Article 1 – Controller
The controller of the processing of the personal data is: Organic People., located in (3531 EP) Utrecht at Jan Pieterszoon Coenstraat, the Netherlands and registered at the Chamber of Commerce in the Netherlands with the number 78488591. If you have any questions or remarks, please contact our customer experience department (firstname.lastname@example.org).
Article 2 – What kind of personal data do we collect on our website?
Article 3 – For which purpose and on which basis do we process the personal data?
We process personal data received from you, as laid out in article 2.1 (Registration or information requests through our website), for the following purposes: to fulfil our obligations with respect to the agreement for the sale of goods (for example for shipping and invoicing the ordered goods); to contact you (by phone or by e-mail), to provide answers to your questions or remarks and/or provide you with the requested information or advice; to secure your account and order information; to secure our business goals: for data analysis, for example to improve the efficiency of the Services; for audits, to check whether our internal processes function as intended and to comply with legal or contractual requirements; for fraud and security checks, for example for cyber attacks or attempts at detecting and preventing identity theft; for the development of new products and services and to consider where to open new stores in the future; to supplement, improve or change our website or our products and services; to identify trends in the use of the Services, for example insights on which parts of our Services are most interesting for users; to determine the effectiveness of our promotional campaigns, so that we can adapt them to the needs and interests of our users. We will carry out the above listed activities to manage our contractual relationship with you, to fulfil a legal obligation, and/or because of our legitimate interests. to analyse personal data (e.g. purchase history, shipping country and/or city) in order to provide personalised offers of our Services: to understand you better so that we can personalise our interactions with you and provide you with information and/or offers that are tailored to your interests; to better understand your preferences so that we can deliver content through the Services that we believe will be relevant and interesting to you. We will provide personalised offers of our Services with your permission or because of our legitimate interests. to send you our email newsletter with offers and information about products and services, but only if you have specifically opted in for this. Please note that you can always object to such use, via the ‘unsubscribe’ link in our email newsletters to comply with various legal obligations, including tax obligations. If you don’t want to be contacted by phone please send an e-mail to our customer experience department (email@example.com). We also share information about your use of our website with our trusted social media, advertising and analysis partners (e.g. Facebook in respect of the Facebook pixel). We will only make personal data available to third parties that are involved in the execution of the user’s order. These third parties process personal data according to our instructions and under our responsibility. This is recorded and a processor agreement is concluded with these parties. We do not pass on your personal data to other third parties unless we are legally obliged to do so. We use the automatically generated information, as laid out in article 2.2 (Automatically generated data), and your company data and personal data, as laid in out in article 2.1 (Registration or information requests through our website), to conduct analyses for internal research and statistical, strategic purpose, all in an aggregated form (“aggregated information”). This aggregated information does not identify you nor the company. We use the aggregated information to optimise our Website, Services and products and learn more about the use of our Website and products so we can improve them.
Article 4 – Use by minors
Article 5 – How long do we store and process the personal data?
Organic people shall process the personal data for a period of two years after your last order, or for as long as legally required or necessary and allowed for the purpose(s) for which it was obtained. Immediately after these periods we will destroy the personal data and/or anonymise them. The criteria used to determine our retention periods include: (i) the duration of our ongoing relationship with you and the Services we offer you; (ii) whether or not there is a legal obligation to which we are subject; and (iii) whether or not custody is advisable due to our legal position (such as applicable limitation period(s), a court case or investigations by a supervisor). Notwithstanding article 5.1, Organic people may process the personal data for a longer period (i) if you ask Organic people to keep data for a new two-year period, (ii) in order to comply with statutory retention periods (for example laid down in tax legislation) or (iii) in order to prove that it complies with applicable statutory obligations (for example with respect to the GDPR or e-mail marketing legislation).
Article 6 – How do we protect the personal data?
We shall take appropriate technical and organisational measures to safeguard and protect the personal data against any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access or against any other unlawful or unauthorised processing of such personal data. Taking into account the state of technology and the costs of execution, these measures guarantee an appropriate level of security given the risks that come with processing and the nature of the data to be processed. For example, we make use of a secure SSL connection during the order process and when completing the registration form.
Article 7 – With whom do we share the personal data?
Article 8 – Your rights with respect to your personal data
You have the right to obtain our confirmation as to whether or not we process your personal data, on request. The personal details you provide when registering a client with us can be viewed and altered at anytime by you, on your account on the Website. You are also entitled to send our customer experience department (firstname.lastname@example.org) a request to receive such information. Furthermore, you are entitled to send our customer experience department (email@example.com) a request to access, receive, rectify or erase your personal data. We will process your request immediately and in accordance with the GDPR and we will send you a response without undue delay, at least within one month after the receipt of your written request. You are entitled to object, on grounds relating to your particular situation, to our processing of your personal data at any time. We shall no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. We will send you a response without undue delay, at least within one month after the receipt of your written request. If you have any complaints about our processing of your personal data or your request, you can contact our customer experience department (firstname.lastname@example.org). If that doesn’t solve your complaints, you can, of course, always contact the Dutch supervisory authority (www.autoriteitpersoonsgegevens.nl) or the competent court in the Netherlands. If you have any further questions or remarks, please contact our customer experience department (email@example.com).
Article 9 – Cross-border transfer
Your personal data can be stored and processed in every country where we have facilities or service providers. By using our Services or by giving us permission (where required by law), your information may be transferred to countries other than the country in which you live, including the United States, where other data protection laws differing from those in your own country may apply. Appropriate contractual and other measures have been taken to protect personal data when sent to our subsidiaries or third parties in other countries. Some countries outside the European Economic Area (EEA) are recognized by the European Commission as countries where an appropriate level of data protection applies according to the EEA standards (the full list of these countries is available here). For transfers from the EEA to countries that in the opinion of the European Commission do not offer sufficient protection, we have ensured that adequate measures have been taken, among other things, by ensuring that the recipient is bound to EU standard data protection provisions, EU-US Privacy Shield certification or an EU-approved code of conduct or certification to protect your personal data. You may receive a copy of these measures by contacting our customer experience department (firstname.lastname@example.org), as explained in Chapter 8 (Your rights with respect to your personal data) above.
Article 10 – Third-party websites
Article 11 – Revisions of this statement
Utrecht The Netherlands August 2020