Privacy Policy Hart Beach
ABOUT OUR PRIVACY POLICY
Hart Beach values your privacy. We therefore only process data that we need for (improving) our services and handle the information we have collected about you and your use of our services with care. We will never make your data available to third parties for commercial purposes.
This privacy policy applies to the use of the website and the services provided by Hart Beach. The effective date for the validity of these terms is 23/05/2018; with the publication of a new version, the validity of all previous versions expires. This privacy policy describes what data about you is collected by us, what this data is used for, and with whom and under what conditions this data may eventually be shared with third parties. We also explain to you how we store your data, how we protect your data against misuse, and what rights you have regarding the personal data you provide to us.
If you have questions about our privacy policy, you can contact our privacy contact person; you will find the contact details at the end of our privacy policy.
ABOUT DATA PROCESSING
Below you can read how we process your data, where we (have it) stored, what security techniques we use, and who has access to the data.
WEBSHOP SOFTWARE
Our webshop is developed with software from Divide; we have chosen Divide for our web hosting. Personal data that you provide to us for the purpose of our services will be shared with this party. Divide has access to your data to provide us with (technical) support; they will never use your data for any other purpose. Based on the agreement we have concluded with them, Divide is obliged to take appropriate security measures. These security measures consist of the application of SSL encryption and a strong password policy. Regular backups are made to prevent data loss.
Our webshop is developed with software from Divide; we host our webshop on a self-managed server. We have taken appropriate technical and organizational measures to prevent misuse, loss, and corruption of data as much as possible. These security measures include, in any case, the application of SSL encryption and a strong password policy. Regular backups are made to prevent data loss.
Email and mailing lists
MailChimp
We send our email newsletters using MailChimp. MailChimp will never use your name and email address for its own purposes. At the bottom of every email automatically sent via our website, you will see an 'unsubscribe' link. You will then no longer receive our newsletter. Your personal data is securely stored by MailChimp. MailChimp uses cookies and other internet technologies that make it clear whether emails are opened and read. MailChimp reserves the right to use your data to further improve its services and to share information with third parties in that context.
Gmail
We use Gmail's services for our regular business email traffic. This party has taken appropriate technical and organizational measures to prevent misuse, loss, and corruption of your and our data as much as possible. Gmail does not have access to our inbox, and we treat all our email traffic confidentially.
Payment processors
Multisafepay
To process (part of) the payments in our webshop, we use the Multisafepay platform. Multisafepay processes your name, address, and residence details, and your payment details such as your bank account or credit card number. Multisafepay has taken appropriate technical and organizational measures to protect your personal data. Multisafepay reserves the right to use your data to further improve its services and, in that context, to share (anonymized) data with third parties. In the event of an application for deferred payment (credit facility), Multisafepay shares personal data and information regarding your financial position with credit rating agencies. All the aforementioned safeguards concerning the protection of your personal data also apply to the parts of Multisafepay's services for which they engage third parties. Multisafepay does not store your data longer than permitted by law.
Reviews
Kiyoh
We collect reviews via the Kiyoh platform. If you leave a review via Kiyoh, you are obliged to provide your name, place of residence, and email address. Kiyoh shares this data with us so that we can link the review to your order. Kiyoh also publishes your name and place of residence on its own website. In some cases, Kiyoh may contact you to provide an explanation of your review. In the event that we invite you to leave a review, we will share your name and email address with Kiyoh. They will only use this data for the purpose of inviting you to leave a review. Kiyoh has taken appropriate technical and organizational measures to protect your personal data. Kiyoh reserves the right to engage third parties for the provision of services, for which we have given Kiyoh permission. All the aforementioned safeguards regarding the protection of your personal data also apply to the parts of the service for which Kiyoh engages third parties.
Shipping and logistics
DHL/ Tiem Liner Logistics
If you place an order with us, it is our job to have your package delivered to you. We use the services of DHL/Tiem Liner Logistics for deliveries. For this purpose, it is necessary that we share your name, address, and place of residence details with DHL/Tiem Liner Logistics. DHL/Tiem Liner Logistics uses this data solely for the purpose of fulfilling the agreement. In the event that DHL/Tiem Liner Logistics engages subcontractors, DHL/Tiem Liner Logistics will also make your data available to these parties.
Invoicing and accounting
FactuurSturen
For our administration and accounting, we use the services of FactuurSturen. We share your name, address, and place of residence details, as well as details related to your order. This data is used for administering sales invoices. Your personal data is securely transmitted and stored. FactuurSturen is obliged to maintain confidentiality and will treat your data confidentially. FactuurSturen does not use your personal data for purposes other than those described above.
Exact Online
For the purpose of our administration and accounting, we use the services of Exact Online. We share your name, address and place of residence details, and details relating to your order. This data is used for administering sales invoices. This data is used for administering sales invoices. Your personal data is securely transmitted and stored. Exact Online is bound by confidentiality and will treat your data confidentially. Exact Online does not use your personal data for purposes other than those described above.
Job applications via website and email
Hart Beach collects and processes your personal data to carry out the recruitment and selection process. The data processed includes data you provided during the application process. These include: name, email address, address, phone number, and other data you filled in on the application form, such as CV and cover letter.
The processing of personal data relating to the selection procedure is based on the legitimate interests of Hart Beach and the applicant. When you apply to us via our website or email, you explicitly consent to the processing of the data in the context of the selection process. This consent can be withdrawn at any time.
Hart Beach processes and stores your personal data exclusively for recruitment, selection, and employment purposes. Personal data is only provided to the manager of the business unit for which the vacancy is.
Hart Beach will delete all personal data no later than 4 weeks after the selection process has ended, unless you have given explicit consent to retain the application data for future employment opportunities or unless you are the one who is hired.
Hart Beach will never sell, transfer, or distribute personal data, unless required by law or when you have explicitly agreed.
Reservations/bookings for (surf)lessons (Viking), event registrations, and quote requests (Google Forms)
Hart Beach collects and processes your personal data to record your reservation/booking for (surf)lessons and/or event registration, or to send you a quote. The data processed includes information you provided during the reservation/registration/request process. This includes: name, email address, address, phone number, age, and other data you filled in on the registration form.
The processing of this personal data is necessary to fulfill the agreement or your request for a quote. When you reserve, book, or request a quote via our website or email, you explicitly consent to the processing of this data. This consent can be withdrawn at any time.
Hart Beach processes and stores your personal data exclusively for planning, quoting, or invoicing purposes. Hart Beach retains your personal data as long as you are an active customer, meaning until you explicitly request the deletion of the data.
Hart Beach will never sell, transfer, or distribute personal data, unless required by law or when you have explicitly agreed.
Purpose of data processing
General purpose of processing
We use your data exclusively for the purpose of our services. This means that the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing. If you share data with us and we use this data to contact you at a later time - other than at your request - we will explicitly ask for your consent. Your data will not be shared with third parties, except to comply with accounting and other administrative obligations. These third parties are all bound to secrecy based on the agreement between them and us or an oath or legal obligation.
Automatically collected data
Data automatically collected by our website is processed with the aim of further improving our services. This data (e.g., your IP address, web browser, and operating system) is not personal data.
Cooperation in fiscal and criminal investigations
In certain cases, Hart Beach may be obliged by law to share your data in connection with fiscal or criminal investigations by government agencies. In such a case, we are forced to share your data, but we will resist this within the possibilities afforded to us by law.
Retention periods
We will retain your data for as long as you are our client. This means that we will keep your client profile until you indicate that you no longer wish to use our services. If you inform us of this, we will also interpret it as a request for erasure. Based on applicable administrative obligations, we must retain invoices with your (personal) data; therefore, we will keep this data for as long as the applicable period runs. However, employees will no longer have access to your client profile and documents we have produced as a result of your assignment.
Your rights
Based on applicable Dutch and European legislation, you, as a data subject, have certain rights regarding the personal data processed by or on behalf of us. Below, we explain what these rights are and how you can exercise them.
In principle, to prevent misuse, we only send copies of your data to the email address already known to us. In the event that you wish to receive the data at a different email address or, for example, by post, we will ask you to identify yourself. We keep records of processed requests; in the case of a request for erasure, we administer anonymized data. All transcripts and copies of data will be provided to you in the machine-readable data format that we use within our systems.
You have the right at all times to file a complaint with the Dutch Data Protection Authority if you suspect that we are using your personal data incorrectly.
Right of access
You always have the right to inspect the data we process (or have processed) that relates to your person or can be traced back to it. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data to the email address known to us, along with an overview of the processors who hold this data, stating the category under which we have stored this data.
Right to rectification
You always have the right to have the data we process (or have processed) that relates to your person or can be traced back to it, adjusted. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the email address known to us that the data has been adjusted.
Right to restriction of processing
You always have the right to restrict the data that we process (or have processed) that relates to your person or can be traced back to it. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the email address known to us that the data will no longer be processed until you lift the restriction.
Right to data portability
You always have the right to have the data we process (or have processed) that relates to your person or can be traced back to it, performed by another party. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you copies of all data about you that we have processed or have been processed by other processors or third parties on our behalf, to the email address known to us. In such a case, we will most likely no longer be able to continue providing services, as the secure linking of data files can no longer be guaranteed.
Right to object and other rights
In certain cases, you have the right to object to the processing of your personal data by or on behalf of Hart Beach. If you object, we will immediately cease data processing pending the resolution of your objection. If your objection is well-founded, we will provide you with copies of data that we process (or have processed) and then permanently cease processing.
Furthermore, you have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe otherwise, please contact our contact person for privacy matters.
Cookies
Google Analytics
Through our website, cookies from the American company Google are placed as part of the "Analytics" service. We use this service to track and receive reports on how visitors use the website. This processor may be obliged, based on applicable laws and regulations, to provide access to this data. We collect information about your browsing behavior and share this data with Google. Google can interpret this information in conjunction with other datasets and thus track your movements on the internet. Google uses this information to offer, among other things, targeted advertisements (Adwords) and other Google services and products.
Third-party cookies
In cases where third-party software solutions use cookies, this is stated in this privacy statement.
Changes to the privacy policy
We reserve the right to change our privacy policy at any time. However, you will always find the most recent version on this page. If the new privacy policy affects the way we process data already collected about you, we will inform you by email.
Contact details
Hart Beach
Vissershavenweg 55b
2583 DL The Hague
The Netherlands
T 31 70 3545583
E administratie@hartbeach.nl
Contact person for privacy matters: Paula van der Heijden