Foxx-Decals is part of our company: De Streek webdevelopment.
With this document we describe what information we collect and to which ends we use this data. We also describe which parties might get your information for offering their services, such as shipping and payming. Moreover, we explain how we secure your data and protect if from misuse. We have also included explenations of your rights with regard to the personal information that you have provided to us.
We process your data to provide our service to you and also to improve our performance. We do not sell or trade in data and will not share your data for commercial purposes. We treat your information with care and have taken the necessary technical and organizational arrangements to protect your information.
Website software: WordPress – WooCommerce
Our web store is built on the basis of the open source data management system called wordpress. We have expanded the basic wordpress system with security techniques at crucial points to ward off criminals. Data sent to our server via an Secure Sockets Layer encryption technology. This technology ensures that data send and received by our servers cannot be read by 3rd parties. We keep a close eye on our server logs to prevent cyber attacks and keep your data safe. Our web store is enhanced with the WooCommerce software package. You can read more about the basic wordpress at http://wordpress.org .
Orders and other personal data in our webshop are deleted when we no longer use it. When you create an account on our website, your data will continue to be used and your data will not be deleted unless you request it, change or delete it yourself. You have the option to change, anonymize or delete your personal data and / or your account in your account page that can be found in the menu at the top of our webshop. We are obliged to store invoices with your personal data, these may also not be deleted under the retention obligation. Your invoices are therefore stored in a password protected encrypted environment at a secret location.
Webhosting: Remote Office
This website is installed at our web hosting company: Remote Office . At Remote Office we also purchase e-mail services, cloud services and ideal payment services. Personal data that you make available to us for the purposes of our services is shared with this Remote Office. To offer us (technical) support, such as making storage space available on their web server, Remote Office has access to your data. They will not use your information for other purposes. Remote Office has the ability to collect metadata about the use of their services, but these are not personal data. Remote Office is obliged on the basis of the agreement we have concluded with them to take appropriate security measures and to protect your data. These are appropriate technical and organizational measures taken to prevent the loss and unauthorized use of your personal data. Remote Office is required to maintain confidentiality under the agreement. These security measures include the application of SSL encryption and a strong password policy. In addition, regular backups are made to prevent data loss.
We use the services of Remote Office and Gmail for our regular business e-mail traffic. E-mails that we send are sent via an encrypted connection so that the content cannot be read by third parties. Both Remote Office and Gmail have taken appropriate technical and organizational measures to prevent misuse, loss and corruption of your and our data as much as possible. Remote Office is obliged on the basis of the agreement we have concluded with them to take appropriate security measures and to protect your data.
For our regular business telephone traffic we use the services of Budgetphone, KPN and Whatsapp. Although a telephone number is not personal in itself, we still want to be transparent about telephone processing. When you call us on 085-2500265, your telephony provider will share your telephone number with BudgetPhone. BudgetPhone shares your telephone number, start time and end time with us. When you call us on 0617397348 your telephony provider will share your telephone number with KPN. KPN shares your telephone number, start time and end time with us. If you want to know exactly which data is shared with you on telfort or budgetphone, you will need to contact your phone provider. When we call you, we share your telephone number with KPN so that they can set up a connection with your provider. KPN registers your telephone number, the start time and the end time of the connection. Budgetphone, KPN have taken appropriate technical and organizational measures to protect your personal data and to comply with the GDPR law.
For our money transactions we use the services of Paypal, Remote Office (iDeal) and Rabobank (Manual transaction). The way you pay determines which services from these parties are used to complete your transaction. These parties have taken appropriate technical and organizational measures to prevent misuse, loss and corruption of your and our data as much as possible.
If you choose to use Paypal for your payment transaction, we will share your name and address details with paypal to send a payment request. This data is sent via an encrypted connection so that third parties cannot read this information. We are not responsible for credit card and bank details that you share with Paypal. Paypal then shares payment details with us. Paypal has taken appropriate technical and organizational measures to protect your personal data. Paypal reserves the right to use your data to further improve their services and to share (anonymous) data with third parties. In the case of an application for a deferred payment (credit facility), Paypal shares personal data and information regarding your financial position with credit rating agencies. Paypal does not store any information that we provide for the performance of their services longer than legally permitted.
If you choose to use iDeal for your payment transaction, we will make a secure link with the Simple Pay platform of Remote Office. Remote office processes your invoice number and your payment details. Remote office shares payment data with us. Remote has taken appropriate technical and organizational measures to protect your personal data. Remote Office has access to your data to provide us with (technical) support and for the invoicing of iDeal costs to us. Remote Office will never use your personal data for any other purpose. Remote Office is obliged on the basis of the agreement we have concluded with them to take appropriate security measures and to protect your data. Remote Office does not store your data any longer than is permitted by law.
If you opt for the use of manual bank transactions, your payment details will be registered by Rabobank. Rabobank shares payment data with us. Rabobank has taken appropriate technical and organizational measures to protect your personal data. Rabobank reserves the right to use your data to further improve the service. In the case of an application for a deferred payment (credit facility), Rabobank shares personal data and information regarding your financial position with credit rating agencies. Rabobank does not store your data any longer than is permitted by law.
Customer reviews – webwinkelkeur
We collect reviews via the WebwinkelKeur platform. If you leave a review via WebwinkelKeur then you are required to provide your name, place of residence and e-mail address. WebwinkelKeur shares this information with us, so that we can link the review to your order. WebwinkelKeur also publishes your name and place of residence on its own website. In some cases WebwinkelKeur may contact you to provide an explanation of your review. In the event that we invite you to leave a review, we will share your name and e-mail address with WebwinkelKeur. They only use this information for the purpose of inviting you to leave a review. WebwinkelKeur has taken appropriate technical and organizational measures to protect your personal data. WebwinkelKeur reserves the right to engage third parties for the purpose of providing the services, for which we have given WebwinkelKeur permission. All the aforementioned guarantees with regard to the protection of your personal data also apply to the parts of the services for which WebwinkelKeur engages third parties.
Shipping and logistics
If you place an order with us, it is our job to have your package delivered to you. For sending orders we use the services of PostNL (via Myparcel.nl) and DPD. It is necessary that we share your name, address and place of residence with these parties. The aforementioned parties only use this data for the purpose of implementing this agreement. In the event that PostNL engages subcontractors, PostNL also makes your data available to these parties. To prepare your package, we are assisted by Joke van der Sluis. Joke van der Sluis works with us, but is not part of De Streek web development. Based on the agreement we have concluded with her she is obliged to follow appropriate security measures and to protect your data. Joke van der Sluis does not store your data and destroys documents on which your data is recorded. You can think of an invoice that was not printed correctly, or an address label that was incorrect. Joke van der Sluis does not use your personal data for purposes other than those described above. Data shared with Joke van der Sluis is only made available through computers that we have secured. These computers exchange invoices and address data via our cloud drive at Remote Office. To be able to offer us (technical) support, Remote Office has access to files containing your data. However, Remote Office does not have access to your data because we encrypt it and provide it with a strong password that will not be provided. The files stored in this cloud drive are synchronized via a secure connection so that the contents of files cannot be read by a third party. Remote has taken appropriate technical and organizational measures to protect your personal data.
Invoicing and administration
Personal data in invoices
Our invoices contain your personal data such as your name and home address at the time of purchase. We are legally obliged to keep copies of our invoices until the time frame of the retention obligation expires. We store digital invoices in a password encrypted file on a cloud drive that is offered by Remote Office. To be able to offer us (technical) support, Remote Office has access to files containing your data. However, Remote Office does not have access to your data because we encrypt it and provide it with a strong password that will not be provided. The files stored in this cloud drive are synchronized via a secure connection so that the contents of files cannot be read by a third party. Remote has taken appropriate technical and organizational measures to protect your personal data.
In addition, we save paper copies of invoices under the pressure of the legal retention obligation. These invoices are stored securely in an encrypted environment and are only accessed by the owner of De Streek web development.
External sales channels
We sell (part of) our articles via the Marktplaats.nl platform. If you place an order through this platform, Marktplaats.nl will share your order and personal details with us. We use this information to process your order. We treat your data confidentially and have taken appropriate technical and organizational measures to protect your data against loss and unauthorized use.
To improve our services, we use the Google Analytics service offered by Google. Google analytics uses Google Analytics cookies. Information that we send to Google is basically personal information, but we anonimize it before sending it to google. In addition, we have followed the instructions of the Dutch Data Protection Authority to stop the sharing of your personal data by Google. In a data processing agreement with Google, Google is obliged to abide by the GDPR law and may only use your data for services for which we give permission. To provide us with (technical) support, Google has access to your data. Google has taken appropriate technical and organizational measures to protect your personal data. Google receives periodic audits and complies with ISO / IEC 27001: 2013.
Purpose of data processing
Our general Purpose of data processing
We use your data solely for the purpose of our services. This means that the purpose of the processing is always directly related to the assignment that you provide. We do not use your data for (targeted) marketing. If we want to use your data for other reasons, we will ask you for explicit permission. Your data is not shared with third parties other than to comply with accounting, administrative and other duties that we have for providing our services. These third parties are all held to confidentiality on the basis of the agreement between them and us or an oath or legal obligation.
Automatically collected data
Data that is automatically collected by our website is processed with the aim of further improving our services. This data (for example your IP address, web browser and operating system) is not personal data.
Cooperation with tax and criminal investigations
In some cases De Streek webdevelopment is legally obliged to share your data in connection with fiscal or criminal investigation by the government. In such a case we are forced to share your data, but we will oppose this within the possibilities that the law offers us.
Retention periods for information
We keep your data while you are a client of ours. This means that we save your optionally created customer profile until you indicate that you no longer wish to use our services. Once indicated, we will regard this as a request to delete and forget your information. Based on administrative obligations, we must keep invoices with your (personal) data for as long as the applicable period runs. However, employees no longer have access to your client profile and documents that we have produced as a result of your assignment.
On the basis of the applicable Dutch and European legislation, you have certain rights with regard to the personal data processed by or processed on behalf of us. We explain below what these rights are and how you can invoke these rights. In principle, in order to prevent abuse, we will only send copies of your data to your e-mail address that is already known to us. In the event that you wish to receive the data at a different e-mail address or, for example, by post, we will ask you to identify yourself. We keep records of settled requests, in the case of a forget request we administer anonymized data. You will receive all copies of your data in the machine-readable data format. You have the right to submit a complaint to the Dutch Data Protection Authority at any time if you suspect that we are using your personal data in an illegal manner.
Right of inspection
You always have the right to view the data that we (have) processed and that relates to your personal information or that can be traced to your personal information. You can make a request to view your personal information by contacting our manager for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data with an overview of the processors who have this categorical data to your e-mail address as provided to us at point of order or registration.
You always have the right to change the data that you have provided to us, or of that what we have processed if it relates to your personal information or if it can be traced to you. You can make a change request to our manager for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the e-mail address known to us stating that the information has been changed. You can also adjust your data yourself on our website if you have created an account. To change your information, please log in to your account via the account link in the menu at the top of the website.
Right to limit processing
You always have the right to limit the data that we process that relates to you or that can be traced to you. You can make a request for limiting data processing to our manager of privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the e-mail address known to us stating that the information will not be processed untill you have removed the restriction.
Right to be forgotten
You always have the right to be forgotton. If you request it, your personal data will be removed from all our digital systems. With our self-service functionality you can easily delete your orders and personal data once you have created an account. You may also submit a request to be forgotten at our manager of privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a message at the e-mail address we know when your data is deleted.
Right of objection and other rights
In appropriate cases, you have the right to object to the processing of your personal data by or on behalf of De Streek web development. If you object, we will immediately cease the data processing pending the handling of your objection. If your objection is justified, we will provide you with copies and / or copies of data that we process or have processed, and then permanently cease processing. You also have the right not to be subject to automated individual decision-making or profiling. However, we do not process your data in such a way that this right applies. If you believe that this is the case, please contact our manager for privacy matters.
Manager for privacy issues
Marcel van de Streek
De Streek webdevelopment
Jonkerswijk 21, 7701 ZN Dedemsvaart
T (085) 250-0265