|1.Why do we process your personal data?
We may process your personal data for the purposes described below.
To respond to your queries or communicate with you
We may process your personal data to respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions, suggestions, compliments or complaints, or when you request other information about our Services).
We may process your name, title, (business or private) contact details (including your email address, telephone number, name of your company) and any other information that you may provide to us in the open field entry of the contact form.
We process this information based on your consent, which can be withdrawn by you at any time.
For surveys or other (marketing) communication
With your consent, we may process your personal data to send you surveys on our products or Services, marketing communication, or to keep you updated on events, special offers, products and Services of DOSAS that may be of interest to you.
We may create profiles and analyze your interactions with our Services. This way we learn about your interests and can customize our communication to meet your personal interests.
We process your name, your email address and other (personal) data you may have shared with us.
We will engage in this activity with your consent, which can be withdrawn by you at any time.
For the development and improvement of products and services
We process aggregated personal data for various DOSAS business-related purposes, such as developing new products and Services, for enhancing, improving or modifying our Website and other digital channels, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
When possible, we use aggregated data. Sometimes we process personal data such as your name, your email address, your IP address, gender, place of residence, digits of your zip code and any other information mentioned in this Statement or otherwise provided to us by you.
We engage in these activities to manage our contractual relationship with you and/or because we have a legitimate interest.
For the technical and functional management of our Website
When you use our Services, we may collect certain information automatically from your device. We process this information to help you find information in a quick and easy way and to improve access to and functionality of our Website or other digital channels.
The information we collect automatically may include information such as your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g., country or city-level location), and other technical information. We may also collect information about how you interacted with our Services, including webpages you accessed, and links clicked.
We process this information for our legitimate business purposes.
When you purchase products, to process your order and manage our relationship with you
We use personal data to process your purchase and to deliver your order, to report the status of your order and to contact you about the transaction.
We process your personal data to carry out our purchase agreement with you and to deliver your order to you.
Compliance with laws and legal obligations and protection of DOSAS assets and interests
We will process your personal data as appropriate or necessary
- under applicable law, including laws outside your country of residence and including e.g. counterparty due diligence, money laundering, financing of terrorism and other crimes
- to comply with legal obligations
- to respond to requests from public and government authorities
- to enforce our terms and conditions and other applicable policies
- to protect our assets and/or operations
- to protect our rights, privacy, safety or property, and/or that of yours or others
- to allow us to pursue available remedies or limit the damages that we may sustain
We may also process aggregated data for audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements, for fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.
If so required, we may process your name, your contact information, your correspondence with DOSAS, your use of any of our products and/or services and any other information mentioned in this Statement or otherwise provided to us by you, if such is required for one of the purposes mentioned in the previous paragraph.
We may process this information to comply with a legal obligation (a, b and c) or process this information for our legitimate business purposes (d, e, f and g).
1.1. Cookies and similar tracking technology
We only use tracking cookies (cookies to provide you with relevant advertising, or technology that tracks your behavior), with your consent.
For further information about the type of cookies we use, the reason why we use them, and how you can control your cookies, please see our Cookie Statement.
2. With whom do we share your personal data?
We may share your personal data with:
- Our group companies, our third-party partners and suppliers, professional advisers (such as banks, insurance companies, auditors, lawyers, accountants or other professional advisors), and other parties (such as ICT, service providers, consulting or shipping providers), that process personal data on our behalf for purposes that are described in this Privacy Statement, in our Cookie Statement, or for the purposes notified to you when we collect your personal data. To ensure that your personal data is treated with a high level of protection, DOSAS has implemented the DOSAS Binding Corporate Rules (‘Privacy Rules for Customer, Supplier and Business Partner Data’), which ensure that every DOSAS legal entity applies the same level of protection to personal data. We have also agreed technical, organizational and contractual measures (such as data processing agreements) with third party suppliers to ensure that your personal data is exclusively processed for the purposes mentioned above and to ensure that your personal data is well secured.
- Any competent law enforcement body, regulatory, government agency, court, or other third party if we believe disclosure is necessary: (i) as a matter of applicable law or regulation (ii) to exercise, establish or defend our legal rights (iii)to protect your vital interests or those of any other person.
- Other parties in connection with corporate transactions: we may also, from time to time, share your data in the course of corporate transactions, such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business, assets, or stock, provided that we inform those parties that they can only process your personal data for the purposes disclosed in this Privacy Statement.
- Other parties, but only if you have consented to, or if you have instructed us to make such disclosure to such parties.
3. Where do we store your personal data?
Due to our global way of operating, data you provide to us may be transferred to or accessed by DOSAS’ affiliates and trusted third parties from many countries around the world. As a result, your data may be processed outside the country where you live, if this is necessary for the fulfillment of the purposes described in this Statement. Our main servers are in the European Economic Area, but our group companies and third-party suppliers operate around the world. This means that when we process your personal data, we may process it in any of these countries, subject to the following paragraph.
If you are residing in the European Economic Area: countries outside the European Economic Area may have data protection laws that are different to the laws of your country (and, in some cases, not as protective). However, we will always take steps to ensure that your information is processed by third parties in accordance with this Statement and that we comply with applicable legal requirements to ensure adequate protection for your information.
We will ensure that if your data is transferred to another country, it will continue to receive adequate protection, through DOSAS’ Privacy Rules for Customer, Supplier and Business Partner Data or through contractual arrangements with third parties. This may include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information, which require the recipient of the personal data, to protect the personal data they process in accordance with European Union data protection law.
4. How do we secure your personal data?
Your personal data are treated confidential, and we have taken technical and organizational security measures against loss or unlawful processing of this data. We use several security techniques including secure servers, firewalls and encryption, as well as physical safeguard of the locations where data is stored.
You should be aware that the transmission of information via the internet is not completely secure. Although we will do what we reasonably can to protect your personal data, we cannot guarantee the security of any personal data that you disclose online.
You accept the inherent security implications of using the internet and we will not be responsible for any breach of security unless we have been in breach of applicable laws, and then only to the limits set out in any relevant terms and conditions.
5. How long do we retain personal data?
We will retain your personal data for the period necessary to fulfil the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law. For example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements.
6. What requests can you make in relation to your personal data?
You have the following rights in relation to your personal data:
- You have the right to access, correct, update, or request deletion of your personal data. In addition, you can object to the processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. You can exercise these rights by contacting us using the contact details provided below.
- You have the right to withdraw consent (“opt-out”) of marketing communications we send you at any time. You can exercise this right by clicking the unsubscribe or opt-out link in the emails we send you. To opt-out of other forms of marketing, please contact us using the contact details provided below.
- Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- Whilst we would prefer you to come to us first with any complaints, you have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
7. Links to third party website and social media (such as YouTube, LinkedIn etc.)
We also offer the opportunity to create an account with us through your social network accounts .This will save you time in creating the account, as your sign-on credentials will be imported from your social network account. Please note that when you use this “social sign-on” option, we may receive certain information via the social network, such as your name, age, location, preferences, occupation, and your other publicly available personal data.
This information is not requested by us but is provided automatically by the social network using the social sign-on option. After having created your account, you will have the opportunity to supplement it with any information you want to share with us.
8. Personal data of children who are below the age of 16
If you are below the age of 16, we urge you to ask one of your parents or legal guardians and have their written permission before submitting any of your personal data to us.
If you are a parent, we recommend you monitor your child’s use of our Services and ensure that we do not receive any personal data from your child without your written permission. If you have any question regarding your child’s personal data, please contact us.
9. How to contact us
If you have any questions or concerns about our use of your personal data, please contact us using our contact us form or the following details:
The legal entity that is responsible for the processing of your personal data as set out in this Privacy Statement is DOSAS.