Privacy Statement

NedZink and its sister companies consider the proper handling of personal data to be very important. This is why, in this privacy statement, we want to provide you with clear and transparent information about the way in which NedZink processes personal data of its relations, customers, suppliers and visitors to its website.
These personal details will, of course, be handled and secured with the utmost care. NedZink is thus able to fulfil the requirements of the General Data Protection Regulation (GDPR)and the corresponding implementation law.

This means that we:
– process your personal data in order to carry out our business objectives and request your permission in cases where this permission is required;
– limit our collection of personal data to only personal data required for the declared purposes;
– take appropriate security measures to protect your personal data; we also make this a requirement for third parties who process personal data on our behalf;
– state clearly – via this privacy statement – the purposes for which we process personal data;
– respect your right to provide your personal data for inspection, correction or deletion. The responsibility for data processing lies with:
NedZink B.V.
Hoofdstraat 1
6024 AA Budel-Dorplein

Why do we process personal data?
There are various purposes for which NedZink collects and processes your personal data. NedZink collects, processes and stores contact details, including your name, job title, business and/or professional interests, business mobile phone number and business email address:
– when you purchase products and/or services from NedZink;
– when you are in contact with NedZink. This contact could be by phone, as well as email via the use of the contact form, participation in surveys or questionnaires, registering for information meetings, using our websites, logging into your account, subscribing to newsletters, or getting in touch via social media;
for internal analyses for the purposes of process improvement, the development of products and services, and market research;
to keep relations and its employees informed of our products and services directly, as well as, for example, via social media campaigns whereby NedZink tries to take into account preferences based on purchased products and/or services and interests based on your authorised use of our websites.

Newsletter and contact form
We send newsletters in which we inform interested parties about our products and/or services. Your email address is only added to the list of newsletter subscribers with your consent. Every newsletter contains a reference which enables you to unsubscribe. If you complete a contact form on the website, or send us an email, the data you send to us will be retained as long as the nature of the form or the content of your email requires complete answering and handling thereof. Your email address will then be used in order to send information about (new) products and services from NedZink if you have given your consent. You can always withdraw that consent by using the unsubscribe link in the email message sent to you, or by sending an email to info@nedzink.nl, stating GDPR.

Publication
We treat your data confidentially and do not publish it.

Provision of personal data to third parties
We will only provide your data to third parties if this is necessary in connection with a product or implementing a service agreed with you or with your company. To protect your rights, a processing agreement has been concluded with these third parties (partners). Our website contains measurement instruments from other parties, such as cookies from Google Analytics. The data is automatically shared with this company and we do this so that we are aware how visitors use our site. We can use this expertise to optimise our website for visitors. NedZink has not given Google permission to use Analytics information obtained through NedZink for other Google services. For more information, please read the Google and Google Analytics privacy policy.

Security
To prevent unauthorised access to your personal data, NedZink uses technical and organisational security procedures. These procedures guarantee an appropriate level of security considering the types of processing and the nature of the personal data to be protected.

Encryption of electronic data via Secure Sockets Layer (SSL)
To ensure your personal information that is shared between you and us cannot be read, edited, duplicated or deleted by third parties without your permission, we use connections encrypted by the “Secure Sockets Layer” network protocol (SSL).

An encrypted connection is then activated if “https: //” appears in the address bar of your internet browser. If the connection is not SSL-encrypted, “http: //” will appear in the browser’s address bar.

Changes to this Privacy Policy
NedZink reserves the right to make changes to the privacy and cookie policy. We therefore recommend that you check this page regularly to see if any changes have been made. If NedZink makes an important change that has consequences for the way in which NedZink processes your personal data, we will make this known through a notice on our website(s) and in newsletters.

Questions, inspection or request to amend your data
If, after reading, you have any questions or comments about our privacy policy, or you want to make use of your right to inspect, correct or delete your personal data, you can contact:

NedZink B.V.
FAO Marketing Dept
Postbus 2135
6020 AC Budel

or email: info@nedzink.nl, stating GDPR in the subject line
Data collection and data processing

1. Creating log files when you visit our website.
If and to the extent that access to our website and retrieval of files stored there takes place, data is recorded automatically.

The registered and stored data are mainly:
• name of the retrieved file,
• date and time of the request,
• amount of transferred data,
• message about the success of gaining access or collection,
• IP address of the requesting device,
• the type of browser,
• operating system used by the visitor.

There is never a link made between this data and any other personal data of the visitor to our website, therefore we cannot draw any conclusions about your person with the provided information.

Processing purposes
The storage of your IP address is required because, without this, a transfer of the contents of our website to your computer cannot take place. Your IP address must remain saved for the duration of the session (a session is the connection between the internet browser that you use when visiting the website (so-called “client-side application”) and the server used by us for the website). The purpose of storing your data in server log files is, on the one hand, to guarantee the functionality of our website and, on the other, to optimise the website. In addition, this data helps us maintain the security of the information technology systems used here.

Retention period
We will delete the automatically saved access and retrieval data as soon as they are no longer required for the stated purpose. This will occur when the connection between the web browser you use to access our website (the so-called. “client-side application”) and the server we use to host our home page is terminated. The stored IP address and associated server log file will be deleted after a period of storage, which means no other data (name of the retrieved file, date and time of retrieval, amount of data sent, message about the success of the access or retrieval, the browser type, the operating system used by the visitor) can be assigned to the requesting device and its IP address.

2. Processing of personal data when inquiring about our service or product offer.
We collect personal information at the same time as the site user voluntarily discloses it to us in the form of questions about this service or product offering (for example, by email). The requesting person’s related data which was provided to us with the request will be saved. This data will not be passed on to third parties under any circumstances, and will only be used to process the correspondence initiated by the request.

Processing purposes
The processing of the data passed on to us in connection with goods or services or product-related questions is used for the processing of requests and the subsequent response.

Retention period
We delete the information provided to us in connection with goods or services, product-related questions, or which has been collected in this context, when it is no longer required to achieve the purpose of the storage. This is the case, if and to the extent there is a question about our services or our product offering, if the question has been answered from here and no further correspondence with the person making the request is required regarding the question.

3. Other processing.
If, due to factual circumstances, the collection and use of personal data is not possible and none of the aforementioned processing operations take place, the data processing will only take place with the consent of the data subject.

Your rights as a data subject
To the extent that we process data relating to you, you are entitled to the following rights under the GDPR:

1. Right to information
You have the right to request information from us about whether personal data relating to you is being processed. If this is the case, you can ask us for information about:
– the purposes of the processing,
– the data categories in which the processing takes place,
– the recipients and/or the categories of recipients to whom we have disclosed or will disclose the data,
– the data retention period stated here or, if it is not possible to provide specific information, our criteria for determining the data retention period,
– the existence of a right to correct personal data,
– the existence of a right to delete personal data,
– the existence of a right to restrict the processing of personal data by the controller within the meaning of the GDPR,
– the existence of a right to object to the processing of personal data,
– the existence of a right to lodge a complaint with a supervisory authority,
– available data source information,
– the existence of an automated decision-making process including profiling in accordance with Article 22 and, if so, meaningful information about the logic, scope and intended effects of such data processing for you as a victim within the meaning of the GDPR.

If you wish to submit such a request for information, send your request in text form to one of the contact options listed on our website.

2. Right to data correction and data completion
You can demand the correction of data that is stored about you at any time if it is incorrect (Article 16 of the GDPR). The same applies to entering incomplete personal data.

If you want a correction or addition of your personal data to be made, please send a request in text form to one of the contact options on our website.

3. Right to delete personal data
As a data subject within the meaning of the GDPR, you can demand the immediate deletion of your personal data in the case of one of the following requirements listed in Article 17 of the GDPR, which we must follow:
– the personal data are no longer required in relation to the purposes for which they have been collected or otherwise processed;
– the data subject withdraws consent on which the processing was based in accordance with Article 6 and Article 9 of the GDPR and there is no other legal basis for the processing;
– the data subject objects to the processing in accordance with Article 21 of the GDPR and there are no legitimate reasons for the processing;
– the personal data have been processed unlawfully;
– the deletion of personal data must comply with a legal obligation under the legislation of the European Union or the Member State to which the controller is subject;
– the personal data have been collected in connection with the services offered by the information company in accordance with Article 8 of the GDPR.

If we have disclosed the personal data relating to you and are required to delete it in accordance with Article 17 of the GDPR, we will take appropriate measures, including technical ones, for data managers; these measures will take due account of the available technology and implementation costs. The personal data will be processed and you will be informed because you, as the data subject within the meaning of the GDPR, have requested the deletion of all links to your personal data or copies of your personal data.

Exceptions to the right to delete data
According to Article 17 of the GDPR, the data subject’s rights do not exist if the data processing is used:
– to exercise the right to freedom of expression and information;
or
– to comply with a legal obligation that requires processing under the law of the European Union or of the Member States to which the controller is subject;
or
– to perform a task in the public interest or a public authority;
or
– for reasons of public interest concerning public health in accordance with Article 9 of the GDPR;
or
– for archival purposes of general interest, scientifically;
or
– for historical research purposes or for statistical purposes in accordance with Article 89 of the GDPR, in so far as the law referred to in the GDPR is likely to render the objectives of such processing impossible or seriously impaired;
or
– to institute, exercise or defend legal claims.

4. Right to restriction of the processing of your personal data
As a data subject within the meaning of the GDPR, you can request that we limit the personal data relating to you if one of the following conditions is to be met in accordance with Article 18 of the GDPR:
– the correctness of the personal data is disputed by the data subject for a period that allows the controller to verify the correctness of the personal data;- the processing is unlawful and the data subject refuses to have the personal data removed and instead asks for a restriction on the use of the personal data;- the controller no longer needs personal information for the purposes of the processing, but the personal information is nevertheless used by the controller to assert, exercise or defend legal claims;- the data subject has objected to the processing in accordance with Article 21 of the GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

If the processing of your personal data is limited, the controller may only process your data with your written permission to assert, exercise or defend legal claims or protect the rights of another natural or legal person, or for important reasons in the public interest of the Union or of a Member State in accordance with Article 18 of the GDPR.

According to Article 18 of the GDPR, we are obliged to inform you, in so far as you are a data subject within the meaning of this GDPR, of a restriction of data processing; this at a time before the restriction is lifted.

5. Right to information due to the obligation to report regarding the correction or deletion of personal data or restriction of processing
If you have exercised the right to correct or delete personal data about you, or to restrict the processing of such data by us, we are obliged to correct or remove all recipients to whom the relevant data relates. Article 19 of the GDPR describes how to communicate the data or data processing restrictions. You will also be informed about this.

Exceptions to the notification obligation
The notification obligation according to Article 19 of the GDPR does not exist if the communication proves impossible or requires a disproportionate effort.

6. Right to data portability
According to Article 20 of the GDPR you have the right to receive the personal data that you provide to us in a structured, general and readable format. You also have the right to transfer this information to another person without interference from us, on the condition that:
– the processing is based on a permission according to Article 6 or 9 of the GDPR.
and
– the processing is done by using automated procedures.

Article 20 of the GDPR does not apply the right of data portability to data processing that is necessary for the performance of a task in the public interest or for the exercise of official authority entrusted to the controller.

When you exercise the right to data portability, you as a data subject have the right to transfer the obtained personal data directly from one responsible party to another party, as far as technically possible, without prejudice to the rights and freedoms of others.

7. Right to object to data processing
Pursuant to Article 21 of the GDPR, as a data subject within the meaning of the GDPR, you have the right to object to the processing of personal data pertaining to you in accordance with Article 6 of the GDPR for reasons arising from your specific situation; this also applies to profiling based on these provisions.

In the case of a permitted objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is intended to enforce, exercise or defend legal claims.

You, the data subject, have the right to object to the processing of personal data at any time if the personal data is processed to manage direct mail to you, such as that regarding advertisements and profiling in so far as it is related to such direct mail.

If you object to the processing for direct marketing purposes, we will no longer process your personal data for those purposes. Regardless of the ePrivacy Directive (Directive 2002/58/EC), you can and may exercise the right of opt-out in connection with the use of services with automated procedures that use technical specifications.

8. Right to withdraw your consent for data protection
To the extent that you have given us permission to process your personal data, you have the right to withdraw this declaration at any time. The legality of the data processing that applied prior to the withdrawal on the basis of the consent is not affected by the withdrawal declaration.

9. Your right to automated decisions per case, including profiling
In accordance with Article 22, as a data subject within the meaning of the GDPR, you have the right not to be subject to a decision (which has an effect on you) that is solely based on automated processing, including profiling.

Exceptions to this right under the GDPR
According to Article 22, this does not apply if the automated decision: – is required for the conclusion or execution of a contract between the data subject and the controller (i.e. between you and us)or- is permitted by the law of the European Union or the Member State to which the controller is subject, and where such legislation contains appropriate measures to protect the rights and freedoms and legitimate interests of the data subjector takes place with the express consent of the data subject.

However, the decisions described above under Article 22 of the GDPR may not be based on specific categories of personal data under Article 9 of the GDPR unless appropriate measures have been taken to protect the rights and freedoms and legitimate interests of the data subject.

In the (exceptional) cases referred to in Article 22 of the GDPR, we take appropriate measures to protect your rights and freedoms, as well as your legitimate interests, including at least the right: – to the intervention of a person in addition to the controller- to establish one’s own positionand- to being heard in a disputed decision.

10. Right to lodge a complaint with a supervisory authority
Under Article 78 of the GDPR, and to the extent that you are a data subject within the meaning of the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State where you live, your workplace, or the place of the alleged infringement if you believe that the processing of your personal data is contrary to Article 22 of the GDPR.

According to Article 22 of the GDPR, the supervisory authority to which the complaint has been submitted must inform the complainant of the status and results of the complaint, including any possibility of a remedy under Article 78.

Use of “social” plug-ins from the “Facebook” network

On the website, we use “social plug-ins” from the social network “Facebook” that are managed by Facebook Inc. (www.facebook.com, address: 1601 S. California Ave, Palo, Alto, CA 94303, United States of America). These plug-ins are labelled with a “Facebook” logo or supplemented by the addition of “Facebook Social Plug-in” or “Social Plug-in from Facebook” or with a “thumbs up” sign. Facebook Inc. offers an overview of its plug-ins on https://developers.facebook.com/docs/plugins.

If you make a request from one of our website pages containing such a plug-in, your browser makes a direct connection to the Facebook Inc. servers, and the content of the “social” plug-in is transferred to your internet browser.

Through this process, Facebook Inc. obtains information that your internet browser has visited our website, even if you do not have a profile on the “Facebook” social network or are not logged into a “Facebook” profile that you are using.

The information about your use of our website generated by using the plug-in is transferred to and stored on a Facebook Inc. server in the United States of America.

If you are logged into the “Facebook” social network when you visit our website, it is possible that Facebook Inc. will link your visit to our website to your “Facebook” profile. If you interact with plug-ins, for example, by clicking the “Like” button or leaving a comment, this information will be sent directly to Facebook Inc. and stored there. In addition, publication of the information will be seen on your “Facebook” profile. In addition, this information will be displayed to your friends on the “Facebook” social network.

We have absolutely no influence on the scope and content of the information Facebook Inc. collects from its plug-ins. It cannot be excluded that the IP address of the device requesting the home page is detected, and/or that said address is transmitted.

Information regarding Facebook inc. “Social Plug-Ins” that are used for data collection, the scope of the data collection, the data use, the data processing, the rights to protect your privacy and privacy options can be found here: http://www.facebook.com/policy.php

Processing purposes
We use the “Facebook” network “social” plug-ins to present our website in an attractive way and to supplement the information on this page.

Use of “Google Analytics” web analysis services

“Google Analytics” is a “Google” service that collects statistics from a website and displays it in detail. The data processing is described in www.google.nl: Google Privacy & Terms.

Google uses “cookies” when using the open source software. Based on this “cookie” data, pseudo usage profiles of visitors to our homepage can be created. The designated data is not transferred to third parties, but only stored on the server that is used for the operation of the website of our company.

You can delete cookies stored permanently on your device at any time; this can be done using your internet browser or using other software. If you remove permanent “cookies” from your device, the full functionality of our website may be compromised.

Amendments to the privacy statement
To comply with the applicable legal provisions in your and our interest, we reserve the right to make changes or updates to this privacy policy. For this reason, we kindly advise you to view the privacy policy on our website and to read it regularly.

Remark
We try to protect personal data in the context of what is technically and organisationally possible against access by third parties. Full data security cannot be guaranteed when communicating via electronic mail (email). This is why we recommend you send us confidential information by post.

Version: October 2019.