Privacy statement - May 2018
We respect privacy and your right to control your personal data. Our guidelines are simple. We are clear about the data we collect and why. Your data is protected by us. We do not and will not sell your data to third parties. This Privacy Statement (the 'Statement') explains the personal information we collect from you, either directly or indirectly, and how we use it. Personal information is any information that can be used to identify you or that we can link to you. The Statement also covers the choices you can make about the data we collect, and how you can control these decisions. It applies to all products offered by JVB Digital on JVBDigital.nl/ .com and OPPOStore.nl
We only process personal data for the purpose for which it was provided and in accordance with the General Data Protection Regulation (GDPR) and the Dutch Telecommunications Act.
Please read this Statement carefully to understand how JVB Digital may collect, use and share your personal information. The terms 'we', 'us', or ‘JVB Digital’ are each intended as reference to JVB Digital.
The Types of Personal Information We Collect
We collect information you voluntarily provide to us, such as your name, phone number and email address; for instance, when you would like to know more about our products and contact our Customer Service. It may concern the following information:
Information we collect automatically
We automatically collect information about you, such as information collected by using cookies and similar technologies when you use, access or interact with us via our websites. We may, for example, collect information about the type of device you use to access our websites, the operating system and version, your IP address, your general geographic location as indicated by your IP address, your browser type, the webpages you view on our websites, and whether and how you interact with content available on our websites.
Customer Interactions with JVB Digital
To make the information in this Statement easy to understand, we have highlighted different occasions when JVB Digital could potentially collect personal information from customers. The customer interactions with JVB Digital are broken down into the following segments:
Buying products from JVB Digital
When you buy from us, you will be asked to provide information so that we can complete your purchase.
We collect: name, telephone number, e-mail address, delivery / shipping address and payment method.
We use the information to answer customer questions, diagnose problems with products, repair products, and provide other customer service and support services. This processing is necessary for the execution of the agreement that we have with you and also serves our legitimate interest.
We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business. This processing is necessary to serve our legitimate interest.
Communication, marketing and advertising
We use the information we collect to realize and personalize our communication with you. For example, we may contact you by e-mail or other electronic means of communication to inform you about new products or services, to keep you informed of a support issue or to invite you to participate in a survey. This processing is necessary to serve our legitimate interest.
How We May Share Personal Information
We do not and will not sell personal information about our customers. We only disclose your data as described in this Statement. We may share information with the following types of third parties.
Third Party Vendors
JVB Digital uses a variety of third-party vendors to carry out services like websites management and hosting, online product purchases and shipping, credit card processing and email communications. We only share your personal data as necessary, such as to complete a transaction or to provide a Product or Service you have requested or authorized and only with vendors or agents working on our behalf for the purposes described in this Statement. In this case, your personal information will be shared with these agents or contractors but only for the purpose of performing services on behalf and under instructions of JVB Digital and in accordance with this Statement. It is our legitimate interest to share information with these parties for these purposes.
The Legal Bases for Using Personal Information
There are different legal bases that we rely on to use your personal information, namely:
The use of your personal information may be necessary to perform the agreement you have with us. For example, to complete your purchase, to register and maintain your account, to help with delivery issues, to handle returns or to respond to your requests.
We may use your personal information for our legitimate interests. For example, we rely on our legitimate interest to analyze and improve Products and Services and the content on our websites, to send you notifications about software updates or information about Products and Services or to use your personal information for administrative, fraud detection or legal purposes. When we process your personal data on the basis of our legitimate interest and there is no deregistration mechanism available to you, you can exercise your right to object by sending an e-mail to firstname.lastname@example.org or email@example.com
Data retention period
We do not store your data longer than necessary for the purpose for which it was received. If you unsubscribe from our e-mails, your personal data will be removed from the system by the end of the relevant month at the latest.
We keep the data in our accounting and CRM system for at least 7 years, in order to comply with all our legal obligations. This information will be removed by us within 1 year after the expiry of this obligation.
The above deadline applies, provided that there are further legal obligations for us to keep the data longer and / or to keep it available.
Data Processing Agreement
The following items are qualified as a data processing agreement.
1. Data Controller/ client buys products from JVB Digital.
2. Data Controller needs - for the execution of that service - various data, including personal data of various parties involved within the meaning of the General Regulation on Personal Data (GDPR- EU General Data Protection Regulation).
3. Data Controller needs the storage, processing and security of these personal data to be performed by the Processor (the Assignment). Processor is prepared to accept this Assignment.
Article 1 - Processing of processing
1. During the performance of the Assignment, the Processor will handle the personal data in a careful manner and only process the personal data on the instructions of the Processing Manager in accordance with its written instructions and in accordance with this Agreement and the provisions in the GDPR. If an instruction by the Data Controller does not comply with the applicable legislation and regulations, including the GDPR, the Client will immediately inform the Data Controller of this.
2. The personal data processed by Processor in the context of the activities as referred to in the previous paragraph and the categories of data subjects from whom they originate. The processor will not process the personal data for any other purpose than as determined by the Data Controller. The processor has no control over the purpose and the means for processing the personal data.
3. The Processor furthermore warrants that people acting under his authority will only process the personal data in a lawful manner and in accordance with this Agreement and the GDPR.
4. At the request of the Processing Officer, the Processor will inform the Data Controller as soon as possible about the (security) measures to comply with the obligations under the GDPR, this Agreement and the other written instructions of the Data Controller.
Article 2 - Guarantee of processing responsibility
The party responsible for processing guarantees that the basic principles of the processing of the personal data of data subjects, as referred to in this Agreement, are not unlawful and that no violation is made of the rights of others. The processing manager indemnifies processor against all claims relating to this.
Article 3 - Transfer of personal data
1. Personal data are processed within the European Union. The transfer of personal data to countries outside the European Union is only permitted to countries that offer an adequate level of protection in accordance with the GDPR for the processing of personal data.
2. At the request of the Processing Officer, the processor shall report within which country the personal data processed by the Processor on behalf of the Processing Officer are processed.
Article 4 - Security measures
1. The processor shall take sufficient technical and organizational measures with regard to the processing of personal data, against loss or against any form of unlawful processing (such as unauthorized inspection, violation, alteration or provision of the personal data).
2. The processor takes the following measures:
3. The processor does not guarantee that the security is effective under all circumstances. If an explicitly described security measure is missing in the Processor Agreement, Processor will endeavor to ensure that the security meets a level that, the technical specifications/possibilities, the sensitivity of the personal data and the costs associated with providing extra security, is not unreasonable.
Article 5 - Reporting obligation
1. The Processor is at all times responsible for reporting a security breach and / or data breach (which is understood to mean: a breach of security that inadvertently or unlawfully leads to the destruction, loss, modification or unauthorized provision of or unauthorized access to data transmitted, stored or otherwise processed) to the supervisor and / or data subjects. In order to enable the Data Controller to comply with this statutory obligation, the Processor will notify the Data Controller of the vulnerability and / or the data breach within a period of 72 hours.
2. A report must only be made for events with a major impact, and only if the event has actually occurred.
3. The duty to report in any case includes reporting the fact that a leak has occurred. In addition, the obligation to report includes:
- the nature of the personal data breach, where possible with reference to the categories of data subjects and personal data registers concerned and, approximately, the number of data subjects and personal data registers concerned;
- the name and contact details of the data protection officer or any other contact point where more information can be obtained;
- the likely impact of the personal data breach;
- the measures proposed or taken by the Processor to address the personal data breach, including, where appropriate, measures to mitigate any adverse effects.
Article 6 - Duration and termination
1. This Agreement commences at the time that a purchase is made at JVB Digital. Parties enter into this Agreement for an indefinite period of time.
2. Termination is possible towards the end of the month with a notice period of 3 months.
3. If this Agreement ends or is dissolved, the Parties must continue to comply with the provisions of this Agreement with regard to confidentiality, liability, indemnification and all other provisions that by their nature are intended to continue after termination or dissolution of this Agreement.
4. If this Agreement ends or is terminated, the Data Controller will give the User 30 days the opportunity to move all data, including personal data, that are present at the Worker to another location on the basis of this Agreement. After this period, Processor will remove or destroy all data, including personal data, that are present with it pursuant to this Agreement (including any copies thereof).
Article 7 - Confidentiality
1. All confidential information received by Processor on the basis of this Agreement is subject to a confidentiality obligation towards third parties. All persons employed or employed for the benefit of the Processor, as well as the Processor themselves, are obliged to maintain the confidentiality of the personal data.
2. The processor will not provide, copy, or otherwise multiply or make public the personal data to third parties without the permission of the Data Controller.
3. If the Processor receives a request from a third party to provide access to the personal data on the basis of an alleged (legal) obligation, he will first inform the Data Controller of this in writing, if legally permitted, before he provides that third party with access to the personal data. So the Data Controller can assess whether the request of the third party is well-founded.
Article 8 - People working under the authority of the Processor
The obligations of Processor arising from this Agreement also apply to those who process personal data under the authority of Processor, including but not limited to employees.
Article 9 - Liability
1. The Processor shall be liable for damage suffered by the Data Controller if the Processor does not comply with the further instructions of the Data Controller, this Agreement, the GDPR or other applicable laws and regulations in the area of privacy and protection of personal data.
2. The Processor indemnifies the Data Controller against claims from third parties insofar as these claims relate to the processing of personal data and all other activities performed or performed by the Processor under this Agreement for the Client.
Article 10 - Nullification
If part of this Agreement is void or voidable, it will not affect the validity of the remainder of the Agreement. The void part is replaced by a provision that follows the content of the void provision as much as possible.
Article 11 - Enabling third parties or subcontractors
1. The Processor may use third parties in the context of this Processing Agreement, provided that these are notified in advance to the Data Controller; Data Controller may object if the use of a specific reported third party is unacceptable. In such a case the Parties will consult with each other to come to a workable solution.
2. The Processor shall in any case ensure that these third parties take on at least the same obligations in writing as agreed between the Data Controller and the Processor.
3. The Processor guarantees correct compliance with the obligations arising from this Processing Agreement by these third parties and, in the event of errors by these third parties, is itself liable for all damage as if it had committed the fault(s) itself.
Article 12 - Audit
1. Data Processing Manager has the right to have audits carried out by an independent, expert third party who is bound to confidentiality in order to check compliance with the security requirements, compliance with the general rules concerning the processing of personal data, misuse of personal data by employees of the Processor, compliance with all points in the Processor Agreement, and everything that is directly related to it.
2. This audit may take place no more than once a year or otherwise with a concrete suspicion of misuse of personal data.
3. The Processor shall cooperate with the audit and provide all relevant information reasonably relevant to the audit, including supporting data such as system logs, and employees as timely as possible.
4. The findings resulting from the audit carried out will be assessed by the Processor and may, at the discretion of the Processor and in the manner as the Processor itself determines, be implemented by the Processor.
5. The costs of the audit are borne by the Data Controller.
Article 13 - Processing of requests for data subjects
In the event that a data subject submits a request for the execution of his / her legal rights to the Processor, the Processor will forward the request to the Processing Officer, and the Processing Officer will continue to process the request. The processor may inform the data subject of this.
Article 14 - Final provision
1. Only written changes to this Agreement are valid.
2. This Agreement supersedes all prior agreements between the Parties.
Article 15 - Applicable law
The Agreement and its implementation are governed by Dutch law.
Article 16 - Competent court
All disputes that may arise between the Parties in connection with the Agreement will be submitted to the competent court for the district in which the Processor is established.
You always have the right to withdraw your consent to the processing of your data, after which we will no longer process your data. Withdrawal of this consent does not affect the legality of our data declaration on the basis of your consent, which took place prior to this withdrawal.
You also have the right to access your personal data and the right to rectify your personal data. If you want to know which personal data we process from you, you can submit a written request for access. If your details are incorrect, incomplete or irrelevant, you can request us to change or supplement your data in writing.
You also have the right to delete your personal data, a right to limit the processing and a right to object to the processing. You are also entitled to transfer or transfer your data. You can also submit a written request for this.
We will process your request within 4 weeks. You can e-mail your request to us via firstname.lastname@example.orgemail@example.com
Main office, the Netherlands
Address: Maten 51, 3831 PJ Leusden, Netherlands
Registration number Dutch Chamber of Commerce: 32073851
Phone: +31 33-4655355
Grosse Ile, MI 48138
Phone : +1 734 307 7184
Privacy Notice |
Conditions of use |
Contact Us |
© 1998 - 2018, JVB Digital, BJ unlimited.|
Prices quoted on this web site apply for orders placed online. 21% Dutch VAT will be added if shipped to EU countries. CoC/KvK 32073851
* Free shipping within USA (From JVB USA to a US address) on orders over $300. Free shipping within The Netherlands (From JVB NL to a Dutch address) on orders over €300 ( excl.BTW ), not all items are eligible for free shipping.