The private limited liability company Scan Sys B.V. (hereinafter referred to as: ‘Scan Sys‘) attaches great importance to the proper handling of personal data and is familiar with the privacy legislation. This privacy statement therefore explains how your personal data is handled.
Contact details controller
Scan Sys can be classified as controller, as defined in the General Data Protection Regulation (hereinafter referred to as: ‘AVG‘), for the processing of your personal data. Scan Sys can be contacted via the following contact information:
Scan Sys B.V.
2631 XD Nootdorp
Tel. +31 (0)15 310 2040
Which personal data is processed?
We process, among others, the following categories of your personal data:
- Information such as first name and surname;
- Contact details such as postal address, telephone number, e-mail address;
- IP address;
- Information about your activities on our website (for example your click behaviour);
- Ordering information;
- Type of internet browser or device;
- Content of correspondence;
- Payment information and payment history.
If you wish to utilize our services and/ or if you already utilize them, in order to enter into and/ or execute the contract you are in any case required to provide us with your first name and surname, postal address, telephone number and e-mail address. Depending on the product you purchase from us, other personal data may also be required. If this is the case, we will inform you of this. If you do not wish to provide us with this personal data, we cannot guarantee the proper execution of the contract. If the processing of specific personal data is required by law, we will inform you of this, as well as of the potential consequences should you choose not to supply us with this personal data.
Why do we process your personal data?
We collect and process personal data for various purposes. We use the personal data that we have received from you, and also personal data that we obtain from other sources. For example, information obtained via the Land Registry, the Trade Register or social media platforms and other public sources. We process personal data for the following purposes:
- General customer contact
The data is used (i) to provide you with any information you have requested from us, (ii) to contact you regarding the execution of the contract that you have entered into with us, and (iii) to respond to questions and/ or complaints.
- For the execution of the contract
We process your personal data for the execution of the contract(s) that you enter into, are going to enter into or have entered into with us in order to be able to supply our products and/ or services to you and/ or to give advice about our products and/or services. Consider, for example, (i) the supply of software; (ii) the installation of software; (iii) advice regarding software; and (iv) the content of software.
- Partner and customer portal account
If you utilize our products and/ or services, you have the option to create a partner or customer portal account. If you make use of this option, the personal data provided to create the account will be kept. This personal data will be kept for managerial purposes such as password management and access to the portal.
- Analysis of surf, search and/ or click behaviour and personal offers
Your personal data is processed for the analysis of your behaviour on our website, to enable us to improve our website. Your personal data is also processed in order to offer you products and/ or services that might be of interest to you.
- Direct marketing
We use your personal data in order to send marketing offers, newsletters, information surveys and invitations by e-mail, text message, telephone calls and/ or by post. Via direct marketing we wish to provide you with information regarding products and/ or services that might be of interest to you.
- Reviews/ references
If you wish to write a review/ reference, you can choose whether your personal information is visible to other visitors. In principle, we keep track of the review(s)/reference(s) that you have written, to enable us to improve the quality of our products and/ or services and so that we can contact you on the basis of your review(s)/reference(s) to ask you targeted questions.
- Customer satisfaction surveys
In some cases, we ask customers to participate in a customer satisfaction survey. Participation in such a survey is entirely voluntary. If you decide to participate in a customer satisfaction survey, we will process the information provided by you.
We use your personal data to investigate, prevent and combat fraud.
- Legal obligation
We process your personal data if we are required to do so on the basis of legislation and/ or regulations. Consider, for example, the requirement to submit tax declarations.
On the basis of which foundations is your personal data processed?
We process your personal data if we are legally obliged to do so and when the processing is necessary for the execution of the contract entered into with you for the supply of our products and/ or services. It can also occur that we process your personal data for the protection of a legitimate interest. Generally speaking, a legitimate interest is of a legal, financial or business nature. The following are examples of situations in which we have a legitimate interest in processing your personal data:
- to send you, as our customer, advertisements for our (other) products and/or services;
- to defend ourselves against legal claims;
- for the purpose of general customer contact, such as responding to questions and handling complaints;
- for the storage of your personal data on an external server;
- when you visit our website, to present you with content that is as relevant as possible to you;
- to prevent and/ or detect fraud.
Finally, we can only process your personal data when you have given us permission to do so. You are entitled to withdraw your permission at any time. This withdrawal does not preclude the legitimacy of the processing on the basis of the permission before withdrawal.
Sharing of personal data with third parties
In certain cases, we can also share your personal data with third parties. The passing of personal data to third parties occurs only for the purposes stated in this privacy statement and based solely on the specified foundations. The following are examples of cases in which we can pass your personal data to third parties, with indication of the nature of those third parties:
- If this is necessary for the execution of the contract. Thus, we can utilize distribution companies for the delivery of your order(s) or engage a third party for the handling of iDeal payments;
- we can utilize a debt collection agency for the recovery of a debt owed by you;
- we can utilize an external server for the storage of your personal data, for which purpose we supply your personal data to a third party;
- we can pass your personal data on to, for example, website agencies and/ or agencies for the analysis of the personal data regarding your website use, for the personalization and optimization of the website and communication and the display of relevant offers and advertisements;
- we can pass your personal data on to ICT service providers that support us in maintaining the security and stability of our software systems;
- to ensure that your personal data is erased in a careful manner, we can utilize the services of a data erasure company;
- we can pass your personal data on to our insurance provider within the context of our liability.
Otherwise, we only supply your personal data to third parties with prior permission from you, where this is necessary for the protection of our interest or where we are obliged to do so on the basis of legislation and/ or regulations. For example, it is possible that the police ask us to provide personal data as part of a fraud investigation. In that case, we may be legally obliged to supply this personal data to the police.
Third parties to whom we supply your personal data bear responsibility for compliance with the privacy legislation. We are not responsible nor liable for the processing of your personal data by these third parties. Insofar as a third party processes your personal data on our behalf in the capacity of processor, we enter into a processing agreement with this third party which meets the criteria stipulated in the GDPR.
We will not transfer your data to a third country or international organization.
Security of personal data and storage period
We take appropriate security measures to combat misuse, loss, unwanted disclosure, unauthorized modification of and unauthorized access to your personal data. This includes ensuring that only the necessary persons have access to your personal data, that the access to your personal data is protected, that our website is secured by means of information security techniques (such as firewalls), that our passwords are changed regularly, that our building is secured and that our security measures are checked (by external parties) on a regular basis. If you feel that your personal data is not properly secured or if there are signs of, for example, misuse of the data, please contact our customer service department or send an e-mail to: email@example.com.
We will not store your personal data for longer than is reasonably necessary to achieve the goals stated in this privacy statement or to be able to comply with the legislation and/ or regulations.
In the case of most personal data, we do not keep this data for longer than is necessary for the execution of the contract, for the recovery of the debt and for the resolution of disputes arising within the context of the contract. However, certain personal data must be kept for a longer period on legal grounds. For instance, certain fiscal documents must be kept for seven years.
In principle, we keep correspondence and personal details of customers for seven years after this correspondence has taken place and/ or these personal details have been obtained, unless the contract comes to an end before this time. Finally, we keep your personal data for direct marketing purposes until you withdraw your permission and/ or object to this processing.
Exercising your rights
You are entitled to access, to rectify and/ or to erase your personal data. Furthermore, you are entitled to request that the processing of your personal data be restricted, and to object to the processing of your personal data; you also have the right to data portability. The right to data portability means that you can submit a request to receive your personal data that is processed by us in a structured, commonly used and machine readable format and/ or to transfer the data to an organization nominated by you.
If you wish to exercise one of your rights, you can send a request to this effect to firstname.lastname@example.org. In order to prevent misuse, we may ask you, before proceeding to handle your request, to demonstrate your identity by sending us a copy of a valid identification document. Please ensure that you block out the passport photograph, the MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and social security number on this copy. You could, for example, use the government ‘KopieID app’ for this. This is to protect your privacy.
We will respond to your request as soon as possible, and within one month at the latest. If you have a complaint about the processing of your personal data, we will be happy to assist you further. If, nevertheless, you do not reach a satisfactory solution together with us, you have the option to submit a complaint to the Data Protection Authority. This can be done via the following link:
Automated decision making
No automatic decision making takes place.
Changes to this privacy statement
This privacy statement was last updated on 14 June 2018. We reserve the right to modify this privacy statement unilaterally by changing thispage. You are therefore advised to consult this page on a regular basis. In case of a substantial modification to this privacy statement, clear notification to this effect will be issued via our website.