PRIVACY STATEMENT OF TPV HOLDING EUROPE B.V.
TPV Holding Europe BV and all of its subsidiaries in Europe, herafter called TPV, aims for protecting your privacy optimally. In this privacy statement you can read which personal data TPV collects from you and how it is processesed. This privacy statement applies to personal data that is processed when you visit the TPV websites in the European Union. TPV uses the personal data you share with us to further improve our products and services and your experience. This privacy statement is intended to provide you with a clear overview of how TPV uses the personal data you provide, your rights and possibilities to manage your personal data and how TPV protects your privacy. It also states which personal data TPV collects when you visit its websites or stores or use its (mobile) apps and software products, as well as how TPV uses your personal data and with which third parties these data are shared. In this privacy statement you can also find out for what purposes your personal data can be used by TPV or its associated companies.
TPV reserves the right to make changes to its privacy statement, for example due to legislative changes. The most recent version can always be found on this page.
TPV is part of the TPV Technology Group and is based at Prins Bernhardplein 200, 1097 JB in Amsterdam, the Netherlands. The general email address is: email@example.com. For all correspondence concerning privacy-related matters, please contact the Data Privacy Officer of TPV by telephone on +31 20 504 6931 or by email at firstname.lastname@example.org.
This privacy statement has been updated on 1 June 2018.
With regards to this website, TPV acts as a data controller, and thus determines the purpose and means for the processing of personal data, and the provisions of this privacy statement apply. If reference is made in the following to TPV, this also means its subsidiaries. These subsidiaries of TPV are established in the European Union and are responsible for the processing of your personal data if you use the services of that company in these countries.
TPV uses the personal data you share with us to improve our products and services and to offer you an optimal experience. By means of this privacy statement TPV gives you insight into how it uses your personal data, protects and offers you the possibility to manage your personal data yourself. Insight is given into what personal data is collected about you when you visit our websites or make use of our services and products, apps and applications, and with which third parties TPV shares your personal data. TPV uses your personal data for the purposes described below.
The term “personal data” as used in this privacy statement covers all information about an identified or identifiable natural person, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements that are characteristic for the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. TPV collects various types of personal data including the following (if applicable).
In the unlikely situation that you need to contact the service channel of TP Vision, via the online portal or call center, you may be asked to share personalized information, like:
- Contact information, name, phone number and e-mail address;
- Home address;
- Proof of purchase, to validate warranty entitlement;
- Details of conversations that you may have with the customer care department.
The only purpose to collect this information is to provide the best service experience.
TPV also collects personal data through the use of its websites and apps for example:
- Websites: data about your visit and surfing behavior. When you visit one of the TPV websites, data is sent from your browser to its servers. Thus, TPV collects personal data such as:
o your IP address;
o date, time and duration of the visit;
o the referral URL (the site where the visitor came from);
o the pages visited on our website;
o and information about the device and browser (such as browser type and version, operating system, etc.)
- Location data: If you use a service on a mobile device where your location is enabled, we will give you a prior notice for permission to collect and process your current location data, for example via GPS signals sent by a mobile device. You can usually disable the sending of your location via the settings of your device. We always inform you when we use location data.
Most of the personal data that TPV collects about you is information that you provided voluntarily, for example through our websites, services or products, etc. Other sources through which your personal data are obtained:
- other parts of TPV; and
- third parties (such as credit rating agencies, law enforcement / regulatory bodies, etc.), which can also provide publicly available source data.
TPV will provide you with a copy of the personal data processed in this context, upon request.
The personal data that TPV collects, for example when you register for a TPV website, are used for identification and authentication. TPV creates a profile for you with the information required to provide you with products or services. These can also be combined with personal data obtained through other internal and external sources. This personal data can be used for the following purposes:
- Improvement of products and services: your personal data are processed to create a profile of you with the aim of understanding how you use our products and services, enabling TPV to develop better and more relevant products and services and to improve the website(s). Processing in this way is necessary for the legitimate interest of TPV to offer better products and services to you and other customers.
- Providing customer service: in case of contact with customer service, personal data are processed, for example your order data and contact history, in order to process your request and provide service. The legality of this processing lies in the necessity of processing for the execution of a contract with a company of TPV or if we have to comply with a legal obligation. If there is no necessity on the basis of any of these grounds, processing is deemed necessary for the purposes of the legitimate interest of TPV to ensure that the best possible service is provided.
- Marketing: If you register for newsletters, use the website, purchase online products or services or provide feedback on this, a profile of you is created. Processing in this way is necessary for the legitimate interest of TPV to generate proper files about you. Your profile will be created in accordance with your preferences to provide you with a good personalized experience, to send you personalized marketing messages and newsletters and for surveys. The way in which your personal data are used for these purposes is described below.o Retargeting: TPV websites and apps can use techniques for retargeting, with the aim of showing visitors, who were already interested in the products and / or services, advertisements on partner websites. As far as retargeting takes place, this is done on the basis of your explicit consent.
- Quality of data, profiling: if your personal data has been obtained through various sources, this data will be merged in certain cases to improve your understanding of your products and services (for example, data that you have provided directly, can be combined with data which are collected automatically, such as metadata, IP addresses, browser data, information obtained lawfully from third parties, and the like). This can be used to send you more personalized marketing messages or to create more effective marketing campaigns. Processing in this way is necessary for the legitimate interest of TPV to ensure that you receive the most appropriate offers of its products and to personalize your experience. You can opt out of combining personal data with the information obtained from other sources by contacting TPV.
- Analyses: personal data of you are used to perform analyses and investigations. Processing in this way is necessary for the legitimate interest of TPV to better understand customers and to ensure that services meet the needs of its customers. This concerns analyses, in which data (such as personal data and / or sensitive data obtained through the use of a TPV app or browsing history) are combined and stored to:a) learn more about customers and preferences;
b) identify patterns and trends;
c) to be able to deliver data, content and offers that are tailored to customer needs;
d) for general research and statistical purposes;
e) develop new products and services;
f) to monitor the performance of products and services and / or to improve the use of used technology;
g) send personalized marketing messages;
h) to show you online advertisements
- Analysis of TPV itself: by anonymizing your personal data and merging with other personal data of customers, analyzing the sales, supply chain and finances, determining how TPV performs and where improvements can be made. Processing of personal data in this way is necessary for the legitimate interest of TPV to measure how it performs and to determine how to improve it.
TPV will ask you for permission if it wishes to use your personal data for purposes other than those stated in this privacy statement. TPV will not use your personal data for other purposes before such permission is received.
TPV treats your personal information carefully and confidentially and does not share it with others other than those listed below.
Business units of TPV
Each business unit of TPV with whom you have contact may share a limited part of the personal data you provide during registration (f.i. your name, e-mail address, password and date of birth) with other components of TPV for registration and authentication purposes. Processing in this way is necessary for the legitimate interest of TPV to be able to execute a contract with you. Each business unit may share information from your profile with other entities of TPV or TPV if both entities are responsible for your personal data, or if the other entities act as our processors. Therefore, every part of the TPV group has access to all the data it is responsible for, so that it can comply with the law. Each subdivision of the TPV group may share your personal data anonymously and in in an assembled format with other business units of TPV (such as the parent company of the group and / or if necessary other subdivisions of TPV) for trend analyzes, is necessary for the purposes of their legitimate interest in analyzing their performance.
With service providers
Personal data, which you provide when in contact with customer service channels (your name, e-mail address, phone number, address, proof of purchase, details of conversations that you may have with the customer care department) with service providers, like repair centers.
Personal data, which you provide when you register with TPV (your name, e-mail address, password and date of birth), can only be shared by TPV with suppliers of cloud services, so that you can log in quickly and anywhere. If necessary, your personal data will also be shared with third parties who process your personal data on behalf of TPV solely for the purposes and on the legitimate grounds described above. These can be third parties in the areas of hosting, transport, payment and fraud management, credit rating agencies and analysis platforms. Strict agreements have been reached with these third parties regarding the processing of your personal data, including the exclusive use of your personal data in accordance with the instructions of TPV and the law.
Judicial bodies or supervising authorities
TPV will release personal data if required by law or on the basis of a court decision, to protect your interests, for investigations by law enforcement or regulatory authorities, to protect and defend the property and legal rights of TPV and to ensure the personal safety of users of the TPV services.
TPV will in general keep your personal data 39 months from your last contact with us, such as the date your account was deleted, your last purchase, the last time you used one of our apps, or in any other way of interaction or contact, unless a longer or shorter storage period is required by law, this is necessary in connection with legal processes, or is otherwise required for a particular purpose under the applicable legislation.
Below are examples to indicate how long TPV stores your personal data in relation to a specific purpose:
- Personal data obtained upon purchase are retained as required by tax laws (eg 7 years in the Netherlands);
- If you request to delete your personal data, TPV will try to delete your personal data within a maximum of one month after the request date;
- Personal data relating to promotions will not be retained for more than one month after the end of the offer.
Unless otherwise stated, your personal data will be stored and processed within the European Union. Occasionally, your personal data may be processed outside the European Economic Area (‘EEA’) in a country that does not offer the same level of protection under European law as the country where you normally use your products and / or services. This may occur, for example, if a processor is located outside the EEA, or uses sub-processors from outside the EEA, such as suppliers of cloud solutions. TPV will take the necessary steps in such cases to ensure that your personal data are adequately protected, such as carrying out security assessments and drawing up processor agreements with recipients to ensure that they take the same or comparable technical and organizational measures as TPV, so that your data is adequately protected.
TPV does not, as data controller, process any personal data of children under the age of 16. If this happens unintentionally, steps will be taken to remove this data as quickly as possible, unless the law requires that this data must be retained. If it is known that a child is older than 16 years, but according to the law is considered as a minor, permission from the parent / guardian will be requested before the personal details of that child will be used.
TPV fully complies with the obligations laid down in the General Data Protection Regulation, with the principle of transparency as paramount. To this end, TPV has implemented means to ensure that you can exercise any rights in connection with the processing of your personal data.
If you use products or services or have created an account, you can view your personal data via these websites, if the functionality exists. If your personal data are not available by the relevant website, you can submit an application free of charge to gain access to this information.
Upon receipt of your request and details to verify your identity (such as a copy of your passport), you will be provided with a copy of the personal data held by us, the origin of the data, the purposes for which the personal data are used and the recipients. You can also indicate that certain changes in personal data, if you qualify them as incorrect or irrelevant, must be implemented. You can also have your personal data blocked, erased or completely deleted (right to be forgotten). You may also contact us in writing to object to a certain use of your personal data, to limit its use or to request that your personal data be provided in a usable electronic format or to transfer it to a third party (right to data portability). All these applications are met by TPV within the framework of the legal obligations.
TPV will regularly update this online privacy statement in order to keep it easily findable, error free and up-to-date and to ensure that sufficient information is available about your rights and that TPV ‘s way (s) of processing have been implemented in accordance with the law and continue to comply with it. If major changes are made to this privacy statement, you will be informed via the websites on which an updated version of the privacy statement is published.
TPV wants to cooperate with you in a good way and always find a suitable solution for complaints or care about privacy. If you are of the opinion that we could not help you with your complaint or care, you have the right to file a complaint via the website of your supervising authority. TPV is vested in the Netherlands and as such subject to the Dutch Privacy Supervisory Authority.
TECHNICAL AND ORGANIZATIONAL SAFETY MEASURES
TPV under art. 28 GDPR has the obligation to ensure the implementation of sufficient technical and organizational security measures. TPV shall ensure that appropriate technical and organizational security measures are implemented to protect your personal data against unauthorized or unlawful processing and unintentional loss, destruction or damage.
I. Description of the measures that ensure that only authorized personnel have access to the Processing of Personal Data:
TPV uses an authorization policy to determine who should have access to which data. Employees do not have access to more data on the basis of this system than is strictly necessary for their job.
II. Description of the measures to protect personal data against unintentional or unlawful destruction, accidental loss or alteration, unauthorized or unlawful storage, processing, access or disclosure:
Organization of information security and communication processes
- TPV has established an information policy plan in which an information security coordinator has been appointed who identifies risks relating to the processing of personal data, promotes security awareness, checks facilities and takes measures to ensure compliance with the information security policy.
- Information security incidents are documented and used for optimization of the information security policy.
- TPV has set up a process for communication about information security incidents (databreach procedure).
- With employees, confidentiality statements are agreed and information security agreements are made.
- TPV stimulates awareness, training including training with regard to information security.
- Employees do not have access to more data than is strictly necessary for their job based on an authorization system.
Physical security and continuity of resources
- Personal data are only processed in a closed, physically secure environment with protection against external threats.
- Personal data are only processed on equipment where measures have been taken to physically secure the equipment and to ensure the continuity of the service.
- Periodic backups are made for the continuity of the service. These backups are treated confidentially and stored in a closed environment.
- The locations where data are processed are secured by means of locks, alarm systems and video surveillance and are periodically tested, maintained and periodically assessed for safety risks. TPV maintains business continuity plans that include contingency locations.
Network, server and application security and maintenance
- The network environment in which data is processed is strictly protected. Traffic flows are separated and measures are implemented against abuse and attacks.
- The environment in which personal data are processed is monitored.
- The digital services and products in which personal data are processed are established on the basis of system planning, security control and acceptance. Changes in applications are tested for vulnerabilities before they are taken into production.
- On systems, the latest (security) patches are periodically installed on the basis of patch management.
- Data processed within applications are classified according to risks.
- Penetration tests and vulnerability assessments are performed periodically.
- Information that is no longer used is removed.
- Cryptographic measures have been applied to passwords to store these data securely.
- Encrypted connections are used for log-in processes. The exchange of personal data to third parties takes place encrypted.
III. Description of the measures to identify weak points with regard to the Processing of Personal Data in the systems:
The systems of TPV are periodically checked for safety. In addition, the security policy of TPV provides internal processes to identify vulnerabilities.
The processor constantly updates this information and informs users about changes to the measures taken to protect personal data against abuse via the TPV website. In case you detect security risks, please contact the helpdesk of TPV.
The way in which monitoring and identification of databreaches takes place:
TPV monitors its services 24/7 and has taken measures to prevent and identify unauthorized or unlawful access to data. Signals that indicate a Databreach are assessed by the security officer of TPV, who analyzes whether there may be a Databreach, the type of Databreach and whether this concerns a Databreach that falls under its role as processor or its role as controller.
The way information is shared:
If a Databreach occurs with regard to personal data that TPV processes as a processor, the controller is informed by or on behalf of TPV in principle within 24 hours after detection of a Databreach by e-mail. Depending on the situation, information can also be shared by our website and official social media channels and / or official distributors and / or commercial agents.
If a Databreach occurs with regard to personal data that TPV processes as controller, the Dutch Data Protection Authority will be informed within 72 hours after detection of a Data Leak, and in case of adverse consequences for data subjects, then these will also be informed in the manner provided for by the law, so that they can take measures.
For follow-up actions or questions, you can contact our helpdesk by telephone or e-mail via the data included in the privacy statement.
TPV shares the following information when a Databreach occurs:
- The characteristics of the incident, such as: date and time of determination, summary incident, feature and nature incident (on what part of the security it sees to, how did it occur, does it relate to reading, copying, changing, deleting / destroying and / or stealing personal data);
- The cause of the security incident;
- The measures taken to prevent possible / further damage;
- Identifying those involved who may be affected by the incident and the extent to which they may be affected;
- The size of the group of stakeholders;
- The nature of the personal data affected by the incident (in particular, special data, or data of a sensitive nature, including access or identification data or financial data).
In specific situations where this is needed or legally required, TPV can make a (first) notification of a Databreach to the Dutch Data Protection Authority.
Cookies are small text files that are stored on your computer or mobile device when you visit a website. In this statement we use “cookies” for convenience as an umbrella term for techniques such as cookies, flash cookies and web beacons. They do not take up much space and are automatically removed when they are no longer valid. Some cookies expire at the end of your Internet session, while others are stored for a certain period of time.
There are various types of cookies for different applications. Some only serve to let you browse through the website and view certain features. Others give TPV insight into your user experience, for example if you have trouble finding what you are looking for. This allows us to make improvements and make your future visit as enjoyable as possible.
Cookies set by TPV are called ‘first party cookies’. Cookies set by external parties are called ‘third party cookies’. Third party cookies ensure that functions or functionalities of third parties can be offered on or via the website (eg advertisements, interactive content and analyzes). The parties that set up these third party cookies can use this to recognize your computer or mobile device, both during your visit to the relevant website and on certain other websites. TPV uses both first and third party cookies for various reasons. The most important cookies are the required cookies. These are essential and help you navigate the website and use basic functions such as media plugins. Then there are functional cookies that ensure that you can save your shopping cart, create a wish list, and that your shipping details are stored for faster payment. Performance and analytical cookies are used to improve the website (s) or to be able to send relevant offers. To manage this, data is collected about browsing. These can be linked to a unique identifier, so that can be understood how you communicate with TPV on different platforms, as described in our privacy statement. Interactive cookies are used so that you can communicate with social media or submit assessments. Target, advertising cookies, and social media cookies remember your preferences to show you relevant ads outside of TPV sites. In addition, social media cookies can be used to track your activities on social media platforms.
1. Mandatory cookies. These are essential and help you navigate and search our website and use certain functions (eg these cookies ensure that your shopping cart is kept throughout the payment process). These cookies are required to activate core functionalities of the site. These cookies are stored for the duration of your browsing session.
2. Functional and analytical cookies. These exist so that we can offer you a better customer experience (these cookies, for example, ensure that you can store your shopping cart and that you can create a wish list). With these cookies the site usage can be analyzed, so that the performance can be assessed and improved. These cookies can be placed by TPV or a third party on its behalf and are stored for the duration of your browsing session.
3. Cookies for advertising and social media.
- These cookies remember your product and purchase preferences or support marketing efforts in other ways. With these cookies, data can be shared with advertisers, such as what you find interesting or fun, so that the displayed ads are tailored to your preferences (sometimes called “target cookies”).
- These cookies help to gain more insight into the shopping behavior of visitors. This enables TPV to continue to improve the website, making shopping easier and more enjoyable. This also includes marketing messages sent to customers (sometimes called “performance cookies”).
- These cookies are used when giving your opinion. These cookies allow you to “like” or recommend the website or content on social media and to chat with the customer service staff. You can also advise other (potential) customers by assessing products (sometimes called ‘interactive cookies’).
You can change your browser settings to remove certain cookies or to prevent them from being stored on your computer or mobile device without your explicit permission. The “help” section in your browser provides more information about how to manage your cookie settings. Here is more information about how this works for different browsers:
Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Adobe (flash-cookies): http://www.adobe.com/privacy/policies/flash-player.html
You can visit http://www.aboutads.info/choices or http://www.youronlinechoices.eu/ for more information on the options that some third parties offer to opt out of certain targeted advertising activities. You must visit these websites from your browser and device on which you wish to unsubscribe. Because the opt-out tools may differ by type of cookies, if you delete your cookies, you may have to visit these websites again to restore your preferences.