Privacy policy – Mastop Totaal Techniek B.V.
- Definitions1.1 In this privacy policy, the following terms are defined as stated below: a. Mastop: the user of this privacy policy: Mastop Totaaltechniek B.V. with its registered office at Frankrijklaan 9 in Hazerswoude-Dorp, the Netherlands, registered with the Chamber of Commerce under Chamber of Commerce number 29049097; b. data subject: the natural person whose personal data is being processed; c. agreement: the agreement between Mastop and the data subject or a legal entity; d. website: the websites mastop.nl, www.irriview.com and www.irriviewnx.com which are managed by Mastop; e. personal data: data that can be used to identify a natural person.
Article 2. Personal data 2.1. Mastop considers due care in handling personal data of paramount importance. With regard to the processing of personal data. Mastop acts in accordance with the General Data Protection Regulation (GDPR). 2.2. Mastop processes personal data of the data subject within the meaning of the GDPR when the data subject has requested an offer (on behalf of a legal entity) or has concluded an agreement with Mastop or when Mastop has requested an offer. 2.3. Mastop collects and processes the following data: a. Contact details such as: First name and surname, e-mail address and telephone number; b. Delivery details such as: First name and surname and delivery address; c. Administrative details such as: First name and surname and invoice address. 2.4. Mastop does not process special personal data of data subjects.
Article 3. Principle and purposes of data processing
3.1. The principle of processing personal data is the performance of the agreement, compliance with statutory obligations or the justified interest of Mastop. 3.2. Mastop collects and processes personal data for the following purposes: a. To send out an offer; b. To request an offer; c. To form an agreement; d. To perform an agreement; e. To contact a contact person for green maintenance or ICT in connection with the agreement; f. To fulfil administrative duties; g. To send out newsletters. 3.3. It is a contractual obligation to provide the name and the e-mail address of the contact person who concludes an agreement on behalf of a legal entity. If the data subject is a private individual, it is a contractual obligation to provide the name, e-mail address, telephone number and delivery address. Without these details, no agreement can be formed. 3.4. Mastop will not retain the personal data for longer than is strictly necessary for the purposes for which the personal data is collected, as set out in Article 3.2. The personal data of contact persons of debtors and creditors is kept for a maximum of seven years. 3.5. Mastop only processes personal data that is, at least, required for the existing purposes. Mastop aims to process as little personal data as possible. 3.6. Mastop will not process the personal data for purposes other than described above.
Article 4. Newsletter
4.1. Mastop only sends out newsletters that relate to products similar to the products which the data subject has purchased from Mastop. 4.2. When the agreement is formed, the data subject is notified of the fact that he will receive a newsletter. 4.3. Before the agreement is formed, the data subject is given the opportunity to say he does not wish to receive newsletters. 4.4. Every newsletter that is sent to the data subject contains a link by which means the data subject can unsubscribe from Mastop’s newsletter.
Article 5. Deletion of personal data
5.1. Mastop will delete personal data from its systems without unreasonable delay if, for instance: a. The personal data is no longer required for the purposes for which it was processed; b. The data subject objects to his data being processed and this objection is justified; c. The personal data is incorrect or superseded. 5.2. Mastop is not obliged to delete personal data if it concerns one of the situations described in the law in which the “right to oblivion” does not apply.
Article 6. Disclosure of personal data to third parties
6.1. Mastop will disclose the personal data of the data subject to third parties if: a. Mastop has received the explicit prior consent of the data subject. The data subject can withdraw his consent for his personal data to be disclosed to third parties at any time; b. One of the statutory principles applies under which the disclosure of personal data to third parties is permitted; c. Required for the performance of the agreement; d. The data is forwarded to a processor engaged by Mastop for the purposes listed in this privacy policy, such as an ICT service provider or an accountant with whom Mastop has entered into an agreement or another legal act under which the processor provides sufficient guarantees in respect of the technical and organisational security measures in connection with the processing to be performed; e. This has been requested by an authority such as the police or the judiciary. Before Mastop discloses personal data to an authority, it will check the powers of this authority.
Article 7. Right of inspection, right to data portability, rectification and deletion 7.1. On request, Mastop will grant the data subject access to all his personal data on Mastop’s records and Mastop will give the data subject a free copy of this data in an adequate format so that the data subject himself can disclose the personal data to a third party. 7.2. Mastop offers the data subject the opportunity to rectify or delete any incorrect data about him on Mastop’s records. 7.3. The request for access, a copy, changes or deletion of personal data can be submitted to Mastop by e-mail. See Article 10.1 for the contact details of Mastop. Mastop will respond to such a request as soon as possible but within four weeks, at least.
Article 8. Objection
8.1. The data subject can object to Mastop about the processing of his personal data if he has a good reason to do so given his specific situation. After Mastop has received the objection from the data subject, Mastop will stop processing the data subject’s personal data, unless Mastop has justified interests that outweigh those of the data subject when it comes to processing personal data.
Article 9. Right to restriction
9.1. If the data subject has submitted a request for the adjustment, supplement or deletion of his personal data or if he has submitted an objection against the processing of his personal data and the handling, processing and completion of this request or objection take some time, the data subject may ask Mastop to restrict the processing of his personal data.
Article 10. Contact
10.1. If the data subject has any questions about the way in which Mastop processes personal data, about withdrawing his consent in connection with the processing of personal data, inspection of the data subject’s personal data processed by Mastop, a request for a copy of his personal data, a request to change or delete his personal data, the request to restrict the processing of his personal data or submitting an objection to the processing of his personal data, he can contact Mastop on the details given below. Contact details: Mastop Totaal Techniek B.V. Address: Frankrijklaan 9 Postcode/town/city: 2391 PX Hazerswoude-Dorp Country: The Netherlands E-mail: info@mastop.nl
10.2. To ensure that the request regarding personal data has been made by the data subject in question, Mastop may ask the data subject to send a copy of his proof of ID along with the request. In this copy, the data subject has to obscure his photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number [BSN]. This will protect the privacy of the data subject. 10.3. If at the request of the data subject, Mastop corrects, supplements or deletes personal data of the data subject or ends or restricts the processing of the personal data or has processed a withdrawn consent, Mastop will notify the data subject accordingly.
Article 11. Security measures
11.1. In order to prevent unauthorised access to personal data, loss, theft and unlawful use of personal data, Mastop has taken various security measures, including measures against unauthorised access, use, changes, unlawful and unintended destruction and unintended loss of the personal data. Among other things, Mastop has taken the following security measures: a. The use of secured systems with firewall and antivirus software and strong passwords in order to prevent unauthorised access to information systems; b. A data subject who has concluded an Irriview contact with Mastop can only access his account on the irriview.com or www.irriviewnx.com website by means of a username and password; c. Security/encryption of password manager; d. Data that is submitted to Mastop via the website is encrypted. The website uses a secure connection; e. Regularly carrying out software updates. 11.2. Mastop imposes a duty of confidentiality on persons engaged by or entering the employment of Mastop and who, for the purpose of their duties, take cognizance of personal data, such as details in a contract for services, an employment contract or a non-disclosure agreement.
Article 12. Third-party privacy policy
12.1. This privacy policy does not apply to third-party websites such as social media websites which are hyperlinked to this website. Mastop does not accept any responsibility or liability with regard to the way in which these websites handle personal data. For more information about the way in which these third parties handle personal data, etc., please consult the privacy policy of the website in question.
Article 13. Changes
13.1. Mastop reserves the right to unilaterally make changes to this privacy policy. The latest version of Mastop’s privacy policy can be found on the website.
Article 14. Data breach
14.1. In the event of a data breach at Mastop, in the course of which personal data of a sensitive nature was leaked or which otherwise constitutes a serious adverse effect for the protection of that processed personal data, Mastop will notify the Dutch Data Protection Authority accordingly within 72 hours of discovering the data breach, if possible, and take action in accordance with the policy regulations regarding the duty to report data breaches of the Dutch Data Protection Authority. 14.2. In the event of a data breach at Mastop that has adverse consequences for the privacy of the data subject, Mastop will immediately notify the data subject thereof without delay.
Article 15. Cookies
15.1. The website uses functional and analytical cookies. 15.2. A cookie is a small text file that is stored in the browser of the data subject’s device when he first visits the website. 15.3. Cookies are retained for one month. 15.4. The data subject can opt out of cookies by setting his Internet browser in such a way that it no longer stores cookies. In addition, the data subject can also delete all previously saved information through his browser settings. More information about enabling, disabling and deleting cookies can be found in the instructions and/or the Help feature of the data subject’s browser. When the data subject deletes or disables functional cookies, it may affect the correct functioning of the website and it may be possible that the data subject can no longer log into the website. 15.5. The type of cookie and its purposes a. Functional cookies: They ensure a website functions correctly. Functional cookies help the website to recognise the data subject when he revisits the website. This is convenient as it means the data subject does not have to log into the website every time he visits it. b. Analytical cookies: By using analytical cookies, Mastop can see how the website is used and it can improve the website on the basis of that information. Analytical cookies are not used by third parties and they are not linked to the name or the e-mail address of the data subject. Mastop’s settings of Google Analytics are such that visitors of the website remain anonymous.
Article 16. Submitting a complaint
16.1. If the data subject is of the opinion that Mastop’s processing of personal data is not in line with this privacy policy and/or the applicable legislation, the data subject can submit a complaint to the Dutch Data Protection Authority.
