PRIVACY POLICY REFORAC B.V.

Protecting your personal data and your privacy is very important to us. This Privacy Policy applies when we process your personal data, for example when you or your company order our products or services or when you visit our websites and share your personal data with us.

In this Privacy Policy, we explain how we use the personal data and other information shared with us and/or collected by us. We process your personal data with due care and in accordance with the European General Data Protection Regulation (“GDPR”) and the Dutch implementing law (hereinafter together: “Privacy Act”).

We recommend that you read the Privacy Policy carefully and keep a copy for your own records.

  1. CONTROLLER

The controller is responsible for processing personal data:
Reforac B.V.
Located at H.W. Mesdaglaan 7, 2102 BB Heemstede, The Netherlands
Chamber of Commerce reg.no. 63191814

If you have any questions about the processing of your personal data, please contact our customer service at +31 (0)20-2117187 and info@reforac.com.

  1. WHAT KIND OF PERSONAL DATA DO WE COLLECT, FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS?

We may process your personal data in a number of situations, such as when you order our products, fill in a form on our website or send us an e-mail requesting information. Below we briefly describe the situations in which we process personal data, for what purposes and on what legal basis.

  • Customers

If you order products from us (online), we process personal data. This may include your (company) name, address details, e-mail address, telephone number and/or contact details, bank account, login details (including password) etc.

We use this personal data for the performance of the agreement you have concluded with us, for the invoicing of our products, for the collection of claims and to comply with obligations under laws and regulations.

In your account on the website you can view the company data, personal data, orders placed and invoices. Your login details (name and password) are used to secure your account. You can change your login details at any time via your account.

Finally, we may use your personal data to contact you (by telephone or e-mail) in order to answer your questions or comments and/or to provide you with the requested information or advice.

The legal basis for this processing of personal data is: necessary (i) for the performance of the contract with our customers, (ii) for the protection of our legitimate interests, or those of a third party, and/or (iii) to comply with a legal obligation to which we are subject.

2.2       Business relations
If you send us an e-mail with your request for information or fill in an order, contact or call-back form, we will process the personal data and information you provide in your e-mail or form. We may use this personal data to contact you (by telephone or e-mail) in order to answer your questions or comments and/or provide you with the requested information. We also process personal data of other business partners and relations, for example consultants, suppliers, potential customers, etc. We process the data in order to keep our business partners informed of developments within our company and of our products, among other things.

The legal basis for this processing of personal data is necessary for the purpose of our legitimate interests in the areas of customer relationship management and marketing.

2.3       E-mail newsletter
We may send our customers our e-mail newsletter on a regular basis, unless they object to this. In the near future, it will be possible to subscribe to our e-mail newsletter using the form on our website. In the newsletter, we will keep you informed about developments within our company and about our products. Of course, you always have the possibility to unsubscribe. This can be done by using the unsubscribe link in the newsletter or by sending an e-mail to info@reforac.com.

For sending the e-mail newsletter, we may process your name and e-mail address. The legal basis for this processing of personal data is: necessary for the fulfilment of our legitimate marketing interests.

2.4       Automatically generated data
Our website registers information about, for example, the pages visited, your clicks, surfing behaviour and searches. This information can be generated by means of, for example, cookies or other (similar) techniques (for more information, see our Cookie Statement).

We use the automatically generated information and your company data to perform analyses for internal research and statistical, strategic purposes, all in an aggregated form (“aggregated information”). This aggregate information cannot be traced back to you as an individual. We use the aggregate information to optimise our website, services and products and to learn more about the use of our website and products so that we can improve them.

The legal basis for the processing of this data is necessary for the fulfilment of our legitimate interests in marketing and optimising our website.

  1. HOW LONG DO WE KEEP AND PROCESS PERSONAL DATA?

We do not process your personal data longer than is necessary for the purpose for which it is processed. If we no longer need to process the personal data, we will delete or anonymise the personal data, unless (i) we have to comply with statutory retention periods (e.g. laid down in tax legislation) or (ii) a statutory obligation to provide evidence requires us to retain certain personal data for a longer period. In this case, only those personal data that are specifically necessary for that purpose will be retained for such longer period.

  1. HOW DO WE PROTECT PERSONAL DATA?

The security of personal data is a high priority for us. We will take appropriate technical and organisational measures to secure and protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, or against any other unlawful or unauthorised processing of such personal data. Taking into account the state of the art and the cost of their implementation, these measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be processed. The transmission of personal data requiring special protection is encrypted (e.g. using SSL = Secure Socket Layer). This can be seen from the padlock which the browser displays when an SSL connection is established. Technical security measures for the protection of your data are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies who, as processors, process and use data on our behalf and according to our instructions.

  1. WITH WHOM DO WE SHARE PERSONAL DATA?

We do not disclose personal data to third parties without your express consent, unless we are required to do so by applicable law or by order of the competent supervisory authority.

Processors
For the delivery of your order, the hosting of our website, the processing of your payment or other services related to, for example, the order of our products, the use of our website or our marketing, we may use other service providers. For example, the deliverer of the ordered products, the hosting provider of the website or the marketing agency. These suppliers (so-called ‘processors’) process the personal data exclusively on our behalf. We have concluded a processing agreement with the processors in which the processor is obliged to comply with all obligations under the GDPR and this Privacy Policy. For questions about these processors you can contact our privacy officer via info@reforac.com.

Processors outside the EEA
Some of our suppliers are located outside the European Economic Area (“EEA”). If these suppliers process your personal data on our behalf, we will ensure that appropriate safeguards are in place, which provide an equivalent and adequate level of protection of your rights and freedoms in accordance with the GDPR. We do this, for example, by ensuring that the supplier is bound by the model contractual clauses approved by the European Commission. For more information on the safeguards for transfers outside the EEA, please contact our privacy officer at info@reforac.com.

  1. YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA

At any time you can make a request to view, obtain, correct or limit your personal data through our customer service (info@reforac.com). We will always process your request without delay and inform you, in any event within one month after receipt of the request, of the action taken. If we are unable to comply with your request, we will always explain why. If we grant your request for the acquisition of your personal data, we will make the personal data available to you or to a third party designated by you in a standard format to be determined by us.

If you wish to withdraw your permission for the processing of personal data or object to the (further) processing of your personal data as referred to in article 2, you can also contact our customer service (info@reforac.com). We will process your request without delay, and in any event within one month, and remove the personal data in question, unless we are required to retain the personal data in question for a longer period of time on compelling legitimate grounds or due to a statutory obligation. If this is the case, we will inform you of this and justify our decision.

If you have any complaints about the way we process your personal data or handle your requests, please contact the management via info@reforac.com. If this does not lead to a solution, you can of course always make use of your right to submit a complaint to the Personal Data Authority (www.autoriteitpersoonsgegevens.nl) or appeal to the competent court.

Any other questions or comments about this Privacy Policy can be directed to our customer service department using the contact details provided in Section 1.

  1. REVISIONS OF THIS DECLARATION

Please note that this Privacy Policy may be revised, for example, as a result of revisions in the applicable legislation. The revised policy will be posted on our website. We recommend that you check our website and the Privacy Policy regularly.

The last revision took place in July 2021.

1 July 2021, Heemstede Netherlands