What law applies?
Our use of your personal data is subject to both the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming) (“UAVG”) and the EU General Data Protection Regulation (“GDPR”), and of course we process your personal data accordingly.
What is personal data?
Personal data is any information about personal or factual circumstances that relate to a person. This may include name, date of birth, email address, postal address or telephone number, but also online identifiers such as IP addresses or device IDs.
What is Special Category Data?
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
What is processing?
“Processing” is any operation or set of operations that is performed on personal data, whether or not it is done automatically. The term is broad and covers virtually any handling of data.
Who is responsible for data processing?
The responsible party within the meaning of the UAVG and the GDPR is The Expat Coach, Mohamed Ittidar, Het Hoogt 251, 1025GX Amsterdam, The Netherlands with KVK Nr.: 65475402 (“The Expat Coach“, “we”, “us”, or “our”). If you have any questions, please feel free to contact us using firstname.lastname@example.org.
What are the legal bases for processing?
According to the UAVG and the GDPR, we should have at least one of the following legal bases to process your personal data:
- Ensuring IT security and IT operations,
- Corporate governance measures and further development of our services,
- defense against claims by third parties and
- Enforcement of our own claims).
Am I obliged to provide data?
In the context of our business relationship, you are only obliged to provide personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we usually have to refuse to conclude a contract or can no longer fulfill an existing contract and may have to terminate it.
Data that we collect automatically
Each time you visit my website, our system automatically collects the following data from the visiting device and stores it in a so-called log file: (i) name of the file accessed, (ii) date and time of the visit, (iii) amount of data transferred, (iv) notification of successful retrieval, type of browser and version used, (v) IP address (identification of the user’s device), (vi) operating system of the visiting device, (vii) Internet service provider of the visiting device, (viii) website from which you access my website, and (ix) which pages of my website you access. The legal basis for this processing is our legitimate interest.
The hosting service used by us for the purpose of operating my website is Antagonist B.V. In doing so Antagonist, processes inventory data, contact data, content data, usage data, meta data and communication data of interested parties and visitors of my website and services, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for my services.
Content Management System
We use the Content Management System (CMS) of WordPress by Automattic Inc, to publish and maintain the created and edited content and texts on my website. This means that all content and texts submitted to my website is transferred to WordPress. The legal basis for this processing is our legitimate interest.
Content Delivery Network
We also use the Content Delivery Network (CDN) to distribute our online content. Our CDN is a network of regionally distributed servers operated by our technical service providers that are interconnected via the Internet. When you visit my website, your device’s browser transmits information to these service providers, which is collected in corresponding server log files. The server log files are usually anonymized and then transmitted without personal reference. The server log files include in particular i) information on the browser and operating system used, ii) the previously visited pages (so-called referral URL), iii) the IP address of the device used, iv) the name of the Internet provider, and v) the date, time of all page views including the amount of data transferred. The legal basis for the processing is our legitimate interest.
Links to other websites
We integrate the fonts of the provider Google LLC, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on my legitimate interest in a technically secure, maintenance-free and efficient use of fonts, their uniform display and taking into account possible licensing restrictions for their integration. The legal basis for this processing is our legitimate interest.
We integrate Font Awesome of Fonticons Inc, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interest.
Data we collect directly
The processing of personal data depends on the nature of your contact. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also contain certain personal data. The personal data collected when you contact us is used to process your request, and the legal basis is your consent.
I`m present on social media (currently Instagram, Facebook and LinkedIn) and if you contact or connect with me via social media platforms, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contract.
Online appointment booking
We use the service of Calendly, Inc. for the simplified booking of appointments. By using this service, the data you submit including your Name, Email address and IP Address is transferred to Calendly. The processing of the data entered via Calendly is thus exclusively based on a legitimate interest of simplified appointment arrangement and the initiation of a contract. The data entered by you remains with us until you request us to delete it or the purpose for storing the data no longer applies.
When you use my services
We process your personal data in the context of the provision of my services, and for the initiation and execution of the contractual relationship existing between you and me. This includes among others, coaching services and support and as such, we process your name, contact details and all information required in the context of the performance of the services including health data in accordance with the UAVG and GDPR, exclusively for the purpose of processing and handling the contractual relationship.
Some of the Personal Data you provide may be considered “special” or “sensitive”. This includes Personal Data concerning for example your health, and fitness. By choosing to provide this data, you consent to our processing of that data.
You have choices about the Personal Data you provide and how you share it. You don’t have to provide Personal Data or Special Category Data; however, information about you helps you to get more from our Services. It’s your choice whether to include Personal Data or Special Category Data and to make that information available to us. Please do not share information that you would not want to be available.
The legal basis for the processing of your Special Category Data is the establishment and implementation of the user contract for the use of the service as well as your consent. You may withdraw your consent and request us to stop using and/or disclosing your personal and Special Category Data by submitting your request to us.
Administration, financial accounting, office organization, contact management.
We process data in the context of administrative tasks and the organization of our business and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the provision of our contractual services. The processing bases are our legal obligations and our legitimate interest.
If you have given us your separate consent to process your data for marketing and promotional purposes, we are entitled to contact you for these purposes through the communication channels for which you have given your consent.
You may give us your consent in a variety of ways, such as by checking a box on a form asking for permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. In cases where your consent is implied, it is based on the assumption that you could reasonably expect to receive a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail via my newsletter and may also include other less traditional or emerging channels. These forms of contact will be managed by me, or on my behalf. Every directly addressed marketing sent or made by me or on my behalf will include a means by which you may unsubscribe or opt out.
Economic analyses and market research
For business reasons, we analyze the data we have on business transactions, contracts, enquiries,browsing behavior etc., whereby the group of persons concerned may include contractual partners, interested parties, and users of our services.
The analyses are carried out for the purpose of business evaluations and market research. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).
Who receives my information?
Within The Expat Coach, those who have access to your information are those who need it to fulfill our contractual and legal obligations.
Processors used by us may also receive data for these purposes. These are companies in the areas of IT services, telecommunications, and sales and marketing. If we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
Data is only passed on to third parties within the framework of the legal provisions. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or due to legitimate interests in the economic and effective operation of our company, or if you have consented to the transfer of data.
How long will my data be stored?
To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations, which result, among other things, from the statutory minimum retention periods and other retention periods prescribed in this sense, e.g. retention periods under tax or commercial law. Depending on the document and the legal regulation, the periods specified there for storage and documentation are up to 8 years.
How do we secure your data?
My website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of content or contact requests that you send to us. In addition, we have taken numerous security measures (“technical and organizational measures”), such as encryption or access only when necessary, to ensure the most complete protection of personal data processed through this website.
Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. And databases or records containing personal data may be breached inadvertently or by unlawful intrusion. If we learn of a data breach, we will notify all affected individuals whose personal data may have been compromised as soon as possible after the breach is discovered.
Is data transferred to a third country?
We process data in the course of operating my website. We do not normally transfer personal data to countries outside the Netherlands and the EEA. However, if we do, we ensure that the processing of your personal data is governed by processing contracts that include standard contractual clauses to ensure a high level of data protection.
We do not request personal data from minors and children and do not knowingly collect such data or share it with third parties.
Automated Decision Making
Automated decision making is the process of making a decision by automated means without human involvement. Automated decision making does not occur.
DO NOT SELL
We do not sell your Personal Data.
Your rights and privileges
Rights to protect your data
Under the UAVG and the GDPR, you may exercise the following rights:
- Right to information
- Right to rectification
- Right to deletion
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
- Right not to be subject to a decision based solely on automated processing.
Updating your data
If you believe that the data we hold about you is inaccurate or that we are no longer entitled to use it and you wish to request that it be rectified or erased, or object to its processing, please contact us.
Withdrawal of your consent
You may withdraw any consent you have given at any time by contacting us. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
Request for information
If you would like to make a request for information about your data, you can inform us in writing. We will respond to requests for information and correction as quickly as possible. If we are unable to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with the Personal Data you have requested or to make a correction, we will tell you why.
Complaint to a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. The competent supervisory authority in the Netherlands is Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (“DPA”) Bezuidenhoutseweg 30, 2594 AV DEN HAAG, The Netherlands, www.autoriteitpersoonsgegevens.nl/en. However, we would appreciate the opportunity to address your concerns before you contact the DPA.
Validity and questions