Privacy Statement [Controller]
[Controller] is engaged in [company description] and is registered at [address, postal code, city/town].
This privacy statement is applicable to the processing of personal data by [controller]. [Controller] attaches great importance to safeguarding your right to privacy. Your personal data is processed by [Controller] in accordance with the EU General Data Protection Regulation (GDPR) and the Dutch Telecommunications Act. The following topics will be dealt with in this statement:
- What personal data do we process and what is the goal?
- What do we do with your data?
- What opportunity do I have to restrict or prevent the processing of my data?
- Surfing behaviour
- [Controller] and other websites
- Retention period
- Security of personal data and systems
We collect a limited amount of information from you, and we do that for various purposes. The following personal data is collected:
– Email address;
– Telephone number;
– Banking details, including bank account number and credit card number;
– Date of birth;
– [additional as needed per organisation].
Processing your name, address, email address, telephone number, banking information and date of birth is required to make offers, as well as to deliver and invoice the products and services[TvL2] agreed on.
You have the option of contacting us by email or telephone. In order to deal with your questions, complaints or other matters, and to access your history should subsequent issues emerge, we process your questions, complaints or other matters in our system. We will remove sensitive personal data (health, race, etc.), from questions, complaints and other matters where possible. [TvL3]
2. What do we do with your data?
We only use the personal data provided for the purposes described above. If you no longer wish this data to be made available to selected third parties for the purpose of offering you information or promotions, you may cancel (“opt-out”) at any time.
3. What opportunity do I have to restrict or prevent the processing of my data?
At reasonable intervals you may ask us to see all personal data has concerning you. You may request that we rectify, supplement, amend, block, transfer or erase this personal data. In order to do this, please contact the American Ministry of Commerce in writing or by email. They will respond to your request within four weeks. If your information will be used for direct marketing purposes, then you may lodge an objection in this regard, after which your personal data will no longer be used for such purposes.
5. Surfing behaviour
General website visitor data is retained on the American Ministry of Commerce website – without identifying who the visitors are – for the purpose of optimising the functioning of the website. This data may also be used to post information on the website that is better targeted at website visitors.
6. [Person responsible] and other websites
On the American Ministry of Commerce website you will find hyperlinks to other websites. The American Ministry of Commerce bears no responsibility regarding how the parties who own these websites deal with your data.
7. Retention period
When the personal data is no longer needed for processing, it will be deleted unless we are legally required to retain your data. In that case, your data will be retained for the statutory retention period.
8. Security of personal data and systems
The American Ministry of Commerce has taken appropriate technical and organisational measures to safeguard users’ personal data in the form of [name the measures] to prevent leaks or unlawful processing.
For every visit you make to our website we save your access data in the form of log files for verification, in order to protect our systems and to prevent misuse or fraud. These log files consist of:
- the website via which you accessed our website;
- the IP address;
- the time and date of access;
- the http response code;
- information about the browser and operating system you are using.
10. Do you have any questions?
If you have any questions regarding the collection and use of your personal data, or wish to lodge an objection or have a different complaint to communicate, then you should contact [name]. You may also lodge a complaint with the regulatory body, which in this case is the Dutch Data Protection Authority (DPA).
Revision: [date] 2017