Privacy Policy

 

We respect the privacy of our customers and visitors. That is why the protection of your privacy is very important to us. You can rely on your data being processed in a fair and transparent manner and we will make every effort to handle your data carefully and responsibly. In doing so, we observe the strict conditions set by the General Data Protection Regulation (GDPR).

 This Privacy Policy describes why and how we process your data and your rights in this respect (such as your right to access your data and to object to the processing of your data). This Privacy Policy applies to personal data of our customers who purchase our products and make use of our services and of the visitors to our websites and shops. This includes data that are collected off-line via the customer service desk or in the shops, but also data that are collected on-line via the club accounts, IBOOD app and our social media pages, for example.

 Most personal data we use are necessary in order to carry out your order. In some cases, we also use your data for marketing purposes.

 In this Privacy Policy you find information about the following topics:

  1. Who is the controller for the use of my data and how can I contact the iBOOD Data Protection Officer?
  2. Why do we process your personal data?
  3. Why are we allowed to process your data?
  4. How do we secure your data?
  5. How long do we retain your data?
  6. What do we do with the data we automatically collect during your visit to our website (cookies)?
  7. When and how do we use data to send information about our products, services, special offers and other messages?
  8. What do we do with the data we obtain when you contact us, when you register or when you place an order as a guest?
  9. Who have access to my data and to which third parties do you provide my data?
  10. What are your rights in connection with our use of your data?
  11. What about the use of your data when you use a link on our website to a third-party website?
  12. What about the use of your data when you apply for a job via our website?
  13. How to file a complaint about the use of your personal data?

 

In order for us to guarantee that our privacy policy always complies with the statutory provisions, we reserve the right to change it at all times. You should therefore regularly check this page to see if any changes have been made. If we make any material changes, we will provide a more prominent notice, for example via our website or by e-mail.

 

  1. Who is the controller for the use of my data and how do I contact the iBOOD Data Protection Officer?

 

The controller for the processing of your personal data is:

Silver Ocean B.V.

Contactweg 159-2

1014 BJ Amsterdam

Customerservice@ibood.co.uk or Customerservice@ibood.ie

 

If you have any questions about the use of your data, you can send an e-mail via:

Customerservice@ibood.co.uk or Customerservice@ibood.ie  with the subject 'Question about personal data'

 

 

  1. Why do we process your personal data?

We process your personal data if this is necessary for our website to fully function, and to carry out our activities. We do this, for example, when you register on our website or log into an existing account or when you order products. We only collect personal data you provide to us yourself. If the use of your data without your permission is not allowed in the context of the law, we will always ask your prior permission to use your data.

 

We use your personal data for the following purposes:

  • The performance of contracts with you
  • For customer relationship management
  • For targeted marketing campaigns
  • Product and service developments
  • Performing analyses and market research
  • Compliance with statutory obligations
  • Customer service
  • For placing reviews
  • Protection of our property and fraud prevention
  • The option to offer the iBood app

 

  1. Why are we allowed to process your data?

We are permitted by law to process your personal data because: 

  • the processing of most personal data we use is necessary in order to perform our contract with you, for example when you purchase a product. The same applies to the use that is required for the implementation of pre-contractual measures, for example in case of any questions about our products or services;
  • the use is necessary to allow us to meet a statutory obligation, for example in order to comply with tax obligations;
  • The use is necessary in order to represent our or another party's legitimate interest, for example when service providers are involved in connection with the processing on instruction, such as parcel delivery services, the performance of statistical surveys and analyses, the recording of registration procedures and the use of security measures. Our interest is to offer our products and services in an efficient, user-friendly, appealing and safe manner and to protect our property;
  • In some cases, you explicitly grant us permission to use your data;
  • In some cases, the use of your data is required in order to protect your or another person's vital interests, for example if you become unwell during a visit to our shops.

 

  1. How do we secure your data?

The security of your personal data is a matter of high priority for us. We have taken appropriate technical and organisational measures to secure your personal data against loss or against any form of unlawful processing. Our staff members who process personal data are, in particular, obligated to preserve the confidentiality of the data and are required to respect this confidentiality obligation.

 

To protect your personal data, they are sent in encrypted form; we use, for example, SSL (secure socket layer) for communications via your internet browser. You can recognise this by the padlock icon your browser shows in case of an SSL connection.

 

To guarantee long-lasting protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art.

These principles also apply to businesses that process and use data on our instructions.

 

  1.  How long do we retain your data?

We process and store your data no longer than necessary for the purpose for which we obtained them or to the extent we are required to do so by law. The applicable retention periods can be found below for each type of use.

Your personal data will be deleted or restricted after the purpose has ceased to apply or has been achieved.

In case of restriction, your data will be deleted as soon as the statutory or contractual retention period or the retention period under the articles of association no longer stands in the way of deletion.

 

  1. What do you do with the data you automatically collect during a visit to the website (cookies)?

We use cookies and other tools (such as pixels and scripts) in accordance with our cookie policy (www.iBOOD.nl/cookieverklaring[AB1] ) and the relevant regulations in order to collect information about you when you visit our website.

 

The following data may be collected:

  • access to the website (date, time and frequency);
  • how you reached the website (previous website, hyperlink etc.);
  • amount of data sent;
  • the browser and browser version you use;
  • the operating system you use;
  • the internet service provider you use;
  • your IP address, which your internet access provider assigns to your computer when you connect to the internet.

 

The collection and storage of these data are necessary in order to guarantee the functionality of the website and to display the contents of our website correctly. Moreover, these data will help us to optimise our website and guarantee the security of our IT systems.

 

We can also use these data for market research, marketing purposes, and a design of our services that is tailored to needs, by creating and analysing pseudonymous user profiles, but only if you did not exercise your right to object to this use of your personal data (see 'What are your rights in connection with our use of your data?').

 

  1. When and how do you use the data to send information about your products, services, special offers and other messages?

 

We use your data to send information you requested about our range and our special offers to the e-mail address you provided. We only do so if you have given your permission or if this is permitted by law.

  1. Subscription to the newsletter on our website

You can subscribe to our newsletter on our website. The

double opt-in procedure is used for your subscription. After your subscription, you will be sent an e-mail in which you are asked to confirm your subscription.

  1. Sending information based on the sale of goods and services

If you purchase goods or services on our website, we may send information on comparable goods and services to the e-mail address you provided, even without your permission.

  1. Sending by post

We may also use your data to send information about our range and our special offers to you by post.

 

We want you to enjoy reading our e-mails, which is why our aim is to only include information you will probably find interesting. We measure and store the open and click rates in your user profile. This information includes if and when you open our e-mails, what content of the e-mails you click on and when, and whether and why our e-mails possibly do not reach you. We also use these data for statistical purposes.

 

Of course, you can stop receiving our newsletter at any time by withdrawing your permission. To this end, each e-mail or newsletter includes an unsubscribe link and you can confirm the unsubscription on our website. You can also submit any such request via Customerservice@ibood.co.uk or Customerservice@ibood.ie .

 

It is not possible to unsubscribe from certain informative messages that are required for the performance of contracts and for the functioning of our website, including service e-mails (e.g. confirmations of registration, customer service data) or information about purchases (e.g. order confirmation, contract document, payment processing).

 

  1. What do you do with the data you obtain when I contact you, when I register or when I place an order as a guest?
  1. Contacting

If you contact us by telephone or e-mail or by filling in a contact form, we will store the data you provide in order to be able to answer your questions. The telephone conversation is recorded in accordance with the statutory requirements and is stored for no more than 1 month. We will delete the data that are provided in this context after the telephone conversation with you has ended and the relevant facts have been finally clarified.

  1. Registration

You can register on our website by providing your personal data. In that case, the processing is required for the performance of the contract.

If you place an order, we will, depending on the specific case, require certain data in order to perform the contract (e.g. name, delivery and invoice address and e-mail address) and data on the method of payment you selected. We also need your data in order to update our customer database so that it only contains correct information. To prevent any typing errors and to guarantee that the items you ordered are actually delivered at your address, we check the completeness and correctness of your address when entering the data. We will delete most data within two years after the order has been carried out, unless special circumstances require that the data be stored for a longer period and to comply with our statutory retention obligation.

  1. Miscellaneous

We may also store your data if the processing is necessary in order to comply with a statutory obligation or in case of a legitimate interest. For example, we may store your personal data and technical information if this is necessary in order to prevent or take legal action against any misuse or other illegal conduct on our website, for example in order to maintain data security if our IT systems are attacked. We may also do so based on orders from government agencies or courts, insofar as we are required to do so by law, and also in order to protect our rights and interests and to allow us to conduct a legal defence.

 

  1. Who have access to my data and to which third parties do you provide my data?

The starting point is that your data can only be accessed by iBOOD staff members if they are required to do so in order to carry out their duties. Also, when it comes to providing your data to third parties, we will only do so if this is necessary for the performance of our contract with you or to represent our legitimate interest, for example. We never provide more data than necessary for the purpose of the provision. We provide data to third parties in the following situations.

  1. Transfer to group companies

We provide your personal data to companies forming part of our group for the purpose of entering into and performing contracts with respect to our deliveries and services for storage in central databases and for intra-group settlement and accounting purposes. This is especially necessary in order to be able to use all our services. If you want to pick up your order at an outlet, the outlet you selected will be informed of your order and will process it. If you contact an outlet or our customer service desk about any questions, complaints or returns, they will also be given access to your order details to enable them to solve your problem.

  1. Transfer to product partners

When it comes to the products and services offered on our website, we cooperate with various partner enterprises (e.g. telecommunications services) for certain product groups. If you order your products from these partners, we will transfer the personal data you provided upon your registration to these partners for the purpose of entering into and performing contracts (e-mail address and delivery and invoice address in particular). Please note that this product partner is responsible for its own privacy measures and that the partner may have a supplementary or different privacy policy for this product site.

  1. Transfer to service providers processing your data on our instructions

For the operation and optimisation of our website and for the completion of the contracts, we engage various service providers, for example for central IT services or hosting of our website, for payment and delivery of products or for the installation of appliances or for the sending of the newsletters, to whom we transfer the data (e.g. name and address) they need in order to carry out their duties.

These companies act on our behalf in connection with the processing of orders and provision of IT services and may therefore only use the provided data on our instructions. In this case, we are legally responsible for ensuring that, on our instructions, the businesses take appropriate precautions to secure data. That is why we agree on specific data security measures with these businesses and regularly monitor these measures.

  1. Transfer to service providers processing your data as controllers when goods are delivered by logistics companies and the postal service specified in the order.

In case of large appliances and goods to be forwarded, your order will be sent via a service provider, e.g. Extra@HOME or Dynalogic. This service provider will receive information from us, such as the e-mail address you specified in the order, to agree on an individual delivery time with you.

  1. Transfer to service providers processing your data as controllers when your order is performed and payment of the goods is made to the payment service provider specified in the order or a financing bank. If payment is made by credit card, a transaction-based security check will be performed with the help of payment service provider Ingenico to prevent any credit card fraud.

When payment is made, we only collect or store account numbers if this is necessary for a refund. On the other hand, credit card data and account numbers are only sent to the relevant payment service provider directly.

If a credit card is used as a means of payment, an exception will be the "pseudo card number", which we also call "one-click payment". To prevent you from having to fill in your credit card data each time you make payment, a pseudo card number is stored in your customer account. This pseudo card number can only be used to pay for products and services on our website which are ordered under your customer account; it is not identical to your credit card number.

  1. Transfer to other third parties

Certain legislation requires us to transfer your data to third parties or government agencies, for example if we are required by law to do so on instructions of judicial or other authorities or if we are authorised to do so, for example if this is necessary for the prosecution of criminal offences or for the exercise of our rights and entitlements.

 

When transferring your personal data, we always guarantee the highest possible security level. That is why your data are only transferred to service providers and partner companies that have been carefully preselected and are bound by contractual obligations.

 

Moreover, we only transfer your data to agencies that are located within the European Economic Area and are therefore subject to strict EU data protection legislation or bound by a similar security standard. No data are currently transferred to third countries, nor are there any plans to do so in the future.

 

  1. What are your rights in connection with our use of your data?

We believe it is important to be open about how we handle your data. We try to offer clarity and transparency by means of this privacy policy. If you still have any questions about how we handle your personal data, you can contact us (by e-mail Customerservice@ibood.co.uk or Customerservice@ibood.ie  with the subject 'question about personal data', or by filling in the contact form on the website).

If you have an online account, you can manage the use of your data for various channels yourself via your account. Please note that after deletion of your data, the special offers from our product partners via our website will no longer be available to you either. You should therefore keep your data safe before submitting a request for deletion. Data we are required to store based on statutory or contractual retention obligations or retention obligations under the articles of association are not deleted, but are restricted to prevent them from being used for other purposes.

 

What are your rights?

  1. Right to access

You have the right to request information about the personal data stored with respect to you as a person.

  1. Right to rectify

You have the right to have your data rectified or supplemented.

  1. Right to restriction of processing

You have the right to request that the processing of your personal data be restricted, insofar as you contest the correctness of the data, the processing is unlawful, but you do not want them to be deleted and we no longer require the data, but you still require the data for the establishment, exercise or defence of a legal claim or if you lodged an objection to the processing.

  1. Right of deletion

You have the right to demand that your personal data as stored by us be deleted, unless the storage of the data is required for the purpose of freedom of speech, freedom of information, compliance with a statutory obligation, for reasons of general interest, for the enforcement of or defence against legal claims or for the exercise of statutory rights.

  1. Right to information

If you exercised your right to rectification, deletion or restriction of the processing, we will inform all parties receiving your personal data of the way in which these data have been corrected, deleted or are now subject to processing restrictions, unless this proves
impossible or involves a disproportionate effort.

  1. Right to data portability

You have the right to have personal data you provided to us transferred to yourself or to a third party in a structured, commonly used and machine-readable format. If you request a direct transfer of the data to another controller, we will only do so if it is technically feasible.

  1. Right of objection

You have the right to object to the use of your data.

  1. Right of withdrawal of permission given

You are always entitled to withdraw your permission for the collection of data with future effect. We hope that you understand that, for technical reasons, it may take a while to process the withdrawal and that you may continue to receive messages from us in the meantime.

 

If you want to know which of your personal data we have recorded, if you want to change or delete the data or if you want to exercise one of your other rights, you can submit such request via Customerservice@ibood.co.uk or Customerservice@ibood.ie  with the subject 'Request for personal data'. We will comply with your request, unless we have an urgent, legitimate interest not to delete the data which outweighs your privacy interest. If we have deleted the data, we will, for technical reasons, be unable to immediately delete all copies of the data from our systems and back-up systems. We may refuse to comply with the aforesaid requests if such requests are made unreasonably frequent, require unreasonably strenuous technical efforts or have unreasonably serious technical consequences for our systems or endanger the privacy of other people.

 

For your own protection, we reserve the right to request further information that is necessary in order to confirm your identity if you submit a request and, if identification is not possible, to refuse the handling of your request.

 

  1. What about the use of your data when you apply for a job via our website?

We collect and process personal data of job applicants for the completion of the job application procedure. An external medium is used for this, which is subject to the same strict requirements as our website.

 

  1. What about the use of your data when you use a link on our website to a third-party website?

Our website contains links to websites of other companies. We are not responsible for the data protection measures on external websites you are referred to by clicking on these links. You should ask these external websites for their data protection measures.

 

  1. How to file a complaint about the use of your personal data?

If you have a complaint about the use of your personal data by iBOOD, you can contact us by sending an e-mail to Customerservice@ibood.co.uk or Customerservice@ibood.ie  with the subject 'Complaint about processing of Personal Data'. You also have the right to file a complaint with the Dutch Data Protection Authority. For more information, visit:

UK: https://ico.org.uk/make-a-complaint/

IE: https://www.dataprotection.ie/docs/Making-a-Complaint-to-the-Data-Protection-Commissioner/18.htm

 

 

Last update: May 2018