The privacy policy below is effective as of May 25, 2018.
UpCross (provider of CyberTense®) is a young and ambitious digital commerce company based in the Netherlands, which translates market demand into innovative concepts. Our overall goal is to empower people to make strong decisions - based on solid information, figures, sound principles and science - by giving them the tools and information they deserve.
UpCross processes personal data and wants to communicate clearly and transparently about it. In this privacy statement, UpCross provides information about how it processes personal data. Not all elements of the statement apply to you as a user of our website or service.
Introduction
UpCross values the
protection of the personal details of its members, partners and other
relations. Personal data are therefore treated and protected with the
utmost care by UpCross. UpCross meets the requirements set by the
General Data Protection Regulation.
This privacy policy describes how UpCross
registers, processes and stores personal data. Related topics, such as
exchanging and supplying data to third parties are also described.
This privacy policy encompasses all online and offline systems that contain
personal data and is applicable to all organizational units affiliated with UpCross.
Identity data processor
CyberTense® is an initiative of UpCross B.V.
Address:
Oldenzaalsestraat 495
755 GN Hengelo Ov.
The Netherlands
Chamber of Commerce
65584988 /
Enschede
VAT number
NL856172704B01
For any questions regarding privacy matters, please contact us by sending an
e-mail to Data.Protection@UpCross.com
IF
YOU DO NOT AGREE TO THE TERMS OF USE AND/OR THE PRIVACY POLICY OR OTHER
POLICIES, GUIDELINES OR INSTRUCTIONS POSTED ON THE SERVICE OR WEBSITE,
DO NOT USE THE SERVICE OR WEBSITE
Requirements processing personal data for associations
The GDPR has six bases for
processing personal data. To be allowed to process personal data, at least
one of these principles must apply:
Additional requirements
With this privacy policy, UpCross
also sets a number of additional guidelines for the processing of personal data
in addition to the legal requirements. This policy contains requirements
for members, users, administrators and designers of systems to ensure privacy
not only now but also in the future.
Personal data
Personal data refers to
information, which allows a person to be directly or indirectly identified as
an individual person. Examples of personal data include: email address, name and
date of birth.
In addition, the law distinguishes special personal data, such as information about health. This is information that can seriously affect someone's privacy. Therefore, this information may only be processed under strict conditions.
Systems
UpCross processes personal
data in various systems. These systems are hosted in European data
centers.
Right of inspection
If someone's personal data
is processed, this person has the right to know which data, for which purpose
these are being used exactly and with whom these may be shared. Someone
can only request information about themselves, not about others.
Automatically
collected data
Automatically
collected non-personal data (via our website or service) will be used to
improve our service. However, we may also share aggregated non-personal
information with third parties for marketing, advertising, and analytics
purposes. We will never sell these non-personal information to third parties.
With a written request it is possible to inspect the registered personal data and the processing that takes place. This request can be sent via email to: Data.Protection@UpCross.com Please indicate 'right of access' in the subject line. UpCross will react within the legal one-month period.
Right to be forgotten
Under the GDPR ruling, a
person has the right to be forgotten or to have personal data removed from the
administration of UpCross. UpCross must grant such a request in the
following situations:
A written request for the removal of personal data must sent via email to: Data.Protection@UpCross.com. Please indicate 'right to be forgotten' in the subject line. UpCross will react within the legal one-month period.
The implication of the execution may be, that the invoice will not be carried out optimally or even can not be carried out at all.
In some cases, UpCross may not grant the request. This may be the case if, for example, there is a legal obligation to keep the data such as cooperating in criminal and/or tax investigation. The person concerned will be informed about this.
Confidentiality
Persons authorized to
register and consult personal data (both general and special data) are obliged
to maintain confidentiality. One can only deviate from this if there is a
legal or reasonable need to provide information to third parties.
Privacy statement
UpCross processes personal
data and wants to communicate about it as clearly and transparently as
possible. The privacy statement provides answers to the most important
questions about the processing of personal data by UpCross. The most
recent privacy statement can be found here : https://www.UpCross.com/Legal/Privacy_Statement.html
Updates privacy policy
UpCross reserves the right
to make unilateral changes to this privacy policy. On this page you will,
however, always contain the most recent privacy policy used.
Changes on our privacy policy which affects the processing of already collected
or issued personal information, will be communicated to our users by e-mail. We
strive to communicate minor changes also via the electronic newsletter.
Processing in customer administration
The Customer Relationship Management (CRM) application is used by staff of
UpCross.
The purpose of this application is to provide customers with the correct
information faster and to make these kind of administrative tasks more
efficient.
Currently, we do not use any third party to host, maintain and deliver this CRM
functionality. Instead, we use our own CRM application. This system is
relatively tightly coupled with our sales administration system.
Processing in sales administration
The following processes
are handled in the sales administration application:
To ensure that these processes run smoothly, general
personal data are recorded, such as name and address details, email addresses,
telephone numbers, date and place of birth.
The information you provide to
us during the order process, is used exclusively for processing the order
itself. This information is being used internally only and is not shared with
other parties for commercial goals.
Processing this data by UpCross is based upon:
Users are free to withhold or withdraw permission. The consequence of the decision may be that the service is not optimal or can not be carried out at all.
Additional data
Automatically collected non-personal data (by our website or service) will be
used to improve our service. We may use and share aggregated non-personal
information with third parties for marketing, advertising, and analytics
purposes. We do not sell or trade your non-personal Information to third
parties.
Provision to third parties
In order to optimally implement the services provided by UpCross, third parties
are involved. It is sometimes necessary to provide personal data for their
activities. In order to guarantee privacy, agreements are concluded with
these parties on the use and security of personal data.
Typically shared data:
UpCross will only share your Personal Information with third parties to the
extent necessary to perform these functions, in accordance with the purposes set out in this Privacy Policy and applicable laws. We do not sell or trade your Personal Information to third parties.
We
make use of software modules developed internally, to process your order and to
gather information about customer experience.
To settle a payment, we use an external party / payment service provider called
Buckaroo.
Processing
UpCross provides various
services, online platforms and websites, such as CyberTense.com. The hosting
systems process (and temporary persist) some personal data.
This personal data concerns: names, address information, email addresses,
membership information and IP addresses.
Preceding the processing of this data, UpCross always needs the users' consent. The user always has the possibility to withdraw his consent. This can be done by sending an email to Data.Protection@UpCross.com.
UpCross bases these processing operations on the following bases
Visitors are free to withhold or withdraw permission. It may be that such
a decision means that the service is not optimal or can not be carried out at
all.
We do not sell or trade your Personal Information to third parties.
Persistence
Data in the sales
administration records are saved as long as the person is seen as a customer.
This is the case as long as the person not actively proposes or asks UpCross to
undo its' membership. The data in the sales administration includes both
personal data, persisted in our own sales system, and, for example, and bank
details which are persisted with our third party payment processor Buckaroo.
Even after the membership ends, the data are still retained for the legally
required term of seven years. Thereafter, the data of the ex-member is
deleted or anonymized.
Security measures and
protection
The security of your
Personal Information is important to us.
No method of transmission over the Internet, or method of electronic storage is 100% secure. However, UpCross in its sole discretion undertakes a variety security measures aimed at protecting against unauthorized access, alteration, disclosure or destruction of Personal Information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology. It is your responsibility to safeguard your password and login details. If you know or suspect that your password is known to others, please contact us so we can take immediate measures.
While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Communications
We may
use your Personal Information to contact you with newsletters, marketing or
promotional materials and other information that may be of interest to you. You
may opt out of receiving any, or all, of these communications from us by
following the instructions provided in any email we send.
System messages such as invoices and reminders and messages that are essential for membership do not, according to the GDPR, have an opt-out option.
What happens in the event of a change of control
If we sell or otherwise transfer part or the whole of UpCross or our assets to another organization (e.g. in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information such as name and email address and any other information collected through the service(s) or website(s) may be among the items sold or transferred. You will continue to own your User Content. The buyer or transferee will have to honor the commitments we have made in this Privacy Policy.
Cookies
Portions of our website
may use cookies. Cookies are small files which are stored on a user's computer.
They are designed to hold a modest amount of data specific to a particular
client and website, and can be accessed either by the web server or the client
computer. This allows the server to deliver a page tailored to a particular
user.
You can instruct your browser
to refuse all cookies or to indicate when a cookie is being sent. However, if
you do not accept cookies, you may not be able to use some portions of our Website.
Permanent cookies
With the help of a permanent cookie, UpCross registers that a visitor
returns. The websites can thus be better adjusted to the preferences of
this visitor. When a visitor has given permission for the placing of
cookies, the websites can remember this by means of a cookie. This means
that the visitor does not always have to repeat his preferences, which results
in time savings and user-friendliness of the website.
Permanent cookies can be removed by the visitor via the settings of the
browser.
Session cookies
Using a session cookie, UpCross registers which parts of the website the
visitor has viewed during a specific visit. With this information, UpCross
can adapt the services as much as possible to the surfing behavior of the
visitors. These cookies are automatically deleted when someone closes his
web browser.
Tracking cookies from UpCross
UpCross only places a cookie on visitors' equipment with permission. These
can be requested as soon as the visitor visits a website from UpCross. With
use of this cookie, a profile is built up that is not linked to a
person with a name, address, e-mail address and the like. This profile
is used to tailor personally relevant messages to the visitor. Tracking
cookies can be removed by the visitor by configuring his browser.
Tracking cookies from advertisers
Only with permission advertisers may place tracking cookies on the equipment of
visitors of website(s) of UpCross. They use these cookies to keep track of
which pages from their network the visitor views, in order to build up a
profile of that visitor's online surfing behavior. This profile is also built
on the basis of comparable information that they receive from visiting other
websites from their network. This profile is not linked to a person with a
name, address, e-mail address and the like as known to UpCross. That
profile is used to match advertisements with the visitor. These cookies
can be removed centrally via Your Online Choices (http://www.youronlinechoices.com/) so that they are not returned to a third-party
website.
Google Analytics
The websites of UpCross may place a cookie from Google as part of the Analytics
service. UpCross uses this service to keep track of and to receive reports
on how visitors use the websites with the aim of improving user experience.
Google may provide this information to third parties
if Google is legally obliged to do so, or if third parties process the
information on behalf of Google. UpCross has no influence on this. As
a user, UpCross has allowed Google to use the obtained analytics information
for other Google services.
The information that Google collects is anonymized as much as
possible. For example, IP addresses are not included. The information
is transferred to and stored by Google on servers in the United States.
Social networks
Websites of UpCross may contain buttons to promote or share web pages on social
networks such as Facebook and Twitter. These buttons work through pieces
of code that come from Facebook or Twitter itself. Only when such a button
is clicked, cookies are placed on the visitor's computer.
The privacy statements of Facebook and Twitter state what they do with
(personal) data that they process via these cookies. The information they
collect is anonymized as much as possible. The information is transferred
to and through Twitter, Facebook, Google and LinkedIn and stored on servers in
the United States.
LinkedIn, Twitter, Facebook and Google adhere to the Privacy Shield principles and are affiliated with the Privacy Shield program of the US Department of Commerce. This means that there is an appropriate level of protection for the processing of any personal data.
Data leaks
Naturally, UpCross does
everything to prevent that the personal data mentioned in this document ends up
in the hands of parties who are not entitled to this data.
If this does happen however, it is a 'data breach'.
Article 34 of the General Data Protection Regulation provides that if a data
breach takes place, this must be reported. Here we are talking about the
leakage of personal data as a result of security problems. These data
leaks must be reported to the supervisory authority, the Dutch Data Protection
Authority (AP) without delay.
What is a data breach?
A data breach is a security incident in which sensitive, protected or
confidential data is copied, transmitted, viewed, stolen or used by an
individual unauthorized to do so.
Data breaches may involve personal health information (PHI), personally
identifiable information (PII), trade secrets or intellectual property.
Procedure to communicate data leaks
Notifying UpCross (of
suspicious event)
Any individual who suspects that a Personal Data Breach has occurred due to the
theft or exposure of Personal Data must immediately notify UpCross providing a
description of what occurred.
Notification of the incident can me made via email to: Data.Protection@UpCross.com
Upon a suspicion or reporting of a data breach, a security expert is tasked to thoroughly investigate the available logging, alerts or indicator(s) of compromise to determine if the case qualifies as a data breach, outlined by the GDPR. If so, this must be reported.
To the supervisor
As soon as a data breach has been confirmed by the security expert, this must
be reported to the supervisor within 72 hours
To the user affected
After a data leak has taken place and it is probable that the leak will have
adverse effects on the privacy of the user concerned, this user must receive a
notification. This notification will contain at least the nature of the
infringement, the bodies where more information about the infringement can be
obtained and the recommended measures to limit the negative consequences of the
infringement.
Complaints
A key priority for UpCross
is reducing any complaints we receive by addressing the underlying causes.
Please send an email with your complaints to Data.Protection@UpCross.com. We will actively seek to a solution. If this does not work satisfactorily, there is still the possibility to file a complaint with the privacy regulator, the Dutch Data Protection Authority.
