Privacy Statement by Online Star Register
Online Star Register (also referred to below as ‘we’, ‘us’ or ‘our’) processes Personal Data as a Controller within the meaning of the GDPR. We would like to provide you information about this. We view it as our responsibility to protect your privacy as much as possible and to give you an understanding of how we do this.
In this document, we will explain which Personal Data from you we process and for which purpose and pursuant to which basis we process this Personal Data.
Online Star Register: Online Star Register B.V., listed in the Dutch Trade Register under number 60333553.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Data Subject: a data subject as referred to in Article 4(1) of the GDPR.
Cookies: cookies and scripts.
Personal Data: personal data as referred to in Article 4(1) of the GDPR.
Processor: the processor as referred to in Article 4(8) of the GDPR.
Processing: processing as referred to in Article 4(2) of the GDPR.
Controller: the controller as referred to in Article 4(7) of the GDPR.
Website: the website which can be approached through www.osr.org and any sub-pages thereof.
3. Processing of your Personal Data by Online Star Register
3.1. Performance of agreement
First, we process your Personal Data for the purpose of delivering our services/products. We may process the following Personal Data from you for this purpose:
1. name and address information (and company name if you opt for this);
2. e-mail address;
3. financial information, such as your bank account number;
4. other Personal Data which you yourself mention in the text card;
5. telephone number;
6. other Personal Data which you yourself post on your ‘Unique Star Page’, which may include text, photographs and videos.
The basis for such Processing is performance of the agreement which you have concluded with us.
Second, we process your Personal Data if you try to contact us through our contact form on the Website or through [email protected]. This enables us to respond to the questions you have. We process the following Personal Data from you for this purpose:
2. e-mail address;
3. other Personal Data which you yourself mention in your message to us.
The basis for such Processing is a legitimate interest on our part, specifically, responding to the questions which you yourself ask us. Thus, we process the Personal Data concerned only to contact you in order to respond to your questions.
Third, we process your Personal Data to deliver our newsletter to you if you have registered for this (separately or during the order process). We process the following Personal Data from you for this purpose:
2. e-mail address.
The basis for such Processing is a legitimate interest on our part, specifically, keeping you informed of news, discount codes / offers and new products and services.
3.4. Information about business gifts
Fourth, we process your Personal Data to inform you (at your request) about business gifts. We process the following Personal Data from you for this purpose:
2. e-mail address;
3. company name;
4. other Personal Data which you yourself mention in your request to us.
The basis for such Processing is a legitimate interest on our part, specifically, informing you about the possibilities concerning business gifts.
4. Retention period
We do not retain your Personal Data for any longer than necessary for the aforementioned purposes for which we process it, unless we are required by law to do so. We apply the following specific retention periods:
1. For the purpose ‘Performance of agreement’, we retain your name and address information, financial information and telephone number for a 20-year period after you placed your last order. For this purpose, there is no specific retention period for your e-mail address or other Personal Data which you yourself mention in the text card or post on your Unique Star Page.
2. For the purpose ‘Contact’, we retain your Personal Data for a 5-year period after our last contact with you.
3. For the purpose ‘Newsletter’, we retain your Personal Data for a 1-year period after you have registered for the newsletter.
4. For the purpose ‘Information about business gifts’, we retain your Personal Data for a 5-year period after we have informed you about business gifts.
5. To comply with our statutory obligation regarding VAT returns, we retain your invoice address and bank information for a 10-year period.
If we process your Personal Data for multiple purposes, your Personal Data will be removed once the last current retention period has lapsed.
6. Sharing your Personal Data with third parties
In several cases, we need to share the Personal Data which we process from you with third parties. This pertains to the following situations:
1. in providing our services and delivering our products, for instance, if you opt for the recipient (a third party) to know from whom the gift came or if you use your own Unique Star Page (which may be made public on the Website);
2. to fulfil the legal obligations which we have, such as notification to the Dutch Data Protection Authority [Autoriteit Persoonsgegevens] (a third party);
3. in engaging external suppliers (third parties), for example, our ICT supplier and hosting party.
If we use external suppliers and these parties process Personal Data for us, then we will conclude a GDPR-compliant data processing agreement with these parties. If these parties do not process Personal Data for us, then they themselves will be responsible for Processing this Data and will therefore be bound by the GDPR.
7. Security of your Personal Data
We have taken appropriate technical and organisational measures to combat the misuse, loss, and unwanted disclosure of your Personal Data and unauthorised access and impermissible changes to this Data.
If you have questions about our securing your Personal Data or if you suspect misuse of your Personal Data, you can contact us through [email protected].
8. Data Subjects’ rights
Right to access
You are entitled to be told by us at your request whether we are processing your Personal Data and, if so, to obtain access to this Personal Data and further information concerning the Processing of this Data. At your request, we will send you a copy of the Personal Data which we are processing from you. If you ask us for additional copies, we may (based on the administrative costs) charge a reasonable fee.
Right to rectification
You are entitled to obtain immediate rectification by us of incorrect Personal Data relating to you. Subject to the purposes of the Processing described above, you are entitled to have the incomplete Personal Data supplemented, for example, by furnishing a supplemental statement to us.
Right to erasure of Data
At your request, we will, without unreasonable delay, erase the Personal Data relating to you in the following cases:
1. the Personal Data is no longer necessary for the purposes for which it has been collected or otherwise processed;
2. you object to the Processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the Processing, or you object to the Processing pursuant to Article 21(2) GDPR;
3. the Personal Data has been unlawfully processed;
4. the Personal Data has to be erased for compliance with a legal obligation under EU or Dutch law to which we are subject;
5. the Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Right to restrict Processing
At your request, we will restrict the Processing of Personal Data relating to you in the following cases:
1. the accuracy of the Personal Data is contested by you (for a period enabling us to verify the accuracy of the Personal Data);
2. the Processing is unlawful, and you oppose the erasure of the Personal Data and request the restriction of its use instead;
3. we no longer need the Personal Data for the purposes of the Processing, but it is required by you for the establishment, exercise or defence of legal claims;
4. you have objected to Processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.
Right to data portability
You are entitled to receive, in a structured, commonly used and machine-readable format, Personal Data which we are processing from you pursuant to the bases ‘performance of agreement’ and ‘legitimate interest’. In addition, you are entitled to transfer this Data to another Controller (besides us), with you having the right to have the Personal Data concerned be transferred, if technically possible, directly from us to the other Controller.
Right to object
You may object, on grounds relating to your particular situation, at any time to the Processing of your Personal Data if we are doing this pursuant to the ‘legitimate interest’ basis. We will stop the Processing of your Personal Data in that instance, unless we put forward compelling legitimate grounds for the Processing which override your interests, rights and freedoms or which relate to the establishment, exercise or defence of legal claims.
You must understand, however, that objecting to the Processing referred to in this document or requesting erasure of Personal Data may result in our no longer being able to fulfil obligations towards you.
You may file a complaint with the Dutch Data Protection Authority at any time.
10. Final remarks
We will have to revise this document occasionally, because, for instance, the Website or the rules on Personal Data and/or Cookies have changed. We may modify the content of the Terms and Conditions unilaterally without notice. You can consult the Website for the latest version.
11. Contact information for Controller
If you have questions and/or comments, please contact Online Star Register.
Company: Online Star Register B.V.
Address: Laan van de Maagd 83 – NL-7324 BT Apeldoorn – The Netherlands
Telephone: (+31) (0)88-8000088
E-mail address: [email protected]