Privacy statement of TPV Holding Europe B.V.
TECHNICAL AND ORGANIZATIONAL SAFETY MEASURES
TPV under art. 28 GDPR has the obligation to ensure the implementation of sufficient technical and organizational security measures. TPV shall ensure that appropriate technical and organizational security measures are implemented to protect your personal data against unauthorized or unlawful processing and unintentional loss, destruction or damage.
I. Description of the measures that ensure that only authorized personnel have access to the Processing of Personal Data:
TPV uses an authorization policy to determine who should have access to which data. Employees do not have access to more data on the basis of this system than is strictly necessary for their job.
II. Description of the measures to protect personal data against unintentional or unlawful destruction, accidental loss or alteration, unauthorized or unlawful storage, processing, access or disclosure:
Organization of information security and communication processes
- TPV has established an information policy plan in which an information security coordinator has been appointed who identifies risks relating to the processing of personal data, promotes security awareness, checks facilities and takes measures to ensure compliance with the information security policy.
- Information security incidents are documented and used for optimization of the information security policy.
- TPV has set up a process for communication about information security incidents (databreach procedure).
- With employees, confidentiality statements are agreed and information security agreements are made.
- TPV stimulates awareness, training including training with regard to information security.
- Employees do not have access to more data than is strictly necessary for their job based on an authorization system.
Physical security and continuity of resources
- Personal data are only processed in a closed, physically secure environment with protection against external threats.
- Personal data are only processed on equipment where measures have been taken to physically secure the equipment and to ensure the continuity of the service.
- Periodic backups are made for the continuity of the service. These backups are treated confidentially and stored in a closed environment.
- The locations where data are processed are secured by means of locks, alarm systems and video surveillance and are periodically tested, maintained and periodically assessed for safety risks. TPV maintains business continuity plans that include contingency locations.
Network, server and application security and maintenance
- The network environment in which data is processed is strictly protected. Traffic flows are separated and measures are implemented against abuse and attacks.
- The environment in which personal data are processed is monitored.
- The digital services and products in which personal data are processed are established on the basis of system planning, security control and acceptance. Changes in applications are tested for vulnerabilities before they are taken into production.
- On systems, the latest (security) patches are periodically installed on the basis of patch management.
- Data processed within applications are classified according to risks.
- Penetration tests and vulnerability assessments are performed periodically.
- Information that is no longer used is removed.
- Cryptographic measures have been applied to passwords to store these data securely.
- Encrypted connections are used for log-in processes. The exchange of personal data to third parties takes place encrypted.
III. Description of the measures to identify weak points with regard to the Processing of Personal Data in the systems:
The systems of TPV are periodically checked for safety. In addition, the security policy of TPV provides internal processes to identify vulnerabilities.
The processor constantly updates this information and informs users about changes to the measures taken to protect personal data against abuse via the TPV website. In case you detect security risks, please contact the helpdesk of TPV.
The way in which monitoring and identification of databreaches takes place:
TPV monitors its services 24/7 and has taken measures to prevent and identify unauthorized or unlawful access to data. Signals that indicate a Databreach are assessed by the security officer of TPV, who analyzes whether there may be a Databreach, the type of Databreach and whether this concerns a Databreach that falls under its role as processor or its role as controller.
The way information is shared:
If a Databreach occurs with regard to personal data that TPV processes as a processor, the controller is informed by or on behalf of TPV in principle within 24 hours after detection of a Databreach by e-mail. Depending on the situation, information can also be shared by our website and official social media channels and / or official distributors and / or commercial agents.
If a Databreach occurs with regard to personal data that TPV processes as controller, the Dutch Data Protection Authority will be informed within 72 hours after detection of a Data Leak, and in case of adverse consequences for data subjects, then these will also be informed in the manner provided for by the law, so that they can take measures.
For follow-up actions or questions, you can contact our helpdesk by telephone or e-mail via the data included in the privacy statement.
TPV shares the following information when a Databreach occurs:
- The characteristics of the incident, such as: date and time of determination, summary incident, feature and nature incident (on what part of the security it sees to, how did it occur, does it relate to reading, copying, changing, deleting / destroying and / or stealing personal data);
- The cause of the security incident;
- The measures taken to prevent possible / further damage;
- Identifying those involved who may be affected by the incident and the extent to which they may be affected;
- The size of the group of stakeholders;
- The nature of the personal data affected by the incident (in particular, special data, or data of a sensitive nature, including access or identification data or financial data).
In specific situations where this is needed or legally required, TPV can make a (first) notification of a Databreach to the Dutch Data Protection Authority.
Cookies are small text files that are stored on your computer or mobile device when you visit a website. In this statement we use “cookies” for convenience as an umbrella term for techniques such as cookies, flash cookies and web beacons. They do not take up much space and are automatically removed when they are no longer valid. Some cookies expire at the end of your Internet session, while others are stored for a certain period of time.
There are various types of cookies for different applications. Some only serve to let you browse through the website and view certain features. Others give TPV insight into your user experience, for example if you have trouble finding what you are looking for. This allows us to make improvements and make your future visit as enjoyable as possible.
Cookies set by TPV are called ‘first party cookies’. Cookies set by external parties are called ‘third party cookies’. Third party cookies ensure that functions or functionalities of third parties can be offered on or via the website (eg advertisements, interactive content and analyzes). The parties that set up these third party cookies can use this to recognize your computer or mobile device, both during your visit to the relevant website and on certain other websites. TPV uses both first and third party cookies for various reasons. The most important cookies are the required cookies. These are essential and help you navigate the website and use basic functions such as media plugins. Then there are functional cookies that ensure that you can save your shopping cart, create a wish list, and that your shipping details are stored for faster payment. Performance and analytical cookies are used to improve the website (s) or to be able to send relevant offers. To manage this, data is collected about browsing. These can be linked to a unique identifier, so that can be understood how you communicate with TPV on different platforms, as described in our privacy statement. Interactive cookies are used so that you can communicate with social media or submit assessments. Target, advertising cookies, and social media cookies remember your preferences to show you relevant ads outside of TPV sites. In addition, social media cookies can be used to track your activities on social media platforms.
1. Mandatory cookies. These are essential and help you navigate and search our website and use certain functions (eg these cookies ensure that your shopping cart is kept throughout the payment process). These cookies are required to activate core functionalities of the site. These cookies are stored for the duration of your browsing session.
2. Functional and analytical cookies. These exist so that we can offer you a better customer experience (these cookies, for example, ensure that you can store your shopping cart and that you can create a wish list). With these cookies the site usage can be analyzed, so that the performance can be assessed and improved. These cookies can be placed by TPV or a third party on its behalf and are stored for the duration of your browsing session.
3. Cookies for advertising and social media.
- These cookies remember your product and purchase preferences or support marketing efforts in other ways. With these cookies, data can be shared with advertisers, such as what you find interesting or fun, so that the displayed ads are tailored to your preferences (sometimes called “target cookies”).
- These cookies help to gain more insight into the shopping behavior of visitors. This enables TPV to continue to improve the website, making shopping easier and more enjoyable. This also includes marketing messages sent to customers (sometimes called “performance cookies”).
- These cookies are used when giving your opinion. These cookies allow you to “like” or recommend the website or content on social media and to chat with the customer service staff. You can also advise other (potential) customers by assessing products (sometimes called ‘interactive cookies’).
You can change your browser settings to remove certain cookies or to prevent them from being stored on your computer or mobile device without your explicit permission. The “help” section in your browser provides more information about how to manage your cookie settings. Here is more information about how this works for different browsers:
Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Adobe (flash-cookies): http://www.adobe.com/privacy/policies/flash-player.html
You can visit http://www.aboutads.info/choices or http://www.youronlinechoices.eu/ for more information on the options that some third parties offer to opt out of certain targeted advertising activities. You must visit these websites from your browser and device on which you wish to unsubscribe. Because the opt-out tools may differ by type of cookies, if you delete your cookies, you may have to visit these websites again to restore your preferences.