We value that our services are transparent, personal and reliable. We think it is important that you know exactly which personal data we collect and how it is used and shared. We describe the processing of your personal data in this Privacy Statement.
What is personal data?
The General Data Protection Regulation (GDPR) states that personal data is any information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to this person.
Spinoza Company B.V. (hereafter “Spinoza”), Singel 512, 5th floor, (1017 AX) Amsterdam, registered at the Dutch chamber of commerce under number 80912265 is responsible for the processing of personal data as set out in this privacy statement as a data controller.
For what purposes do we process personal data?
We only process your personal data for carefully defined purposes. Below you will find more information about the different purposes.
1 To send you an invite
Through our website it is possible to ask access to our community (store) and receive further information about our programs, products and/or other services. In order to send you an invite, we process data such as: First and last name and e-mail address. This purpose is necessary for the conclusion or performance of an agreement (Article 6 paragraph 1 sub b GDPR) and / or our legitimate interest (Article 6 (1) (f) GDPR).
2 To be able to process orders through our website
As soon as you have made an order, we process data such as: First and last name, data of birth (we only provide product and services to customer that are 21 years and older and this helps us verify your identity if you want to exercise your rights), address details, phone number, e-mail address and order information. If you have a personal account, then the data is (also) stored in your account. We also store information about previous orders and / or cancellations in your account. Payments are made through our payment provider Mollie (Mollie is a data controller. Please see the website of Mollie for more information). We do not process any financial data, other than if a payment was successfully processed for a specific order. This purpose is necessary for the conclusion or performance of an agreement (Article 6 paragraph 1 sub b GDPR).
3 To create and maintain your personal account for our website
You can create an account to make full use of our website. Your account contains your personal information, including name, surname, address, city, telephone number and e-mail address and past orders. You can of course always adjust the personal data you provide via your profile. This purpose is necessary for the conclusion or performance of an agreement (Article 6 paragraph 1 sub b GDPR).
4 To create and maintain your personal account for our app
You can create an account to make use of our app. Your account contains your personal information, including name, surname and e-mail address and (if applicable) past orders. Your account is also synchronized with your account on our website. You can of course always adjust the personal data you provide in the app or via your profile on the website. This purpose is necessary for the conclusion or performance of an agreement (Article 6 paragraph 1 sub b GDPR).
5 To perform analyzes and development of our website and app
- Location data
- IP address or app IDs
- Internet browser and device type
- Website language
The data from the functional and analytical cookies are not linked to the other data you may provide. The legal basis is our legitimate interest in efficient business operations (Article 6 (1) f GDPR).
We use marketing and/or targeting cookies and/or pixels that help us in providing you with adverts that are relevant based on your browsing habits and our website usage. They can also be used to allow third parties to display relevant and personalized ads to users through their networks, to measure the effectiveness of advertising campaigns and to limit the number of times you see the same advert.
Social media cookies / pixels allow us to interact more easily with social media, such as Facebook and Instagram. We do not control social media cookies and they do not allow us to gain access to your social media accounts. Please refer to the relevant social media platform’s privacy policies for information about their cookies. We use marketing cookies from Facebook, LinkedIn, HotJar, Google Analytics.
The legal basis for the use of marketing cookies is consent (Article 6 (1) a GDPR) that you provide by agreeing to the terms and conditions of the app and/or the cookie banner on our website. You always have the possibility to revoke your consent by sending such request to [email protected]
6 For customer service: handling questions / comments / complaints
You can call and email with us. To ensure that we can help you immediately we use the data available in our customer relationship management system, which includes your contact information, questions, used services, et cetera. This is necessary for the conclusion or performance of a contract (Article 6 (1) (b) GDPR) and / or our legitimate interest (Article 6 (1) (f) GDPR).
7 Marketing: including sending newsletters and promotions by e-mail
We can use your name, e-mail address and phone number for marketing purposes, for example for sending newsletters and/or promotions. You can sign up for the newsletter via our site. You will only receive newsletter (and/or other marketing e-mails) from us if you have given us permission to do so, or if you have enrolled in the Bionaut Fellowship (or other) services from us and have not indicated that you do not wish to receive the marketing messages.
We obtain some information without you immediately noticing. For example, if you read our electronic (news) letters. We collect this information by means of email pixels. With the help of the e-mail pixels, we know if and when an e-mail was opened and which links in the e-mail were opened. Based on this, we can measure the effectiveness of our marketing activities and offer a more personalized selection of news and/or offers based your interests.
We only collect this information if we have received your consent (which consent you can always easily revoke by e-mailing us). We ask for your consent when you sign up for our newsletter.
Would you rather not receive a newsletter anymore with an e-mail pixel? Unsubscribe via the email itself by clicking on “unsubscribe” or by emailing us at [email protected] with this request. The legal basis is for our marketing activities is our legitimate interest (Article 6 (1) f GDPR) and/or consent, which you give when you sign up for our newsletter (Article 6 paragraph 1 sub a GDPR).
Who do we share your data with?
In a number of cases, we provide your data to external parties. For example, the external service providers (inter alia, data processors) that help us process your personal data. However, we will never sell your data to other parties.
Processors who help us process your personal data may only use your data on our instructions and to perform the relevant services they provide to us. They may not use or pass on your data independently.
In some cases, we might be legally obliged to provide your data. For example, to governmental bodies. In all cases, we only share strictly necessary data.
Third parties who act as processor for us have entered into a processor agreement with us which, among other things, states that they will only process your data in accordance with our instructions, treat the data confidentially and secure it properly.
How long do we keep your data?
We keep this data for as long as is necessary for the purpose for which we use your data. And as long as the law obliges us to keep your data. Exactly how long that is differs. From a few months to many years, for example because that is necessary for our accounting.
We will store your data in any case as long as necessary, unless you ask us the delete data or your account via [email protected]. In case we have no further legal obligation to maintain your data, then we will delete your data within 30 days after your request.
How we protect your data
Pursuant to Article 32 of the GDPR, we are obliged to take appropriate technical and organizational measures to prevent the loss of personal data or unlawful processing.
We pay a lot of attention to properly securing personal data. For example, the (personal) data that you enter on the website during transmission is encrypted and the (personal) data is sent via a secure connection.
All our employees and external service providers have signed a confidentiality agreement. We handle information that you entrust to us with care. That is why only certain employees get access to your data.
We apply a high level of security for your data. The data is stored on a secure server, among other things. This server is only accessible to persons who are expressly authorized to do so. The building where the server is located is also well secured.
Where do we store your data?
We work with various applications to obtain and store certain data. To guarantee your privacy, we choose our suppliers carefully and these applications are bound by strict rules. Most data are stored within the European Union.
For the data that is sent outside the EU, we only work with parties that offer sufficient protection according to European rules. If we (possibly via our external service providers) process your data outside the EU, we will ensure adequate protection of your personal data. For example, by using special contacts to ensure this (for example, EU Standard Contractual Clauses).
You have the right to be well informed about what we do with your data and why we need your data. We do this by means of this privacy statement. In addition to the right to be informed transparently, you have the following rights:
- Right of access (if you want to know what data we collect from you);
- Right to rectification (we are happy to adjust all data that are no longer correct);
- Right to be forgotten (in some cases you can ask us to delete your data);
- Right to restriction of processing (in some cases you may ask us to limit the processing of your data);
- Right to data portability (if you wish, we can pass on your data to another party or give you a copy of your data);
- Right to object (in some cases you may object to the use of your data).
If you want to exercise one of your rights, you can contact us (see contact). We will respond to your request within one month.
If we need your consent
If we process your data on the basis of consent, you always have the right to withdraw your consent. You can easily do this by emailing [email protected]. If we have no other basis for the data that we process on the basis of consent, we will no longer use this data and delete it.
In case of complaints, for example about the way in which we use your data or how we respond to your privacy-related questions, you can submit a complaint to the Dutch Data Protection Authority.
If you have any questions about this Privacy Statement or want to exercise your rights as data subjects, you can contact us at [email protected].