PRIVACY POLICY

Rossberck cares greatly about your privacy. We exclusively process data that we need for (improving) our services, and carefully handle all information gathered about you and your usage of our services. Your data is not shared with
third parties for commercial goals. This privacy policy applies to the use of the website and the services provided by Rossberck. The starting date for the validity of these terms and conditions is 24/09/2020, with the publication of a new version the validity of all previous versions is canceled. This privacy policy describes what information about you is collected by us, what this data is used for and with whom and under what conditions this data could be shared with
third parties. We also explain to you how we store your data, how we protect your data against misuse and what rights you have regarding the personal data you provide us. If you have any questions about our privacy policy, please contact our privacy contact person, you will find the contact
details at the end of our privacy policy.

About our dataprocessing

Below you can read how we process your data, where we save it, what security techniques we use and to whom the data is visible.

What are personal data?
The Dutch Data Protection Authority defines personal data as follows: “all information about an identified or identifiable natural person.”
 
This is data such as your name, your home address and your e-mail address. Your IP address is also personal data.
From whom do we process personal data and how do we obtain this personal data?
We process personal data of everyone who visits Rossberck or comes into direct / indirect contact with Rossberck.
 
We can only receive personal data directly from you. We will never buy or sell personal data.
 
We can only obtain your personal data from others if they provide your name and home address as billing / shipping address. This can happen, for example, if someone wants to give you a product from us as a gift or use your address, because they themselves are not at home at the time of delivery.

Third parties

Webshopsoftware

WooCommerce

We use webhosting and email services provided by WooCommerce, For our webhosting we use the services of Neostrada. Personal data gathered with the use of our website and services is shared with Neostrada requires access to these details to offer (technical) support. They will not use this data for any other purposes. Neostrada has an obligation, based on the agreement we have with them, to take necessary precautions and security measures when it comes to your personal data.

Our webshop has been developed using WooCommerce software, We host our webshop on a server under own management. We have taken necessary precautions and security measures when it comes to your personal data
such as an SSL-encryption and a strong password policy.

Webhosting

Neostrada

We purchase web hosting and e-mail services from Neostrada. Neostrada processes personal data on our behalf and does not use your data for its own purposes. However, this party can collect metadata about the use of the services. These are not personal data. Neostrada has taken appropriate technical and organizational measures to prevent loss and unauthorized use of your personal data. Neostrada is obliged to observe secrecy on the basis of the agreement.

E-mail and mailinglists

SendGrid

Our website uses SendGrid, a third party that handles the e-mail traffic from our website and the sending of any newsletters. All confirmation emails you receive from our website and web forms are sent through SendGrid’s servers. SendGrid will never use your name and email address for its own purposes. You will see the “unsubscribe” link at the bottom of every e-mail that is automatically sent via our website. If you click on this, you will no longer receive e-mail from our website. This can seriously reduce the functionality of our website! Your personal data is stored securely by SendGrid. SendGrid uses cookies and other internet technologies that provide insight into whether emails are opened and read. SendGrid reserves the right to use your data to further improve the service and to share information with third parties in this context. SendGrid is Privacy Shield certified. This means that SendGrid complies with the Privacy Shield principles. For example, SendGrid can lawfully collect, receive and process personal data from the EU. In addition, SendGrid’s security has also been recognized by other third parties such as SSAE 16 (SOC 2 Type 2) certification and PCI-DSS compliance. More information about SendGrid’s privacy policy can be found here.

Neostrada

For our regular business email, we use the email services of My webhost. This party has implemented fitting technical and organisational measures to prevent misuse, loss or corruption of your data. My webhost does not have access to our mailbox and we treat our email-traffic confidentially.

Payment processors

Mollie

For concluding and processing (part of) our payments in our webshop we use the payment provider Mollie. Mollie processes your name, address and residence information. They also process payment information such as your bank account number or credit card number. Mollie has implemented fitting technical and organisational measures to protect your personal data. Mollie retains the right to use your personal (anonymized) information to further improve their services and, within this context, share it with third parties. All the aforementioned guarantees in regard to the protection of your personal data are also applicable to any services by Mollie that uses third parties. Mollie does not store your data any longer than the instalments permitted by the appropriate legal grounds.

Reviews

WebwinkelKeur

We use WebwinkelKeur to gather reviews. To leave behind a review you are required to fill in your email address, name and place of residence. WebwinkelKeur shares certain data with us that is required for us to match your review to your order. Furthermore, WebwinkelKeur publishes your name and place of residence on their own website. In some instances, WebwinkelKeur can contact you to ask you to clarify, elaborate or comment on your review. In case of one of our review requests we share your name and email address with WebwinkelKeur, they use
this information with the sole purpose to invite you to leave behind a review. WebwinkelKeur has implemented fitting technical and organisational measures to protect your personal data. WebwinkelKeur retains the right to use your personal information to offer their services and share it with third parties, we have given WebwinkelKeur permission to do so. All of the aforementioned guarantees in regard to the protection of your personal data are also applicable to any services by WebwinkelKeur that uses third parties.

Transport and logistics

PostNL, DHL, DPD, UPS, MyParcel, Sendcloud

If you place an order with us it is our responsibility to have your order successfully delivered to you. For the delivery we use the services of PostNL, DHL, DPD, UPS, MyParcel and Sendcloud. For a successful delivery it is important that we share you name, address and residential details with PostNL, DHL, DPD, UPS, MyParcel and Sendcloud. PostNL, DHL, DPD, UPS, MyParcel and Sendcloud uses this information with the sole purpose to carry out the agreement of delivery. In case of PostNL, DHL, DPD, UPS, MyParcel and Sendcloud hiring subcontractors, they will share said information with these parties.

Accounting and Bookkeeping

Internal

Invoicing and accounting are done internally. We do not use external accounting packages or software. As a result, your data will not be shared with third parties. Your personal data is stored protected. We are obliged to observe secrecy and will treat your data confidentially.

External sales channels

Bol.com

Part of our sales are done through the platform of Bol.com. When you place an order at Bol.com, Bol.com will share your order- and personal information with us. We use this information to further handle and conclude your order. We go about your data in a confidential manner and have implemented fitting technical and organisational measures to protect your personal data against loss or unauthorised use.

Purpose of data processing

General purpose of data processing

We use your data with the sole purpose of providing you with our services. This means that the goal of processing this data stands in direct relation to the assignment or task that you offer us. We do not use this data for (addressed) marketing purposes. If you share information with us and we use this information to – not based on a request – contact you at a later time, we will first ask for explicit consent. Your data is not shared with third parties, with any other purpose than to fulfil accountancy and administrative obligations. These third parties are all
obligated to a duty of confidentiality based on the agreement we have with them, an oath or legal obligation

Automatically collected data

Information automatically gathered by our website is processed with the sole purpose of providing you with and/or to further improve our services. This information (for instance your IP address (anonymised), web browser and operating system) is not personal information.

Cooperation in tax and criminal investigation

In some cases, we may be obligated by government to a lawful duty of sharing your information with the purpose of assisting in a fiscal or criminal investigation. In such cases we are forced to comply and assist, but will, based on lawful possibilities, offer objection.

Retention periods

We store your data for as long as you are a client with us. This means that we maintain and keep your client profile
until you make it known to us that you no longer desire to use our services. Such a message also functions as a request to be forgotten. We are required to keep invoices with your (personal) information due to relevant administrative obligations, this information is safely stored for as long as the relevant term for these obligations has not yet passed. Personnel no longer has access to your client profile and any documents made because of your assignment or task.

The periods in which personal data are stored:

  • Inactive accounts – 12 months
  • Order pending – 30 days
  • Failed orders – 2 days
  • Canceled orders – 2 days
  • Completed order – indefinite. These are removed at the request of the customer.

Your rights

Based on valid Dutch and European law you, as a concerning party, have certain rights when it comes to personal data that is processed by or on behalf of us. Below you may find an explanation of these rights and how you, as a concerning party, can invoke these rights. In principle to prevent abuse we only send invoices and copies of your data to e-mail addresses that you have made known to us. Should you wish to receive this data on another e-mail address or for instance per mail we will ask you to identify yourself accordingly. We maintain an administration of concluded requests, in case of a request to be forgotten we will maintain an administration of anonymised data. You receive all invoices and copies of data in files that are structured in a machine-readable format Based on data classifications that we use within our system. At all times you maintain the right to lodge a complaint with Autoriteit Persoonsgegevens if you suspect that we mistreat or misuse your personal data.

Rights you have as a consumer:

Right of inspection

At all times you maintain the right to view the data we process that has a relation or may be reducible to your person. You may request such a viewing to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a copy of all data with an added overview of processors managing this data while also mentioning the categories under which we store this data.

Right to rectification

At all times you maintain the right to have the data we process that has a relation or may be reducible to your person be adjusted. You may request such an adjustment to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a confirmation that the data has been adjusted.

Right to restriction of processing

At all times you maintain the right to limit the data we process that has a relation or may be reducible to your person. You may request such limiting to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a confirmation that the processing of your data is limited until you chose to cancel said limitation.

Right of transferability

At all times you maintain the right to request for the data we process that has a relation or may be reducible to your person be processed by a third party of choice. You may send in such a request to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, your (personal) invoices or copies of data that we, or third parties on behalf of us, have processed. It is highly likely that in such a case we can no longer offer our services to you for we
can no longer guarantee the previous data safety.

Right of objection and other rights

At all times you maintain the right to object to the processing done by us, or on behalf of us by third parties, of your personal data. In case of such an objection we will immediately cease all processing of your data while your objection is being investigated and handled. In case of a justified objection we will return all invoices and/or copies of personal data that we, or third parties on behalf of us, have processed up until that point and cease processing thereafter. You also maintain the right to not be subject of automated decision-making processes or profiling. We process your data in such a way that this right does not apply. Should you believe that this right does apply then we ask you to reach out to our contact in charge of privacy matters.

Cookies

Google Analytics
Cookies from the American company Google are placed via our website as part of the “Analytics” service. We use this service to keep track of and receive reports on how visitors use the website. This processor may be obliged to provide access to this data on the basis of applicable laws and regulations. We collect information about your surfing behavior and share this data with Google. Google can interpret this information in conjunction with other datasets and thus track your movements on the internet. Google uses this information to offer targeted advertisements (Adwords) and other Google services
and products.
 
In order to comply with the GDPR legislation, we have accepted a so-called “Amendment data processing” from Google Analytics. In addition, we do not share collected data with Google for Google products and services, benchmarking, technical support, and account specialists.

Here you can read what Google does to secure our collected data via Google Analytics.

Facebook
Facebook only provides us with data if a user of Facebook so desires. People who agree to Facebook’s privacy policy will be covered. Information that we obtain from Facebook is used to improve and target advertising.
 
We do not get access to your social media account. We recommend that you read the privacy policy of Facebook carefully so that you know how your data is used and how you can adjust your settings.
Cookies from third parties
We reserve the right to change our privacy policy at any time. However, on this page you will always find the most
recent version. If the new privacy policy has consequences for the way in which we already collect data with
concerning you, we will notify you by e-mail.
 
When you leave a comment on our site, you can indicate whether we may store your name, your e-mail address and website in a cookie. We do this for your convenience so that you do not have to re-enter this information for a new response. These cookies are valid for one year.
 
If you have an account and you log in to this site, we will store a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
 
As soon as you log in, we will save some cookies in connection with your login information and screen display options. Login cookies are valid for 2 days and screen options cookies last for 1 year. If you select “Remind me”, your login will be saved for 2 weeks. As soon as you log out of your account, login cookies will be deleted.
 
When you change or publish a message, an additional cookie is stored by your browser. This cookie contains no personal data and only contains the post ID of the article you have edited. This cookie expires after one day.

Contact details

Rossberck.com
Henegouwenplein 4
6137LL, Sittard, Nederland

E-mail address: info@rossberck.nl
Phone: 085-1303265

Contact person for privacy matters: Sander Schoenmakers.