Dundle (RO) Privacy Statement
The protection of your personal data is very important to Dundle (RO). In this Privacy Statement, we intend to give clear and transparent information about how we treat your personal data.
We will do everything to safeguard your privacy and treat your personal data with care. In any case, Dundle (RO) will comply with the applicable laws and regulations, including the General Data Protection Regulation. This entails that we will at least:
Process your personal data in accordance with the purpose for which you submitted them. These purposes and types of personal data are described in this Privacy Statement;
Limit the processing of your personal data to those data that are strictly necessary for the purposes for which they are processed;
Ask your explicit permission if we need this to process your personal data.
Take appropriate technical and organisational measures to safeguard the protection of your personal data.
Refrain from passing personal data on to third parties, unless this is necessary for the performance of the purposes for which they were submitted;
Be aware of your rights regarding your personal data, inform you about them, and respect them.
Dundle (RO) is responsible for processing your personal data. In case you have any questions about our Privacy Statement after reading it, or you wish to contact us about it, please do not hesitate to do so using the contact details at the bottom of this document.
Dundle (RO) processes personal data of customers and suppliers for the following purposes:
To execute the Purchase Agreement, the delivery and the payment;
Verification purposes for the prevention of theft, fraud, money laundering, and terrorist financing, and for the security of Dundle (RO)'s systems;
To send newsletters to purchasers and other interested persons;
To gather website statistics;
To improve the website's ease of use;
To optimize customer satisfaction and the 'shopping experience';
Market analysis and target audience analysis;
Targeted advertising and to make personalized offers.
The personal data are processed on the following grounds:
Processing is necessary for the execution of the agreement, that is the Purchase agreement with the client;
Processing is necessary to comply with a legal obligation, e.g. for a customer research under the Dutch money laundering and terrorist financing prevention act (Wet ter voorkoming van witwassen en financieren van terrorisme or WWFT);
Processing is necessary to promote Dundle (RO)'s justified interests, to wit sending newsletters to customers and to gather website statistics;
The data subject has given their consent. This is the case, for instance, when they sign up for newsletters;
The data subject has given their consent for placing Google Analytics' (tracking) cookies referred to in the cookie bar.
Nature of personal data
Dundle (RO) may process the following personal data for the aforementioned purposes:
Contact's phone number;
Contact's email address;
IP address and MAC address;
Copy of passport or ID card;
Copy of a bankstatement;
Banking and/or credit card information.
Additionally, but only after obtaining your permission, we may use Google Analytics to collect information about sex, age, interests, web pages visited or to be visited, peripheral equipment used, software settings, and referrer URL.
Dundle (RO) will retain your personal data for the aforementioned processing for the following periods:
For 5 years after closing the Purchase Agreement;
For 7 years after execution of the Purchase agreement - for the sole purpose of financial administration;
For as long as legally required;
For as long as the interested person remains signed up for the newsletter;
For 6 months after the most recent Purchase Agreement with respect to the newsletter; or
For 5 months if it concerns information obtained through (tracking) cookies from Google Analytics.
Disclosure to third parties
The data you provided to us may be disclosed to third parties if this is necessary for the purposes described above.
For instance, we hire third parties for:
For closing and executing Purchase agreements;
The delivery of digital products;
The (financial) administration;
Editing/delivery of the newsletter;
To detect and prevent fraudulent activity.
We will only disclose personal information to third parties with whom we have signed a processing agreement. Of course, the processing agreement contains the necessary arrangements to safeguard the security of your personal data. Other than this, we will not disclose the personal data you provided us with to third parties, unless this is legally required and allowed. An example of this is that the police ask us for (personal) data within the framework of an investigation. In such event, we are required to cooperate and to surrender these data. We may also share personal data with third parties if you give us your written permission for this.
We use the personal information we collect in connection with providing you our services to detect and prevent fraudulent activity. We share this information with Sift, a third-party service provider to assist us with this effort. To learn more about Sift, please see their Service Privacy Notice.
We collect data with the help of Google Analytics' (tracking) cookies and share them with third parties. More information about this is provided at policies.google.com/privacy.
Within the EU/EEA
We provide personal details to parties within the European Economic Area (EEA) or in countries, sectors, and/or regions of countries for which the European Commission has taken an adequacy decision. In such decision, the European Commission determines if the country in question offers an appropriate level of data protection. An adequacy decision has also been taken with regard to the United States, but only insofar as the receiving party has committed themselves to compliance with the principles provided in this decision, also called the Privacy Shield.
All countries with an adequacy decision are listed at the website of the European Commission.
We collect data with the help of Google Analytics' (tracking) cookies and transfer them to the United States.
We only process personal data of minors (persons under the age of 16) if a parent, guardian, or legal representative has given written permission for this.
We have taken appropriate technical and organisational measures to protect your personal data against unlawful processing. These measures include the following:
All persons who have access to your personal data on behalf of Dundle (RO) are sworn to secrecy;
Our systems are protected by a user name and a complex password policy;
We make backups to be able to recover data in case of physical or technical incidents;
We regularly test and evaluate our systems and measures;
Our employees are informed about the importance of the protection of personal data.
Rights regarding your data
You have the right to inspect the personal data we received from you and to have them rectified or erased. You may also object against the processing of your personal data (or part thereof) by us or by one of our employees. You also have the right to 'be forgotten' and to have the data you provided transferred to you or directly to a third party of your choice. You also have the right to refuse to be subject to automated individual decision-making, including profiling. You have the right of limitation and the right to object. For further explanation, please contact us or refer to the Data Protection Authority www.autoriteitpersoonsgegevens.nl for information. We may ask you to identify yourself before granting your request.
If we are processing your personal data based on your permission, you have the right to withdraw that permission at all times.
Should you have any complaint about the processing of your personal data, please contact us directly. If we are unable to reach a mutual agreement, that is, of course, most regrettable. You always have the right to file a complaint with the Data Protection Authority. This is the supervisory authority in the field of privacy protection.