PRIVACY STATEMENT

1. INTRODUCTION

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018. As a result, the same privacy legislation now applies throughout the European Union (EU).
Van Iperen B.V. (referred to below as ‘Van Iperen’) respects your privacy. This Privacy Statement explains how we handle personal data.
This Privacy Statement applies to the collection, processing and use (referred to collectively below as ‘processing’) of personal data. Personal data may be processed as part of our business operations, and in connection with use of our website and our online service ‘My Iperen’. When processing personal data we act strictly in accordance with the GDPR.

If, after reading this Privacy Statement, you still have questions regarding the way we handle personal data, if you wish to exercise any of the rights conferred by the GDPR that are mentioned in this statement, or if you wish to submit a complaint concerning the use of your personal data, please contact us via privacy@iperen.com. If you are not satisfied with the way your complaint is handled, or if you would prefer not to submit your complaint to us, you may instead submit it to the Data Protection Authority (Autoriteit Persoonsgegevens), via its website www.autoriteitpersoonsgegevens.nl.

2. MEANING OF LEGAL TERMS
In view of the fact that many legal terms are used in the GDPR, we have set out the most important definitions below, to assist you as you read the rest of this document.
• Personal data: any information relating to a natural person who can be identified either directly or indirectly, such as a name, address, email address or telephone number.
•Data subject: the person to whom the personal data relates, or his/her representative.
•Processing of personal data: any operation performed on personal data, including:
-othe collection, recording and organisation of data;
-othe retrieval, alteration or accessing of data;
-othe supply of data to others;
-othe restriction or destruction of data.
•Processor (controller): the person or organisation which processes data on behalf of the controller.
•Processing agreement: an agreement in which the controller and the processor set out arrangements concerning the processing of personal data.

3. PURPOSE OF PROCESSING PERSONAL DATA
Data will be processed on the basis of one or more of the grounds listed below, as referred to in article 6 of the GDPR:
• Legal obligation
• Performance of a contract
• Consent of the data subject(s)
• Legitimate interests

Van Iperen will process the personal data solely for the purposes listed below:
• Measuring and improving customer satisfaction
-Market research
-Evaluations
-Handling of complaints and requests
• Informing customers and business associates
-Newsletters and news reports
-ViP customer magazine
-Invitations to events
-Marketing campaigns
•Improving online services
-Our website
-Iperen Connect™
-Iperen Connect™ Greenhouse
-Iperen Connect™ Field
• Complying with legal and statutory obligations
• Recruitment and selection

4. PERSONAL DATA WE PROCESS
We process the following data:
On each company:
• Company name
• Given name and surname of contact(s)
• Address
• Postcode
• Town/city
• Country
• Email address
• Crop
• Delivery instructions
• Size (in ha)
On each contact:
• Job title
• Date of birth
• Telephone number
• Email address

Only the minimum data needed for the purposes listed above will be processed.

5. DATA PROTECTION
We have taken appropriate technical and organisational safety precautions to protect your personal data from loss, misuse and unauthorised access by third parties. We have also stipulated that our ICT provider must also take such appropriate technical and organisational precautions.

6. RIGHTS OF DATA SUBJECTS
You have the right to enquire (via privacy@iperen.com) what data pertaining to you are stored, how long they are stored and for what purpose. This is described in article 10 of this statement. In the event that inaccurate data have been recorded, you have the right to have them amended. You may withdraw the consent you gave for the processing of your personal data at any time.

7. DATA BREACHES
A data breach is a security incident in which personal data are lost or in which incorrect processing of personal data may have occurred. In the event that a data breach is detected we will, within the statutory frameworks:

• determine the impact on all parties concerned
• ensure suitable measures are taken to limit the damage you incur
• ensure a suitable solution is put in place to prevent such a data breach in future
• notify you and the Data Protection Authority of the data breach, if applicable.

8. CONFIDENTIALITY OF PERSONAL DATA
We are obliged to keep all personal data that we process for you confidential vis-à-vis third parties. This applies to data that we receive from you and/or data that we collect ourselves.
In this connection, you may be assured of the following:
• We will ensure that all our staff comply with this duty of confidentiality. This refers to staff in the broadest sense of the word, and therefore includes interns and freelancers.
• This duty of confidentiality will not apply:
-if you have given your explicit consent for certain personal data to be shared with others or
-a legal obligation exists to supply certain personal data to another body or individual, such as the public prosecutions service.
• When we use the services of a third party we will unconditionally ensure that this party consents in writing to the same duty of confidentiality as we have agreed with you.

We will share your personal data with third parties only in so far as necessary to provide our services, taking into account the purposes specified above. We have entered into a processing agreement with the third parties who process your personal data on our behalf. This processing agreement contains arrangements pertaining to how these organisations handle your personal data.

9. MONITORING WEBSITE VISITS
When you visit or use our websites, services, applications, communication services (such as email) and tools, we may use cookies and other similar technologies to store information with the aim of offering you a better, faster and safer browser experience. We may in this process link customer data held by us to the websites, in order to tailor the content of our communications as closely as possible to your personal preferences.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."

10. STORAGE
Van Iperen will not store your personal data any longer than strictly necessary to achieve the purposes stated and to comply with legal obligations. We have a storage limitation policy which determines how long data are stored:

• Sending of newsletters:
Your email address and given name/surname will be stored with a mail service. Data will be stored for an indefinite period. You may unsubscribe at any time using the link at the bottom of the newsletter or by mailing info@iperen.com.
• Contacting us:
When you contact us by email the data you send, such as your name, company name and email address, will be stored on our mail server. These mails will be stored for a maximum of seven years.
• Visit to website:
When you visit our website your IP address and the pages you visit will be recorded. The data collected on the website are anonymous, so they are not linked to your name, company name or email address. These data will be stored in our analysis tools for an indefinite period.
• Compliance with contractual obligations:
-Name: three years after last transaction date or contact
-Address, postcode and town/city: six months after last transaction date or contact
-Contact details (telephone number and email address): six months after last transaction date or contact
-External payment history: six months after last transaction date or contact
-All other data: six months after last transaction date or contact

11. AMENDMENTS TO PRIVACY STATEMENT
We have the right to amend this Privacy Statement at any time, without prior notification. Amendments to this Privacy Statement will be published on our website. Please consult our website www.iperen.com regularly.

12. QUESTIONS AND CONTACT
If you have any questions or comments about this Privacy Statement and the processing of your personal data, please contact our Privacy Officer at privacy@iperen.com.