With this privacy statement we inform you about how we handle personal data. The Dutch version of this statement is authoritative in case of discrepancies.
1. Who is responsible for the processing of your data?
In this privacy statement, NNextgroup BV and associated companies (hereafter: "NNextgroup" or "we") describe how they treat your personal data as controller.
2. What is personal data?
Information that can be traced directly or indirectly to a natural person is personal data.
3. Personal data that we process
We process personal data about you because you provide us with data when entering into an agreement with us, but also when you use our services and thereby provide us with data, or enable us to record information about you.
Information provided to us:
If you enter into an agreement with us, we need the following personal information from you:
• name and business address;
• contact details (telephone numbers, e-mail addresses);
In some cases, e.g. when looking for a job or entering into a contract, the following personal data are recorded
• date of birth;
• financial data (bank account information, offers, invoices).
• other data relevant to the agreement concerned.
Information about your use of our services and / or products
If you make use of our services or otherwise have contact with us, we process the following data in the context of our service - depending on the exact use you make of it - that can be seen as personal data:
• data relating to your peripherals, such as a MAC address, IP address or other number;
• your communication preferences and settings;
• surfing behavior, determined on the basis of our own observations or cookies (see also article 9 of this privacy statement);
• customer satisfaction data;
4. No processing of data from persons younger than 16 years
We do not intend to collect data from website visitors who are younger than 16 years of age. We encourage parents to be involved in the online activities of their children.
5. Processing: foundations and legitimate interests
The processing of personal data takes place based on the following basis from Article 6 of the General Data Protection Regulation:
2. Implementation of an agreement with you
3. Legal obligation
4. Fulfilling a task of general interest
5. A legitimate interest of us or a third party
Justifiable interests include: marketing, advertising, security, (crime) prevention, IT management, research and analysis into own products or services, business management, legal affairs, internal management.
6. Purposes for the processing of personal data
NNextgroup processes your personal data for the purposes mentioned below. The figure behind each goal corresponds to the principle mentioned in article 5 of this privacy statement.
• Building and maintaining the customer relationship for commercial purposes, among other things (basis: 2, 5).
• Handling orders (including invoicing), processing in financial records and further processing [basis: 2, 5].
• Providing customer service including service for buying services and products, fulfilling warranty obligations and product revocation for our own services, handling complaints and requests (basis: 2, 3, 4 or 5).
• Carrying out market research to improve our operations, brands, services and products [basis: 5].
• Approach you with offers or other commercial information. You always have the option to unsubscribe by making an objection. All communication indicates how you can do this [base: 1 or 5].
• The (further) development and improvement of new and existing products and services [basis: 5].
• Measuring customer satisfaction, providing management information and determining the overall business strategy [base: 1 or 5].
• Organizing events for data analysis purposes in order to improve or develop products or services, in which participants of these events work with personal data in (pseudo) anonymous form, to the extent allowed under applicable law [base: 5].
• Providing services on the internet and via app functionalities, including providing relevant commercial messages in these apps [base: 1, 2 or 5].
• Compliance with legal obligations, settlement of disputes and enforcement of our rights and agreements [basis: 3, 4 or 5].
• Linking and analyzing cookies from our websites to known customer data. We do this to tailor the content of our communication as much as possible to your personal preference [base: 1 or 5].
7. Share with third parties
NNextgroup will share your personal information with third parties in, among other things, the following cases and with accompanying reasons. The figure behind each goal corresponds to the basis mentioned in article 5 of this privacy statement:
• if we are legally obliged or authorized to provide personal data to third parties [basis: 3]
• if we suspect a violation of the rights third parties, of criminal offenses or of abuse, we may provide personal data to third parties with a legitimate interest or to bodies that serve the public interest. These may also be enforcement authorities, such as the Public Prosecution Service or supervisors [base: 3, 4 or 5]
• NNextgroup may also share your information with other business units or sister companies for the execution of an agreement with you, or for legitimate business interests, such as conducting a central administration or customer service, and analyzing our service to you [base: 5]
• with parties that assist us in our services and are not processors (eg accountants and (legal) advisors) [basis: 5 ]
• for business economic purposes (such as the sale of business activities or shares or a reorganization) [base: 5] .Nextgroup also uses services from third parties that act as 'processors' (eg hosting service providers, mobility service providers and research agencies) with the aim of market research or customer satisfaction survey. These service providers will provide personal information ns only processed in accordance with the instructions and under the control of us.If personal data are sent to a recipient abroad, this usually only goes to a recipient in a country that, according to the European Commission, offers a level of protection appropriate to personal data. If personal data are sent to a recipient in a country that does not provide an adequate level of protection, we will ensure that the legally required guarantees are taken. If you wish to receive further information about the transfer of your personal data to countries outside the European Economic Area, you can contact the Data Protection Officer (see article 12) .
8. How long we keep data
We keep personal data in accordance with our internal data retention policy and / or as long as (i) you are a customer or employee or continue to show interest in the services, (ii) we are legally obliged to retain data, or (iii) we good grounds believe that data may be stored, insofar as necessary.
9. Mapping website visit
10. Your rights, including the right to object
You have the right to know what personal data we have recorded about you and to whom we have provided your personal data. For this you can contact us via the email address email@example.com. We will endeavor to respond within the legal deadline. Excessive requests can be left out of consideration.
In addition to the right of inspection, in relation to our processing of your personal data you have the following rights:
• the right to withdraw your consent, insofar as our processing of your personal data is based on it;
• the right to lodge a complaint with the Dutch Data Protection Authority
• the right to (have) rectify / correct your personal data
• the right to delete your personal data
• the right to limit the processing concerning you
• the right to data portability
• the absolute right to object to direct marketing
• the right to object to processing that takes place because of our legitimate interests or a third party (depending on your personal circumstances) .
You can only exercise your rights insofar as the law you grant these rights. To make sure that the request for access is done by yourself, we ask you to send a copy of your ID with this request. We also ask you to make the passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) unrecognizable on this copy.
11. Data security and protection
NNextgroup applies appropriate security measures to minimize abuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. Wi j have taken both technical and organizational measures to protect your personal data. These security measures are periodically reviewed based on threats, advancing insights and the development of technology.
For questions and / or comments regarding this privacy statement, please contact: firstname.lastname@example.org Our Data Protection Officer can be contacted by e-mail at the above address.
The way we process personal data, and the composition or quantity of data that we process, may change. That is why we reserve the right to change this privacy statement. You will be informed of a change if necessary. This Privacy Statement always states the last date of change. This statement was last revised on Sept 23, 2018.