Privacy Policy ElevenOFive Online

https://www.oneplus-shop.nl

About our privacy policy

ElevenOFive Online cares a lot about your privacy. We therefore only process data that we need for (improving) our services and treat the information collected about you and your use of our services with care. We never make your data available to third parties for commercial purposes.

This privacy policy applies to the use of the ElevenOFive Online website and the services accessed thereon. The effective date for the validity of these terms is 17/05/2018, with the publication of a new version the validity of all previous versions expires. This privacy policy describes what data about you is collected by us, what this data is used for and with whom and under what conditions, if any, this data may be shared with third parties. We also explain to you how we store your data and how we protect your data against misuse, and what rights you have in relation to the personal data you provide to us.

If you have any questions about our privacy policy, please contact our privacy contact, you can find the contact details at the end of our privacy policy.

About data processing

Below you can read how we process your data, where we store it, which security techniques we use and to whom the data can be accessed.

Webshop software

LightSpeed

Our webshop is developed with software from Lightspeed. Personal data that you make available to us for the purpose of our service is shared with this party. Lightspeed has access to your data to provide us with (technical) support, they will never use your data for any other purpose. Based on the agreement we have with them, Lightspeed is obliged to take appropriate security measures. These security measures consist of the application of SSL encryption and a strong password policy. Lightspeed uses cookies to collect technical information relating to your use of the software, no personal data is collected and/or stored. Lightspeed reserves the right to share collected data within its own group to further improve its services.

Web hosting

Yourhosting BV

We purchase web hosting and email services from Yourhosting BV. Yourhosting processes personal data on our behalf and does not use your data for its own purposes. However, this party may collect metadata about the use of the services. This is not personal data. Yourhosting has taken appropriate technical and organisational measures to prevent the loss and unauthorised use of your personal data. Yourhosting BV is bound to secrecy under the agreement.

Email and mailing lists

MailCamp

We send our email newsletters using MailCamp. MailCamp will never use your name and email address for its own purposes. You will see the 'unsubscribe' link at the bottom of every email sent automatically via our website. You will then no longer receive our newsletter. Your personal data are stored securely by MailCamp. MailCamp uses cookies and other internet technologies that provide insight into whether e-mails are opened and read. MailCamp reserves the right to use your data to further improve its services and to share information with third parties in this context.

Yourhosting BV

We use the services of Yourhosting BV for our regular business e-mail traffic. This party has taken appropriate technical and organisational measures to prevent abuse, loss and corruption of your and our data as much as possible. Yourhosting BV has no access to our mailbox and we treat all our e-mail traffic confidentially.

Payment processors

MultiSafepay

1. Merchant/Partner,
and
2. The private limited company MultiSafepay B.V., having its registered office in Amsterdam, the Netherlands, and its principal place of business in (1033 SC) Utrecht, at Kraanspoor 39, hereinafter to be referred to as: MSP,
hereinafter jointly referred to as: Parties
WHEREAS:
- Merchant/Partner has entered into an Agreement (hereinafter: the "Agreement") with MSP;
- Personal Data within the meaning of the PDPA and the AVG are processed within the framework of the performance thereof;
- Pursuant to the provisions of the Wbp and AVG, Merchant/Partner is Responsible for these
Personal Data;
- Merchant/Partner, when instructed to ensure the execution of payments to MSP,makes Personal Data available to the Recipient within the meaning of the Wbp and AVG;
- MSP a payment institution supervised by De Nederlandsche Bank and due to the specific activities, MSP is also independently Responsible within the meaning of the Wbp and AVG;
- MSP's information management systems are certified in accordance with the ISAE 3402 principles and criteria. In addition, MSP is certified to the PCI DSS 3.2 Level 1 Service Provider standard;
- MSP has a data protection officer in place;
- In accordance with the Wbp and AVG, the parties wish to set out in this agreement their agreements on the processing of Personal Data.
AGREE:
1. Terms
The capitalised terms referred to below and before in this Agreement shall have the following meanings:
1.1 Data Subject: the person to whom a Personal Data relates.
1.2 Data Breach: a breach of security as referred to in the PDPA and the AVG, which results in the significant likelihood of serious adverse consequences or has serious adverse consequences for the Personal Data processed.
1.3 Third party: any person, other than the data subject, the controller, the processor, or any person authorised under the direct authority of the controller or processor to process Personal Data.
1.4 Data Protection Officer (FG): the officer as referred to in Wbp and AVG.
1.5 Recipient: the person to whom personal data are provided.
2
1.6 Agreement: the Agreement between Merchant and MSP concerning activities relating to the provision of payment services.
1.7 Personal Data: any data relating to an identified or identifiable natural person, traceable to Merchant's portfolio.
1.8 Controller: the natural person, legal entity or anyone else who, or the governing body which alone or jointly with others, determines the purpose of and the means for processing Personal Data.
1.9 Processing: any operation or set of operations involving personal data, including in any case the collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, provision by means of transmission, dissemination or any other form of making available, bringing together, linking, as well as blocking, erasure, or destruction of data.
1.10 Addendum: this Agreement including recitals and annexes.
2. Establishment, duration and end of the Addendum
2.1 This Addendum shall be in force during the term of the Agreement. If the Agreement ends, this Addendum shall terminate automatically.
2.2 Parties cannot terminate this Addendum in the interim.
3. Obligations of MSP
3.1 The primary purpose of MSP is the processes of payments. MSP performs payment on behalf of Merchant and may accept payment orders on behalf of Merchant, with MSP as Recipient receiving Personal Data from Merchant.
3.2 MSP is an independent Controller.
3.3 MSP will process Personal Data in a proper and careful manner and in accordance with the PDPA and other applicable regulations regarding the processing of Personal Data. MSP has appointed a Data Protection Officer who supervises the application of and compliance with the Wbp as well as AVG.
3.4 If MSP is required to provide Personal Data to a third party on the basis of a legal obligation and outside its regular service provision, MSP shall verify the basis of the request and the identity of the requester and, within the legal possibilities, inform Merchant immediately, if possible prior to the provision.
3.5 MSP shall fully cooperate with Merchant/Partner to fulfil, within the statutory time limits, the obligations under, inter alia, the Wbp as well as AVG, more specifically the rights of Data Subjects, such as, but not limited to, a request to inspect, correct, supplement, delete or block Personal Data and the execution of a honoured registered objection. MSP shall also fully cooperate in adequately informing the Personal Data Authority and Data Subjects in the context of the Data Breach Notification Obligation. If MSP identifies (attempted) unlawful or otherwise unauthorised processing or breaches of the security measures of the Personal Data received from Merchant/Partner (including loss of Personal Data), which leads to the significant likelihood of serious adverse consequences or has serious adverse consequences for this protection of Personal Data, it shall inform Merchant/Partner thereof immediately, but no later than within 24 hours, and take at its own expense all reasonably necessary measures to prevent or limit (further) violation of the PDPA as well as AVG or other regulations regarding the unlawful/unauthorised processing of Personal Data. MSP shall make available upon first request all information requested by Merchant regarding the breach and proactively provide it with new information thereon as soon as it becomes known.
If Merchant/Partner itself detects a Data Breach involving Personal Data that has also been provided to MSP, it will also notify MSP thereof without delay, but no later than 24 hours. The notification will be made by e-mail. The e-mail address is: dataprotection@multisafepay.com.
4. Appropriate technical and organisational measures
4.1 MSP will take and demonstrably maintain and, if necessary, adapt appropriate technical and organisational measures to secure the Personal Data against destruction, loss or against any form of unlawful processing.
4.2 MSP operates in accordance with the ISAE 3402 principles and criteria. In addition, MSP is certified according to the PCI DSS 3.2 Level 1 Service Provider standard. MSP is audited annually by duly authorised external auditors.
4.3 MSP does not process Personal Data outside a country of the European Union.
5. Confidentiality
5.1 MSP is obliged to maintain the confidentiality of all Personal Data and information it processes, pursuant to this Addendum, except insofar as such data or information are not of a secret or confidential nature, or are already generally known.
5.2 If and to the extent that Merchant/Partner expressly requests this in writing, MSP will, with respect to the data or information thereby designated, take special measures, if possible, with a view to the confidentiality thereof.
5.3 MSP will stipulate in its written agreements with its personnel that these persons will observe confidentiality in the same manner as stipulated in paragraphs 1 and 2 with regard to all data and information that they process in the context of their work for MSP. MSP warrants to Merchant/Partner that the said clauses will be observed by the persons concerned.
5.4 Upon expiry of the Agreement and this Addendum, this Article and the confidentiality discussed herein shall remain in force.
6. Control
6.1 MSP shall have the operations and compliance with the agreed technical and organisational security measures periodically audited by external auditors.
7. Final provisions
7.1 Deviations from this Addendum shall only be binding insofar as they have been expressly agreed between Parties in writing.
7.2 The provisions of the Agreement shall apply to this Addendum. This Addendum supplements the Agreement. In the event of a contradiction between provisions of this Addendum and the Agreement, the provisions of the Agreement shall prevail.

Reviews

Trustpilot A/S

We collect reviews through Trustpilot A/S's platform. If you leave a review via Trustpilot A/S you are required to provide your name, city and email address. Trustpilot A/S shares this data with us so that we can link the review to your order. Trustpilot A/S also publishes your name and place of residence on its own website. In some cases, Trustpilot A/S may contact you to explain your review. In the event that we invite you to leave a review, we share your name and e-mail address with Trustpilot A/S. They only use this data for the purpose of inviting you to leave a review. Trustpilot A/S has taken appropriate technical and organisational measures to protect your personal data. Trustpilot A/S reserves the right to use third parties for the purpose of providing the service, for which we have given Trustpilot A/S permission. All aforementioned guarantees regarding the protection of your personal data also apply to those parts of the service for which Trustpilot A/S engages third parties.

Shipping and logistics

Parcel Pro BV

When you place an order with us, our job is to get your package delivered to you. We use the services of Parcel Pro BV to carry out the deliveries. This requires us to share your name, address and place of residence details with Parcel Pro BV. Parcel Pro BV only uses this data for the purpose of executing the agreement. In the event that Parcel Pro BV engages subcontractors, Parcel Pro BV will also make your details available to these parties.

Invoicing and accounting

External sales channels

Marketplace.com

We sell (some of) our items through the platform of Marktplaats.nl. If you place an order through this platform, Marktplaats.nl shares your order and personal data with us. We use these data to process your order. We treat your data confidentially and have taken appropriate technical and organisational measures to protect your data against loss and unauthorised use.

Purpose of data processing

General purpose of processing

We use your data exclusively for the purpose of our services. This means that the purpose of processing is always directly related to the order you provide. We do not use your data for (targeted) marketing. If you share data with us and we use this data to contact you - other than at your request - at a later time, we will ask you explicit permission to do so. Your data will not be shared with third parties other than to meet accounting and other administrative obligations. These third parties are all bound to confidentiality by virtue of the agreement between them and us or an oath or legal obligation.

Automatically collected data

Data automatically collected by our website is processed for the purpose of further improving our services. This data (e.g. your IP address, web browser and operating system) is not personal data.

Cooperation with tax and criminal investigations

Where appropriate, ElevenOFive Online may be required by law to share your data in connection with government tax or criminal investigations. In such a case, we are forced to share your data, but we will resist within the possibilities provided by law.

Retention periods

We will retain your data for as long as you are a client of ours. This means that we will keep your customer profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also interpret this as a forgetting request. In accordance with applicable administrative obligations, we must retain invoices containing your (personal) data, which we will therefore retain for as long as the applicable term runs. However, employees no longer have access to your client profile and documents we have produced in response to your instructions.

Your rights

Under applicable Dutch and European law, as a data subject you have certain rights in relation to personal data processed by or on behalf of us. We explain below which rights these are and how you can invoke these rights.

In principle, to prevent misuse, we only send statements and copies of your data to your e-mail address already known to us. In case you wish to receive the data at a different e-mail address or for example by post, we will ask you to identify yourself. We keep records of completed requests, in the case of a forgetting request we administer anonymised data. You will receive all copies and transcripts of data in the machine-readable data format we use within our systems. You have the right at any time to lodge a complaint with the Personal Data Authority if you suspect that we are using your personal data incorrectly.

Login

You always have the right to inspect the data we process (or have processed) that relates to your person or can be traced back to you. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you, at the e-mail address known to us, a copy of all data with a list of the processors holding this data, indicating the category under which we have stored this data.

Right of rectification

You always have the right to have the data we process (or have processed) that relates to your person or can be traced back to you amended. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the e-mail address known to us that the data has been adjusted.

Right to restriction of processing

You always have the right to limit the data we process (or have processed) that relates to your person or can be traced back to you. You can make a request to this effect to our privacy contact. You will then receive a response to your request within 30 days. If your request is granted, we will send you confirmation at the e-mail address known to us that the data will no longer be processed until you lift the restriction.

Right of portability

You always have the right to have the data we process (or have processed), which relates to your person or can be traced back to you, carried out by another party. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you, at the e-mail address known to us, copies or transcripts of all data about you that we have processed or have processed on our behalf by other processors or third parties. In all likelihood, we will no longer be able to continue providing services in such a case, as the secure interconnection of data files can no longer be guaranteed.

Right of objection and other rights

You have the right to object, where appropriate, to the processing of your personal data by or
on behalf of ElevenOFive Online. If you object, we will immediately stop the data processing pending the resolution of your objection. If your objection is well-founded, we will make copies and/or copies of data we process (or have processed) available to you and thereafter permanently cease processing. You also have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe that it does, please contact our privacy contact.

Cookies

Google Analytics

Through our website, cookies are placed by the US company Google, as part of the "Analytics" service. We use this service to track and get reports on how visitors use the website. This processor may be obliged under applicable laws and regulations to provide access to this data. We collect information about your browsing behaviour and share this data with Google. Google may interpret this information in conjunction with other data sets and thus track your movements on the internet. Google uses this information to offer targeted advertisements (Adwords) and other Google services and products, among other things.

Cookies

 

Third party cookies

In the event that third-party software solutions use cookies, this is stated in this privacy statement.

Privacy policy changes

We reserve the right to change our privacy policy at any time. However, you will always find the most recent version on this page. If the new privacy policy affects how we process data already collected about you, we will notify you by email.

Contact details

ElevenOFive Online
Industriekade 18G
2172HV Sassenheim
The Netherlands
T (088) 1112 777
E info@oneoneplus-shop.nl

Contact for privacy matters:
Daniel van Oosten