This Policy indicates the purposes for which the collected personal data is used and how an effort is made to ensure adequate protection of this data.
In this regard, we follow the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EU, hereinafter referred to as ‘GDPR’.
Furthermore, we will ensure that we conform as far as possible to the provisions of the implementing decrees taken in response to the aforementioned legislation.
1.1. Personal data
Personal data includes any information relating to an identified or identifiable person. A person is considered ‘identifiable’ if he or she can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements specific to his or her physical, physiological, psychological, economic, cultural or social identity .
For example, as the controller we can collect your name, address, telephone number, e-mail address, IP address, etc.
1.2. Data management
We ensure proper security of the stored and processed personal data. Both we and our appointees take the necessary technical and organizational measures to secure the processing to be performed.
To the extent possible and reasonable, we will ensure that the data is updated and that incorrect, incomplete and irrelevant data is corrected or deleted.
Furthermore, we will ensure, to the extent possible and reasonable, that our employees only have limited access to the data and processing options. In particular, they will be limited to those who need them for the exercise of their duties or to what is necessary for the needs of the service.
In this way we try to offer an appropriate level of security for this personal data and its processing.
The data subject will be obliged to provide us with the requested personal data because this is a necessary condition for concluding and executing the agreement.
If the data subject does not provide the requested information, we will not be able to provide the requested products and/or services.
In order to be able to carry out any direct marketing in a targeted manner, we use profiling. In this way we will only inform our customers by e-mail of the promotions and products in which they could show a special interest.
1.3. Purpose of the processing
We process personal data for various purposes. With each processing, only the data that are necessary to achieve the intended purpose are processed.
More specifically, we pursue the following objectives:
– conducting customer administration and order processing; – executing agreements; – invoicing; – direct marketing & statistical purposes; – optimizing the quality, content and management of the website; – answering a specific question and/or providing information via our contact form.
1.4. Legal basis of the processing
The processing of personal data by us is therefore based on the following legal grounds:
– consent of the customer/data subject; – necessity for the execution of the agreement or taking pre-contractual measures; – necessity for the representation of our legitimate interests, in particular to ensure the continuity of the activities; – to comply with all legal or we are able to comply with regulatory provisions to which we are subject.
1.5. Sharing data and door gifts
In principle, personal data is only shared with the consent of the natural person concerned or if this is necessary to complete a transaction or to be able to deliver a product or service.
When purchasing via the webshop, the data is shared with the payment provider. This is Mollie BV, with its registered office at Keizersgracht 313, 1016 EE Amsterdam.
Furthermore, if necessary, the data is also shared with our suppliers, when required by law, when we are involved in a dispute with the data subject, to protect customers, to guarantee the safety of the products and to protect our (property) protect rights.
We will not pass the relevant data on to a third country or international organization.
1.6. Data retention period
The personal data collected will be processed by us during the entire period in which the person concerned uses our services.
If the data subject no longer uses our services, their personal data will be stored for a period of ten years after the end of the collaboration with the data subject, unless certain statutory limitation or retention periods would require a longer period.
This period will allow us to comply with our legal obligations, enforce regulations, resolve disputes, maintain security, prevent fraud or abuse, etc.
1.7. Rights of data subjects
We will facilitate the exercise of the following rights to the natural person:
– right to inspect his personal data; – right to rectification of his incorrect personal data; – right to erasure of his personal data; – right to restriction of the processing of his personal data; – right to portability of his data; – right to object to automated individual decision making.
In addition, the data subject has the right to revoke the consent he has given to the processing of his personal data at any time. However, such withdrawal cannot affect the lawfulness of the processing based on the consent before its withdrawal. To this end, the data subject can send her request by e-mail to us at the e-mail address firstname.lastname@example.org
We will respond to the customer’s request without undue delay and in any event within one month.
1.8. Final Provisions
If the data subject is of the opinion that the processing of her personal data infringes the provisions of the GDPR, she can lodge a complaint about this with the competent supervisory authority.