Updated — July 2020
NORBr BV, a Dutch company, whose head office is located at Jan van Galenstraat 335, 1061AZ, Amsterdam (hereinafter referred to as “NORBr“, “we“, “us” or “our“).
As data controller, we respect your right to privacy and will only process personal information you provide to us in accordance with applicable data protection laws and as described in this policy (Applicable data protection laws include (i) the General Data Protection Regulation (Regulation 2016/679) (“GDPR“); and (ii) all other existing or new applicable laws relating to or impacting on the processing of information of a living person and privacy.
If you have any questions about how we collect, store and use your personal information, or if you have any other privacy-related questions, please email us. More information on how to contact us to exercise your data subject rights below.
Definition and nature of personal data
As a result of your use of the application NORBr, or NORBr’s website (hereinafter referred to as the “Application“), we may require you to provide us with your personal data, so that you have the possibility to use the services.
The word “personal data” means any data that enables a person to be identified. When your identity can’t be discerned from the information we collect (anonymous data), it is not considered as a personal data.
We can use several communication channels and tools to collect personal data from you.
As a visitor of our Application
As a user of our Application and/or services
When you use our Application and/or services, we may collect directly from you or from a third party, use, store and transfer the following personal data:
- When you register to our Application as a Merchant or a Service Provider, we may ask you to provide us with personal data relating to you and/or your company, such as full name, email address, your company’s website.
- When we process your payment as a customer of one of our Merchants, we may collect, store and process personal data related to your transaction. This may include your billing and/or delivery address, phone number, transaction amount, date of purchase, payment method, credit or debit card number, bank account information, date of birth, and any additional information that may be required in order to process your transaction.
- When securing our Application and services against external cyber risks, when preventing from fraud attempts, or when complying with laws and regulations in force related to anti-money laundering and counter-terrorism financing, we may collect technical details regarding your device, your internet access or your transaction, directly or through our data security and firewall providers, in order to comply with our obligations.
- When sending promotional information or content during our marketing activities, we may collect identifying data from third-party sources such as publicly available sources, data in the public domain and/or partners, in accordance with the requirements stated in the article 14 of the GDPR.
The legal basis of our processing of your personal data are the following:
- The legitimate interest resulting from your voluntary provision of your personal data when visiting the Application, as these data are aimed at enabling us to better answer to your information requests about our services
- Processing is necessary for the performance of the contract to which you are party for purposes of using our services on our Application
- When the processing of your data is necessary to comply with the legal obligations to which we are subject
Your personal data is processed to meet one or several of the following requirements
- To manage your access to the services provided through the Application and their use
- To constitute a file of registered members, users, customers and prospects
- To send newsletters, entreaties and promotional advertisements. In case you do not wish so, you have the possibility to opt-out of receiving such communications when your data are collected
- To provide you with interconnexion proposals with other users of the Application. In case you do not wish so, you have the possibility to opt-out of receiving such proposals when your data are collected
- To investigate, prevent or take actions against illegal activities, suspected fraud or any other situations involving potential threats
- To process a payment and provide associated customer service
- To develop a business intelligence that enables us to analyze and improve the implementation of our services
- To provide our client with any aggregated statistical data
- To provide commercial and service use statistics
- To market our services and send communications accordingly
- To manage customer’s opinions on products, services or contents
- To customize our answers to your information requests
- To respect our legal and regulatory requirements.
- To manage your requests for the recruitment process.
We inform you, when collecting your personal data, whether some of these data are mandatory or optional. Mandatory data are necessary for the provision of the services. You are free to provide or not optional data. We will also inform you of the possible consequences of failure to reply.
Below you will find an overview of:
- the categories of personal data that we (or third-party data processors acting on our behalf may collect) use and store about you
- the purposes for which this information would be collected
- the legal basis for processing.
|Topic||Categories of personal data||Purpose(s) for processing||Legal basis for processing|
|User / Customer||Contact details||Provision of the service||Processing is necessary for the performance of the agreement between you and us|
|End customer||Contact details, credit card details, order and transaction details||Provision of the services : process payments||Processing is necessary for the performance of the agreement between you and us and for our legitimate interest|
|Visitors||Technical, device and usage details||– Facilitate and enable our relationship with you as a prospective, new or existing Merchant or Service Provider – To use analytics to improve our website and our marketing/communications – To administer and monitor our website||Your consent and/or our legitimate interest|
Transfer of data
To data processors
Provided that data stored by NORBr are transferred to contract data processors on the basis of instructions, NORBr only uses a processor, which has been carefully selected and is subject to regular monitoring by NORBr and is bound by a data processing agreement to comply with the provisions in the law and the contract. In particular, contract data processors can only process the transferred data for the purposes designated by NORBr.
Within the NORBr group
A transfer of data internally to all NORBr subsidiaries worldwide also occurs.
Other transfer of data
Aside from this, personal data are only disclosed when permitted or required by law. Such disclosure can especially be legally permissible in the following situations:
- the processing is necessary for compliance with a legal obligation or for the purposes of the legitimate interests pursued by NORBr, like upon request of supervisory authorities,
- the processing is needed in order to protect your essential interests,
- the processing is required in order to perform a task which is in the public interest or in the exercise of governmental power which has been assigned to NORBr.
Data transmission to foreign countries
In connection with the purposes, we try to avoid as much as possible the transfer of personal information that we collect from you to third party data processors located outside the European Economic Area.
When we transfer personal information that we collect from you to third party data processors located in countries that are outside of the European Economic Area and which do not offer an adequate level of protection, we ensure the use of appropriate data transfer tools such as the entering into of the standard contractual clauses issued by the European Commission.
We will not disclose your personal data to any third party, except as described in this policy.
Subsidiaries/ affiliated companies and third-party processors
We may provide your personal information to NORBr subsidiaries/affiliated companies and to third party processors to process personal information on our behalf for the purposes set out above.
These parties are required to process such information based on our instructions and in accordance with this policy.
The third-party providers to whom we may disclose your personal data are:
- service providers under contract with us in the context of the services
- service providers under contract with us to in the context of performance management, learning and development, such as technology services
- our insurers and insurance brokers through employees’ benefits such as hospitalization insurance, pension groups
Business transfers (e.g., sale or acquisition of company)
Compliance with laws and legal proceedings
We may disclose your personal information where:
- we are required to do so by applicable law, by a governmental body or by a law enforcement agency,
- to establish or exercise our legal rights or defend against legal claims,
- to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
Personal data storage period
1- Data concerning current and potential customer management:
Your personal data shall be stored no longer than the time strictly necessary for the management of our commercial relations with you. However, any data providing the proof of a right or a contract and that must be stored in compliance with a legal obligation shall be so for the period stated by the legislation currently in force.
With regard to possible promotion operations towards visitors, their data may be stored for a period of three (3) years from the end of the commercial relations with them.
Personal data relating to potential Users may be stored for a period of three (3) years from their collection or the last contact from the potential Users.
Beyond that three-year period, we may contact you again to find out if you still wish to receive commercial solicitations.
2- Identity documents:
When exercising your right of access or correction, data relating to identity documents, if requested may be stored for the time limit provided for in the applicable law, namely one year. When exercising your right to object, these data may be archived for the limitation period provided for in the applicable law, namely three years.
3- Bank card data:
Financial transactions regarding payment of purchases and fees through the Application are entrusted to a payment service provider who is responsible for ensuring their proper application and their security.
For purposes of the services, this payment service provider may be recipient of your personal data concerning your bank card numbers, that this provider collects, processes and stores on our behalf.
By checking the checkbox provided on the Application to this end, you expressly consent to this storage.
In case you do not wish your personal data concerning your bank card numbers to be stored on the terms specified above, we shall not store these data beyond the time limit required for the completion of this transaction.
In any event, these data may be stored as intermediary archives, for evidence purposes in case of possible challenges to the transaction, for the period provided for under applicable law, namely 13 (thirteen) months from the debit date. This period may be extended to 15 (fifteen) months, in order to take into account the possible use of delayed debit card.
4- Management of opt-out systems:
All information taking into account your right to object shall be stored for at least 3 (three) years from the exercise of this right.
The term of storage of the cookies set forth in article 10 is 13 (thirteen) months.
We inform you that we take all necessary precautions, as well as all appropriate organizational and technical measures, to maintain the security, the integrity and the confidentiality of your personal data, including to prevent that they be distorted or damaged and that any unauthorized third-party access to them. We also use secured payment systems consistent with the state of the art and applicable regulations.
In this respect, we inform you that we respect the security measures implemented by our data hosting provider, the company Google Cloud Platform.
We inform you that your personal data are stored, for the term set forth above, on the servers of the company Google Cloud Platform.
Transfer outside the European union
Your data may also be hosted on the servers of the companies Google Cloud Platform, located outside the EU.
In such situation, Google Cloud Platform will ensure that the transfer offers guarantees in accordance with the GDPR, such as standard contractual clauses or the “Privacy Shield”, which offers an adequate level of protection according to the European Commission decision dated 12 July 2016 (please see the adequacy decision). For further information concerning the protection offered by the “Privacy Shield”, you can visit its website.
For more information on Cookies, please read our attached Cookies Policy.
Access to your personal data
In compliance with the GDPR, you have the right to access, rectify and delete any information concerning you. You can exercise this right and have the information concerning you by contacting us at the address [email protected].
Right to define instructions related to the processing of data after your death
You have the right to define instructions with regard to the storage, the erasure and the communication of your personal data after your death.
These instructions may be general directions, which are focused on all personal data concerning you. In such case, they must be registered with a digital trusted third party who is certified by applicable law.
By providing to us these instructions, you hereby expressly consent that they be stored, transmitted and carried out on the terms and conditions set forth herein.
You have the right to appoint in your instructions a person in charge of their execution. After your death, this person shall be entitled to take knowledge of these instructions and to request to us their implementation. Failing to such appointment, your heirs shall be entitled to take knowledge of these instructions and to request to us their implementation.
You may modify or revoke your instructions at any time, by writing to us at the abovementioned contact addresses.
Portability of your personal data
You have a right to portability of the personal data you have entrusted to us, understood as the data you have actively and deliberately declared when accessing to and using our Services. You are reminded that portability right does not apply on data that were processed on another basis than consent or the execution of a contract between us.
This right may be exercised free of charge, at any time, including when closing your account on the Site, so that you may recover and store your personal data.
In this context, we shall provide your personal data, by any appropriate means, in an open standard, currently used and machine-readable format, in compliance with the state of art.
Submission of a complaint before a supervisory authority
Restriction of processing
You have the right to obtain restriction of your personal data’s processing where one of the following applies:
- Within the period of verification that we carry out, if you contest the accuracy of your personal data;
- When the processing of these data is unlawful and you request the restriction of this processing, instead of erasing your data;
- When we no longer need your personal data, but you require their maintenance for the exercise of legal claims;
- Within the period of verification of the legitimate interests, if you have objected to the processing of your personal data.
What is a Cookie?
When browsing our NORBRs Application, cookies, pixels, tags and other trackers (hereafter referred to as the Cookies) are installed on your terminal.
A cookie is a small file, often encrypted, that is stored in your browser or device and is identified by a name. It is installed when you visit a site or application. Each time you return to the said site or application, the Cookie is retrieved from your browser or device. This ensures that each time you visit the site or application, the browser is recognized.
The installation of these Cookies is likely to enable us to access your browsing data and/or personal data concerning you.
Technical and functional Cookies
Technical and functional Cookies are necessary for the proper functioning of the Application and to provide you with our services. They are used throughout your navigation, in order to facilitate it and to carry out certain functions.
For example, a technical Cookie may be used to store your responses to a form or your preferences regarding the language or layout of the Application where such options are available.
These Cookies allow us to measure the number of visits, page views and user activity. If necessary, they may collect your IP address to know the city from which you are connecting. Analytical Cookies allow us to generate statistics on the use and navigation of our Application in order to improve our performances. The Cookies used also allow us to identify navigation problems and eventually to solve them.
We use the following Analytical Cookies:
|_AVESTA_ENVIRONMENT=prodEmailing analytics356 days_gaGoogle Analytics cookies2 years_gatGoogle Analytics cookies1 minute_gat__UA-176726647-1Google Analytics cookies1 minute_gidGoogle Analytics cookies1 day|
Content personalization cookies, advertising cookies and social network cookies
We may use such kind of cookies. You will be prompted to accept or refuse them as described here after
Your Cookies preferences
Cookies that can be installed without consent
Some cookies do not require your consent, such as: Technical or functional Cookies that are necessary for the operation of the Application; Certain Cookies for audience measurement or Cookies that enable to test different versions of the Application for the purpose of optimising editorial choices.
Acceptance or refusal of Cookies subject to your express consent
All other Cookies require your consent. These include Advertising Cookies, Social Network Cookies, Content Personalization Cookies and some Audience Analysis Cookies. You may freely choose to accept or decline the use of these Cookies.
You can accept or refuse these Cookies the first time you browse the Site or the first time you consult the Application.
You are free to withdraw your consent and more generally to change your preferences at any time via the following link (to be provided)
Your browser settings
It is also possible to set your browser to accept or reject certain Cookies.
Each browser offers different settings:
- For Internet Explorer: go to the “Settings” menu, then “Internet Option”. Click on “Privacy” and then “Advanced Privacy Settings”
- For Chrome: go to the Settings menu, then click on Confidentiality and Security. Finally, click on Authorisation and Cookies and website data;
- For Safari: go to the application Settings, then go to Safari. Click on Confidentiality and Security. You can now choose to block all Cookies;
- For Iphone: go to the Settings menu, then Safari, click on Cookies. You can now choose to block all Cookies;
- For Android: go to Chrome, click on the tag at the top right of the screen, then on Site settings and finally on Cookies. You can now choose to accept or block all Cookies.