Dealing with your data and your rights

 

Information according to Art. 13, 14 and 21 General Data Protection Regulation (GDPR).

 

In the following we wish to inform you about the processing of your personal data with regard to Rocking Horse Wovens, and the claims and rights under the Data Protection Regulations. The protection of your data is very important to us and treating it confidentially is a top priority.  From May 25 2018, the General Data Protection Regulation will apply throughout the EU. The regulator’s goal is for uniform and strong data protection for all data subjects whose personal data are processed - especially when using Internet services. Which data is processed in detail, and how it is used, depends largely on the service used.

 

1. Responsible body for the content of the Rocking Horse Wovens website and Rocking Horse Wovens Facebook page:

 

Rinske van Mensvoort
Doctor van Kesselstraat 31

5175CS Loon op Zand

the Netherlands

info@rockinghorsewovens.com

www.rockinghorsewovens.com

www.facebook.com/rockinghorsewovens

 

(note - A data protection officer must not be appointed due to the provisions of the GDPR and the Federal Data Protection Act).

 

2. Purpose of processing and legal basis

 

Apart from the logging data that Facebook collects (covered below), we only save your data as part of the billing process for purchases from Rocking Horse Wovens. Name, address and e-mail contact details for the execution and fulfilment of the purchase contract are collected. The processing of your personal data takes place in accordance with the provisions of the GDPR and the Federal Data Protection Act. Data collection and processing is carried out in accordance with Article 6 (1) (b) GDPR.

 

- Revocation of consent

To the extent that consent has been given for the processing of personal data for specific purposes (eg as part of newsletter subscription or via a Google form document), the lawfulness of such processing is given on the basis of the consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued prior to the validity of the GDPR, ie before 25 May 2018.

 

3. Who gets your data (recipients, and categories of recipients, of personal data)?

 

Sharing of your data is only at the request of the tax office - for review in tax matters - or in the context of other reviews of Rocking Horse Wovens by authorities. Other data transfers do not take place in principle, your information may only be passed on if legally stipulated provisions dictate or you have consented. In addition, the data may only be processed for the purpose for which it was originally collected (in this case, for the purposes of the contract / invoice), so that it is also passed on to competent authorities only within the scope of this purpose. If there is a change of purpose and the transfer of the data is provided for by law, you will receive information about it, unless information is not provided for by law (eg in criminal investigations, as far as the purpose of the investigation would be jeopardised).

 

4. How long will my data be stored?

 

Your personal data is only stored for the required or legally prescribed period; Data that is no longer needed will be deleted immediately (unless legal provisions oppose it). Rocking Horse Wovens are subject to various storage and documentation obligations arising from legal requirements (in particular from tax retention periods).

 

5. Is data transmitted to non-EU states or to an international organization?

 

Data transfer to third countries (non-EU states) does not take place.

 

6. Which data protection rights do I have?

 

Every affected person has

- the right to information under Art. 15 GDPR,

- the right to a correction under Article 16 GDPR,

- the right of cancellation under Art. 17 GDPR,

- the right to restriction of processing according to Art. 18 GDPR as well as

- the right of opposition 21 DSGVO.

 

In addition there may be

- the right to data portability under Art. 20 DSGVO and

- the right to proper and transparent processing (including information) in automated decision-making (Art. 22 DSGVO) as well as the right to complain to the supervisory authority (Art. 77 DSGVO).

 

Restrictions of the data subject rights under the GDPR may, depending on the facts, arise in particular from the Federal Data Protection Act.

 

Your individual rights as a data subject

 

A person affected by the collection of personal data has the right to ask the responsible body for confirmation of the processing of personal data concerning them; if this is the case, you have the right to access information about the personal data and to the information listed in Article 15 of the GDPR. The data subject has the right to demand from the responsible entity, without delay, the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR). The data subject has the right to ask the responsible authority to delete immediately if one of the reasons listed in detail in Art. 17 GDPR is applicable, eg. For example, if the data is no longer needed for the purposes pursued (right to delete). The data subject has the right to require the responsible authority to restrict the processing if one of the conditions listed in Art. 18 GDPR is fulfilled, for example, if the data subject has objected to processing for the duration of the audit by the Responsible Body. The data subject has the right, at any time and for reasons of their particular nature, to object to the processing of personal data concerning you. The controller then no longer processes the personal data unless it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims ( Art. 21 GDPR). The data subject has the right, subject to the requirements of Art. 20 GDPR and the use of automated processing, to make available and to transmit directly the data concerning you in a common, structured and machine-readable format to another processing agency to pass on (right to data portability). In addition, all data subjects have the right to complain to a supervisory authority, without prejudice to any other administrative or judicial body, if the data subject has the right to complain (including information) on automated decision-making (Art. 22 DSGVO). The view is that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State of your residence, place of work or place of alleged infringement. In the Netherlands, Contact the Dutch Data Protection Authority (Dutch DPA):

 

Postal address

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ DEN HAAG

Telephone

Telephone number: (+31) - (0)70 - 888 85 00
Fax: (+31) - (0)70 - 888 85 01  

 

7. Data collection on the website through Facebook

 

In connection with your access to this website, data is stored and processed in a log file. These are the following data:

 • IP address

 • Date and time

 • page called / name of the retrieved file

 • location of the person calling the page

 • if applicable further data.

 For the privacy of Facebook itself, the storage of IP addresses, visitor numbers and other log and tracking data, please look at the privacy pages of Facebook itself, which can be found here: https://www.facebook.com/about/ privacy /

and here: https: //www.facebook.com/privacy/explanation

 

The Facebook pages are constantly updated. Despite careful processing, data may have changed or errors may have occurred. A liability or guarantee for timeliness or accuracy of the information posted on their website can not be accepted. Rocking Horse Wovens are not responsible for any damage caused by the use of the information or data provided. This also applies to damages that are based on the use of incorrect or incomplete data and information.

Thank you. xxx
Rinske van Mensvoort