Privacy Statement

Introduction

1. SHOEBALOO attaches great value to careful and safe handling of privacy-sensitive information. SHOEBALOO has therefore drawn up this privacy statement. With this privacy statement, SHOEBALOO gives you insight into how SHOEBALOO handles your personal data. Personal data are understood to mean: all data that can be directly or indirectly traced back to a natural person.
 
This privacy statement applies to the processing of all online and offline types of personal data that SHOEBALOO receives from:
  • You
  • (potential) suppliers, customers, contractors, customers and other relations of SHOEBALOO;
  • visitors to the website of SHOEBALOO  (https://www.SHOEBALOO.nl)  or an associated domain name;
  • recipients of information from SHOEBALOO;
  • all other persons in contact with SHOEBALOO.
2. Where in this privacy statement a person is referred to as'he','him' or'his', this also includes'she' or'her'.
 
3. SHOEBALOO requires visitors and customers under the age of 16 to inform a parent or guardian about SHOEBALOO's privacy statement and general terms and conditions. SHOEBALOOO will strive to verify whether permission has been granted. Only persons aged 16 and over can place orders online and/or become a member of the loyalty programme.
 
What personal data can we process?
 
4. SHOEBALOO can process the following personal data, always subject to a legal ground provided by the General Data Protection Regulation  ("GDPR") :
 
Personal data that you have provided yourself:
  • contact details(name, address, place of residence, email address, telephone number(s), IP address);
  • identity information;
  • payment details(bank account number, credit card number);
  • personal data as described in a CV / data about your employment history;
  • personal data obtained through means of communication, such as the website, newsletters and emails:
  • contact details(as described above);
  • information about the device with which you visited our website, such as an IP address;
  • your surfing behaviour on the website, such as:

- which data/webpages you have viewed and how you navigate the website through Adwords;

- whether you open a newsletter or email and which parts of it you click on;

- the dates and times of your visit to the website;

- the information obtained from Google Analytics and Hotjar;

- the information obtained from the cookies on the SHOEBALOO website.

  • the operating system you are using;
  • the Internet address of the website to which the link is made;
  • the geolocation;
  • the data sent to SHOEBALOO;
  • the data downloaded from the website. 
 
Personal data obtained from other sources:           
  • data available from public sources such as, but not limited to, social media;
  • data obtained from the Commercial Register of the Chamber of Commerce and the land registry;
  • data available on public business websites.
 
Principles relating to processing
 
5. SHOEBALOO defines the purposes and means of the processing of personal data. This means that SHOEBALOO is the controller within the meaning of the GDPR. SHOEBALOO ensures that it always bases the processing of personal data on one of the principles as described in Article 6 of the GDPR.
 
We process your personal data on the basis of the following principles:
  • if you have given SHOEBALOO permission for the processing of your personal data for one or more specific purposes.
  • if the processing is necessary for the performance of an agreement to which you are a party, or to take measures at your request prior to the conclusion of an agreement;
  • if the processing is necessary in order to comply with a legal obligation that rests on SHOEBALOO;
  • if the processing is necessary to protect your vital interests or those of another natural person.
 
Use of personal data 
 
6. When using your personal data, SHOEBALOO observes the GDPR and the resulting laws and regulations. The use of personal data is referred to in the GDPR as'processing'.
 
SHOEBALOO collects and processes personal data from customers for the purposes set out below. These purposes are:
  • To process your orders and to inform you about their progress. When you place an order with SHOEBALOO, a number of information is requested: your name, telephone number, email address, delivery address, billing address, payment method, account number/credit card number, credit card expiry date and credit card security code. This information is necessary for the processing of an order and for the correct processing of any returns. Credit card details are never shared with third parties.
  • To perform analyses for reports.
  • To optimise our services.
  • To inform you about products, benefits and events.
  • To display personalized advertising.
  • If you participate in the loyalty programme, to be able to offer you the best possible personal privileges that belong to this programme.
  • To provide you or third parties with information necessary to execute an order, to handle a complaint, to process a return shipment or if you have given your permission to do so.
  • To provide information about you to third parties if we are obliged to do so by law or regulations(e.g., to investigative authorities).
  • To check whether you can meet your payment obligations and to check all facts and factors that are important for the responsible entering into and/or executing of the agreement.The information needed to process credit card payments and transactions is sent to our bank, ABN AMRO, and Ingenico. Ingenico is a company that offers technology solutions for online payments in e-commerce and is an interface between credit card companies, banks, merchants and consumers, when online payment takes place on the SHOEBALOO website. SHOEBALOO makes agreements with these companies regarding the processing of your personal data in order to safeguard your privacy. The bank information is stored in encrypted form by Ingenico and every payment method offered is secured.
  • To secure, adapt and improve the website.
  • To verify your identity and to prevent fraud.
  • In the case of applicants and/or employees, SHOEBALOO processes your personal data for the following purposes:

- to conclude an employment contract, or

- to verify your identity;

- for recruitment and selection.

 
Sharing with third parties
 
7. SHOEBALOO may engage third parties who process personal data on behalf of SHOEBALOO as a controller.
 
These may include:
  • organisations;
  • contractors/suppliers, including but not limited to suppliers of IT services.
  • public authorities.
8. In the above situations, SHOEBALOO remains responsible for the processing of personal data and concludes processing agreements with these organisations. SHOEBALOO may also enter into working arrangements with third parties who themselves are co-controllers. In such cases, SHOEBALOO will conclude a controller agreement with these third parties.
 
9. SHOEBALOO never sells your personal data to third parties.
 
Rights of data subjects 
 
10. The data subjects in the sense of the GDPR are the natural persons to whom the personal data relate. These may include consumers, business contacts, employees, customers, contractors and visitors to SHOEBALOO's web pages. SHOEBALOO will inform data subjects about the processing of personal data in an accessible and comprehensible manner by SHOEBALOO. If you would like to know whether SHOEBALOO processes your personal data or would like to exercise one of the following rights, please send a written request, possibly accompanied by your opinion, to: dataprotection@shoebaloo.nl. SHOEBALOO will handle a(n)(access) request within 4 weeks. SHOEBALOO is required to verify your identity before your request can be met.
 
11. In the case of processing of personal data, data subjects have the following rights:
 
  • Viewing and/or modifying personal data
You can ask us at any time to indicate which  (categories of)  personal data on you are being processed by SHOEBALOO, for which purposes, from which source the data come and which retention periods are applied. In addition, you can contact us at any time to complete, correct or delete your data. The request will be granted insofar as it is not in conflict with laws and regulations.
In the unlikely event that it turns out that SHOEBALOO has processed and/or provided incorrect personal data of you to third parties, SHOEBALOO will rectify this. If SHOEBALOO has changed your personal data, SHOEBALOO will inform you accordingly.
 
  • Restrict the processing of your personal data
If you do not agree with the content of the data on you stored by SHOEBALOO, you can submit a request to temporarily restrict the processing of your data.
 
  • Withdrawal of consent
You may also withdraw your consent to process your personal data at any time  (with the exception of the processing of personal data of employees employed by SHOEBALOO). Upon receipt of your letter or email, SHOEBALOO will immediately cease processing of your personal data for which you have given your consent. However, the withdrawal of your consent does not affect the processing operations that have already taken place.
 
  • Right to transfer personal data
You can retrieve the personal data on you stored by SHOEBALOO in a structured, common and machine-readable form. After receiving your personal data, you are free to transfer this information to a third party.
 
  • Right to be forgotten
If you no longer wish to make use of SHOEBALOO's services, you may submit a request for the deletion of all your personal data. The request will be granted insofar as it is not in conflict with laws and regulations. 
 
  • Right to object
You have the right to object to the processing of your personal data based on the principles of"legitimate interest of SHOEBALOO or a third party" and"performance of a task carried out in the public interest" by SHOEBALOO. If SHOEBALOO relies upon these principles, SHOEBALOO will weigh up the interests of your privacy. The right to object gives you the option of requiring SHOEBALOO to reconsider its interests.
 
  • Right to lodge a complaint
If you do not agree with SHOEBALOO's use of your personal data, you can indicate this by sending an email to dataprotection@shoebaloo.nl, by lodging a complaint with the Dutch Data Protection Authority or by starting a legal procedure.
 
Controller and  (sub)processors
 
12. SHOEBALOO is the so-called controller in the sense of the GDPR who controls the processing of personal data and determines the purposes and means of the processing.
 
13. SHOEBALOO sometimes uses other companies to provide services for it. SHOEBALOO remains responsible for the processing of personal data in the situations set out above. SHOEBALOO makes contractual agreements with these companies regarding the handling of your personal data in order to safeguard your privacy. These are referred to as Processors or Subprocessors, depending on the situation.
 
Cookies
 
14. SHOEBALOO uses cookies(and similar techniques such as post-click link tracking) to make visiting and shopping at SHOEBALOO.nl even easier and more personal. These cookies allow us and third parties to track your internet behaviour inside and possibly outside our website. It allows us and third parties to customize advertisements and other content to your interests and share information through social media.
 
Security of personal data
 
15. SHOEBALOO takes ongoing and structural measures to optimally protect your personal data against unlawful use. SHOEBALOO takes physical, administrative, organisational and technical measures.
 
Measures taken by SHOEBALOO include:
  • all employees of SHOEBALOO(regardless of the form of their employment) have signed a confidentiality agreement whereby they undertake to observe complete confidentiality with regard to all information of a confidential nature or of which they must understand its confidential nature, including personal data;
  • access to the personal data is restricted to authorised persons, whereby this number is kept as low as possible;
  • the website is secured via https;
  • the password of your personal account is encrypted;
  • the electronic transmission of personal data always takes place in encrypted form and via a secure connection.
 
16. In line with the above principles, SHOEBALOO ensures that all of its user settings, programs and services are designed from the very beginning of development to maximize your privacy protection. SHOEBALOO continuously takes privacy-enhancing(security) measures wherever possible. With regard to the provision of information and services, SHOEBALOO applies the'opt-in' rule by default: information or services are only provided if you actively indicate this. This can be done, for example, by ticking a box on the website. The box has not been filled in beforehand.
 
Third party websites
 
17. This privacy statement does not apply to third party websites that are linked to our website. We cannot guarantee that these websites handle your personal data in a reliable or secure manner. Before using this website, always read the privacy statement of this website for more information about the way in which they handle your personal data.
 
Period of retention of personal data 
 
18. SHOEBALOO will never store personal data for longer than is necessary for the purpose of the processing. SHOEBALOO will in any event retain your personal data for the period that you have an agreement with SHOEBALOO. Some personal data are subject to statutory retention periods. SHOEBALOO fully complies with these retention periods.
 
Data breaches
 
19. SHOEBALOO makes every effort to prevent data breaches. In the event of unexpected situations in which a data breach occurs, SHOEBALOO has drawn up a protocol for the notification of data breach, which it consistently maintains.
 
Changes
 
20. SHOEBALOO reserves the right to modify or change this privacy statement. None of the provisions of this privacy statement are intended to create any obligation or agreement between SHOEBALOO and a data subject. Dutch law applies to the provisions of this privacy statement and all disputes arising from this. This privacy statement has been last amended on and applies from May 30, 2018.