Privacy Policy

Updated — July 2020

About us

NORBr BV, a Dutch company, whose head office is located at Jan van Galenstraat 335, 1061AZ, Amsterdam (hereinafter referred to as “NORBr“, “we“, “us” or “our“).

This privacy policy tells you how NORBr shares and protects personal data about you as a visitor of our website norbr.com, a user of our Application or a direct customer of our Users, as such term is described under our terms and conditions.

As data controller, we respect your right to privacy and will only process personal information you provide to us in accordance with applicable data protection laws and as described in this policy (Applicable data protection laws include (i) the General Data Protection Regulation (Regulation 2016/679) (“GDPR“); and (ii) all other existing or new applicable laws relating to or impacting on the processing of information of a living person and privacy.

If you have any questions about how we collect, store and use your personal information, or if you have any other privacy-related questions, please email us. More information on how to contact us to exercise your data subject rights below.

If we decide to change the way we handle your information, we will post those changes in this privacy policy. For some changes, we will notify you more prominently and/or give you prior choice, depending on the legal requirements we will have to comply with. We reserve the right to make changes to our practices and this Policy at any time, provided that we follow the procedures above.

Definition and nature of personal data

As a result of your use of the application NORBr, or NORBr’s website (hereinafter referred to as the “Application“), we may require you to provide us with your personal data, so that you have the possibility to use the services.

The word “personal data” means any data that enables a person to be identified. When your identity can’t be discerned from the information we collect (anonymous data), it is not considered as a personal data.

We can use several communication channels and tools to collect personal data from you.

As a visitor of our Application

When you visit our Application, we may use cookies to collect, use, store and transfer the following data: IP address, device used during your visit with related information (OS, device model, etc.), browser type, referral website you are coming from, length of your visit and which pages you viewed, etc. Please refer to our cookie policy for additional information.

As a user of our Application and/or services

When you use our Application and/or services, we may collect directly from you or from a third party, use, store and transfer the following personal data:

  • When you register to our Application as a Merchant or a Service Provider, we may ask you to provide us with personal data relating to you and/or your company, such as full name, email address, your company’s website.
  • When we process your payment as a customer of one of our Merchants, we may collect, store and process personal data related to your transaction. This may include your billing and/or delivery address, phone number, transaction amount, date of purchase, payment method, credit or debit card number, bank account information, date of birth, and any additional information that may be required in order to process your transaction.
  • When securing our Application and services against external cyber risks, when preventing from fraud attempts, or when complying with laws and regulations in force related to anti-money laundering and counter-terrorism financing, we may collect technical details regarding your device, your internet access or your transaction, directly or through our data security and firewall providers, in order to comply with our obligations.
  • When sending promotional information or content during our marketing activities, we may collect identifying data from third-party sources such as publicly available sources, data in the public domain and/or partners, in accordance with the requirements stated in the article 14 of the GDPR.

Purpose of this privacy policy

The purpose of this privacy policy is to inform you of the means that we use to collect and process your personal data, with the strictest respect for your rights.

Data Processing

The legal basis of our processing of your personal data are the following:

  • The legitimate interest resulting from your voluntary provision of your personal data when visiting the Application, as these data are aimed at enabling us to better answer to your information requests about our services
  • Your consent to our use of cookies
  • Processing is necessary for the performance of the contract to which you are party for purposes of using our services on our Application
  • When the processing of your data is necessary to comply with the legal obligations to which we are subject

Your personal data is processed to meet one or several of the following requirements

  • To manage your access to the services provided through the Application and their use
  • To constitute a file of registered members, users, customers and prospects
  • To send newsletters, entreaties and promotional advertisements. In case you do not wish so, you have the possibility to opt-out of receiving such communications when your data are collected
  • To provide you with interconnexion proposals with other users of the Application. In case you do not wish so, you have the possibility to opt-out of receiving such proposals when your data are collected
  • To investigate, prevent or take actions against illegal activities, suspected fraud or any other situations involving potential threats
  • To process a payment and provide associated customer service
  • To develop a business intelligence that enables us to analyze and improve the implementation of our services
  • To provide our client with any aggregated statistical data
  • To provide commercial and service use statistics
  • To market our services and send communications accordingly
  • To manage customer’s opinions on products, services or contents
  • To customize our answers to your information requests
  • To respect our legal and regulatory requirements.
  • To manage your requests for the recruitment process.

We inform you, when collecting your personal data, whether some of these data are mandatory or optional. Mandatory data are necessary for the provision of the services. You are free to provide or not optional data. We will also inform you of the possible consequences of failure to reply.

Below you will find an overview of:

  • the categories of personal data that we (or third-party data processors acting on our behalf may collect) use and store about you
  • the purposes for which this information would be collected
  • the legal basis for processing.
Topic Categories of personal data Purpose(s) for processing Legal basis for processing
User / Customer Contact details Provision of the service Processing is necessary for the performance of the agreement between you and us
End customer Contact details, credit card details, order and transaction details Provision of the services : process payments Processing is necessary for the performance of the agreement between you and us and for our legitimate interest
Visitors Technical, device and usage details – Facilitate and enable our relationship with you as a prospective, new or existing Merchant or Service Provider – To use analytics to improve our website and our marketing/communications – To administer and monitor our website Your consent and/or our legitimate interest

Transfer of data

To data processors

Provided that data stored by NORBr are transferred to contract data processors on the basis of instructions, NORBr only uses a processor, which has been carefully selected and is subject to regular monitoring by NORBr and is bound by a data processing agreement to comply with the provisions in the law and the contract. In particular, contract data processors can only process the transferred data for the purposes designated by NORBr.

Within the NORBr group

A transfer of data internally to all NORBr subsidiaries worldwide also occurs.

Other transfer of data

Aside from this, personal data are only disclosed when permitted or required by law. Such disclosure can especially be legally permissible in the following situations:

  • the processing is necessary for compliance with a legal obligation or for the purposes of the legitimate interests pursued by NORBr, like upon request of supervisory authorities,
  • the processing is needed in order to protect your essential interests,
  • the processing is required in order to perform a task which is in the public interest or in the exercise of governmental power which has been assigned to NORBr.

Data transmission to foreign countries

In connection with the purposes, we try to avoid as much as possible the transfer of personal information that we collect from you to third party data processors located outside the European Economic Area.

When we transfer personal information that we collect from you to third party data processors located in countries that are outside of the European Economic Area and which do not offer an adequate level of protection, we ensure the use of appropriate data transfer tools such as the entering into of the standard contractual clauses issued by the European Commission.

Information sharing

We will not disclose your personal data to any third party, except as described in this policy.

Subsidiaries/ affiliated companies and third-party processors

We may provide your personal information to NORBr subsidiaries/affiliated companies and to third party processors to process personal information on our behalf for the purposes set out above.

These parties are required to process such information based on our instructions and in accordance with this policy.

The third-party providers to whom we may disclose your personal data are:

  • service providers under contract with us in the context of the services
  • service providers under contract with us to in the context of performance management, learning and development, such as technology services
  • our insurers and insurance brokers through employees’ benefits such as hospitalization insurance, pension groups

Business transfers (e.g., sale or acquisition of company)

We may share (or receive) information about you, including personal contact information, in the event of an acquisition, merger, sale, corporate restructuring, bankruptcy, or other similar event that involves or its parent or affiliated companies. If such an event occurs, we will take reasonable steps to require that your information be handled in accordance with this privacy policy, unless it is not practicable or permissible to do so and will make sure that any transfers outside the European Union is made on the appropriate legal basis.

Compliance with laws and legal proceedings

We may disclose your personal information where:

  • we are required to do so by applicable law, by a governmental body or by a law enforcement agency,
  • to establish or exercise our legal rights or defend against legal claims,
  • to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.

Personal data storage period

1- Data concerning current and potential customer management:

Your personal data shall be stored no longer than the time strictly necessary for the management of our commercial relations with you. However, any data providing the proof of a right or a contract and that must be stored in compliance with a legal obligation shall be so for the period stated by the legislation currently in force.

With regard to possible promotion operations towards visitors, their data may be stored for a period of three (3) years from the end of the commercial relations with them.

Personal data relating to potential Users may be stored for a period of three (3) years from their collection or the last contact from the potential Users.

Beyond that three-year period, we may contact you again to find out if you still wish to receive commercial solicitations.

2- Identity documents:

When exercising your right of access or correction, data relating to identity documents, if requested may be stored for the time limit provided for in the applicable law, namely one year. When exercising your right to object, these data may be archived for the limitation period provided for in the applicable law, namely three years.

3- Bank card data:

Financial transactions regarding payment of purchases and fees through the Application are entrusted to a payment service provider who is responsible for ensuring their proper application and their security.

For purposes of the services, this payment service provider may be recipient of your personal data concerning your bank card numbers, that this provider collects, processes and stores on our behalf.

By checking the checkbox provided on the Application to this end, you expressly consent to this storage.

In case you do not wish your personal data concerning your bank card numbers to be stored on the terms specified above, we shall not store these data beyond the time limit required for the completion of this transaction.

In any event, these data may be stored as intermediary archives, for evidence purposes in case of possible challenges to the transaction, for the period provided for under applicable law, namely 13 (thirteen) months from the debit date. This period may be extended to 15 (fifteen) months, in order to take into account the possible use of delayed debit card.

4- Management of opt-out systems:

All information taking into account your right to object shall be stored for at least 3 (three) years from the exercise of this right.

5- Cookies:

The term of storage of the cookies set forth in article 10 is 13 (thirteen) months.

Safety

We inform you that we take all necessary precautions, as well as all appropriate organizational and technical measures, to maintain the security, the integrity and the confidentiality of your personal data, including to prevent that they be distorted or damaged and that any unauthorized third-party access to them. We also use secured payment systems consistent with the state of the art and applicable regulations.

In this respect, we inform you that we respect the security measures implemented by our data hosting provider, the company Google Cloud Platform.

Hosting

We inform you that your personal data are stored, for the term set forth above, on the servers of the company Google Cloud Platform.

Transfer outside the European union

Your data may also be hosted on the servers of the companies Google Cloud Platform, located outside the EU.

In such situation, Google Cloud Platform will ensure that the transfer offers guarantees in accordance with the GDPR, such as standard contractual clauses or the “Privacy Shield”, which offers an adequate level of protection according to the European Commission decision dated 12 July 2016 (please see the adequacy decision). For further information concerning the protection offered by the “Privacy Shield”, you can visit its website.

Cookies

For more information on Cookies, please read our attached Cookies Policy.

Access to your personal data

In compliance with the GDPR, you have the right to access, rectify and delete any information concerning you. You can exercise this right and have the information concerning you by contacting us at the address [email protected].

Right to define instructions related to the processing of data after your death

You have the right to define instructions with regard to the storage, the erasure and the communication of your personal data after your death.

These instructions may be general directions, which are focused on all personal data concerning you. In such case, they must be registered with a digital trusted third party who is certified by applicable law.

These instructions may also be specific to the data processed by our company. You are then required to provide these instructions to us at this email address(mailto: [email protected]).

By providing to us these instructions, you hereby expressly consent that they be stored, transmitted and carried out on the terms and conditions set forth herein.

You have the right to appoint in your instructions a person in charge of their execution. After your death, this person shall be entitled to take knowledge of these instructions and to request to us their implementation. Failing to such appointment, your heirs shall be entitled to take knowledge of these instructions and to request to us their implementation.

You may modify or revoke your instructions at any time, by writing to us at the abovementioned contact addresses.

Portability of your personal data

You have a right to portability of the personal data you have entrusted to us, understood as the data you have actively and deliberately declared when accessing to and using our Services. You are reminded that portability right does not apply on data that were processed on another basis than consent or the execution of a contract between us.

This right may be exercised free of charge, at any time, including when closing your account on the Site, so that you may recover and store your personal data.

In this context, we shall provide your personal data, by any appropriate means, in an open standard, currently used and machine-readable format, in compliance with the state of art.

Submission of a complaint before a supervisory authority

You are informed that you have a right to submit a complaint before a supervisory authority which is competent in the member State in which your ordinary residence, your place of work or the place in which the infringement of your rights was committed (in France, the French Data Protection Authority — CNIL), if you consider that the personal data processing under this privacy policy is a violation of the applicable regulations.

This complaint submission may be exercised without prejudice of other legal action before any administrative or judicial court. In fact, you have also a right to effective administrative and judicial redress if you consider that the personal data processing under this privacy policy is a violation of the applicable regulations.

Restriction of processing

You have the right to obtain restriction of your personal data’s processing where one of the following applies:

  • Within the period of verification that we carry out, if you contest the accuracy of your personal data;
  • When the processing of these data is unlawful and you request the restriction of this processing, instead of erasing your data;
  • When we no longer need your personal data, but you require their maintenance for the exercise of legal claims;
  • Within the period of verification of the legitimate interests, if you have objected to the processing of your personal data.

Modifications

We reserve the right, at our sole discretion, to modify this privacy policy, in whole or in part. Any changes will be effective from the time of publication of the new privacy policy. Your use of the Application after the changes have been implemented implicitly expresses your acknowledgement and acceptance of the new privacy policy. Otherwise, and if the new privacy policy does not suit you, you must no longer use the Services provided by the Application.

Cookies policy

What is a Cookie?

When browsing our NORBRs Application, cookies, pixels, tags and other trackers (hereafter referred to as the Cookies) are installed on your terminal.

A cookie is a small file, often encrypted, that is stored in your browser or device and is identified by a name. It is installed when you visit a site or application. Each time you return to the said site or application, the Cookie is retrieved from your browser or device. This ensures that each time you visit the site or application, the browser is recognized.

The installation of these Cookies is likely to enable us to access your browsing data and/or personal data concerning you.

Cookies Identification

Technical and functional Cookies

Technical and functional Cookies are necessary for the proper functioning of the Application and to provide you with our services. They are used throughout your navigation, in order to facilitate it and to carry out certain functions.

For example, a technical Cookie may be used to store your responses to a form or your preferences regarding the language or layout of the Application where such options are available.

 

Analytical Cookies

These Cookies allow us to measure the number of visits, page views and user activity. If necessary, they may collect your IP address to know the city from which you are connecting. Analytical Cookies allow us to generate statistics on the use and navigation of our Application in order to improve our performances. The Cookies used also allow us to identify navigation problems and eventually to solve them.

We use the following Analytical Cookies:

_AVESTA_ENVIRONMENT=prodEmailing analytics356 days_gaGoogle Analytics cookies2 years_gatGoogle Analytics cookies1 minute_gat__UA-176726647-1Google Analytics cookies1 minute_gidGoogle Analytics cookies1 day

Content personalization cookies, advertising cookies and social network cookies

We may use such kind of cookies. You will be prompted to accept or refuse them as described here after

Your Cookies preferences

Cookies that can be installed without consent

Some cookies do not require your consent, such as: Technical or functional Cookies that are necessary for the operation of the Application; Certain Cookies for audience measurement or Cookies that enable to test different versions of the Application for the purpose of optimising editorial choices.

Acceptance or refusal of Cookies subject to your express consent

All other Cookies require your consent. These include Advertising Cookies, Social Network Cookies, Content Personalization Cookies and some Audience Analysis Cookies. You may freely choose to accept or decline the use of these Cookies.

You can accept or refuse these Cookies the first time you browse the Site or the first time you consult the Application.

You are free to withdraw your consent and more generally to change your preferences at any time via the following link (to be provided)

Your browser settings

It is also possible to set your browser to accept or reject certain Cookies.

Each browser offers different settings:

  • For Internet Explorer: go to the “Settings” menu, then “Internet Option”. Click on “Privacy” and then “Advanced Privacy Settings”
  • For Chrome: go to the Settings menu, then click on Confidentiality and Security. Finally, click on Authorisation and Cookies and website data;
  • For Safari: go to the application Settings, then go to Safari. Click on Confidentiality and Security. You can now choose to block all Cookies;
  • For Iphone: go to the Settings menu, then Safari, click on Cookies. You can now choose to block all Cookies;
  • For Android: go to Chrome, click on the tag at the top right of the screen, then on Site settings and finally on Cookies. You can now choose to accept or block all Cookies.