Personal data
In order to realize our services, we ask our (prospective) clients to provide us with their data that we collect or otherwise use, with the aim of improving the online experience of their website, for example by designing a website tailored to the customer, to build, maintain and host, by taking care of our customers’ online marketing, by training our customers and/or otherwise continuing to improve our services to them and to make them more and more in line with their needs. This includes the data we need for the design and construction of an optimal website, such as but not limited to:
- the data of visitors to the customer’s website, the data of our customer’s customers, of our customer’s target group, etc.,
- who they want to reach with the website and what they want to convey to their site visitors;
- data that we need for the construction of the website itself and for online marketing, such as the data of the visits to the website, which pages and articles have been clicked the most and how long they have been viewed, etc.;
- data we need for the sending of our invoice.
The categories of data subjects include:
- our customers;
- prospects and/or suspects;
- visitors to our website;
- our employees or other employees (self-employed persons, temporary employees, payroll employees and/or other contractors);
- our suppliers;
- the clients, customers, donors, members and/or other parties involved of our customers;
- prospects and/or suspects of our customers;
- visitors to our customers’ website;
- employees of the customer or other employees (self-employed persons, temporary workers, payroll employees and/or other contractors of our customers);
- suppliers of our customers.
Without the processing of personal data, we cannot carry out our business activities. Personal data are data on the basis of which we can trace the identity of our customers and/or their customers and/or their prospects/suspects, such as name and address details, e-mail addresses, telephone numbers, IP addresses, etc. We process the personal data of our clients with the utmost care. We store this data in a secure environment.
PURPOSE STATEMENT
With this privacy statement we inform you, as a reader of this statement, our customers, the customers of our customers, clients, members, prospects or suspects, employees and applicants of our customers, our employees, our applicants, our suppliers and both visitors of our website and the websites of our customers about the use of personal data, the purpose of the processing, the security of the data, their rights as a data subject, such as the right to access and delete their data and about the possible recipients of this data.
We want to guarantee the privacy of our customers, their customers and the users of our website and of the websites built by us as much as possible. We see it as our responsibility to protect the privacy of all involved and to establish a fair, transparent policy that takes everyone’s interests into account. With this statement, we trust that we have made an important contribution to this. Nevertheless, if you have any questions and/or comments, please contact info@kellymariaonline.com to ask your question or provide your comment.
CARE
We will handle and secure the personal data you have provided to us with the utmost care, both in our role as controller of our own data and as processor of our customers’ data. For that reason, we comply with the requirements of the applicable laws and regulations and regulations, such as the Telecommunications Act and the AVG regulation, for the processing of personal data.
This means that we:
- process your personal data in accordance with the purpose for which you provided it to us. We have described the purposes of the processing and the type of personal data to be processed in this privacy statement;
- request your consent if we need it for the processing of your personal data;
- have taken appropriate technical and organizational measures so that we can continue to guarantee the security of your personal data;
- do not provide personal data to third parties, unless this is necessary for the purposes for which you provided it, which is required by law or you have given your explicit permission to do so;
- are aware of your rights with regard to your personal data, which we point out to you in this statement, and respect them.
BASIS OF PROCESSING
For our services we record data that we use either for the implementation of a law, or for the implementation of an agreement and / or for (optimizing) our services and / or on the basis of a (other) legitimate interest. Under no circumstances do we provide data to third parties without permission.
CONTROLLER AND PROCESSOR
For the majority of the data processed by us, we act as a processor within the meaning of the GDPR, because we process personal data on behalf of and under the responsibility of our customers.
However, as Kelly Maria Online, we are the controller within the meaning of the GDPR for the personal data of our customers (mostly contact details), our employees, our applicants, our suppliers and visitors to our website. This means that we are responsible, among other things, for the processing of your personal data as a visitor to our website.
If, after reading our privacy statement, or in a more general sense, you have questions about privacy or wish to contact us, you can contact us via the contact details below:
Kelly Mary Online
Kerkstraat 40
5961 GD, Horst
T: +31611921297
E: info@kellymariaonline.com
W: https://kellymariaonline.com
APPLICATION
This privacy policy applies to all Kelly Maria Online services and websites and to visits to our website. It therefore applies to all information provided to us by our customers regarding the data of others, such as their customers, members, donors, clients and/or other parties affiliated with the customer, and also to information provided by our own employees, job applicants, visitors to our website, by our suppliers, etc.
You should be aware that unfortunately we cannot take responsibility for the privacy policies of other companies and/or their sites and resources, even if we refer to them on our website.
PROVISION OF PERSONAL DATA IS NOT OBLIGATORY
Kelly Maria Online is committed to emphasizing that you, as a visitor to the website, or as our customer are not obliged to provide us with your personal data. If you want us to make a website for your company or if you want to use our services in a different way, we do need at least the details of your company and your name and address details for sending the invoice.
In general, our service is not possible without receiving more data, because we want to build a targeted website that meets the wishes of your target group and customers, so that it radiates what you want it to radiate and provides information that is relevant to you target audience and customers. Depending on the purpose of the website and the target group of our customers, we need data for this. It is and remains a voluntary choice to do business with us and to provide us with data. You can withdraw the assignment in the manner as laid down in the agreement concluded by us and/or in the general terms and conditions. After the agreement has ended, you can request us to destroy the data.
PURPOSES OF THE DATA PROCESSING OF OUR CUSTOMERS AND/OR PROSPECTS AND/OR OF THE VISITORS OF OUR WEBSITE
We process your personal data for the following purposes:
- entering into and executing agreements;
- management of the resulting relationships;
- expanding our customer base;
- sending newsletters and invitations;
- processing contact/quotation requests;
- answering questions;
- optimization of our website and that of our customers;
- online marketing purposes;
- information about our services.
For the above purposes, we may request the following personal data from you:
- name and address details;
- e-mail address;
- phone number;
We also collect the following data:
- about the users of the website,
- about the duration of the visit,
- the domain,
- the browser type,
- the pages you visited,
- which articles you have read and
- your IP address.
If you fill in a contact and/or registration form on the website, or send us an e-mail, we will process the data you have provided to us and keep it for as long as the nature of the form or the content of your e-mail e-mail is necessary for the complete answer and handling thereof.
PURPOSES OF THE DATA PROCESSING OF OUR EMPLOYEES AND APPLICANTS
We process your personal data on the basis of the following principles and for the following purposes:
- to comply with the law (Wage Tax Act, Compulsory Identification Act, Gatekeeper Act);
- for the performance of the employment contract (payment of wages);
- for the implementation of other agreements (lease agreements, study agreements, user agreements);
- conducting application procedures;
- to check whether our employees function adequately, whether they are still developing optimally, whether they are still in their place and/or whether they are given sufficient space to develop, etc.
In general, applicants provide us with at least the following information:
- name and address details;
- e-mail address;
- phone number;
- Birthdate and place;
- intended function;
- nationality;
- educational attainment;
- work experience;
- skills (including the languages they master)
- possession of a driver’s license.
Sometimes they also provide the following information:
- a passport photo;
- a personal vlog;
- marital status;
- family composition;
- leisure activities and interests;
- certificates and/or references;
- a link to their LinkedIn profile
- a link to their personal website.
When an applicant enters employment, we keep the CV provided by him and the accompanying letter of motivation in his personnel file. We supplement this file with a copy of the employment contract, a copy of the wage tax form (with BSN number), a copy of his identity document, conversation reports and/or recording of (work) agreements made, agreements to be concluded (such as lease, user, pension or study agreements), new employment contracts to be concluded, testimonials, leave overviews, expense allowances, bonus and/or target schemes, a copy of your diploma, VOG, job profile, work or residence permit, etc. In the event of an employee being incapacitated for work we add a plan of action and all other documents necessary for compliance with the Gatekeeper Act. In that case, we also register the frequency of your absence.
THIRD PARTIES AND PROCESSORS
We can provide the data you have provided to us to our processors if this is necessary for the purposes described above.
For example, we use third parties for:
- the hosting of our website;
- taking care of the (financial/wage) administration;
- taking care of sending newsletters and invitations.
These processors provide a service to you on our behalf, whereby your personal data will only be used for the performance of that service. These processors are not entitled to use your data for their own purposes. We have concluded agreements with these processors, in which we have made agreements with them in this regard and in which they declare that they use an appropriate technical and organizational security system to guarantee the protection of your personal data.
We do not pass on personal data to third parties with whom we have not concluded a processing agreement, unless this is required by law. An example of this is that the police requests (personal) data from us in the context of a criminal investigation. In such a case, we may be obliged to cooperate and to provide this information.
Finally, we may share personal data with third parties if you have given us prior written permission.
CLICK BEHAVIOR AND VISIT DATA
General visitor data is kept on the website. In this context, in particular the IP address of your computer, any user name, the time of retrieval and data that the browser of a visitor sends can be registered and used for statistical analyzes of visiting and clicking behavior of the website. We also use this to optimize the functioning of the website.
We try to anonymize these data as much as possible. This data is not provided to third parties.
NEWSLETTER
We like to keep stakeholders of interested parties informed of all developments in our organization and within our field. For that reason we send a newsletter in which we inform them about news in the field of our services and related matters. We only add your e-mail address to our list of subscribers to our newsletter with your explicit permission. Every newsletter contains a link with which you can unsubscribe.
Permission to withdraw/unsubscribe from newsletter
If you no longer wish to receive a newsletter from us, you can easily unsubscribe by clicking the ‘unsubscribe newsletter’ button in the newsletter. Your personal data will be removed from the subscriber list.
USE OF COOKIES
We use cookies when offering electronic services. A cookie is a simple small file that is sent along with the pages of this website and stored by your browser on the hard drive of your computer. We use cookies to remember your settings and preferences. We also use cookies to optimize the use of our website and to gain better insight into its use. We may also use the information users have left on the website to create personal profiles in order to tailor our responses to requests to meet users’ needs. We may also use this information to enliven and personalize the experience of our website.
Revoke consent
You can withdraw the permission you have given for the use of cookies at any time. You can easily withdraw this by taking the steps below.
Turn off cookies
Most browsers are set to accept cookies by default, but you can reset your browser to refuse all cookies or to notify you that a cookie has been sent. It is then possible that some functions and services on our and/or other websites will not function correctly if the cookies are disabled in your browser.
Click here for our cookie statement.
RETENTION PERIOD
Kelly Maria Online does not store personal data longer than necessary for the purpose for which it was provided or as required by law.
For newsletters, this means that we store your data until you have unsubscribed from the newsletter. Then they will be destroyed.
For our applicants, this means that we delete their CV and motivation letter at the end of the procedure, unless we hire the applicant or unless the applicant gives us permission to keep the CV and/or motivation letter. In that case, we keep these documents for a period of one year. At the end of that year, we will contact the applicant to give him the opportunity to supplement the data or to ask us to delete it.
For our former employees, we may destroy the conversation reports as soon as possible after termination of employment. The maximum retention period is a maximum of two years. We keep the provided copy of the passport – under the law – for five years and the data relating to the wage tax return – also under the law – seven years. We also keep the e-mail addresses of our former employees active for some time after leaving employment.
SECURITY
We have taken appropriate technical and organizational measures to protect personal data. We ensure that the security of the personal data, given the state of the art, is sufficient to prevent unlawful processing, unauthorized access, adjustment, disclosure and/or loss of data as much as possible. As far as possible, we ensure encryption of the data. Among other things, we have taken the following measures:
- All persons who can take note of your data on behalf of Kelly Maria Online are bound to maintain their confidentiality;
- Only employees who are authorized to do so by virtue of their position have access to the personal data.
- We only use the personal data for the purposes for which we received it.
- We have a username and password policy on all our systems;
- We pseudonymize and ensure the encryption of personal data if there is reason to do so;
- We regularly test and evaluate our measures;
- Our employees have been informed about the importance of the protection of personal data*
- We only work with reliable processors with whom we have concluded sound agreements.
*Our office has a privacy policy, in which the importance of data protection is the starting point. We pass this policy on to all our employees. Our privacy policy includes a clean desk policy and a clean screen policy, the prohibition on storing passwords, the prohibition on viewing or processing personal data for private purposes and the prohibition on storing personal data on a local disk. We have provided training to our employees to increase their awareness of the protection of personal data.
RIGHTS OF DATA SUBJECTS
Inspection and copy
We believe that a transparent privacy statement is important. We also think it is important to point out the rights you can exercise. As a data subject, you have the right to view your personal data and to (request to) correct, supplement, delete and/or protect it.
We think it is very important that third parties cannot get away with the private data of our customers and our employees and can request access to their data with just an e-mail. For this reason, we believe it is important that our customers or other data subjects can only access their data if they personally request it, so that we can determine the identity of the requester with certainty.
If we receive a customer request from one of our customers, we will forward the request to our customer and notify the data subject. If they appreciate it, we are of course happy to help our customers to provide this insight, so that they can fulfill their obligations. This allows all data subjects to exercise their rights freely.
Addition, correction, deletion, erasure and rectification
You can also request us to supplement, improve, correct and/or delete the data known about you. Data subjects also have the right to rectification and erasure of their data (the right to be forgotten). We will delete the data if it is factually incorrect, incomplete, irrelevant to the purpose for which we collected it or if we have used it in any other way in violation of a law. If there is a basis for deletion, you want it and it is also permitted by law, we will delete your data completely, so that you are no longer known to us.
Restriction of data processing and right to data portability
You have the right to restrict data processing. This means that you can request us to suspend part of the data processing and to continue another part. You also have the right to data portability. This means that we provide your data to you in a compressed manner, so that you can easily provide it to another controller.
Objection
You can also object to data processing if you believe that your specific interests outweigh our legitimate interest in processing it. If you object to the data processing, we will weigh your objections and then make a well-considered decision regarding your objection to the data processing. If you do not agree with this or if you otherwise object to the way in which we handle your data, you can submit a complaint to the Dutch Data Protection Authority. You can easily submit the complaint via the AP website.
Other rights
You also have the right not to be subject to automated decisions, the right to an effective legal remedy and the right to compensation in the event of a privacy violation. Finally, those involved now also collectively have a right of action.
If you have any questions or comments or if you want to make use of one of the aforementioned rights, you can contact us via the email address: info@kellymariaonline.com.
Complaints
If you have a complaint about the processing of your personal data, we request that you contact us directly. If we cannot find a solution together with you, we will of course find this very annoying. In that case you have the right to submit a complaint to the Dutch Data Protection Authority, which is the supervisory authority in the field of privacy protection.
DUTY TO REPORT DATA LEAKS
If personal data ends up in the hands of an unauthorized person, we speak of a data leak. In practice, a data breach often occurs if an employee accidentally leaves his laptop, telephone and/or a USB stick in public transport or another public place or if these have been stolen. But a data leak can also occur if a company’s data has been hacked, if an employee accidentally sends a file containing personal data to an unauthorized person by e-mail or if computer files have been leaked in some other way.
We internally register all (small and large) data leaks. If there is a data breach with a significant risk of serious adverse consequences for the protection of personal data or if those consequences have already materialised, we will report the data breach to the Dutch Data Protection Authority. If the data breach is likely to have or will have adverse consequences for the privacy of the data subject(s) and we have no compelling reasons for not reporting it, we will also report the breach to the data subject(s).
CHANGE PRIVACY STATEMENT
We reserve the right to adjust this privacy statement. Changes will be published on this website. If there are any substantial changes, we will inform you of this by newsletter or e-mail. We will not inform you separately about obvious typing errors or minor changes.
The latest version of this privacy statement dates from March 2, 2023.
QUESTIONS, FEEDBACK AND CONTACT
With this privacy statement and our cookie policy we want to give you clarity about the way in which we handle your data. We regularly check whether we comply with this privacy statement and our cookie policy. If you have any questions about this privacy policy, you can contact us at:
Kelly Mary Online
Kerkstraat 40
5961 GD, Horst
+31611921297
info@kellymariaonline.com