Privacy- and Cookie statement Xolphin B.V.
Xolphin B.V., listed in the commercial register under number 37101223, treats all personal information with the utmost care. We carefully process and secure any and all personal information in accordance with the requirements outlined in the Personal Data Protection Act. Xolphin B.V. is the responsible party for processing personal data and in some cases the processor or subprocessor. In this privacy- and cookie statement, we explain what personal information we collect and use and to what ends we do so. We advise you to read the following carefully.
Processing personal data
When you visit our website, you leave behind certain (personal) information. We only store and process the personal information that you submit to us directly or information of which it is clear that it is provided to us. Personal information may be provided in both an active and a passive manner. Actively provided information refers to information that you enter on our website yourself or e.g. submit to us via email. Additionally, our website automatically stores certain kinds of information, sometimes without you being aware of it. This concerns passively provided information. In this privacy- and cookie statement, we describe which types of passively and actively provided information we process and to what ends.
Accessing certain components of this website requires registration. Your username is connected to the password. It's your own responsiblity to handle your password with care, and to choose a password carefully. Xolphin's employees do not have access to your password. In case you forgot your password or in case you suspect misuse, you can request a new password via the website.
The personal data you entered will be stored in your account. We store this information to prevent you from having to enter it every time you visit our website, so we can contact you about the execution of our agreement, invoicing and payments, to give you an overview of the products and services you have purchased and for sending the newsletter and renewal reminders. We will store the following information:
- Name and address (personal or from your company)
- Invoicing address
- VAT-number and commercial number
- First and last name corporate contact
- E-mail address
- Phone number
- Fax number
- Name and e-mail address of all persons who have access to the same account
- Payment information
Your orderhistory will be stored in your account. This information is needed to process the order, to pass it on to the supplier and to help you with implementing and this enables us to display the status of the orders in your account. You can also oversee all your products and services. We can use this information for research and development purposes, for improvement of our products and need them to comply with law and regulations. We collect:
- Company information of the beneficiary (name, address, commercial register information, startdate, legal form)
- WHOIS information
- Contact information (phone number, emailaddress, department and corporate contact)
If you send us an e-mail or fill in the contact form on our website, you will provide us information. This information will be stored, so we can answer your question or process your request. The retention period depends on the nature and contents of the form or email.
Personal data security
We employ strict safety measures, e.g. to prevent unauthorised parties from gaining access to any personal information, from misusing or damaging your information. We always use secure connections to protect all information transmitted between our website and your computer when you enter personal information. Additionally, we employ:
- Physical security: locks on doors and safes, access control for facilities and camera surveillance.
- Technical security: anti-malware, encryption and monitoring of systems, servers and data centers.
- Certified ISO 27001:2013, ISO 9001:2015 and WebTrust.
Transfer of personal data
We will never provide your information to third parties, unless it is necessary to do so for the execution of our agreement or because we are legally obligated to do so. In the event of suspected fraud or misuse, we may hand over personal information to the appropriate authorities. As part of the agreement we transfer your personal data to a supplier, service providers, and authorities. If we share your information with these parties, we require them to meet all European laws and regulations in respect to privacy.
Transfer to suppliers
When ordering a product or service on our website, you also choose the supplier you want to receive the product from. By choosing the supplier, you explicitly approve and agree with the transfer of personal data to this supplier. Symantec, GeoTrust, Thawte, GlobalSign and Comodo are global organisations. They make use of systems which are available for all offices. This means your personal data will be transfered to all offices. For all suppliers this means your personal information will be processed in Europe, in Asia or Asia-Pacific and in America. Symantec, GeoTrust, Thawte and GlobalSign transfer your data also to the Middle East and Africa. You can find more information on the website of the supplier.
Transfer to service providers
We need service providers for the execution of our agreement. We've got contracts with several service providers, e.g. for the internet connection and our phone connection. The data will be anonimized if possible. The service providers are not authorized to share the data or to use the data in a different way then for our agreement. We share the data with SpeakUp, Voys, Ernst & Young and Van der Meer & Philipsen.
Websites from third parties
By clicking on a Social Media Button (such as LinkedIn) it is possible that this website collects your personal data. This privacy statement does not apply to websites of third parties that are connected to this website via links. We cannot guarantee that these third parties will treat your personal information in a reliable and secure manner. We therefore recommend that you read these websites’ own privacy statements before making further use of the websites.
Personal data from third parties
By placing an order, it's possible you provide us with personal data of third parties. Third parties are e.g. the beneficiary of the product (end customer). Xolphin is only authorized to process this information, in case you have the explicit and written consent of this third party data subject. By agreeing to the privacy- and cookie statement, you declare to have received the explicit and written consent of all data subjects. You also declare you've informed those data subjects who will process the information and to which end we and the supplier do so.
Any information that is no longer necessary will be deleted. We store your information at least for the duration and the execution of the agreement. After that we'll store your information only in case it's obliged by law.
In case of a personal data breach that will result in severe negative consequences, Xolphin shall inform the Autoriteit Persoonsgegevens within 24 hours after discovering the breach. In case the personal data breach of the integrety loss is likely to result in negative consequences for the privacy of natural persons to whom a security service was provided, Xolphin will notify the natural persons and business entities immediately.
Changes to this privacy- and cookie statement
We reserve the right to make changes to this privacy- and cookie statement. We recommend that you consult this statement regularly, to ensure you are aware of any and all changes.
Rights of the datasubject
Privacy policies suppliers:
Latest update in October 2016