Voor een volledige werking van de website plaatst Vendit cookies op uw computer. Daarnaast worden cookies geplaatst voor het bijhouden van bezoekersgedrag binnen Google Analytics. De cookies bevatten anonieme informatie en blijven maximaal 2 jaar in uw browser aanwezig. Deze informatie helpt ons bij het verbeteren van onze website. Wilt u meer informatie over hoe deze website om gaat met uw privacy en welke cookies worden opgeslagen, lees dan meer in dit PDF bestand over privacy en cookies: DDMA-handleiding-Cookiewet.
Vendit B.V., a company registered in The Netherlands with registered number 24270373 whose registered office is at ‘s-Gravenweg 433-437, 3065 SC Rotterdam, The Netherlands, along with its subsidiaries, divisions, and affiliates (“Vendit”), understands the importance of protecting and safeguarding your privacy and the security of your business data when you use our Vendit Cloud Services (VCS).
- Personal Data that we process to be able to provide you with the VCS service and for our own business purposes (“Your Personal Data”) and;
• Personal Data that we process solely on your behalf as part of the VCS service (“Business Data”).
A. YOUR PERSONAL DATA
This section A applies only to the processing of Your Personal Data and not to Business Data. Vendit is the data controller with regard to the processing of Your Personal Data.
Your Personal Data in VCS
Before registering to VCS you should read the Vendit Terms and Conditions carefully. These terms apply to VCS and describe in general your and Vendit’s rights about the collection and use of Your Personal Data. Once you have registered to VCS, we start using Your Personal Data to deliver VCS to you which means that we store Your Personal Data, use Your Personal Data and process Your Personal Data on behalf of you in the course of the performance of VCS.
After entering into the Vendit Agreement, you can always choose not to provide Your Personal Data to Vendit. In this event Vendit can’t guarantee to perform VCS to you as stated in the Vendit Agreement due to the fact that you might need to provide us Your Personal Data to be able to provide you with all the different functionalities of VCS.
Which Data does Vendit collect and for what purpose is it used?
Your Personal Data is collected through multiple channels. We collect Your Personal Data when you register to VCS, use VCS and contact our support team. Your Personal Data is classified in the following categories:
Contact Data: When you register to VCS it may be required to provide us with your contact Data such as your name, email address, physical address, and telephone number. We may use your contact Data to send you service-related messages, or to inform you about other Vendit products and services;
Communication Data: We log your IP-address, unique device-ID and may assign other electronic identifiers in order to properly deliver VCS or for security purposes;
Support Data: In the event you submit a support request we might need to collect the relevant support Data to fulfil your support request. This support Data can consist of contact or authentication Data and chat session personalization or any other Data which we need to solve your support request;
Payment Data: To complete the financial transactions we might need you to provide us your bank details, organizational tax ID or any other relevant Data;
Usage Data: We may record statistical information about your use of VCS to improve the user experience, to identify performance issues or other service malfunctions;
Location of Your Personal Data
In addition to the situation as described in section B, we will need to transfer Your Personal Data outside the country from which you register to VCS in the event this is necessary for us to operate VCS such as providing customer support, troubleshoot VCS or comply with legal requirements.
B. BUSINESS DATA
This section B applies only to the processing of Business Data and not to Your Personal Data. You are the data controller for the processing of your Business Data. Vendit acts as a data processor on your behalf and in accordance with your instructions and, as such, is not responsible for the lawfulness of the data processing we perform on your behalf. The responsibility and liability for Business Data is set out in section 18.c of the Vendit Terms and Conditions
Vendit’s rights to look into and use Personal Data
Our personnel is forbidden to access and use your Business Data unless you have given us your explicit permission for this under the condition that this access by our personnel (customer support, consultants and administrators) is necessary to operate VCS or to support your use of VCS. When permission to access is granted, this access is carefully controlled and logged and our personnel is obligated to follow our internal security policy regarding the handling of your Business Data. Our personnel will not process Business Data without your explicit consent.
The operational processes and controls which govern access and use of Personal Data in VCS by our personnel are rigorously maintained and regularly verified by accredited audit firms.
How you manage the access and use of your Business Data
The user management of VCS, including providing access and granting and revoking of permissions within your area of VCS, is your own responsibility. VCS will provide functionality for creating and deactivating users and setting permissions to ensure support of segregation of duties. Log in details are personal to the individual user and must not be shared with other users.
Retention, removal and retrieval of Business Data
All Business Data entered in VCS will be stored and retained for the duration of the Vendit Agreement. After termination of the Vendit Agreement the Business Data will be no longer accessible to you. Data will be retained for an additional 90 days as a grace period. During the grace period the contract can be re-activated without losing Business Data. After the grace period the Business Data will be permanently removed from storage.
Location of Business Data
The infrastructure is configured in a redundant configuration. The Business Data is stored in a multitenant environment and the datacenter guarantees a high availability.
Applications developed by other companies
To protect Business Data from unauthorized access, use, modification or accidental loss and destruction, Vendit has taken technical and organizational measures for the security of the processing of your Business Data (see section C). Should any security breach occur that significantly impacts Business Data you will be notified as soon as reasonably possible once the breach has been determined. The term “security breach” shall be understood to mean: any breach of the security measures as set out in the headers ”Security measures to protect Personal Data” in section C leading to the loss of or unauthorized processing of Business Data.
Any notifications pursuant to the event of a security breach shall be addressed to your contact person as stated in the Vendit Agreement.
C. ALL PERSONAL DATA
This section C applies to the processing of all Personal Data (including both Your Personal Data and Business Data). Support in the case of termination of the Vendit Agreement If the Vendit Agreement is terminated, you have the possibility to download all Data up to the last day of the vendit Agreement. These backup files are provided in open format and are accessible with free tools. In addition, various export formats (csv and xml) are available to export Data.
Data protection legislation
Vendit is committed to compliance with all applicable country-specific data privacy laws in line with the applicable law as agreed upon in the Vendit Terms and Conditions. Protecting the privacy and security of Personal Data is of the highest importance to Vendit: therefore, we conduct our business by abiding by the laws on data privacy and security that apply to Vendit in its role of an IT service provider.
Law enforcement requests
Accordingly, we will not disclose Personal Data to a third party (including law enforcement, other government entities or civil litigants) except as described above under “Subcontractors”, as you direct us or as required by law, an ordinance, or a court order.
Vendit shall treat all Personal Data as strictly confidential and shall inform all its employees, agents and/or sub-contractors engaged in processing the Personal Data of the confidential nature of such Personal Data. Vendit shall ensure that all such persons or parties are bound by similar confidentiality obligations.
Security measures to protect Personal Data
Vendit shall take technical and organizational measures for the security of the processing of the Personal Data. These measures shall include, but not be limited to:
a) the prevention of unauthorized persons from gaining access to data processing systems (physical access control);
b) the prevention of processing systems from being used without authorization (logical access control);
c) ensuring that persons entitled to use a data processing system gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorization (Data access control);
d) ensuring that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of Personal Data transmission facilities can be established and verified (Data transfer control);
e) ensuring that measures are implemented for subsequent checking whether Personal Data have been entered, changed or removed (deleted), and by whom (input control);
f) ensuring that Personal Data Processed are processed solely in accordance with the Instructions (control of instructions);
g) ensuring that Personal Data are protected against accidental destruction or loss (availability control);
h) ensuring that Personal Data collected for different purposes can be processed separately (separation control).
The internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transferring Personal Data over the internet is at your own risk and you should only enter VCS or transfer Personal Data to and within VCS by using a secure environment. Vendit strongly advices you to connect to VCS via secure and encrypted channels (https and/or VPN). All recommendations for increasing the security or mitigating security issues will be promptly investigated and implemented when applicable.
Despite the above mentioned measures, you are solely responsible for implementing appropriate security measures for Personal Data processed when using VCS in accordance with data protection laws applicable to them.
The availability and security of VCS will be audited by independent auditors annually. A control framework is designed managing defined risks in these areas