cases, where required, we will ask for your consent before starting to keep any kind of track of your data. Depending on the data we need and the type of our relationship with the data subject in question, we will ask for their consent through a site pop-up, an email, or another appropriate method.

Right of access

Should you send a request to access your data, held by us, we have one month to comply. You can make the request verbally, or in writing, and are to be granted access to your data without having to pay us a fee. You can make the request at [email protected].

Right to rectification

If you feel that some of your personal data that we are storing are incorrect, you can make a verbal or written request to have us make the necessary corrections. We maintain a procedure in order to help you confirm that your Personal Information remains correct and up-to-date. We have one month to respond, but can also contest that the data is accurate and that there is no need for correction, should we determine there are grounds for such refusal to comply.

Right to erasure – Right to be forgotten

If you want your data removed from our database, you have the right to demand it be erased. If your written or verbal request is valid, we will have one month to comply with it. You can ask for data to be erased if we obtained it on the grounds of your consent and you are no longer willing to provide it; if we no longer need it for whatever it was originally needed for, and in a number of other cases. The only exception to this being us keeping your email address in a separate database to prevent abuse, on the grounds of legitimate interest lawful basis.

Base will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Base will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. You can make the request at [email protected].

Right to restrict processing

Where personal information is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise, or defence of legal claims. This right includes restricting the processing of your personal information to only include storage of your personal information (e.g. during the time when Base assesses whether you are entitled to have personal information erased). You can make the request at [email protected].

Right to data portability

If we are using your personal data, you have the right to expect us to be prepared to safely and promptly send that data to you, or, if technically feasible, to a third party of your choice, in a machine-readable format. This right only applies to us when we are in the position of a data controller. You can make the request at [email protected].

Right to object

Where we are relying upon legitimate interest to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the personal information for the establishment, exercise, or defence of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis. You can notify us of your objection at [email protected].

Right not to be subject to automated decision-making

Mostly related to profiling and automated marketing campaigns. Data subjects have the right to demand to be exempt from such practices, while we are obliged to give them means of easily communicating their desire to be excluded.

Right to withdraw consent

Where you have provided us with your consent to process personal information, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can do this by:

  • using a certain web browser and opt-out options discussed in this Privacy Policy to limit the personal information you provide to us or our third-party partners,
  • Contact us at [email protected]
  • following the unsubscribe instructions included in emails
  • by accessing the email preferences in your account settings page in the application


Despite us doing everything in our power to ensure the safety of your personal data, intrusions are always possible. In order to maximize the privacy of your data, and to minimize the impact of possible breaches, we are required to:

  • Perform regular risk assessments, ensuring we are aware of the potential impact of security breaches.
  • Segment our data and keep a close record of who has access to which data segments, not only to compartmentalize the potential damage but also to be able to establish culpability.
  • Inform you (or your data controller, if we are only processing the data) of any security breaches.
  • Adapt our policies and their implementation to ensure maximum security.
  • Encrypt all sensitive data (tokens, keys).
  • Pseudonymize 3rd party data.

Our policy regarding minors and data relating to them

Our Websites and Services are not intended for children under 16 years of age. No one under the age of 16 years old may provide any personal information to or on the Websites and Services.

We do not knowingly collect personal information from children under 16 years old. If you are under 16 years old, do not use or provide any information on our Websites or Services including on or through any of their features, register on the Websites or Services, make any purchases through the Websites or Services, use any of the interactive or public comment features of our Websites or Services, or provide any information about yourself to us, including your name, address, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 years old, we will delete that information without undue delay.

If you believe we might have any information from or about a child under 16 years old, please contact us at [email protected].

Links to other websites

The Site contains links to other websites. We are not responsible for the privacy practices or the content of such websites. We also make our blog and our social media accounts available to you. Please understand that any information that is disclosed and/or shared on these platforms becomes public information. We have no control over its use and you should exercise caution when deciding to disclose your Personal Information and any other information you consider private.

Do Not Track

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Changes to our Privacy Policy

Base reserves the right to make any and all necessary changes to this Policy at any time and for any reason. We will notify you of any changes and/or modifications to the Policy by updating the “Last Modified” date on this Policy, or when required, directly by asking for your consent. You are encouraged to periodically review this Policy to stay informed of updates. You shall be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Policy by your continued use of Base services after the date such revised Policy is posted, except in cases where your explicit consent is required.

Contact Us

If you have any questions about this Privacy Policy, please contact us through the following email:

[email protected]