UpCross (provider of CyberTense®) is a young and ambitious digital commerce company based in the Netherlands, which translates market demand into innovative concepts. Our overall goal is to empower people to make strong decisions - based on solid information, figures, sound principles and science - by giving them the tools and information they deserve.
UpCross processes personal data and wants to communicate clearly and transparently about it. In this privacy statement, UpCross provides information about how it processes personal data. Not all elements of the statement apply to you as a user of our website or service.
UpCross values the protection of the personal details of its members, partners and other relations. Personal data are therefore treated and protected with the utmost care by UpCross. UpCross meets the requirements set by the General Data Protection Regulation.
registers, processes and stores personal data. Related topics, such as
exchanging and supplying data to third parties are also described.
Identity data processor
CyberTense® is an initiative of UpCross B.V.
7556 DC Hengelo Ov.
Chamber of Commerce
65584988 / Enschede
For any questions regarding privacy matters, please contact us by sending an e-mail to Data.Protection@UpCross.com
POLICIES, GUIDELINES OR INSTRUCTIONS POSTED ON THE SERVICE OR WEBSITE,
DO NOT USE THE SERVICE OR WEBSITE
Requirements processing personal data for associations
The GDPR has six bases for processing personal data. To be allowed to process personal data, at least one of these principles must apply:
Personal data refers to information, which allows a person to be directly or indirectly identified as an individual person. Examples of personal data include: email address, name and date of birth.
In addition, the law distinguishes special personal data, such as information about health. This is information that can seriously affect someone's privacy. Therefore, this information may only be processed under strict conditions.
UpCross processes personal data in various systems. These systems are hosted in European data centers.
Right of inspection
If someone's personal data is processed, this person has the right to know which data, for which purpose these are being used exactly and with whom these may be shared. Someone can only request information about themselves, not about others.
Automatically collected non-personal data (via our website or service) will be used to improve our service. However, we may also share aggregated non-personal information with third parties for marketing, advertising, and analytics purposes. We will never sell these non-personal information to third parties.
With a written request it is possible to inspect the registered personal data and the processing that takes place. This request can be sent via email to: Data.Protection@UpCross.com Please indicate 'right of access' in the subject line. UpCross will react within the legal one-month period.
Right to be forgotten
Under the GDPR ruling, a person has the right to be forgotten or to have personal data removed from the administration of UpCross. UpCross must grant such a request in the following situations:
A written request for the removal of personal data must sent via email to: Data.Protection@UpCross.com. Please indicate 'right to be forgotten' in the subject line. UpCross will react within the legal one-month period.
The implication of the execution may be, that the invoice will not be carried out optimally or even can not be carried out at all.
In some cases, UpCross may not grant the request. This may be the case if, for example, there is a legal obligation to keep the data such as cooperating in criminal and/or tax investigation. The person concerned will be informed about this.
Persons authorized to register and consult personal data (both general and special data) are obliged to maintain confidentiality. One can only deviate from this if there is a legal or reasonable need to provide information to third parties.
UpCross processes personal data and wants to communicate about it as clearly and transparently as possible. The privacy statement provides answers to the most important questions about the processing of personal data by UpCross. The most recent privacy statement can be found here : https://www.UpCross.com/Legal/Privacy_Statement.html
Processing in customer administration
The Customer Relationship Management (CRM) application is used by staff of UpCross.
The purpose of this application is to provide customers with the correct information faster and to make these kind of administrative tasks more efficient.
Currently, we do not use any third party to host, maintain and deliver this CRM functionality. Instead, we use our own CRM application. This system is relatively tightly coupled with our sales administration system.
Processing in sales administration
The following processes are handled in the sales administration application:
To ensure that these processes run smoothly, general
personal data are recorded, such as name and address details, email addresses,
telephone numbers, date and place of birth.
The information you provide to us during the order process, is used exclusively for processing the order itself. This information is being used internally only and is not shared with other parties for commercial goals.
Processing this data by UpCross is based upon:
Users are free to withhold or withdraw permission. The consequence of the decision may be that the service is not optimal or can not be carried out at all.
Automatically collected non-personal data (by our website or service) will be used to improve our service. We may use and share aggregated non-personal information with third parties for marketing, advertising, and analytics purposes. We do not sell or trade your non-personal Information to third parties.
Provision to third parties
In order to optimally implement the services provided by UpCross, third parties are involved. It is sometimes necessary to provide personal data for their activities. In order to guarantee privacy, agreements are concluded with these parties on the use and security of personal data.
Typically shared data:
UpCross will only share your Personal Information with third parties to the
make use of software modules developed internally, to process your order and to
gather information about customer experience.
To settle a payment, we use an external party / payment service provider called Buckaroo.
UpCross provides various services, online platforms and websites, such as CyberTense.com. The hosting systems process (and temporary persist) some personal data.
This personal data concerns: names, address information, email addresses, membership information and IP addresses.
Preceding the processing of this data, UpCross always needs the users' consent. The user always has the possibility to withdraw his consent. This can be done by sending an email to Data.Protection@UpCross.com.
UpCross bases these processing operations on the following bases
Visitors are free to withhold or withdraw permission. It may be that such a decision means that the service is not optimal or can not be carried out at all.
We do not sell or trade your Personal Information to third parties.
Data in the sales administration records are saved as long as the person is seen as a customer. This is the case as long as the person not actively proposes or asks UpCross to undo its' membership. The data in the sales administration includes both personal data, persisted in our own sales system, and, for example, and bank details which are persisted with our third party payment processor Buckaroo.
Even after the membership ends, the data are still retained for the legally required term of seven years. Thereafter, the data of the ex-member is deleted or anonymized.
Security measures and
The security of your Personal Information is important to us.
No method of transmission over the Internet, or method of electronic storage is 100% secure. However, UpCross in its sole discretion undertakes a variety security measures aimed at protecting against unauthorized access, alteration, disclosure or destruction of Personal Information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology. It is your responsibility to safeguard your password and login details. If you know or suspect that your password is known to others, please contact us so we can take immediate measures.
While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the instructions provided in any email we send.
System messages such as invoices and reminders and messages that are essential for membership do not, according to the GDPR, have an opt-out option.
What happens in the event of a change of control
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.
With the help of a permanent cookie, UpCross registers that a visitor returns. The websites can thus be better adjusted to the preferences of this visitor. When a visitor has given permission for the placing of cookies, the websites can remember this by means of a cookie. This means that the visitor does not always have to repeat his preferences, which results in time savings and user-friendliness of the website.
Permanent cookies can be removed by the visitor via the settings of the browser.
Using a session cookie, UpCross registers which parts of the website the visitor has viewed during a specific visit. With this information, UpCross can adapt the services as much as possible to the surfing behavior of the visitors. These cookies are automatically deleted when someone closes his web browser.
Tracking cookies from UpCross
UpCross only places a cookie on visitors' equipment with permission. These can be requested as soon as the visitor visits a website from UpCross. With use of this cookie, a profile is built up that is not linked to a person with a name, address, e-mail address and the like. This profile is used to tailor personally relevant messages to the visitor. Tracking cookies can be removed by the visitor by configuring his browser.
Tracking cookies from advertisers
Only with permission advertisers may place tracking cookies on the equipment of visitors of website(s) of UpCross. They use these cookies to keep track of which pages from their network the visitor views, in order to build up a profile of that visitor's online surfing behavior. This profile is also built on the basis of comparable information that they receive from visiting other websites from their network. This profile is not linked to a person with a name, address, e-mail address and the like as known to UpCross. That profile is used to match advertisements with the visitor. These cookies can be removed centrally via Your Online Choices (http://www.youronlinechoices.com/) so that they are not returned to a third-party website.
The websites of UpCross may place a cookie from Google as part of the Analytics service. UpCross uses this service to keep track of and to receive reports on how visitors use the websites with the aim of improving user experience.
Google may provide this information to third parties
if Google is legally obliged to do so, or if third parties process the
information on behalf of Google. UpCross has no influence on this. As
a user, UpCross has allowed Google to use the obtained analytics information
for other Google services.
The information that Google collects is anonymized as much as possible. For example, IP addresses are not included. The information is transferred to and stored by Google on servers in the United States.
Websites of UpCross may contain buttons to promote or share web pages on social networks such as Facebook and Twitter. These buttons work through pieces of code that come from Facebook or Twitter itself. Only when such a button is clicked, cookies are placed on the visitor's computer.
The privacy statements of Facebook and Twitter state what they do with (personal) data that they process via these cookies. The information they collect is anonymized as much as possible. The information is transferred to and through Twitter, Facebook, Google and LinkedIn and stored on servers in the United States.
LinkedIn, Twitter, Facebook and Google adhere to the Privacy Shield principles and are affiliated with the Privacy Shield program of the US Department of Commerce. This means that there is an appropriate level of protection for the processing of any personal data.
Naturally, UpCross does everything to prevent that the personal data mentioned in this document ends up in the hands of parties who are not entitled to this data.
If this does happen however, it is a 'data breach'.
Article 34 of the General Data Protection Regulation provides that if a data breach takes place, this must be reported. Here we are talking about the leakage of personal data as a result of security problems. These data leaks must be reported to the supervisory authority, the Dutch Data Protection Authority (AP) without delay.
What is a data breach?
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
Procedure to communicate data leaks
Notifying UpCross (of suspicious event)
Any individual who suspects that a Personal Data Breach has occurred due to the theft or exposure of Personal Data must immediately notify UpCross providing a description of what occurred.
Notification of the incident can me made via email to: Data.Protection@UpCross.com
Upon a suspicion or reporting of a data breach, a security expert is tasked to thoroughly investigate the available logging, alerts or indicator(s) of compromise to determine if the case qualifies as a data breach, outlined by the GDPR. If so, this must be reported.
To the supervisor
As soon as a data breach has been confirmed by the security expert, this must be reported to the supervisor within 72 hours
To the user affected
After a data leak has taken place and it is probable that the leak will have adverse effects on the privacy of the user concerned, this user must receive a notification. This notification will contain at least the nature of the infringement, the bodies where more information about the infringement can be obtained and the recommended measures to limit the negative consequences of the infringement.
A key priority for UpCross is reducing any complaints we receive by addressing the underlying causes.
Please send an email with your complaints to Data.Protection@UpCross.com. We will actively seek to a solution. If this does not work satisfactorily, there is still the possibility to file a complaint with the privacy regulator, the Dutch Data Protection Authority.