Article 1 - Controller
The controller of the processing of the personal data is:
Unrecorded B.V., located in (1092 GV) Amsterdam at Laing’s Nekstraat 51, the Netherlands and registered at the Chamber of Commerce in the Netherlands with the number 67530559.
If you have any questions or remarks, please contact our customer experience department (email@example.com).
Article 2 - What kind of personal data do we collect on our website?
- Registration or information requests through our website
When you buy products or when you wish to receive information from our company, you can fill in a form on our website or send us an e-mail with your request for information.
We may combine the information you have provided with other information we have collected about you, both online and offline, including, for example your purchase history, your address, gender and/or purchase date.
We can also combine them with information that we receive from the following sources: public information sources and information from external parties. For example, Google or Facebook.
- Automatically generated data
A cookie is a small file that is sent along with pages of a website and stored by your browser on the hard disk of your computer. For example, cookie-related techniques are the use of fingerprints and scripts. With this data, sometimes personal data is stored or consulted. On the basis of this information you can be recognised on a later visit.
Article 3 - For which purpose and on which basis do we process the personal data?
- We process personal data received from you, as laid out in article 2.1 (Registration or information requests through our website), for the following purposes:
- to fulfil our obligations with respect to the agreement for the sale of goods (for example for shipping and invoicing the ordered goods);
- to contact you (by phone or by e-mail), to provide answers to your questions or remarks and/or provide you with the requested information or advice;
- to secure your account and order information;
- to secure our business goals:
- for data analysis, for example to improve the efficiency of the Services;
- for audits, to check whether our internal processes function as intended and to comply with legal or contractual requirements;
- for fraud and security checks, for example for cyber attacks or attempts at detecting and preventing identity theft;
- for the development of new products and services and to consider where to open new stores in the future;
- to supplement, improve or change our website or our products and services;
- to identify trends in the use of the Services, for example insights on which parts of our Services are most interesting for users;
- to determine the effectiveness of our promotional campaigns, so that we can adapt them to the needs and interests of our users.
We will carry out the above listed activities to manage our contractual relationship with you, to fulfil a legal obligation, and/or because of our legitimate interests.
- to analyse personal data (e.g. purchase history, shipping country and/or city) in order to provide personalised offers of our Services:
- to understand you better so that we can personalise our interactions with you and provide you with information and/or offers that are tailored to your interests;
- to better understand your preferences so that we can deliver content through the Services that we believe will be relevant and interesting to you.
We will provide personalised offers of our Services with your permission or because of our legitimate interests.
- to send you our email newsletter with offers and information about products and services, but only if you have specifically opted in for this. Please note that you can always object to such use, via the ‘unsubscribe’ link in our email newsletters
- to comply with various legal obligations, including tax obligations.
- We may provide your personal data, as laid out in article 2.1 (Registration or information requests through our website), to our local shops. The local shop may contact you to provide you with localised information or to see if you need any support, assistance or have any additional questions with respect to our product. If you don’t want to be contacted by our local shop please send an e-mail to our customer experience department (firstname.lastname@example.org).
- We also share information about your use of our website with our trusted social media, advertising and analysis partners (e.g. Facebook in respect of the Facebook pixel).
- We will only make personal data available to third parties that are involved in the execution of the user's order. These third parties process personal data according to our instructions and under our responsibility. This is recorded and a processor agreement is concluded with these parties. We do not pass on your personal data to other third parties unless we are legally obliged to do so.
- We use the automatically generated information, as laid out in article 2.2 (Automatically generated data), and your company data and personal data, as laid in out in article 2.1 (Registration or information requests through our website), to conduct analyses for internal research and statistical, strategic purpose, all in an aggregated form ("aggregated information"). This aggregated information does not identify you nor the company. We use the aggregated information to optimise our Website, Services and products and learn more about the use of our Website and products so we can improve them.
Article 4 - Use by minors
Article 5 - How long do we store and process the personal data?
- Unrecorded shall process the personal data for a period of two years after your last order, or for as long as legally required or necessary and allowed for the purpose(s) for which it was obtained. Immediately after these periods we will destroy the personal data and/or anonymise them.
- The criteria used to determine our retention periods include: (i) the duration of our ongoing relationship with you and the Services we offer you; (ii) whether or not there is a legal obligation to which we are subject; and (iii) whether or not custody is advisable due to our legal position (such as applicable limitation period(s), a court case or investigations by a supervisor).
- Notwithstanding article 5.1, Unrecorded may process the personal data for a longer period (i) if you ask Unrecorded to keep data for a new two-year period, (ii) in order to comply with statutory retention periods (for example laid down in tax legislation) or (iii) in order to prove that it complies with applicable statutory obligations (for example with respect to the GDPR or e-mail marketing legislation).
Article 6 - How do we protect the personal data?
We shall take appropriate technical and organisational measures to safeguard and protect the personal data against any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access or against any other unlawful or unauthorised processing of such personal data. Taking into account the state of technology and the costs of execution, these measures guarantee an appropriate level of security given the risks that come with processing and the nature of the data to be processed. For example, we make use of a secure SSL connection during the order process and when completing the registration form.
Article 7 - With whom do we share the personal data?
- Without prejudice to articles 3, 7.1 and 7.2, we don’t transfer any personal and/or personal data to any third party without your explicit permission, unless it is obliged to do so under applicable legislation or by order of the competent supervisory authority.
- However, please note that we may transfer your personal data and the information to our local stores, as laid out in article 3.2.
Article 8 - Your rights with respect to your personal data
- You have the right to obtain our confirmation as to whether or not we process your personal data, on request. The personal details you provide when registering a client with us can be viewed and altered at anytime by you, on your account on the Website. You are also entitled to send our customer experience department (email@example.com) a request to receive such information. Furthermore, you are entitled to send our customer experience department (firstname.lastname@example.org) a request to access, receive, rectify or erase your personal data. We will process your request immediately and in accordance with the GDPR and we will send you a response without undue delay, at least within one month after the receipt of your written request.
- You are entitled to object, on grounds relating to your particular situation, to our processing of your personal data at any time. We shall no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. We will send you a response without undue delay, at least within one month after the receipt of your written request.
- If you have any complaints about our processing of your personal data or your request, you can contact our customer experience department (email@example.com). If that doesn’t solve your complaints, you can, of course, always contact the Dutch supervisory authority (www.autoriteitpersoonsgegevens.nl) or the competent court in the Netherlands.
- If you have any further questions or remarks, please contact our customer experience department (firstname.lastname@example.org).
Article 9 - Cross-border transfer
- Your personal data can be stored and processed in every country where we have facilities or service providers. By using our Services or by giving us permission (where required by law), your information may be transferred to countries other than the country in which you live, including the United States, where other data protection laws differing from those in your own country may apply. Appropriate contractual and other measures have been taken to protect personal data when sent to our subsidiaries or third parties in other countries.
- Some countries outside the European Economic Area (EEA) are recognized by the European Commission as countries where an appropriate level of data protection applies according to the EEA standards (the full list of these countries is available here). For transfers from the EEA to countries that in the opinion of the European Commission do not offer sufficient protection, we have ensured that adequate measures have been taken, among other things, by ensuring that the recipient is bound to EU standard data protection provisions, EU-US Privacy Shield certification or an EU-approved code of conduct or certification to protect your personal data. You may receive a copy of these measures by contacting our customer experience department (email@example.com), as explained in Chapter 8 (Your rights with respect to your personal data) above.
Article 10 - Third-party websites
Article 11 - Revisions of this statement