version number 1.2
date: 1 October 2021
Sitecom Europe BV (trading under the brand name 'Fresh 'n Rebel') attaches great importance to the responsible handling of (personal) data. Fresh 'n Rebel therefore processes and secures your personal data with care and with due observance of the stipulations of the law and regulations. This privacy statement provides information about the collection and processing of personal data by or on behalf of Fresh 'n Rebel.
Sitecom Europe B.V.
3011 TA ROTTERDAM
Chamber of Commerce: 24313551
Contact person for privacy: Alwin Klaij
Email: [email protected]
We clarify which personal data is collected and for what purposes it is used. We also explain how you can view, change or delete your data. We think it is important that you are well informed about this and recommend that you read this document carefully.
Sitecom Europe BV is responsible for the processing of personal data.
This privacy statement relates to all use that Fresh 'n Rebel can make or has made of the personal data it has obtained from everyone who has had contact with Sitecom and/or has visited our website(s).
We collect and process personal data for various purposes. The most important are: to be able to communicate with our customers, to be able to process their orders, to handle warranty and service questions correctly and to show relevant advertisements and make offers.
The persons whose personal data we process have certain rights with regard to their data. Those rights are included in this statement.
We reserve the right to make changes to this privacy statement. It is recommended that you consult this privacy statement regularly so that you are aware of these changes.
What data do we process and what do we use this data for?
The following personal data may be processed:
- address and/or contact details (including delivery address and billing address);
- date of birth;
- e-mail address;
- phone number;
- username and login details (including passwords);
- customer number/customer ID;
- information about your IP address, internet browser, language settings;
- payment details, such as bank account number (IBAN) and a creditworthiness test in case of post-payment;
- gift vouchers/gift cards/credit cards;
- order history, including selected delivery options;
- information about your use of our services and products, such as information about services you have used and/or contact with customer service;
- information about your preferences (such as preferences specified in the wish list), interests and surfing behaviour;
- data received from customer surveys and/or reviews;
- data obtained through contests; data to prevent fraud;
In principle, Fresh 'n Rebel's services are not aimed at persons under the age of 18. If you are under the age of 18 and it appears from our communications that services are offered to you, then use is only permitted under the supervision and after permission of the person who bears parental responsibility for that person under the age of 18.
We use your data for the following purposes, among others:
- to be able to execute the agreements concluded with you in the best possible way;
- identification purposes;
- to enable account creation and account security;
- electronic confirmations of registrations;
- to be able to process and send placed orders;
- to keep you informed about registrations and/or orders;
- communicate with you about orders and provide customer service;
- to be able to process your payments, for invoicing and keeping our (financial) administration up to date;
- to provide you with an optimal online shopping experience, for example by making interesting offers based on orders placed with Fresh 'n Rebel in the past;
- showing any shared experiences (reviews) to others (potentially interested in that product);
- to be able to organize contests and/or competitions;
- to keep you informed by e-mail about our offers, news and promotions and for customer surveys;
- to comply with laws and regulations and to prevent fraud as much as possible;
- creating and analysing visitor statistics.
You can contact Fresh 'n Rebel in several ways. You can reach our customer service via chat, email, or by writing to us. If you do so, Fresh 'n Rebel may obtain account and usage details as well as financial information about you, such as your customer number and the content of your question or complaint. We will ask for your account information to handle questions or complaints and may also approach you later for additional information. We can record our conversations/messages in a system together with your other data, so that we can give you the best possible assistance and can read back how we have answered your questions in the past. This is also useful for you as a customer: if you contact us later with a question about a previous problem, you don't have to explain the problem again. It is possible that after we have helped you with your question, we will approach you to ask if you are satisfied with the way you have been assisted.
When you call our customer service, these conversations are recorded for training purposes and to assess whether our employees are helping you properly. These recordings are only used for these purposes. We also analyse usage and account data about contact with you, so that we can improve our services. We have a legitimate interest in using your data for this purpose, namely to improve our services so that we can provide you with the best possible service.
It is also possible that we record (part of) our conversation with you when you place a new order or change an existing order. We have a legitimate interest in using your data for this purpose. We want to be able to prove what we have agreed with you. We will inform you about this before the recording starts.
We will also sometimes contact you to ask what you think of our services. We do this, for example, via e-mail. We use the answers you provide to improve our services. We can then contact you again later to discuss your answers. We have an interest in this use of your data, because by improving our services we can better serve our customers. If you no longer wish to be contacted, you can indicate this to our customer service.
If you communicate with us via social media (for example by sending a message, liking our post or by following us), we can receive and store personal data about you, such as the content of your message, (user) name, your profile picture, your place of residence, your e-mail address and your gender. We use the data received to respond to your message as well as possible and to gain better insight into the potential preferences of our customers. We have a legitimate interest in using the data received. By gaining insight into the preferences of our customers, we can better tailor our products and services to the interests of our customers. This allows us to ensure that even more people can use our products and services. The privacy statement of the relevant social media channel applies to the use of social media. However, this Privacy Statement applies to the data stored by us.
On what grounds ("legal grounds") is the use of your data based?
We use personal data based on the following grounds ("legal grounds");
- to implement the agreement, such as the agreement whereby the person concerned gains access to products or services ordered in the webshop or other products or services;
- after your permission, in the context of, for example, marketing;
- to comply with legal obligations (such as under the Licensing and Catering Act);
- where there is a legitimate interest in the processing, which may include the following "legitimate interests":
- our interest in maintaining a (commercial) relationship with our customers or members;
- our commercial interest to gain more insight into our users, our customers and their wishes. Are you obliged to provide the data?
- You are obliged to provide certain information. If you do not want to provide this information to us, we cannot enter into the agreement with you and therefore cannot execute the agreement.
- We also need certain information to comply with legal obligations, such as the Licensing and Catering Act.
How long do we store personal data?
We do not store personal data longer than is necessary for the purposes for which we process them. In general, we use the following retention periods:
Type of data
Customer data (such as: contact person name, address, e-mail address, telephone number, date of birth).
- Up to 7 years after the last transaction or up to 7 years after the last contact about a transaction.
Account details (email address, hashed password).
- As long as you have the account. We will keep the account until you delete it, because your orders and invoices are stored in it.
Billing data, transaction data and other financial data.
- 7 years, including on the basis of the statutory fiscal retention obligation.
Correspondence (about orders and complaints, for example).
- As long as you have an agreement or other relationship with us and up to 7 years thereafter.
IP address (partial).
- Up to a maximum of 12 months after the last website visit.
Information regarding newsletters.
- We keep registrations or unsubscribes for 5 years, we keep the newsletters sent for a maximum of 7 years.
Recorded phone calls.
- 3 months, unless there is a legal obligation to store them for longer.
Data to prevent fraud.
- 7 years, or as much longer as is desirable, depending on the nature of the information, also in view of the fact and the importance of preventing fraud.
Data regarding shopping experience / marketing / customer surveys / contests.
- 7 years.
Information related to a legal proceeding.
- As long as this is necessary for conducting legal proceedings (which also includes the enforcement phase) or for establishing our rights in legal proceedings and up to 5 years thereafter.
- It is possible that we anonymise data, as soon as it is no longer stored, and then store it and use it for statistical purposes, for example.
What rights do you have?
You have several rights with regard to the processing of personal data. Those rights are listed below:
- You may always ask Fresh 'n Rebel for an overview of the personal data that we have collected and - within the legal frameworks - request a copy of this (right of access);
- If your personal data has been processed incorrectly and/or incompletely in the administration by Fresh 'n Rebel, you can ask to correct or supplement this data (right to correction);
- If you do not want Fresh 'n Rebel to have registered certain data, you can request that this data be deleted (right to erasure or 'the right to be forgotten');
- You have the option to temporarily suspend the processing of personal data or to restrict its use (right to restriction);
- Under certain circumstances you can object to the (further) processing of personal data (right to object);
- You can request Fresh 'n Rebel to pass on personal data to a third party (right to transfer);
- If Fresh 'n Rebel receives personal data about you from a third party and processes that personal data, Fresh 'n Rebel will inform you - upon request - about the source from where this information was received.
- Making a request as mentioned under 3, 4 or 5 may result in the loss of the right to access purchased products or services, without the right to a refund. Incidentally, a request from a data subject does not have to be complied with if:
- Fresh 'n Rebel has a legitimate and/or compelling interest in such a refusal or 2) Sitecom can refuse cooperation to that request on another legal basis.
Most of your personal data can be found in your own account. You can log in there and change your details. For access to data that is not in your account, you can contact us directly.
Electronic commercial messages always contain an unsubscribe button so that you can unsubscribe from receiving these messages.
Sharing personal data with third parties. Sitecom will not sell or rent your personal data to third parties.
Sitecom may, however, use third parties that are engaged to provide services on behalf of or for Sitecom, such as for the execution of the agreement or as described in this statement.
Parties with whom Sitecom collaborates and by whom personal data may be processed include the following:
- government agencies;
- staff members;
- payment companies, web shops and printing companies;
- delivery partners;
- suppliers; support in the context of advertising and marketing campaigns, customer research and review partners;
- product support;
- IT service providers, such as for hosting and maintaining the websites;
- legal support;
- other external service providers.
Sitecom may also disclose your data without your specific consent in response to lawful requests by authorities, on the basis of subpoenas or court orders, in order to detect or prevent damage or fraud, theft or misuse, or to guarantee the security of Sitecom's network and services.
Processing outside the EEA
Personal data may be processed outside the European Union by the following third parties:
The following is noted in the context of the use of Google Analytics. We have concluded a processor agreement with Google to make agreements about the handling of your data. Furthermore, we have not allowed Google to use the obtained Analytics information for other Google services. Finally, we anonymize your IP address(es).
If your data is stored outside the EEA, we will ensure that this is done in a secure and lawful manner.
Security and data breaches
A data breach is - in short - any breach of security of personal data, as a result of which it is destroyed, lost, provided without authorization, passed on, stored or otherwise processed.
A data breach can occur accidentally, for example when customer data is forwarded to the wrong recipient, but it can also occur on purpose. In the latter case, this could be the theft of personal data by a hacker or the copying of a database with personal data by an employee who leaves the company.
Sitecom has taken technical and organizational measures with the aim of preventing data leaks.
Measures taken include:
- SSL/TLS connections for websites;
- that only the necessary persons have access to personal data, that access to the data is protected and that our security measures are regularly checked;
- that persons who have access to data are aware of the importance we attach to the protection of personal data;
- that persons who have access to data are bound by a non-disclosure agreement.
However, it cannot be completely ruled out that at some point there may be a data breach. Sitecom is obliged to keep a register of all data leaks and can be held liable for this by the Dutch Data Protection Authority. In addition, Sitecom is obliged to report a data breach to the Dutch Data Protection Authority within set periods, stating reasons.
Questions or complaints
Requests and questions about the processing of personal data and/or this privacy statement can be addressed to the persons mentioned on the first page.
What if you still have questions or complaints?
If you have any questions or complaints about the use of your data or about this privacy statement, please contact Sitecom Europe BV. The contact details are listed at the beginning of this privacy statement.