Introduction

“Dundle” is a trade name of Korsit B.V., Zwembadweg 12, 5611 KS Eindhoven, the Netherlands, Chamber of Commerce (KvK) number 69094438, VAT number: NL 857730824B01.

The website dundle.com is a domain name of Korsit B.V., Zwembadweg 12, 5611 KS Eindhoven, the Netherlands, Chamber of Commerce (KvK) number 69094438, VAT number: NL 857730824B01

Korsit B.V. attaches great value to the protection of your personal data. In this Privacy Policy, we want to provide clear and transparent information about how we handle personal data.

We do everything we can to guarantee your privacy and therefore handle personal data with care. Korsit B.V. (“Korsit”, “our company”, “we”, “us”) complies in all cases with applicable laws and regulations, including the General Data Protection Regulation (hereinafter GDPR). This means that we:

• Process your personal data in accordance with the purpose for which it was provided, these goals and types of personal data are described in this Privacy Policy;

• Processing of your personal data is limited to only those that are minimally necessary for the purposes for which they are processed;

• Appropriate technical and organizational measures are taken to ensure the security of your personal data;

As Korsit,, we are responsible for the processing of any personal data you share with us. If you have questions about our Privacy Policy or, in general, about the processing of your personal data and wish to contact us, you can do so by contacting our compliance team (compliance@korsit.com).

When and why do we process your personal data? (Purposes)

The personal data provided by customers is processed by Korsit B.V. for the following purposes:

• To process an order placed on our website (dundle.com);

• To execute a purchase order, deliver the ordered products and to complete the payment settlement (contract performance);

• For our company’s necessary internal administrative purposes (accounting and financial administration);

• To prevent theft, fraud, money laundering and terrorist financing and to secure our website’s systems. This includes the use of appropriate tools and systems that allow monitoring for fraud detection and prevention, or tools and systems used for customer verification (KYC) and/or payment verification;

• To defend against claims against our company by customers or other third parties (including, among others, legal claims, complaints and chargeback requests);

• Where necessary to support and substantiate legal claims of our company;

• To send you our website’s newsletter (only applies to users who have signed up and provided their consent to receive the newsletter);

• For Direct Marketing purposes, including email marketing campaigns to our existing customer base, on the basis of their recent purchases;

• For other marketing purposes and activities that do not constitute direct marketing, targeted advertising, retargeting and do not require the provision of consent (such as, transaction and product analyses, SEO analytics, identifying target audiences);

• To ensure our website’s security;

• To improve the quality of our services and of our website/application infrastructure;

• To ensure customer service

• Where necessary to comply with our legal obligations;

Grounds

The personal data is processed on the following grounds:

• The processing is necessary for the performance of the relevant concluded agreement, namely the concluded purchase agreement;

• The processing is necessary to comply with a legal obligation;

• The processing is necessary for the protection of the legitimate interests of dundle;

• You have given its consent for the processing of its personal data (e.g. consent to receive our newsletter).

What data do we collect about you? 

When you use our website (dundle.com) or our mobile application (Dundle app), make an order, contact us or sign up for our services (e.g. our newsletter), we process your personal data that is necessary for the above stated purposes. 

This includes your email address (when making orders, signing up for our services and contacting us), IP address, information on the device used, website/app behaviour, browser data, analytics data, first and third party data from cookies.

Furthermore, to prevent theft, fraud, money laundering and terrorist financing, we may be required to perform an ID and/or payment verification process. Accordingly, we may need to request the following personal data from you:

• Full Name 

• Physical Address

• Telephone number 

• Copy of telephone bill

• Copy of personal identification document (passport/ID card/driver’s licence)

• Copy of a bank statement

• Bank details

We collect only the data that are strictly necessary to fulfill for each purpose. For example, your personal identification documents or bank statement copies will be requested only when required for identity or payment verification and will not be used for any other purpose.

How long do we keep your data?  (Data Retention)

We shall retain your personal data for the aforementioned processing for the following periods of time:

• Transactional data: 7 years after the execution of the purchase agreement - for accounting and financial administration purposes, in accordance with our legal obligations;

• Processing based on your consent (e.g. consent to receive our newsletter, optional cookies): for as long as your consent is valid and has not been withdrawn;

• Processing based on our legitimate business interests: for as long as required to fulfill these purposes (e.g. improving our services, ensuring security of our systems, addressing , defending against claims).

• Data required to comply with other legal obligations: Retained for the period mandated by applicable laws.

Disclosure to third parties

We may provide the data you provide to us to third parties if this is necessary for carrying out the purposes described above. We share data with the parties with whom we have a business relationship in the production of the product you have purchased. 

In the processing agreement, we make agreements on the security of your personal data. We guarantee that we will not provide your data to other parties unless this is permitted under applicable data protection laws.

For example, we engage third parties for:

• The conclusion and execution of purchase contracts;

• The delivery of the digital products that we offer;

• Payment processing and chargeback handling;

• (Financial) Administration and accounting;

• The editing and/or distribution of our newsletter;

• Marketing analytics and direct marketing purposes (including email and push communications);

• The detection and prevention of fraudulent or other illegal activities;

• Customer Verification purposes (KYC).

Sharing Data for Fraud Detection, Payment Protection, and Security purposes

A. We use third-party service providers to help us detect and prevent fraud, protect payments, and maintain the security and integrity of our services. In this context, we share certain personal information of our website customers with our fraud prevention partners, during checkout. In particular:

1) For credit card transactions, we use Forter Solutions UK Ltd (“Forter”). Forter processes this data to identify and prevent fraudulent, illegal or unauthorized activities and to support payment authentication and optimization under PSD2 and 3-D Secure (3DS).  For this purpose, Forter may use automated processing and advanced technologies, such as machine learning algorithms and artificial intelligence, to assist in detecting patterns indicative of fraud or misuse. For more information on how Forter processes personal data, please see Forter's Privacy Policy and Privacy FAQ.

2) For all other payment methods, we use Sift Science, Inc (“Sift”). Sift processes this information to identify and prevent fraudulent, illegal or unauthorized activities. For this purpose, Sift may use automated processing and advanced technologies, such as machine learning algorithms and artificial intelligence, to assist in detecting patterns indicative of fraud or misuse. For more information about how Sift processes personal data, please see Sift’s Service Privacy Notice and an explanation of Sift services to end-users (customers).

B. In addition, we may disclose your personal data to other parties if we are legally obliged to do so or if it is necessary to protect our legitimate interests or the rights of others. 

This includes:

• Law enforcement authorities, if required by law or in the context of investigating suspected fraud or other illegal activity;

• Tax authorities, to comply with our tax obligations or when otherwise legally required by applicable legislation;

• Banks and payment processors, for transaction processing, fraud prevention, and chargeback resolution;

• Other public authorities or supervisory bodies, when legally required by applicable legislation.

Data transfers inside and outside the EEA

In some cases, we may need to transfer personal data to third parties outside or within the European Economic Area. Naturally, the security of your data remains a priority. We ensure that an adequacy decision of the European Commission is in place or, in the absence of an adequacy decision, we make sure to provide other safeguards or arrangements before transferring personal data outside the European Economic Area, such as Standard Contractual Clauses (SCCs).

Countries with adequacy decisions can be found on the European Commission's website.

Your Rights regarding your personal data

We aim to provide you with access to your data and allow you to update, modify, or, where legally possible, delete it. However, there may be situations where we are entitled to deny or restrict your rights, for example, when it is necessary to protect the rights and freedoms of other individuals or when we are legally required or authorised to retain certain Personal Data. If we deny or restrict access to your data, we will provide you with a clear explanation of the reason.

• The right to access your personal data and receive information about our processing operations

• The right to correct your personal data if it is incorrect (rectification)

• The right to the erasure of data ('the right to be forgotten’), providing there is no overriding legal basis for data retention (e.g. legal obligation, compelling  legitimate interest, performance of a contract) 

• The right to restriction of data processing: under specific conditions, you may request that we limit the processing of your data. If granted, we will only store your data and not process it further.

• The right to object to data processing: You can object to the processing of your personal data for direct marketing at any time. If processing is based on legitimate interest, you may object unless there are compelling legitimate grounds that override your rights or if the processing of your datais necessary for legal claims).

• The right to transfer your data (data portability)

• The right not to be subject to automated decision-making (applies to processing that is fully automated)

• The right to lodge a complaint with the applicable data protection authority.

If you wish to exercise your rights, please contact us and send your request to our Compliance team (compliance@korsit.com). . Before processing your request, we might be required to complete a customer authentication process. This is necessary in order to prevent any unauthorized access to, alteration or deletion of your personal data.

If you used different email addresses to place orders on our website or app, please submit a separate request for each address.

We may ask you to identify yourself before we can attempt to grant your request.

Even if we process your personal data on the basis of consent given by you to this effect, you maintain the right to withdraw this consent.

How do we protect your personal data? (Data Security)

We take reasonable precautions to protect our website and information automatically collected by www.dundle.com or voluntarily provided to www.dundle.com or an official page of www.dundle.com on a third-party website.

We also use industry best practices, technical and organizational controls to protect the personal information in our possession or control. 

These include role-based access control, SSL encryption, use of secure connections (TLS), Multi-Factor Authentication (MFA) and Single-Sign-On (SSO) to ensure secure login to our systems. Our employees are regularly trained to ensure data protection awareness and safety of your personal data.

We regularly review our processes and systems to verify that they meet industry best practices and to pursue sound security levels for our website.

Complaints

If you have a complaint about how your personal data is processed, we kindly ask that you contact us directly about it by sending your request to our Compliance team (compliance@korsit.com).

Additional Privacy Information for PaysafeCard Purchases

This section provides additional information on how we process your personal data when you purchase PaysafeCard products. It supplements our general Privacy Policy and describes the additional processing of personal data that applies specifically when you purchase Paysafecard products on Dundle.

As an authorized online seller of PaysafeCard products, we are required to comply with PaysafeCard’s product requirements and instructions, including those relating to the collection and processing of personal data of our customers. Under PaysafeCard’s instructions, when you purchase a PaysafeCard through our platform, we are required by PaysafeCard to collect and process additional personal data in order to complete the purchase and deliver the product to you, as detailed in this section.

What additional data do we process when you buy a PaysafeCard?

To complete your purchase and deliver the PaysafeCard product, we are required by PaysafeCard to collect and process the following additional personal data:

• First and last name

• Residential address

• Date of birth

• Mobile phone number (verified via a one-time SMS code sent through our trusted service provider Vonage – For more information, please refer to the privacy policy of Vonage.

Additional processing: Buying PaysafeCard outside the European Economic Area (EEA)

If you buy a PaysafeCard from outside the EEA, we are required to share your mobile phone number with PaysafeCard and its Partner Network. 

PaysafeCard and its Partner network shall use your mobile phone number as a unique PaysafeCard customer identifier to monitor customer transactions across the PaysafeCard distribution network, in order to apply country-specific transaction limits (daily and yearly) and country restrictions. If a transaction limit is exceeded, PaysafeCard and its Partner network will automatically reject the purchase and notify Korsit of the declined request,  including the reason (e.g. “Customer daily limit exceeded”). If the limits are not reached, your purchase request will be processed normally.

You can find further information about the applicable limits on PaysafeCard’s website and on the PaysafeCard product page on our website.

Why do we need to process this information?

PaysafeCard needs to comply with its legal obligations regarding the fight against money laundering and the prevention of terrorist financing. To comply with these legal obligations, under PaysafeCard’s product requirements, customers cannot buy a PaysafeCard without the collection and processing of the personal data listed above.

Therefore, we are required to process your information in order to:

• offer and deliver our PaysafeCard products to you (necessary for the performance of the contract – Article 6(1)(b) GDPR); and

• to ensure the secure and lawful provision of PaysafeCard products, including in compliance with PaysafeCard’s distribution requirements (legitimate interest – Art. 6(1)(f) GDPR).

Please note that providing this information is necessary in order to complete your PaysafeCard purchase. Without this data, we cannot process your order.

How long will we keep your information? 

Your data related to PaysafeCard purchases is retained as long as necessary to comply with PaysafeCard’s requirements, including monitoring of limits and record-keeping obligations, and thereafter in line with statutory retention periods (maximum of 7 years from the date of your last transaction).

Additional purposes – Fraud Prevention

In addition to the above, we may also retain and use your personal data relating to PaysafeCard purchases where necessary for our own fraud detection and prevention purposes, for as long as such data is required for these purposes. Where required, we may also share such information with competent authorities, if we are under a legal obligation to do so.

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

.dundle.com

• OptanonAlertBoxClosed , OptanonConsent

• First Party

dundle.com

• cookietest , __cf_bm , dundle.session.id , dundle.session.fp , _dc_gtm_UA-xxxxxxxx

• First Party

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Promotional offers from Sovendus GmbH

We display offers of interest to you in a pseudonymised manner. Your IP address is transferred to Sovendus GmbH, c/o Design Offices Karlsruhe Bahnhofplatz, Bahnhofplatz 12, 76137 Karlsruhe, Germany (Sovendus) (Art. 6(1) f AVG).

Sovendus uses your IP address for data protection purposes only and usually anonymises it after seven days, according to Article 6(1 f) of the AVG.

More information on how Sovendus processes your data can be found in their online privacy policy at this link: https://online.sovendus.com/nl/online-privacyverklaring/