PRIVACY AND DATA

PROTECTION POLICY

 

Effective date

Version

November 29 2019

v.1.3

 

Protecting the privacy and safeguarding the personal information of the users is one of our highest priorities. The following explains the privacy practice of processing of Personal Data provided by the you (hereinafter referred to as “Client”, or “you”) to Nectain B.V. (hereinafter referred to as “Nectain”, “we”, or “us”), a legal entity duly incorporated in Amsterdam, the Netherlands with commercial registry code 71590242 and registered office Amsterdam Sloterdijk Teleport Towers, Kingsfordweg 151, Amsterdam 1043 GR, the Netherlands, who is providing its Services under the brand name Nectain.

 

The provisions of this Privacy and Data Protection Policy are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the General Data Protection Regulation, https://eur-lex.europa.eu/eli/reg/2016/679/oj) (hereinafter “GDPR”) and also enforced in the Netherlands with Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening gegevensbescherming (https://wetten.overheid.nl/BWBR0040940/2019-02-19).

 

  1. INTRODUCTION

 

  • We understand the importance of protection of your privacy and Personal Data and commit a lot of efforts to develop and maintain high standards of our inner security measures and technologies to provide you with secure processing and storage of the data we collect from you; and keep your data safe against unauthorized or unlawful processing and against accidental loss, destruction or damage.

 

  1. DEFINITIONS

 

  • “Consent” means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data.
  • “Content” is all types of data presented on the Site, including but not limited to text, images, photos, logos, icons, sounds, animation, (info-)graphics, audios and videos.
  • “Data Controller” (Controller) means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
  • “Data Processor” (Processor) means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
  • “Data Subject” means any living individual who is the subject of Personal Data are processed by the Company, including Visitors, independent contractors/employees and other stakeholders. On other words, in case of use of our Site/Services it is you.
  • “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Services” are the services provided by Nectain and listed in Nectain Terms and Conditions.
  • “Site” means nectain.com website, which provide Visitors with access to information on our company details, Nectain Software as defined in the Nectain Terms and Conditions, products, Services, offers, news, articles, and other information that might be useful to Visitors.
  • “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Personal Data Breach” means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
  • “Third-Party Content” shall mean the content provided by third parties, including without limitation links to webpages of such parties, which may be represented on the Site.
  • “Visitor” means Data Subject who has entered the Site with any purpose.

 

  1. PRINCIPLES OF PROCESSING

 

  • During collecting and processing the Personal Data, Nectain adheres the principles provided by the Regulations. The Nectain’s policies and procedures are designed to ensure compliance with the principles: lawfulness, fairness and transparency. They mean the following:
    • Lawfulness means that the controller identifies a lawful basis before to process the Personal Data (for example Consent).
    • Fairness means that in order to process fairly, the controller has to make certain information available to the Data Subjects as practicable. This applies whether the Personal Data was obtained directly from the Data Subjects or from other sources.
    • Transparency means that any information and communication relating to the processing of the Personal Data be easily accessible and easy to understand, and that clear and plain language be used.
    • Purpose limitation

The Personal Data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, not be considered to be incompatible with the initial purposes.

  • Data minimization

The Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

  • Accuracy

The Personal Data is accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

  • Storage limitation

The Personal Data is kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed. Personal data is stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if only are implemented appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of the Data Subject.

  • Integrity and confidentiality

The Personal Data is processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

 

  1. PERSONAL DATA WE PROCESS AND ITS OBJECTIVE

 

  • Visitors to Our Site are generally in control of the Personal Data, which they share with us. The list of Personal Data, which we may process includes:
    • person’s name;
    • the name of the company, if the person represents some;
    • email address;
    • other personal information that person may actively provide to us in correspondence, by telephone, application through the section “Career”, “Messages” through the section “Contact us” or other contact potions available on the Site.
  • We do not intend to solicit or collect Personal Data from anyone under the age of 16 or under the legal age of your country, if it is higher. If you are under 16 or are not of a legal age of your country, do not enter any Personal Data on our Site.
  • We kindly ask you not to provide any sensitive information (Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) when you use our Site in any way.
  • The term we keep the Personal Data collected depends on the type of information, the purpose of its use, nature of sensitiveness, etc. To the general rule, we will retain your Personal Data for the length of time reasonably needed to fulfill the purposes outlined in this Privacy and Data Protection Policy, including for as long as needed to provide you with our products and Services, unless a longer retention period is required or permitted by law. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements.
  • We collect and process the Personal Data to fulfil our contractual obligations and legitimate interest before you, namely:
    • to inform on any changes and updates to the Services you are provided with;
    • to comply with applicable legislation;
    • to maintain actions in relation to legal claims;
    • to provide additional or supportive Services, as well as perform Client surveys, statistical analysis;
    • to aggregate data for Site analytics, administration and improvement;
    • to perform customer management, handle complaints, conduct satisfaction surveys, management of claims, provision of the after-sales service;
    • to ensure marketing activities (send you news, updates, promotions, product information, event announcements, and other);
    • to recruit staff (it means, that when you send us your CV, you entitle us to check whether skills listed in CVs match the position (including positions to be opened in the future), set up the interview and notify about the results).
  • The above list may be extended depending on the development of the Services we provide.
  • Site does not collect or store up Personal Data for the dissemination or sale to outside third parties for consumer marketing purposes or host mailings on behalf of third parties. If there will be a need to conduct such actions the Visitor will be asked for their Consent beforehand.

 

  1. PROCESSING OF YOUR PERSONAL DATA

 

  • We will process Personal Data of Visitors of our Site based on one or more of the following legal grounds:
    • Consent of the Visitor;
    • compliance with our legal obligations;
    • our legitimate business interests, e.g. for recording of our Visitor’s Consents, personalizing our offerings to them, development of marketing campaigns, production of statistics and researches, improvement and personalization of Visitor’s experience during their usage of our Site, sharing the data with our affiliated entities, if you are/going to become a client of that entity, as defined in paragraph 3.1.
  • Our legitimate business interests do not override interests of Visitors of our Site – we will not process Personal Data for activities where our interests are overridden by the impact on our Visitors (unless we have obtained their Consent or we are required or permitted to process them by law).
  • To fulfill the purposes for processing, which are described above, we only disclose Personal Data of Visitors of our Site to authorized employees or contractors of Nectain, with whom we have a regular relationship. However, Personal Data held by us may be transferred to:
    • our affiliated companies (in which Nectain holds more than 25% of the shares) and commercial partners (for administrative purposes and provision of Services), that could be indicated as such as they are clearly stated in our Site, advertisements or due to their usage of our name/logos/trademark;
    • third-party organizations that provide us with functionality, data processing, hosting or other IT Services.
  • Personal data may be transferred outside the countries where Visitors of our Site are located.
  • If this cross-border transfer shall include countries outside the European Economic Area and states, which were not declared by the European Commission as those, that provide an adequate level of data protection, we shall use legal transfer mechanisms (contracts based on the European Commission approved standard contractual clauses or with parties certified under the EU-US Privacy Shield, on the basis of derogation for a specific situation).
  • Besides, in certain circumstances, we may provide Personal Data of our Visitors to governmental or regulatory agencies, but only when we are obliged to do so by law.

 

  1. INCIDENTS NOTIFICATION

 

  • If Nectain becomes aware of any Personal Data breach leading to the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to (excluding unsuccessful attempts or activities) Personal Data of Clients on systems managed or otherwise controlled by us we will notify you promptly and without undue delay and in compliance to the procedure prescribed under Regulation or applicable laws.
  • The notification will be made to your email address at the discretion of the Company or by other direct communication available to the Company and allowed by Client (for example, by phone or email). It is sole responsibility of the Client to provide us with the email address and ensure that this email address is valid and current.
  • None of Data Incidents notification from Nectain may be and will be construed as an acknowledgment of any fault or liability with respect to data incident by us.

 

  1. CLIENT’S SECURITY COMMITMENTS

 

  • Client agrees that without prejudice to our security measures and data incidents it is Client’s responsibility to make appropriate use of our Services to ensure a level of security appropriate to the risk in respect of your Personal Data and securing your authorization credentials, system and devices which you use to access to our Services.
  • We are not obligated to protect your Personal Data that you choose to store or transfer outside Nectain and our subprocessors’ systems, and cannot be held responsible for any negative consequences you may suffer as a result thereof.

 

  1. CLIENT’S RIGHTS IN RESPECT TO ITS PERSONAL DATA

 

  • You have the following rights in relation to your Personal Data:
  • Right of access — you have the right to obtain from us information as to whether your Personal Data is being processed, and, where that is the case, access to such Personal Data.
  • Right to withdraw Consent — when we rely on your Consent for processing of your Personal Data, you have the right to withdraw your Consent at any time. However, the withdrawal of your Consent will not affect the lawfulness of Nectain’s processing based on Consent before your withdrawal.
  • Right to rectification — we are obliged to ensure and you have the right for the accuracy of your personal information. In order to assist us with this, you are obliged to notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your Personal Data where you believe the Personal Data we have is inaccurate or incomplete.
  • Right to restriction of processing — you have the right to ask us to stop processing your Personal Data at any time.
  • Right to erasure — asking us to delete all of your Personal Data will result in Nectain deleting your Personal Data without undue delay (unless there is a legitimate and legal reason why we are unable to delete certain of your Personal Data, in which case we will inform you of this). Asking us to stop processing your Personal Data or deleting your Personal Data will likely mean that you are no longer able to use our Services.
  • Right to data portability — you have the right to request that Nectain provides you with a copy of all of your Personal Data and to transmit your Personal Data to another Data Controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so and the processing is based on Consent or contractual performance.
  • Right to complain — you have the right to lodge a complaint to our responsible person designated in our Internal Regulations and/or to a supervisory authority (in Netherlands this is the Dutch Data Protection Authority https://autoriteitpersoonsgegevens.nl/en).
  • Right to object automated processing — you have the right not to be subject to a decision based solely on automated processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you. There may be exceptions or limitations to this right as defined under relevant data protection laws
  • Client can realize any of described above rights by sending request to the email address: contact@nectain.com. Client request must include name, contact information, right which Client wants to realize, Personal Data processed by the Company, details and reason/justification of such request.
  • We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above, however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you a reasonable fee taking into account the administrative costs in order to process such requests or we may refuse to act on such requests.
  • Client may also send a request to receive the information which is been processed, amended, deleted or locked and information about any parties to which we transmit your Personal Data.
  • In some case we may charge a fee (based on our reasonable costs) if the requests are excessive considering the nature of the request itself or nature and functionality of our Services.

 

  1. THIRD PARTIES RESOURCES OR SITES

 

  • Our Site may contain links to other sites that are not operated by Us. If you click on third party links, you will be directed to that third party’s Site, which will have its own Privacy Policy, which you have to read. We have no control over, and therefore assume no responsibility for the content, privacy policies or practices of any such websites and their services.

 

  1. COOKIE & SIMILAR TECHNOLOGIES

 

  • We also collect Cookie and similar technologies for collecting technical information, which contains unique identifiers from you. In brief words we automatically receive the web address of the site that you came from and the IP address of the computer or device that you are using to access. This information helps to understand your preferences, navigate Site efficiently, and allows to develop and improve our Services, and to manage the load on our servers.
  • If you prefer not to allow cookies, please use your browser settings, most browsers give you an ability to manage your cookies or provide you with “incognito mode” or similar options, which allows you not to record your visits and downloads in your browsing and download histories. In this mode any cookies created while this type of session is deleted after you close all “incognito” windows.
  • For more details on this, please check our Cookie Policy and check out European Commission legal requirements:

http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

These requirements demand that companies must adequately inform users and obtain their consent before setting cookies and any other technology falling within the scope of Article 5(3) of the ePrivacy directive. More about the specific regulations you can read here:

Directive 2009/136/EC (ePrivacy Directive)

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32009L0136:EN:NOT

EDPS Guidelines on the protection of Personal Data processed through web services provided by EU institutions EDPS Guidelines on the protection of Personal Data processed through web services provided by EU institutions

  • In order to understand better how cookies work, please refer to the following:

https://ec.europa.eu/info/cookies_en

 

  1. SECURITY

 

  • The Company is responsible for ensuring the holding any Client’s Personal Data, that’s why we keep securely and aren’t disclosed under any conditions your Personal Data to any persons (unless that persons has been specifically authorized by Company to receive that information and has entered into a confidentiality agreement).
  • All Personal Data should be accessible only to those who need to use it according to the Company’s internal documentation.

 

  1. CHANGES TO THESE PRIVACY POLICY

 

  • Please note that we may amend this Privacy and Data Protection Policy from time to time at our sole discretion. Therefore, please check this Privacy and Data Protection Policy for updates. If any significant updates in regard to data processing terms are made here we will notify you additionally within reasonable time via email provided by you.

 

  1. CONFIRMATION AND CONSENT

 

  • By visiting our Site and/or using our Services you declare and confirm that you have familiarized yourself with this Privacy and Data Protection Policy, understood its Content and possible consequences.
  • By visiting our Site and/or using our Services you Consent to the processing (including collection, storing, receipt, forwarding, disclosing, making available, deleting, etc.) of your Personal Data, as described in this Privacy and Data Protection Policy.

 

  1. CONTACT DETAILS

 

  • If you require any additional information or have any further questions concerning this Privacy and Data Protection Policy or you wish to execute any of your rights regarding your Personal Data, please contact us via

email: contact@nectain.com

mail: Nectain B.V., Amsterdam Sloterdijk Teleport Towers, Kingsfordweg 151, Amsterdam 1043 GR, the Netherlands

 

  1. OFFICIAL COMPLAINTS

 

  • Should you feel that your rights related to the Personal Data are or may be violated, and you are not satisfied with our answers, or you still have questions or complaints related to your Personal Data you may also submit an official complaint to the Dutch Data Protection Authority. If your complaint will fall under jurisdiction of other EU member state (other than Netherlands), The Dutch Data Protection Authority will advise you and provide you with all necessary directions to address your complaint to a competent data protection authority of such other state.
  • Dutch Data Protection Authoty contacts:

phone: (+31) (0) 70 888 85 00

fax: (+31) – (0)70 – 888 85 01 

email: info@autoriteitpersoonsgegevens.nl

mail: Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ DEN HAAG

Visiting address (only by appointment): Bezuidenhoutseweg 30, 2594 AV Den Haag

 

 

 

 

 

<