SE Factory B.V. privacy statement

This privacy statement applies to all personal data that is processed within our organisation. 

Article 1. Privacy Policy notice

1. The purpose of this privacy statement is to explain how we handle privacy.
2. We are the data controller. Our full details are:

3. We respect and protect your privacy. We make every reasonable effort to ensure that all personal data provided to us is treated confidentially and is used, stored and managed in compliance with the applicable privacy legislation at all times.

4. All customers, visitors to our website and employees are data subjects and consent to us including personal data in the automated file and using this data for the purposes described in Article 2.

5. The basis for the processing of personal data is: execution of the sales contract, our legitimate interest (marketing and improvement), in some cases a vital interest, complying with a legal obligation and explicit consent.
   

Article 2. Purpose of data collection

2.1  You consent to us sharing the personal and address data you provide solely with our suppliers acting on our behalf for the purposes described below under 2.3. Insofar as we request your explicit consent, you have the right to withdraw your consent at any time.

2.2 The processing of personal data within the organisation applies to the following categories of persons: current and former customers and employees, and visitors to the website.

2.3 We guarantee that any personal data you provide to us will primarily be used for the following: 

1. Executing the sales contract.
2. Reporting changes to policies, documents and our services.
3. Recording and handling complaints, requests and requests.
4. Complying with the statutory (fiscal) retention obligation and other legal and regulatory obligations.
5. Handling invoices and direct debits.
6. Securing and protecting our business operations and identifying and helping minimise fraud, unauthorised activities, claims and other liabilities.
7. Maintaining relationships with customers and suppliers.
8. Conducting (demographic and statistical) research anonymously.
9. Executing the employment contract.

Article 3. Categories of data collected 

The categories of data about you that we may collect, use, disclose and otherwise handle may vary from country to country and legislation to legislation. 

1. Name and contact details: We collect your company name, first and last name, e-mail address, postal address and other similar contact information such as your e-mail address and telephone number. 
2. Content: We collect content from the messages you have sent us, your questions, and the information you have provided for processing the sales contract, after-sales activities and any complaint handling. 

3. Payment details: We collect the data required for invoicing and the collection thereof and, in case you are an employee, your remuneration. 
4. Device and consumption data: We collect information about your device, such as the IP address, Internet browser and type of device, device IDs, login and logout information, regional and language settings and how you and your device work with our website(s) and our services/products. This data includes information about the operating systems and other software installed on your device, including product codes.
   
5. References: We may collect references if you are an employee.

Article 4. Access, rectification or erasure of personal data

4.1 We strive to maintain accurate records of your data. You have the right to access the data processed about you, to have it rectified and to have incorrect data erased. 

4.2 To exercise these rights or to submit a complaint or a request for information about our privacy practices, please contact us via e-mail at info@emdrkit.com.

4.3 To enable you to exercise your rights, we may ask that you include a copy of your identity card with your request, or we may take other steps to verify your identity. To guarantee your privacy as much as possible, we request that you black out your passport photo and Citizen Service Number (BSN). We will respond to your request within four weeks at the latest.

4.4 We may charge a fee if you submit a request for the second time within a period of 6 months.

Article 5. Third parties 

5.1 We will not provide personal data to third parties without your explicit consent, unless a statutory provision compels us to do so or such provision to a third party is necessary.  

5.2 We share address, personal and payment details with third parties who perform services on our behalf, either for quality purposes or because of a legal obligation. Third parties we use include the Mollie payment system, the Woocommerce ordering system, the Sendcloud shipping system, the Gmail e-mail program, the KING accounting program and the senddesk chat program. We do not authorise these third parties to use the information for their own purposes.

5.3 Links to third party websites will only be displayed for your convenience. When you use these sites, you are leaving our website. We do not manage these sites and are not responsible for them. If you decide to visit a third-party site linked to this site, you do so entirely at your own risk. 

5.4 We will only process the data we collect about you within the European Economic Area (‘EEA’).

5.5 Our website installs cookies to create a better web experience. Cookies will not be used for any other purposes. 

5.6 Upon finishing their processing service, third parties are obliged to delete the data, as well as any copies, unless the processor is obliged to keep these data. 

Article 6. Security 

6.1 We take the utmost care to process your data safely, with the aim of preventing unauthorised access to or disclosure of data, maintaining the accuracy of data, and ensuring the correct use of data. To this end, we have taken physical, electronic and organisational control measures to protect and secure the information we collect online. We use encryption, including SSL security, to collect or transfer important data. 

6.2 We cannot guarantee the effectiveness of such security measures and nothing in this notice may be construed as an express or implied warranty against loss, misuse or unauthorised access, disclosure, alteration or destruction.

6.3 Service providers who may have access to your information to provide services on our behalf are contractually obliged to hold such information in confidence and implement adequate data security measures, and may not use this information for any other purpose. 

Article 7. Suspicion of misuse

7.1 We reserve the right to take both proactive and corrective action in case of suspicion of misuse. This means that, in cases of suspected misuse, we have the right to store and retain all data from and about visitors and any order/request for information as possible proof of misuse. We also have the right to request further information about the tenderer from third parties in case of sufficiently substantiated suspicion of misuse. If there is sufficient evidence, we may take appropriate measures, including exclusion from our website or services and/or reporting the suspected misuse to the police and/or other relevant authorities.

Article 8. Retention periods

8.1 We retain your data for as long as necessary to achieve the purposes for which we collect it, except when otherwise required by law.

8.2 We collect data from our website www.emdrkit.com. We do this by using Senddesk AdWords and Google Analytics, among other things. This data cannot be traced back to actual persons. It entails general visitor numbers, country of origin and the pages that have been visited.

8.3 We store the data required for the financial settlement/guarantee of sales contracts for 7 years, and the data required for payroll taxes for 5 years. Other employee data is stored for a maximum of 2 years after termination of employment. A past, recent or expected (employment) conflict may be a reason for deviation from these retention periods. 

8.4 Data from our employees’ calendars, e-mails and log-in details is stored for up to 4 years. 

8.5 Personal data whose retention period has expired or that is no longer required or being used, will immediately be destroyed. 

Article 9. Changes to the privacy statement

9.1 We have the right to amend this privacy statement. These amendments will be posted directly to our website. We are not liable for damage caused by amendments to this privacy statement.

9.2 The present privacy statement is effective as of 15/05/2018 and replaces all previous versions.

Article 10. Complaints

10.1 Please contact our management if you believe that the provisions of this privacy statement are not complied with or if you have other reasons to complain regarding the recording of your data.

10.2 If you have any complaints about the processing of your personal data, you have the right to submit a complaint with the Dutch Data Protection Authority.

Please contact info@emdrkit.com for questions regarding this privacy statement, the website or SE Factory B.V.

© 2018, Aecius juridisch advies, Groningen.