Privacy Statement of PORTABL
Introduction PORTABL wants to optimally protect your privacy. In this privacy statement you can read which personal data PORTABL collects from you and how it is processed. This privacy statement applies to personal data that is processed when you visit the PORTABL website. PORTABL uses the personal data you share with us to further improve our products and services and your experience. This privacy statement is intended to provide you with a clear overview of how PORTABL uses the personal data you provide, your rights and possibilities to manage your personal data and how PORTABL protects your privacy. It also states which personal data PORTABL you collect when you visit its websites or stores or use its (mobile) apps and software products, as well as how PORTABL uses your personal data and with which third parties these data are shared. In this privacy statement you can also find out for what purposes your personal data can be used by PORTABL or its associated companies.
PORTABL reserves the right to make changes to its privacy statement, for example due to legislative changes. The most recent version can always be found on this page.
PORTABL is based at 31, Rue de Moncheret, in Belgium. The general email address is: info@PORTABL.com. For all correspondence concerning privacy-related matters, please contact us via legal@PORTABL.comThis privacy statement has been updated on 11 Dec 2018.
PORTABL as controller
With regards to this website, PORTABL acts as a data controller, and thus determines the purpose and means for the processing of personal data, and the provisions of this privacy statement apply. If reference is made in the following to PORTABL, this also means its existing and future subsidiaries. These subsidiaries of PORTABL are and will be established in various countries in the European Union / United States of America / China and are responsible for the processing of your personal data if you use the services of that company in these countries.
Introduction and scope of this privacy statement
PORTABL uses the personal data you share with us to improve our products and services and to offer you an optimal experience. By means of this privacy statement PORTABL gives you insight into how it uses your personal data, protects and offers you the possibility to manage your personal data yourself. Insight is given into what personal data is collected about you when you visit our websites or make use of our services and products, apps and applications, and with which third parties PORTABL shares your personal data. PORTABL uses your personal data for the purposes described below.
Personal data collected about you
The term “personal data” as used in this privacy statement covers all information about an identified or identifiable natural person, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements that are characteristic for the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. PORTABL collects various types of personal data including the following (if applicable):
Automatically collected information
PORTABL also collects personal data through the use of its websites and apps for example:
· Websites: data about your visit and surfing behavior. When you visit one of the PORTABL websites, data is sent from your browser to its servers. Thus, PORTABL collects personal data such as:
Sources of information
Most of the personal data that PORTABL collects about you is information that you provided voluntarily, for example through our websites, services or products, etc. Other sources through which your personal data are obtained:
PORTABL will provide you with a copy of the personal data processed in this context.
Use of your personal data
The personal data that PORTABL collects, for example when you register for the website, are used for identification and authentication. PORTABL creates a profile for you with the information required to provide you with products or services. These can also be combined with personal data obtained through other internal and external sources. This personal data can be used for the following purposes:
PORTABL will ask you for permission if it wishes to use your personal data for purposes other than those stated in this privacy statement. PORTABL will not use your personal data for other purposes before such permission is received.
Providing personal data?
PORTABL treats your personal information carefully and confidentially and does not share it with others other than those listed below.
Business units of PORTABL
Each business unit of PORTABL with whom you have contact may share a limited part of the personal data you provide with registration (if your name, e-mail address, password and date of birth) with other components of PORTABL for registration and authentication purposes. Processing in this way is necessary for the legitimate interest of PORTABL to be able to execute a contract with you. Each business unit may share information from your profile with other entities of PORTABL if both entities are responsible for your personal data, or if the other entities act as our processors. Therefore, every part of the PORTABL group has access to all the data it is responsible for, so that it can comply with the law. Each part of the PORTABL group may share your personal data and anonymous and assembled data with other business units of PORTABL (such as the parent company of the group and / or if necessary other parts of PORTABL for trend analyzes, is necessary for the purposes of their legitimate interest in analyzing their performance.
With service providers
Personal data, which you provide when you register for registration with PORTABL (your name, e-mail address, password and date of birth), can only share PORTABL with suppliers of cloud services, so that you can log in quickly and anywhere. If necessary, your personal data will also be shared with third parties who process your personal data on behalf of PORTABL solely for the purposes and on the legitimate grounds described above. These can be third parties in the areas of hosting, transport, payment and fraud management, credit rating agencies and analysis platforms. Strict agreements have been reached with these third parties regarding the processing of your personal data, including the exclusive use of your personal data in accordance with the instructions of PORTABL and the law.
Judicial bodies or supervising authorities
PORTABL will release personal data if required by law or on the basis of a court decision, to protect your interests, for investigations by law enforcement or regulatory authorities, to protect and defend the property and legal rights of PORTABL and to ensure the personal safety of users of the PORTABL services.
PORTABL will keep your personal data 38 months from your last contact with us, such as the date your account was deleted, your last purchase, the last time you used one of our apps, or in any other way of interaction or contact, unless a longer or shorter storage period is required by law, this is necessary in connection with legal processes, or is otherwise required for a particular purpose under the applicable legislation.
Below are examples to indicate how long PORTABL stores your personal data in relation to a specific purpose:
Data processing outside the EU and EEA
Unless otherwise stated, your personal data will be stored and processed within the European Union. Occasionally, your personal data may be processed outside the European Economic Area (‘EEA’) in a country that does not offer the same level of protection under European law as the country where you normally use your products and / or services. This may occur, for example, if a processor is located outside the EEA, or uses sub-processors from outside the EEA, such as suppliers of cloud solutions. PORTABL will take the necessary steps in such cases to ensure that your personal data are adequately protected, such as carrying out security assessments and drawing up processor agreements with recipients to ensure that they take the same or comparable technical and organizational measures as PORTABL, so that your data is adequately protected.
PORTABL does not, as data controller, process any personal data of children under the age of 16. If this happens unintentionally, steps will be taken to remove this data as quickly as possible, unless the law requires that this data must be retained. If it is known that a child is older than 16 years, but according to the law is considered as a minor, permission from the parent / guardian will be requested before the personal details of that child will be used.
PORTABL fully complies with the obligations laid down in the General Data Protection Regulation, with the principle of transparency as paramount. To this end, PORTABL has implemented means to ensure that you can exercise any rights in connection with the processing of your personal data.
Right of inspection, rectification, removal
If you use products or services or have created an account, you can view your personal data via these websites, if the functionality exists. If your personal data are not available by the relevant website, you can submit an application free of charge to gain access to this information.
Upon receipt of your request and details to verify your identity, you will be provided with a copy of the personal data held, the origin of the data, the purposes for which the personal data are used, the recipients and on which you based the law. You can also indicate that certain changes in personal data, if you qualify them as incorrect or irrelevant, must be implemented. You can also have your personal data blocked, erased or completely deleted (right to be forgotten). You may also contact us in writing to object to a certain use of your personal data, to limit its use or to request that your personal data be provided in a usable electronic format or to transfer it to a third party (right to data portability). All these applications are met by PORTABL within the framework of the legal obligations.
Changes to this policy
PORTABL will regularly update this online privacy statement in order to keep it easily findable, error free and up-to-date and to ensure that sufficient information is available about your rights and that PORTABL ‘s way (s) of processing have been implemented in accordance with the law and continue to comply with it. If major changes are made to this privacy statement, you will be informed via the websites on which an updated version of the privacy statement is published.
PORTABL wants to cooperate with you in a good way and always find a suitable solution for complaints or care about privacy. If you are of the opinion that we could not help you with your complaint or care, you have the right to file a complaint via the website of your supervising authority.
TECHNICAL AND ORGANIZATIONAL SAFETY MEASURES
PORTABL under art. 28 GDPR has the obligation to ensure the implementation of sufficient technical and organizational security measures. PORTABL shall ensure that appropriate technical and organizational security measures are implemented to protect your personal data against unauthorized or unlawful processing and unintentional loss, destruction or damage.
I. Description of the measures that ensure that only authorized personnel have access to the Processing of Personal Data
PORTABL uses an authorization policy to determine who should have access to which data. Employees do not have access to more data on the basis of this system than is strictly necessary for their job.
II. Description of the measures to protect personal data against unintentional or unlawful destruction, accidental loss or alteration, unauthorized or unlawful storage, processing, access or disclosure
Organization of information security and communication processes
PORTABL stimulates awareness, training and training with regard to information security.
Employees do not have access to more data than is strictly necessary for their job based on an authorization system.
Physical security and continuity of resources
Personal data are only processed in a closed, physically secure environment with protection against external threats.
Personal data are only processed on equipment where measures have been taken to physically secure the equipment and to ensure the continuity of the service.
Periodic backups are made for the continuity of the service. These backups are treated confidentially and stored in a closed environment.
The locations where data are processed are secured by means of locks, alarm systems and video surveillance and are periodically tested, maintained and periodically assessed for safety risks. PORTABL has business continuity plans that include contingency locations.
Network, server and application security and maintenance
The network environment in which data is processed is strictly protected. Traffic flows are separated and measures are implemented against abuse and attacks.
The environment in which personal data are processed is monitored.
The digital services and products in which personal data are processed are established on the basis of system planning, security control and acceptance. Changes in applications are tested for vulnerabilities before they are taken into production.
On systems, the latest (security) patches are periodically installed on the basis of patch management.
Data processed within applications are classified according to risks.
Information that is no longer used is removed.
Cryptographic measures have been applied to passwords to store these data securely.
III. Description of the measures to identify weak points with regard to the Processing of Personal Data in the systems
The systems of PORTABL are periodically checked for safety. In addition, the security policy of PORTABL provides internal processes to identify vulnerabilities.
The processor constantly updates this information and informs users about changes to the measures taken to protect personal data against abuse via the PORTABL website. In case you detect security risks, please contact the helpdesk of PORTABL.
Inform about Databreach and / or incidents related to security
The way in which monitoring and identification of databreaches takes place:
PORTABL monitors its services 24/7 and has taken measures to prevent and identify unauthorized or unlawful access to data. Signals that indicate a Databreaches are assessed by the security officer of PORTABL, who analyzes whether there may be a Databreach, the type of databreach and whether this concerns a Databreach that falls under its role as processor or its role as controller.
The way information is shared:
If a Databreach occurs with regard to personal data that PORTABL processes as a processor, the controller is informed by or on behalf of PORTABL in principle within 24 hours after detection of a Databreach by e-mail. Depending on the situation, information can also be shared by our website and official social media channels and / or official distributors and / or commercial agents.
If a Databreach occurs with regard to personal data that PORTABL processes as controller, the Dutch Data Protection Authority will be informed within 72 hours after detection of a Data Leak, and in case of adverse consequences for data subjects, then these will also be informed in the manner provided for by the law, so that they can take measures.
For follow-up actions or questions, you can contact our helpdesk by telephone or e-mail via the data included in the privacy statement.
PORTABL shares the following information when a Databreach occurs:
If a specific situation, PORTABL can make a (first) notification of a Databreach to the Dutch Data Protection Authority.