In this privacy statement you can read about how we handle your data, how we collect your data, which data we (can) collect, and the purposes for which we (can) use your data. This document also provides information about how you can obtain access to your data, how can rectify or erase your data or have it rectified or erased, and who the (possible) recipients of this data are.
Kroftman Structures BV collects, processes and shares only personal data that serves a goal that is directly necessary for proper and structured business operations. When you use our products and services, Kroftman Structures BV can collect information about you. Consider, for example, information that you provide to us when you complete a contact form or request a quote, or information that we collect when you use our websites and other services.
Kroftman Structures BV also utilizes the services of third parties, such as logistics partners, Kyoh (product/ service evaluation) and links on our website such as YouTube. Although these partners/ websites have been selected with due care, we are not responsible for the processing of personal data via these parties. For their privacy policies, we refer you to these organizations.
We would like to underline the fact that Kroftman Structures BV does not collect exceptional, sensitive or high-risk personal data and that the sharing of information only takes place for business purposes. Processing agreements have been established with the organizations in question. Kroftman Structures BV does not sell the data of its clients and users of its services to third parties.
Processing by Kroftman Structures BV
Kroftman Structures BV, Veem 3, 6909 Babberich, the Netherlands. Chamber of Commerce number: 09168984
With this privacy and cookies policy, we wish to provide clarity regarding the way in which we handle your data. If you would like to know what personal data we have logged, or if you would like to rectify or erase your data in accordance with the applicable regulations (or have your data rectified or erased), please send an e-mail to: email@example.com. You can also notify us that you no longer wish us to issue/ process your personal data, combine your personal data into a profile or use your personal data to offer targeted promotions or to send you information and offers by e-mail or in the post.
When providing our products and services we can process (personal) data of clients, subscribers to our newsletters, and visitors to/ users of our (mobile) websites and other services such as events and campaigns. Our products/ services differ as to whether, and if so, which, (personal) data we (can) process. If you wish to receive a promotional offer, fill in a contact form, receive a newsletter or create an account, we will in any case require a valid e-mail address. A location may also be necessary for the purpose of delivery. In order to process orders or service requests, however, we will need to receive more information. An overview of the required information can be requested via firstname.lastname@example.org
If you are asked to enter your data, it will be indicated which information is necessary to be able to utilize the service (and which information is therefore mandatory), and which information is optional.
Which data do we collect?
Broadly speaking, there are four ways in which we can collect (personal) data:
- Completion of contact form: with this, personal data is processed that you have provided to us yourself, such as name, address, e-mail address and your interest.
- Request for information or products via our (mobile) websites (for example request for an e-mail newsletter or promotional offers): with this, information is processed that you have provided to us yourself via the website, such as your e-mail address.
- Creation of an account on a (mobile) website: With this, the personal data is processed that you provide to us yourself when you create the account, or which you have given us access to (when using a social media login), such as your e-mail address and (user) name;
- Use of our (mobile) websites: with this, information is processed about your use of those (mobile) websites, such as the pages and websites you visit within our network, the advertisements that are displayed and the advertisements that you click on. This information enables us to derive your likely interests. (Personal) data and information is also processed that you have allowed us access to (such as location details).
Purposes of the processing
We collect and process personal data for the following purposes, including via the (mobile) websites operated by us:
- for the establishment and execution of a contract entered into with you;
- to offer and deliver the agreed services, products and/ or information, and to adapt these to your wishes and requirements;
- to enable you to place and exchange information on one of the websites or, where the website provides the opportunity, to contact other users;
- to offer you targeted promotions, e.g. via e-mail. As part of the optimization of the targeted promotions that we offer, we can also create a profile specific to you;
- to send you a newsletter, promotional offer, user information, service message or other electronic messages;
- to analyse, maintain, optimize and secure our (mobile) websites and associated technologies, and to combat fraud;
- to comply with the legislation and regulations to which we are subject, to handle any disputes and for the purpose of (accounts) auditing; to conduct market research and to gather management information for the purpose of product and service development and to determine our (general) strategy;
Not all data is always processed for the same purposes. For instance, some data is only stored in order to deliver the requested service, while other data can be used both for the analysis and improvement of the use of our websites and for the provision of targeted promotional offers.
In principle, we store your personal data for as long as is necessary for the aforementioned objectives, or to comply with statutory (storage) obligations. However, there is also data that, given its relevance or sensitivity, we use for a short time period, while your e-mail information is used for an unlimited period if, for instance, you receive an e-mail newsletter and do not unsubscribe.
An overview of the stored data, the purpose of storage and the storage period can be requested via email@example.com
How is data combined, and which data?
The purpose of combining client data is primarily to enable us to better respond to our clients’ wishes and requirements, and to better align our advertising policy with your interests as a unique consumer.
When you complete a contact form on one of our websites, we can add the information entered by you to the cookie that we use to measure your use of our online services. With this, we do not combine all the information that you enter with the online user information, but only information such as your gender and postcode. This data is then used to create an online profile.
We can also combine the client data that you have provided us with information about your use of our websites. This works are follows: via the e-mail newsletter, your client number (in our system) is linked to a unique number in the cookie. With this, we can add your gender and postcode to your cookie profile, and add the interests derived from your website use to your client data.
Finally, information from external sources can be added to the data that we already have about you in our system. This concerns demographic data that we may purchase from third parties. This includes, for example, general data about postal code areas.
If you object to the combining of your personal data, please notify us via firstname.lastname@example.org.
Sharing and disclosure of personal data
Kroftman collects/ manages information provided to us only for business purposes. Therefore, the data that you provide to us will not be sold/ passed to third parties. There are exceptions to this, as follows:
- We can exchange the personal data processed by us with our subsidiaries, and combine it with data processed by these subsidiaries. If you object to this, please notify us here.
- For good business operations, it can be necessary to exchange your data with third parties, such as logistics companies for the delivery of the products, or organizations that assist with our customer support. An overview of these organizations can be requested via email@example.com
Only if you have given us (unequivocal) permission to this effect, we can send you, via e-mail, information and promotional offers about our products and services. Naturally, this permission can be withdrawn at any time.
In special cases we can, without your permission, make personal data available to third parties. These special cases are, for instance, legitimate requests for this information from authorities, subpoenas or court orders, actions to detect or prevent damage or fraud, or actions to protect the security of our networks and our services.
Furthermore, the data can be used for the purpose of handling complaints, conducting customer satisfaction surveys and obtaining information about the progress of the project and project-related news.
Data not related to business operations
Besides the aforementioned data, we also receive and store other specific information, such as job application letters/ CVs. Depending on the data and the purpose for which it has been collected, these documents will not be stored for longer than is strictly necessary.
If you have disabled cookies via your browser settings, it is possible that certain functions of our websites will not work or that you cannot use certain services. In any case, you will then see the cookie information bar on every page, because our websites cannot retain (in a cookie) the fact that you have visited the website previously and have perhaps already made the choice to accept/ reject cookies.
At all times, we maintain a level of security in the processing of personal data that, given the current state of the technology, is sufficient to prevent unauthorized access to, modification, disclosure or loss of personal data. Consider, for example, both technical and organizational measures (such as encryption of data and maintaining a restricted group of employees that have access to the data, etc.) To ensure secure and lawful data processing, the data is also protected and only accessible to the employees who have a professional and legitimate interest in the use and processing of this data.
Besides the fact that we do everything possible to prevent data leaks/ hacks, we have internal procedures in place to enable us to intervene quickly and effectively, should such a leak occur. In the event of a data leak, besides the internal registration of the leak, it will also be reported to the Data Protection Authority and to the persons affected within 24 hours, in accordance with the EU General Data Protection Regulations. For Kroftman, the governing regulatory body in this is the Dutch Data Protection Authority.
Specific rights of consumers
According to the new EU General Data Protection Regulations, the consumer has the right to transparency (access to his/ her personal data), the ‘right to be forgotten’ (have his/ her personal data erased) and the right to data portability (the retrieval of personal data and transfer to another organization). Exceptions to this are made for financial data, which is subject to statutory regulations regarding its storage and processing. Clients can contact Kroftman in writing if they wish to access or rectify their data, or have it erased. Where applicable (and without notification to the contrary from the client), third parties with whom the personal data has been shared will also be informed of these requests.
The right of the consumer to oppose automated decision-making and to oppose direct marketing and profiling is (currently) not applicable to the organization. If this changes, the customer will first be asked for permission in writing.
Data rectification, access, erasure etc.
Requests for access to personal data and its rectification, erasure etc. can only be made in writing. To make a request in this regard, please send an e-mail to firstname.lastname@example.org with the reference “Access/ rectification/ erasure of data”.
Include in this message your full name and address, and attach a copy of an identification document with the message so that we can be certain that the information you request does actually relate to you and is thus sent to the right person (to be extra sure, state on the copy of your identification document that you are sending it to us, and make your bsn (citizen service number) and photograph (if applicable) unrecognizable. If we cannot, or cannot fully, confirm which personal data your request for access, rectification or erasure relates to, we can ask you to (further) specify your request in more detail. We will then suspend our handling of your request until you have provided us with these (further) details. After handling your request, we will always send you a message of confirmation.
As soon as possible after receiving your request, we will inform you as to whether and how, and if not why not, we will grant your request.
Refusal of requests
Not every request for rectification or erasure will be granted. Any request that concerns personal data that does not (only) relate to you, will be refused. Besides, the Data Protection Act stipulates that you are entitled to rectify/ have rectified any factual inaccuracies. A request for rectification of data where it is not determined that the data was factually inaccurate, or it is not determined that the requested modification will make the data factually accurate, will therefore not be granted. Similarly, not every request for erasure of data will be fully granted. In some cases, we are legally obliged to retain certain data (fiscal legislation). Furthermore, we can suspend your request due to pending procedures, for instance because the data provided by you is needed for the delivery of products ordered.
– Version 5 May 2018 –