Privacy policy ElevenOFive Online
https://www.oneplus-shop.nl
About our privacy policy
ElevenOFive Online cares a lot about your privacy. We therefore only process data that we need for (improving) our services and we handle the information we have collected about you and your use of our services. We never make your data available to third parties for commercial purposes.
This privacy policy applies to the use of the website and the services provided by ElevenOFive Online. The starting date for the validity of these conditions is 17/05/2018, with the publication of a new version the validity of all previous versions is canceled. This Privacy Policy describes what information about you is collected by us, where this data is used for and with whom and under what conditions this data can possibly be shared with third parties. We also explain to you how we store your data and how we protect your data against misuse and what rights you have with regard to the personal data you provide us.
If you have any questions about our privacy policy, please contact our privacy contact person, you will find the contact details at the end of our privacy policy.
About the data processing
Below you can read how we process your data, where we save it, what security techniques we use and for whom the data are transparent.
Webshop software
LightSpeed
Our webshop has been developed with software from Lightspeed. Personal data that you make available to us for the benefit of our services will be shared with this party. Lightspeed has access to your data to provide us (technical) support, they will never use your data for any other purpose. Lightspeed is obliged to take appropriate security measures based on the agreement we have made with them. These security measures consist of the application of SSL encryption and a strong password policy. Lightspeed uses cookies to collect technical information regarding your use of the software, no personal data is collected and / or stored. Lightspeed reserves the right to share collected data within its own concern in order to further improve the service.
Web hosting
Yourhosting BV
We take web hosting and e-mail services from Yourhosting BV. Yourhosting processes personal data on our behalf and does not use your data for its own purposes. However, this party can collect metadata about the use of the services. These are not personal data. Yourhosting has taken appropriate technical and organizational measures to prevent loss and unauthorized use of your personal data. Yourhosting BV is obliged to observe secrecy on the grounds of the agreement.
E-mail and mailing lists
MailCamp
We send our e-mail newsletters with MailCamp. MailCamp will never use your name and e-mail address for your own purposes. At the bottom of every e-mail sent automatically via our website you will see the 'unsubscribe' link. You will no longer receive our newsletter. Your personal data is stored securely by MailCamp. MailCamp uses cookies and other internet technologies that make it clear whether e-mails are opened and read. MailCamp reserves the right to use your data for the further improvement of the services and to share information with third parties.
Yourhosting BV
We use the services of Yourhosting BV for our regular business e-mail traffic. This party has taken appropriate technical and organizational measures to prevent abuse, loss and corruption of your and our data as much as possible. Yourhosting BV has no access to our mailbox and we treat all our e-mail traffic confidentially.
Payment processors
Mollie
1. Merchant / Partner,
and
2. The private company MultiSafepay B.V., having its registered office in Amsterdam, having its registered office in (1033 SC) Utrecht, Kraanspoor 39, hereinafter referred to as: MSP, hereinafter collectively referred to as: Parties
TAKING INTO ACCOUNT THAT:
- the Merchant / Partner has concluded an Agreement with MSP (hereinafter referred to as: the "Agreement");
- in the context of its implementation, Personal Data in the sense of Wbp and AVG are processed;
- The Merchant / Partner is responsible for this under the provisions of the Wbp and AVG Personal data;
- The Merchant / Partner, when instructed to take care of the execution of payments to MSP, makes personal data available to the Recipient within the meaning of the Wbp and AVG;
- MSP is a payment institution that is supervised by De Nederlandsche Bank and because of its specific activities MSP is also independently Responsible within the meaning of the Wbp and AVG;
- MSP's information management systems are certified in accordance with ISAE 3402 principles and criteria. In addition, MSP is certified according to the PCI DSS 3.2 Level 1 Service Provider standard; - MSP has a data protection officer;
- Parties in accordance with the Wbp and AVG wish to lay down in their agreement their agreements on the processing of the Personal Data.
MATCH:
1. Terms
The terms written with a capital letter below and before in this agreement have the following meaning: 1.1 Data Subject: the person to whom a Personal Data relates.
1.2 Data breach: a breach of security, as referred to in Wbp and AVG, that leads to the considerable risk of serious adverse consequences or serious adverse consequences for the processed Personal Data.
1.3 Third party: any person, not being involved, the controller, the processor, or any person who is authorized to process personal data under the direct authority of the controller or processor.
1.4 Data Protection Officer (FG): the officer as referred to in Wbp and AVG.
1.5 Recipient: the person to whom the personal data is provided.
2
1.6 Agreement: the Agreement between the Merchant and MSP regarding work relating to the execution of payment services.
1.7 Personal Data: any data relating to an identified or identifiable natural person, traceable to the Merchant's portfolio.
1.8 Responsible: the natural person, legal person or any other person, or the administrative body that determines, either alone or together with others, the purpose of and means for processing personal data.
1.9 Processing: any action or all of actions with regard to personal data, including at least the collection, recording, organizing, storing, updating, changing, retrieving, consulting, using, providing by means of transmission, distribution or any other form of providing, bringing together, relating to each other, as well as protecting, erasing, or destroying data.
1.10 Addendum: this agreement including considerations and appendices.
2. Formation, duration and end of the Addendum
2.1 This Addendum is in force during the term of the Agreement. If the Agreement ends, this Addendum will end automatically.
2.2 The parties cannot prematurely terminate this Addendum.
3. MSP obligations
3.1 The primary purpose of MSP is to process payments. MSP makes payment on behalf of the Merchant and can accept payment orders on behalf of the merchant, with MSP as the Recipient receiving Personal Data from the Merchant.
3.2 MSP is independently responsible.
3.3 MSP will process the Personal Data in a proper and careful manner and in accordance with the Wbp and other applicable regulations regarding the processing of Personal Data. MSP has appointed a Data Protection Officer who supervises the application and compliance with the Wbp and AVG.
3.4 If, based on a legal obligation and outside of regular services, MSP must provide Personal Data to a third party, MSP verifies the basis of the request and the identity of the applicant and informs immediately within the legal possibilities, if possible prior to the provision, the relevant Merchant.
3.5 MSP fully cooperates with the Merchant / Partner to comply with the obligations under the Wbp as well as AVG, within the legal terms and more, in particular the rights of Data Subject, such as, but not limited to, a request for inspection, improvement , supplementation, removal or protection of Personal Data and the execution of an honored registered opposition. MSP also fully cooperates in adequately informing the Dutch Data Protection Authority and the Data Subject in the context of the Data Leak Reporting Obligation. If MSP signals (attempts at) unlawful or otherwise unauthorized processing or breaches of the security measures of the Personal data received from the Merchant / Partner (including loss of Personal data), which leads to the considerable risk of serious adverse consequences or serious adverse consequences for he will inform the Merchant / Partner of this protection of Personal Data immediately, but no later than within 24 hours, and take all reasonably necessary measures to (further) violate the Wbp as well as AVG or other regulations concerning the unlawful / unauthorized processing of the Personal data, prevent or limit. MSP will, upon first request, make all information requested by the Merchant regarding the infringement available and proactively provide it with new information as soon as it becomes known.
If the Merchant / Partner itself finds a Data breach, in which personal data are involved that have also been provided to MSP, he will also inform MSP without delay, but no later than within 24 hours. The notification will take place by e-mail. The e-mail address is: [email protected].
4. Appropriate technical and organizational measures
4.1 MSP will take appropriate technical and organizational measures and demonstrably maintain and if necessary adjust to protect the Personal Data against destruction, loss or any form of unlawful processing.
4.2 MSP works according to ISAE 3402 principles and criteria. In addition, MSP is certified according to the PCI DSS 3.2 Level 1 Service Provider standard. MSP is audited annually by authorized external auditors.
4.3 MSP does not process Personal Data outside a country of the European Union.
5. Confidentiality
5.1 MSP is bound to maintain the confidentiality of all Personal Data and information that it processes on the basis of this Addendum, except to the extent that such data or information is not of a secret or confidential nature, or is already generally known.
5.2 If and insofar as the Merchant / Partner explicitly requests this in writing, MSP will, if possible, take special measures with regard to the data or information indicated thereby with a view to secrecy thereof.
5.3 In its written agreements with its staff, MSP will stipulate that such persons will observe confidentiality in accordance with the provisions of paragraphs 1 and 2 with regard to all data and information that they process for MSP in the context of their work for MSP. MSP guarantees to the Merchant / Partner that the stipulations referred to will be complied with by the persons involved.
5.4 After the Agreement and this Addendum have expired, this article and the confidentiality discussed herein will remain in force.
6. Checking
6.1 MSP has external auditors periodically check the processing and compliance with the agreed technical and organizational security measures.
7. Final provisions
7.1 Deviations from this Addendum are only binding insofar as they have been explicitly agreed in writing between the Parties.
7.2 The provisions of the Agreement apply to this Addendum. This Addendum complements the Agreement. In the event of a contradiction between provisions from this Addendum and the Agreement, the provisions from the Agreement will prevail.
Reviews
Trustpilot A / S
We collect reviews via the Trustpilot A / S platform. If you leave a review via Trustpilot A / S then you are obliged to provide your name, place of residence and e-mail address. Trustpilot A / S shares this information with us so that we can link the review to your order. Trustpilot A / S also publishes your name and place of residence on your own website. In some cases, Trustpilot A / S may contact you to provide an explanation of your review. In the event that we invite you to leave a review, we will share your name and e-mail address with Trustpilot A / S. They only use this information for the purpose of inviting you to leave a review. Trustpilot A / S has taken appropriate technical and organizational measures to protect your personal data. Trustpilot A / S reserves the right to use third parties for the provision of services, for which we have given Trustpilot A / S permission. All the above mentioned safeguards with regard to the protection of your personal data also apply to the parts of the service for which Trustpilot A / S engages third parties.
Shipping and logistics
Parcel Pro BV
If you place an order with us, it is our job to have your package delivered to you. We use the services of Parcel Pro BV for the execution of the deliveries. It is therefore necessary that we share your name, address and residence details with Parcel Pro BV. Parcel Pro BV uses this information only for the purpose of executing the agreement. In the event that Parcel Pro BV engages subcontractors, Parcel Pro BV also makes your data available to these parties.
Invoicing and accounting
External sales channels
Marktplaats.nl
We sell (a part of) our articles via the platform of Marktplaats.nl. If you place an order via this platform, Marktplaats.nl will share your order and personal details with us. We use this information to process your order. We treat your information confidentially and have taken appropriate technical and organizational measures to protect your data against loss and unauthorized use.
Purpose of data processing
General purpose of the processing
We only use your data for the benefit of our services. This means that the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing. If you share information with us and we use this information to contact you at a later date - other than at your request - we will ask you explicitly for this. Your information will not be shared with third parties, other than to comply with accounting and other administrative obligations. These third parties have all been kept confidential on the basis of the agreement between them and us or an oath or legal obligation.
Automatically collected data
Data that is automatically collected by our website is processed with the aim of further improving our services. This information (eg your IP address, web browser and operating system) is not personal data.
Participation in tax and criminal investigation
In certain cases, ElevenOFive Online may be obliged to share your information in connection with government tax or criminal investigations on the basis of a legal obligation. In such a case, we are forced to share your data, but we will oppose this within the possibilities that the law offers us.
Retention periods
We keep your information as long as you are our client. This means that we keep your customer profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also consider this as a request for forgiveness. On the basis of applicable administrative obligations, we must keep invoices with your (personal) data, so we will keep this data for as long as the applicable term runs. However, employees no longer have access to your client profile and documents that we have produced in connection with your assignment.
Your rights
On the basis of the applicable Dutch and European legislation, you as a data subject have certain rights with regard to the personal data that are processed by or on behalf of us. We explain below which rights these are and how you can invoke these rights.
In principle, in order to prevent abuse, we will send copies and copies of your data only to your already known e-mail address. In the event that you wish to receive the data at another e-mail address or for example by post, we will ask you to identify yourself. We keep records of completed requests, in the case of a request for forgiveness we administer anonymous data. You will receive all copies and copies of data in the machine-readable data format that we use within our systems. You have the right to file a complaint with the Dutch Data Protection Authority at any time if you suspect that we are using your personal data in the wrong way.
Right of inspection
You always have the right to inspect the data that we process or have processed that relate to your person or that can be traced back to you. You can submit a request to that effect to our privacy contact person. You will receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data with an overview of the processors who have this data, with the e-mail address known to us, stating the category under which we have stored this data.
Rectification right
You always have the right to have the data that we process or have processed that relate to your person or that can be traced back to this. You can submit a request to that effect to our privacy contact person. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation that the details have been changed on the e-mail address known to us.
Right to restriction of processing
You always have the right to limit the data that we process or have related to your person or that can be traced back to you. You can submit a request to that effect to our privacy contact person. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the e-mail address known to us that the data until you cancel the restriction will no longer be processed.
Right of transferability
You always have the right to have the data that we process or have processed and that relate to your person or that can be traced back to you, performed by another party. You can submit a request to that effect to our privacy contact person. You will receive a response to your request within 30 days. If your request is granted, we will send you copies or copies of all information about you that we have processed or that have been processed by us by other processors or third parties on the e-mail address known to us. In all likelihood, we will no longer be able to continue the service in such a case, because the secure linking of data files can then no longer be guaranteed.
Right of objection and other rights
In such cases you have the right to object to the processing of your personal data by or
commissioned by ElevenOFive Online. If you object, we will immediately stop the data processing pending the settlement of your objection. If your objection is well-founded, we will make copies and / or copies of data that we process or have made available to you and then permanently discontinue the processing. You also have the right not to be subject to automated individual decision making or profiling. We do not process your data in such a way that this right applies. If you are of the opinion that this is the case, please contact our contact person for privacy matters.
Cookies
Google Analytics
Through our website, cookies are placed from the American company Google as part of the "Analytics" service. We use this service to track and get reports on how visitors use the website. This processor may be obliged to provide access to these data on the basis of applicable laws and regulations. We collect information about your browsing habits and share this information with Google. Google can interpret this information in conjunction with other datasets and thus track your movements on the internet. Google uses this information to provide, among other things, targeted advertisements (Adwords) and other Google services and products.
Cookies
Cookies from third parties
In the case that software solutions from third parties use cookies, this is stated in this privacy statement.
Changes to the privacy policy
We reserve the right to change our privacy policy at any time. On this page you will always find the most recent version. If the new privacy policy affects the way in which we process already collected data relating to you, we will notify you by e-mail.
Contact details
ElevenOFive Online
Industriekade 18G
2172HV Sassenheim
Nederland
T +31 (0)88 1112-777
E [email protected]
Contact person for privacy matters
Daniel van Oosten