Privacy Statement – Millionline

Introduction

MILLIONLINE attaches great value to the careful and safe handling of privacy-sensitive information. MILLIONLINE has therefore drawn up this privacy statement. With this privacy statement, MILLIONLINE gives you insight into how MILLIONLINE handles your personal data. Personal data are understood to mean: all data that can be directly or indirectly traced back to a natural person. This privacy statement applies to the processing of all online and offline types of personal data that MILLIONLINE receives from:

You
Customers, (potential) suppliers, contractors, customers, and other relations of MILLIONLINE;
Visitors to the website of MILLIONLINE (https://www.Millionline.nl) or an associated domain name;
Recipients of information from MILLIONLINE;
All other persons in contact with MILLIONLINE.

2. Where in this privacy statement a person is referred to as ‘he’, ‘him’ or ‘his’, this also includes ‘she’ or ‘her’.

3. MILLIONLINE requires visitors and customers under the age of 16 to inform a parent or guardian about MILLIONLINE’s privacy statement and general terms and conditions. MILLIONLINEO will strive to verify whether permission has been granted. Only persons aged 16 and over can place orders online and/or become a member of the loyalty program.

What personal data can we process?

4. MILLIONLINE can process the following personal data, always subject to a legal ground provided by the General Data Protection Regulation (“GDPR”) :

Personal data that you have provided yourself:

Contact details (name, address, place of residence, email address, telephone number(s), IP address);
Identity information;
Payment details (bank account number, credit card number);
Personal data as described in a CV/data about your employment history;
Personal data obtained through means of communication, such as the website, newsletters, and emails:
Contact details (as described above);
Information about the device with which you visited our website, such as an IP address;

Your surfing behavior on the website, such as:

Which data/webpages you have viewed and how you navigate the website through Adwords;
Whether you open a newsletter or email and which parts of it you click on;
The dates and times of your visit to the website;
The information obtained from Google Analytics and Hotjar;
The information obtained from the cookies on the MILLIONLINE website.
The operating system you are using;
The Internet address of the website to which the link is made;
The geolocation;
The data sent to MILLIONLINE;
The data downloaded from the website.

Personal data obtained from other sources:

Data available from public sources such as, but not limited to, social media;
Data obtained from the Commercial Register of the Chamber of Commerce and the land registry;
Data available on public business websites.

Principles relating to processing

5. MILLIONLINE defines the purposes and means of the processing of personal data. This means that MILLIONLINE is the controller within the meaning of the GDPR. MILLIONLINE ensures that it always bases the processing of personal data on one of the principles as described in Article 6 of the GDPR.

We process your personal data on the basis of the following principles:

If you have given MILLIONLINE permission for the processing of your personal data for one or more specific purposes.
If the processing is necessary for the performance of an agreement to which you are a party, or to take measures at your request prior to the conclusion of an agreement;
If the processing is necessary in order to comply with a legal obligation that rests on MILLIONLINE;
If the processing is necessary to protect your vital interests or those of another natural person.

Use of personal data

6. When using your personal data, MILLIONLINE observes the GDPR and the resulting laws and regulations. The use of personal data is referred to in the GDPR as ‘processing’.

MILLIONLINE collects and processes personal data from customers for the purposes set out below. These purposes are:

To process your orders and to inform you about their progress. When you place an order with MILLIONLINE, a number of information is requested: your name, telephone number, email address, delivery address, billing address, payment method, account number/credit card number, credit card expiry date and credit card security code. This information is necessary for the processing of an order and for the correct processing of any returns. Credit card details are never shared with third parties.
To perform analyses for reports.
To optimize our services.
To inform you about products, benefits and events.
To display personalized advertising.
If you participate in the loyalty program, to be able to offer you the best possible personal privileges that belong to this program.
To provide you or third parties with the information necessary to execute an order, to handle a complaint, to process a return shipment or if you have given your permission to do so.
To provide information about you to third parties if we are obliged to do so by law or regulations (e.g., to investigative authorities).
To check whether you can meet your payment obligations and to check all facts and factors that are important for the responsible entering into and/or executing of the agreement.
The information needed to process credit card payments and transactions is sent to our bank, ABN AMRO, and Ingenico. Ingenico is a company that offers technology solutions for online payments in e-commerce and is an interface between credit card companies, banks, merchants and consumers when online payment takes place on the MILLIONLINE website. MILLIONLINE makes agreements with these companies regarding the processing of your personal data in order to safeguard your privacy. The bank information is stored in encrypted form by Ingenico and every payment method offered is secured.
To secure, adapt and improve the website.
To verify your identity and to prevent fraud.
In the case of applicants and/or employees, MILLIONLINE processes your personal data for the following purposes: to conclude an employment contract, to verify your identity and/or for recruitment and selection.

Sharing with third parties

7. MILLIONLINE may engage third parties who process personal data on behalf of MILLIONLINE as a controller. These may include:

Organizations;
Contractors/suppliers, including but not limited to suppliers of IT services.
Public authorities.

8. In the above situations, MILLIONLINE remains responsible for the processing of personal data and concludes processing agreements with these organizations. MILLIONLINE may also enter into working arrangements with third parties who themselves are co-controllers. In such cases, MILLIONLINE will conclude a controller agreement with these third parties.

9. MILLIONLINE never sells your personal data to third parties.

Rights of data subjects

10. The data subjects in the sense of the GDPR are the natural persons to whom the personal data relate. These may include consumers, business contacts, employees, customers, contractors and visitors to MILLIONLINE’s web pages. MILLIONLINE will inform data subjects about the processing of personal data in an accessible and comprehensible manner by MILLIONLINE. If you would like to know whether MILLIONLINE processes your personal data or would like to exercise one of the following rights, please send a written request, possibly accompanied by your opinion, to dataprotection@Millionline.nl. MILLIONLINE will handle a(n) (access) request within 4 weeks. MILLIONLINE is required to verify your identity before your request can be met.

11. In the case of processing of personal data, data subjects have the following rights:

Viewing and/or modifying personal data

You can ask us at any time to indicate which (categories of) personal data on you are being processed by MILLIONLINE, for which purposes, from which source the data come and which retention periods are applied. In addition, you can contact us at any time to complete, correct or delete your data. The request will be granted insofar as it is not in conflict with laws and regulations.

In the unlikely event that it turns out that MILLIONLINE has processed and/or provided incorrect personal data of you to third parties, MILLIONLINE will rectify this. If MILLIONLINE has changed your personal data, MILLIONLINE will inform you accordingly.

Restrict the processing of your personal data

If you do not agree with the content of the data on you stored by MILLIONLINE, you can submit a request to temporarily restrict the processing of your data.

Withdrawal of consent

You may also withdraw your consent to process your personal data at any time (with the exception of the processing of personal data of employees employed by MILLIONLINE). Upon receipt of your letter or email, MILLIONLINE will immediately cease processing of your personal data for which you have given your consent. However, the withdrawal of your consent does not affect the processing operations that have already taken place.

Right to transfer personal data

You can retrieve the personal data on you stored by MILLIONLINE in a structured, common and machine-readable form. After receiving your personal data, you are free to transfer this information to a third party.

Right to be forgotten

If you no longer wish to make use of MILLIONLINE’s services, you may submit a request for the deletion of all your personal data. The request will be granted insofar as it is not in conflict with laws and regulations.

Right to object

You have the right to object to the processing of your personal data based on the principles of “legitimate interest of MILLIONLINE or a third party” and “performance of a task carried out in the public interest” by MILLIONLINE. If MILLIONLINE relies upon these principles, MILLIONLINE will weigh up the interests of your privacy. The right to object gives you the option of requiring MILLIONLINE to reconsider its interests.

Right to lodge a complaint

If you do not agree with MILLIONLINE’s use of your personal data, you can indicate this by sending an email to dataprotection@Millionline.nl, by lodging a complaint with the Dutch Data Protection Authority or by starting a legal procedure.

Controller and (sub)processors

12. MILLIONLINE is the so-called controller in the sense of the GDPR who controls the processing of personal data and determines the purposes and means of the processing.

13. MILLIONLINE sometimes uses other companies to provide services for it. MILLIONLINE remains responsible for the processing of personal data in the situations set out above. MILLIONLINE makes contractual agreements with these companies regarding the handling of your personal data in order to safeguard your privacy. These are referred to as Processors or Subprocessors, depending on the situation.

Cookies

14. MILLIONLINE uses cookies (and similar techniques such as post-click link tracking) to make visiting and shopping at MILLIONLINE.nl even easier and more personal. These cookies allow us and third parties to track your internet behavior inside and possibly outside our website. It allows us and third parties to customize advertisements and other content to your interests and share information through social media.

Security of personal data

15. MILLIONLINE takes ongoing and structural measures to optimally protect your personal data against unlawful use. MILLIONLINE takes physical, administrative, organizational and technical measures. Measures taken by MILLIONLINE include:

All employees of MILLIONLINE (regardless of the form of their employment) have signed a confidentiality agreement whereby they undertake to observe complete confidentiality with regard to all information of a confidential nature or of which they must understand its confidential nature, including personal data;
Access to the personal data is restricted to authorized persons, whereby this number is kept as low as possible;
The website is secured via https;
The password of your personal account is encrypted;
The electronic transmission of personal data always takes place in an encrypted form and via a secure connection.

16. In line with the above principles, MILLIONLINE ensures that all of its user settings, programs and services are designed from the very beginning of development to maximize your privacy protection. MILLIONLINE continuously takes privacy-enhancing (security) measures wherever possible. With regard to the provision of information and services, MILLIONLINE applies the ‘opt-in’ rule by default: information or services are only provided if you actively indicate this. This can be done, for example, by ticking a box on the website. The box has not been filled in beforehand.

Third-party websites

17. This privacy statement does not apply to third-party websites that are linked to our website. We cannot guarantee that these websites handle your personal data in a reliable or secure manner. Before using this website, always read the privacy statement of this website for more information about the way in which they handle your personal data.

Period of retention of personal data

18. MILLIONLINE will never store personal data for longer than is necessary for the purpose of the processing. MILLIONLINE will in any event retain your personal data for the period that you have an agreement with MILLIONLINE. Some personal data are subject to statutory retention periods. MILLIONLINE fully complies with these retention periods.

Data breaches

19. MILLIONLINE makes every effort to prevent data breaches. In the event of unexpected situations in which a data breach occurs, MILLIONLINE has drawn up a protocol for the notification of data breach, which it consistently maintains.

Changes and applicable law

20. MILLIONLINE reserves the right to modify or change this privacy statement. None of the provisions of this privacy statement are intended to create any obligation or agreement between MILLIONLINE and a data subject. Dutch law applies to the provisions of this privacy statement and all disputes arising from this.