Privacy Statement of Sea Fresh Holding B.V.
This is the Privacy Statement of Sea Fresh Holding B.V., which has its registered office in Urk at Stortemelk 16, 8321 EE, can be reached by telephone on number: +31 527 687239 and is registered with the Chamber of Commerce under number 39069360.
2. General Definitions
Unless expressly stated otherwise below, the terms in these regulations are used with the meanings assigned to them in the General Data Protection Regulation (‘GDPR’).
Personal data: any information relating to an identified or identifiable natural person (data subject).
Data subject: the person to whom the personal data relate.
Processing of personal data: any operation or set of operations which is performed on personal data, whether or not by automated means, in any case including the collection, recording, organisation, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, merging, linking, restriction, erasure or destruction.
Controller: the party that determines the purpose and means of the processing.
Processor: the party processing personal data on behalf of the controller, without being subject to its direct authority.
Disclosure of data: the publication or making available of personal data.
User of personal data: the party who is authorised as an employee or otherwise by or on behalf of the controller to process personal data.
Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Supervisory authority: an independent public authority which is established by a Member State. In the Netherlands, this is the Dutch Data Protection Authority.
3.1 These regulations shall apply to all processing of personal data within Sea Fresh Holding B.V.
3.2 Sea Fresh Holding B.V. shall endeavour to ensure that it complies with all applicable privacy laws and regulations, including the General Data Protection Regulation (GDPR), the Dutch Financial Supervision Act (Wet op het financieel toezicht, Wft), the Dutch Anti-Money Laundering and Anti- Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft) as well as the Code of Conduct for the Processing of Personal Data by Financial Institutions (Gedragscode Verwerking Persoonsgegevens Financiële Instellingen) and all other applicable codes of conduct and guidelines.
4. For what purpose do we process your personal data?
Sea Fresh Holding B.V. processes personal data for the purchasing and sale of its products, as well as to pass on costs. The data are also used for the following:
- to facilitate compliance with statutory obligations, such as tax and social insurance laws;
- for analyses of personal data with a view to improving the product and service range and aligning it more closely with the wishes of our existing and potential customers. In addition to the information that Sea Fresh Holding B.V. receives from you, it is legally permitted to request information for these purposes from external sources that it deems to be reliable. In all processing of personal data, Sea Fresh Holding B.V. shall ensure that only those personal data are processed that are accurate, adequate, relevant and not excessive.
5. Which data do we process?
Sea Fresh Holding B.V. may process the following personal data:
- contact details such as name, address, place of residence, telephone number and email address
- date of birth, gender, marital status
- data concerning any criminal offences/aspects of fraud
- data on claims submitted and/or your claims history
Personal data shall be processed only in accordance with the purposes for which they were obtained.
6. Conditions for lawful processing
6.1 Personal data shall be processed only for the purposes described in Article 4 and shall not be processed further in a manner that is incompatible with the purposes for which they were obtained.
6.2 The personal data shall only be processed by persons who are subject to an obligation of secrecy owing to their office, profession or any legal requirement, or pursuant to an employment contract or other agreement.
6.3 Personal data shall only be processed insofar as they are relevant and not excessive in relation to the purposes described in article 4.
6.4 Personal data shall only be processed if one of the bases for processing in Article 6 (GDPR) applies, namely:
a) The data subject has given its unambiguous consent to the processing.
b) The data processing is necessary for the performance of a contract to which the data subject is party or in order to take pre-contractual steps at the request of the data subject that are necessary for concluding a contract.
c) The data processing is necessary for compliance with a legal obligation to which the controller is subject.
d) The data processing is necessary in order to protect a vital interest of the data subject.
e) The data processing is necessary for the proper performance of a public-law task by the administrative body concerned or the administrative body to which the data are disclosed.
f) The data processing is necessary for the purposes of protecting the legitimate interests pursued by the controller or by a third party to which the data are disclosed, unless they are overridden by the interests or fundamental rights and freedoms of the data subject, in particular the right to protection of privacy.
6.5 Sea Fresh Holding B.V. observes secrecy in respect of the personal data that come to its knowledge, except insofar as any legal requirement obliges the controller to disclose them or disclosure arises from the task of the controller.
7. Access to personal data
7.1 Sea Fresh Holding B.V. uses logistical and financial software as well as other digital means in which personal data are stored. Employees of Sea Fresh Holding B.V. shall only have access to personal data insofar as this is necessary for the performance of their duties.
7.2 Each user of personal data shall be subject to a strict obligation of secrecy in respect of the data that come to his or her knowledge by virtue of such access.
7.3 The administrator and those who work in connection with an assignment given by Sea Fresh Holding B.V. or a user shall only have access to personal data insofar as this is necessary for the use and processing of the data.
8. Protection of personal data
8.1 In order to safeguard the principle of integrity and confidentiality, Sea Fresh Holding B.V. shall take all technical and organisational security measures to prevent unauthorised access to or unauthorised use of personal data.
8.2 Sea Fresh Holding B.V. shall ensure that security rules for the personal data are complied with. It shall do so by periodically testing, assessing and evaluating the technical and organisational security with a view to the effectiveness of the processing.
8.3 Sea Fresh Holding B.V. shall comply with the data breach notification obligation as described in the policy rules for the notification obligation.
8.4 Sea Fresh Holding B.V. shall take measures to inform the Dutch Data Protection Authority and data subjects if this is required in connection with the notification obligation.
9. Disclosure of personal data
Sea Fresh Holding B.V. shall not disclose your data to others without a valid reason. Sea Fresh Holding B.V. shall be permitted to disclose your data if consent has been given for this, or if it is obliged to do so pursuant to the law or a court decision, or if such disclosure serves the purposes of the processing of personal data.
10. Right of access and right to erasure
10.1 The data subject shall have the right of access to and to obtain a copy of the personal data relating to him or her. The data subject must submit a request to that effect.
10.2 A request as referred to in this article shall be complied with within four weeks after receiving the request.
10.3 The right of access shall only be granted to the data subject or its authorised representative. The data subject or its authorised representative must, if required, be able to provide proof of their identity and/or their authorisation.
10.4 Exceptions to the right to erasure:
- the right of freedom of expression applies
- legal obligation of the controller
- necessary for public-law task of the administrative body
- necessary for the protection of public health
- necessary for archives or for scientific, statistical or historical research, insofar as rights such as the right to be informed impede those interests
- necessary for exercising or defending any right in law.
10.5 There shall be no charge for sending and providing copies.
10.6 In the event of the erasure of data, a statement shall be included in the data to the effect that the data were erased on the request of the data subject.
11. Right to data portability
11.1 The data subject shall have the right to obtain the personal data he or she provided to Sea Fresh Holding B.V. in a structured, commonly used and readable form.
11.2 The data subject shall have the right to transfer those data to another controller, without being hindered in doing so by the controller to which the personal data had been provided.
11.3 Sea Fresh Holding B.V. shall provide a commonly used and readable format that will enable the data subject to receive the data. On request, and on the instructions of the data subject, the format can– also be transmitted to a third party.
12. Right to restrict, supplement and correct personal data
12.1 On request, a statement issued by or on behalf of the data subject on the data entered shall be added to the data entered.
12.2 If data entered are factually incorrect, incomplete or not relevant for the purpose of the processing, or if they infringe a legal requirement with regard to the processing, the data subject can submit a written request to Sea Fresh Holding B.V. to correct, supplement, erase or restrict the data.
12.3 As soon as possible after receiving the request, Sea Fresh Holding B.V. shall notify the data subject in writing whether or to what extent the request will be complied with. A refusal shall always be accompanied by reasons.
12.4 Sea Fresh Holding B.V. shall ensure that any decision to supplement, correct or erase data is implemented as soon as possible.
12.5 In the event of the erasure of data, a statement shall be included in the data to the effect that the data were erased on the request of the data subject.
13. Right to object
13.1 If data are subject to processing pursuant to Article 4, the data subject can lodge an objection to such processing with Sea Fresh Holding B.V. in connection with his or her particular personal circumstances, if there is a legitimate interest.
13.2 Sea Fresh Holding B.V. shall decide whether the objection is justified within four weeks of receiving it. If the objection is justified, it shall stop the processing immediately.
13.3 Sea Fresh Holding B.V. can request payment of a fee for handling an objection (Personal Data Protection Act (Charges Made to Data Subjects) Decree) (Besluit kostenvergoeding rechten betrokkenen WBP), Bulletin of Acts and Decrees 2001, 305). The payment shall be returned if the objection is found to be justified.
14. Retention periods
Sea Fresh Holding B.V. shall never retain the data for longer than is necessary for the purpose for which they are collected, with due observance of the maximum legal retention period. If data nolonger need to be retained, all identifiable characteristics shall be erased, or the data concerned shall be erased in full.
15. Your visit to our website and cookies
16. Changes to the Privacy Statement
Sea Fresh Holding B.V. may change this Privacy Statement in the future. You can always find the most recent version of the Privacy Statement on our website.
17.2 You are entitled to submit a complaint to the supervisory authority at any time. The Dutch Data Protection Authority supervises compliance with the legal rules for the protection of personal data. The contact details of the Dutch Data Protection Authority are as follows: Dutch Data Protection Authority, Bezuidenhoutseweg 30, 2594 AV The Hague Telephone: 0900 2001201