Privacy statement

Prepared on: 13/04/2023

Controller
Explanation of personal data and purposes
Principles
Sharing with third parties
Data security
Rights with regard to personal data
Cookies
Limitation of liability
Retention period
Transfer
Questions or complaints
Amendments

Privacy statement

Digicy.Cloud BV, also trading under the name MITE3 Cybersecurity (“MITE3 Cybersecurity”), located in and with offices at Paxtonstraat 3N, Unit C1997, in Zwolle (8013 RP) (Chamber of Commerce number: 71698892), attaches great importance to a responsible handling of personal data of its users. MITE3 Cybersecurity therefore processes your personal data in compliance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

In this privacy statement (“Privacy Statement”), MITE3 Cybersecurity informs you about the way in which MITE3 Cybersecurity processes your personal data and what rights you have in this regard.

This Privacy Statement applies to any processing of personal data of the users of MITE3 Cybersecurity. By “personal data” all information about an identified or identifiable natural person is meant. “Users” include visitors to the websites of MITE3 Cybersecurity, including mite3.nl, as well as buyers of its products and services. The user hereby declares to have read this Privacy Statement.

Our services and websites are not directed to children. If you are under the age of 16 and want to use our services, you must be assisted by a parent or guardian.

Article 1 Controller

MITE3 Cybersecurity is responsible for the processing of user data in the case when it determines the purpose and means of the data processing itself. Examples include data processing for marketing purposes or the offering of its products and services.

This Privacy Statement does not apply insofar as we process personal data as a processor in the performance of our services. A ‘processor’ is an organization that processes personal data on behalf of the controller. If we are a processor, we conclude a processing agreement with the controller. The processing agreement regulates, among other things, data security, confidentiality and your rights. In those cases, MITE3 Cybersecurity refers you to the Privacy Statement of the relevant controller.

Article 2 Explanation of personal data and purposes

1. Purposes and categories of data

MITE3 Cybersecurity processes your personal data for the purposes described below. We use information received from you, but also information collected by ourselves, such as information about your visit to our websites.

2. Delivery and development of services

For the provision of services, and thus the execution of agreements, MITE3 Cybersecurity needs your full name, e-mail address, telephone number, address, and your (IBAN) bank account number. This allows us to provide the service, support you with it, and keep you informed of developments regarding the service.

3. Customer service

You can call and e-mail our customer service. In order to be able to help you quickly with questions, we use your data as stated in Article 2 paragraph 2 and we make necessary notes for the service. MITE3 Cybersecurity registers data about the telephone call (start time, end time, telephone number) for analysis and improvement of its services. If necessary, MITE3 Cybersecurity uses another party to answer your questions. They can use your data for this.

4. Customer review

When writing a customer review, you can choose whether your personal data is visible to other visitors and whether MITE3 Cybersecurity can contact you about your customer review.

5. Newsletter

You can sign up for our newsletter with your email address. MITE3 Cybersecurity can compile the newsletter on the basis of your data as stated in Article 2 paragraph 2. This can make the newsletter more interesting for you. If you no longer wish to receive newsletters from MITE3 Cybersecurity, you can unsubscribe via the unsubscribe link in every newsletter.

6. Relationship management, customer and market research

MITE3 Cybersecurity can use your data as stated in Article 2 paragraph 2 for the purpose of maintaining the relationship, and also to ask you to participate in non-binding customer or market research. If third parties conduct this investigation for MITE3 Cybersecurity, MITE3 Cybersecurity will provide your email address to that third party only to conduct that investigation.

7. Fraud, abuse, infringement or other inadmissible behavior of customers

MITE3 Cybersecurity uses your IP address, click behavior, computer and web browser data to investigate, prevent and/or combat fraud, spam and abuse. MITE3 Cybersecurity may provide your data as stated in Article 2 paragraph 2, if necessary, to the police, judicial authorities and other authorized investigative services and other third parties to comply with legal obligations or a judicial decision, or to prevent, detect or prosecute criminal acts or unlawful conduct. See also under Article 4.

8. Postpay

If you purchase services and do not pay immediately, MITE3 Cybersecurity can check your creditworthiness. MITE3 Cybersecurity can make use of external agencies / third parties. For that investigation, MITE3 Cybersecurity may provide certain information to others, who may only use this information for that purpose.

9. Cloudservice CredSieve™

MITE3 Cybersecurity collects email addresses and passwords from publicly available and online leaked databases to provide the service CredSieve™ to our customers.

To receive an overview of leaked passwords belonging to your private email address, you can contact us via the email address [email protected] to request this. After this request, you will receive an overview with the information relevant to you. Based on this, you can determine for yourself whether a possibly leaked password is still used by you. And if this is the case, we advise you to change the password as soon as possible.

10. Business processes, internal management and management reporting

This includes activities such as the company’s asset management, performance of internal audits and investigations, finance and accounting, implementation of business controls, provision of central processing facilities to operate more efficiently, management of mergers, acquisitions and divestitures, and processing of personal data for the purpose of management reporting and analysis.

11. Business customers

Data from business customers, partners or (their) contact persons are processed in the same prudent manner as that of private customers.

Article 3 Principles

Personal data is processed when this is necessary within the framework of responsible, efficient and effective management of MITE3 Cybersecurity. In general, MITE3 Cybersecurity processes your personal data on the basis of one of the following legal principles:

  • The processing is necessary to execute an agreement between you and MITE3 Cybersecurity.
  • The processing is necessary to comply with our legal obligations.
  • The processing is necessary for the legitimate interests of MITE3 Cybersecurity, insofar as such interests outweigh your interests or fundamental rights and freedoms.
  • We will ask for your consent where appropriate.

Consent

Where applicable, MITE3 Cybersecurity will only collect, use or otherwise process personal data if explicit permission has been given for processing. Below are the paragraphs of Article 2 that are processed on the basis of consent.

  • 4. Customer review
  • 5. Newsletter

Execute Agreement

For the execution of agreements, MITE3 Cybersecurity will only collect, use or otherwise process personal data if this is necessary for this. Below are the paragraphs of Article 2 that are processed on the basis of the execution of an agreement.

  • 2. Delivery and development of services
  • 3. Customer service
  • 6. Relationship management, customer and market research
  • 8. Postpay
  • 10. Business processes, internal management and management reporting

Legitimate interest

MITE3 Cybersecurity will only collect, use or otherwise process personal data if the processing falls within the scope of a legitimate interest. Below are the paragraphs of Article 2 that are processed on the basis of legitimate interest.

  • 7. Fraud, abuse, infringement or other inadmissible behavior of customers
  • 9. Cloudservice CredSieve™

Article 4 Sharing with third parties

The basic principle is that MITE3 Cybersecurity does not share your personal data with third parties. However, in the following situations MITE3 Cybersecurity can share your personal data:

  • With its affiliated companies, operating groups, subsidiaries, branches and/or third parties if this is necessary for the purposes described above. If applicable, MITE3 Cybersecurity will require third parties to perform processing activities in accordance with MITE3 Cybersecurity policies and guidelines regarding data protection.
  • With processors, i.e. parties that process your personal data on behalf of MITE3 Cybersecurity. In such cases, these third parties may only use your personal data for the purposes described above and only in accordance with the instructions of MITE3 Cybersecurity. MITE3 Cybersecurity only engages processors who guarantee that appropriate technical and organizational measures have been taken and the rights of those involved are protected.
  • With its employees if and insofar as necessary for the performance of their duties. In such a case, access will be granted to the extent necessary for the purposes described above and only if the employee is bound by a duty of confidentiality.
  • If and to the extent required by law, court order or other legal process, for example with regulators, courts or other authorized governmental authorities to establish and/or exercise the rights of MITE3 Cybersecurity.
  • In connection with a business transaction, such as a divestiture, merger, consolidation or sale of assets or in the event of bankruptcy.

Article 5 Data security

  1. MITE3 Cybersecurity has taken appropriate technical and organizational controls to protect your personal data against unintentional or unlawful processing, including measures on the basis of which:
    1. Your personal data is protected against unauthorized access;
    2. Your personal data will remain confidential;
    3. The integrity and availability of your personal data will be preserved;
    4. Personnel are trained in information security requirements; and
    5. Data breaches are reported in accordance with applicable laws and regulations.
  2. The security measures are explained in our Security statement.
  3. The geographic storage locations of our main suppliers are detailed on our Transparency page.

Article 6 Rights with regard to personal data

Based on applicable laws and regulations, you have rights that you can exercise in relation to your personal data. In some cases, we are not obliged to comply – in full – with your request, because certain rights are conditional or because we have to weigh your rights against our rights and obligations to process your personal data and to protect the rights and freedoms of others. A number of rights you have in relation to your personal data, as applicable in the European Economic Area (“EEA”), are explained below.

Right of inspection

You have the right to a copy of the personal data we process about you and to information about how we use it. Your personal data is usually provided to you digitally. We may require you to identify yourself before providing the required information.

Right to rectification

We strive to ensure that the information we hold about you is accurate and complete. However, if you believe that this is not the case, you have the right to request that we correct incomplete or incorrect personal data that we process about you.

Right to erasure

You have the right to request that we delete your personal data, for example when the personal data we have collected is no longer necessary for its original purpose, when personal data is no longer up to date or when you withdraw your consent. However, this must be weighed against other factors. For example, we cannot comply with your request due to certain legal obligations.

Right to restriction of processing

You have the right to request us not to (temporarily) process your personal data, for example if you suspect that the personal data we keep is incorrect or if you think it is no longer necessary to process your personal data.

Right to data portability

You have the right to request that we transfer your personal data to a third party that you specify. This right can only be exercised when you have provided us with the personal data yourself, and when we process that data automatically based on your consent or to perform our obligations under a contract with you.

Right to object

You have the right to object to processing based on our legitimate interests. In the event that the processing of personal data takes place for marketing purposes, you can in principle always object. If you request us to stop using your personal data for marketing purposes, MITE3 Cybersecurity will immediately stop using your personal data. For purposes other than marketing, based on our legitimate interests, we will no longer process your personal data when you submit an objection in relation to your particular situation, unless we have an overriding legitimate interest in the processing. Please note that we may not be able to provide certain services or benefits if we are unable to process necessary personal data for that purpose.

Rights related to automated decision-making

You have the right not to be subject to any automated decision-making, including profiling, which will have legal or similar significant effects on you. If you are subject to an automated decision and do not agree with the outcome, you can contact us and request that we reconsider the decision.

Right to withdraw consent

In specific cases, we may ask for your consent for the processing of your personal data. When we do so, you have the right to withdraw your consent at any time. MITE3 Cybersecurity will stop processing as soon as possible after you withdraw your consent. However, this does not affect the lawfulness of the processing before consent is withdrawn.

Please contact us at [email protected] to exercise your rights or for questions and / or comments about your rights.

Article 7 Cookies

MITE3 Cybersecurity uses cookies and comparable techniques on its websites (hereinafter collectively: “cookies”). Through this, MITE3 Cybersecurity can process personal data when you visit our websites. This Privacy Statement applies to all processing of personal data based on cookies. More information about cookies can be found in our Cookie statement.

Article 8 Limitation of liability

The websites of MITE3 Cybersecurity may contain links to websites and/or apps of other parties. When users visit the websites and apps of other parties, the privacy and cookie statements of those parties apply. MITE3 Cybersecurity is not responsible for the way in which other parties deal with user data or for the cookies used by those parties. MITE3 Cybersecurity excludes all liability in this regard.

Article 9 Retention period

We do not store your personal data longer than necessary for the purpose for which we process your personal data. After the retention period, we delete or anonymize your personal data, unless we need to keep certain personal data for another purpose. We only do this if we have a legal basis for storing your personal data. We will also ensure that personal data is only accessible for that other purpose.

MITE3 Cybersecurity, for example, stores your personal data for a period of 12 months after your last visit to our websites, unless MITE3 Cybersecurity is obliged by law to keep personal data longer.

Please contact us at [email protected] if you have questions about specific retention periods.

Article 10 Transfer

Due to the nature of our business and the services we provide to our customers, it may be necessary for MITE3 Cybersecurity to transfer your personal data outside of your country of residence. If we transfer personal data, we will ensure that that transfer is appropriately secured. Transfers of personal data in the EEA or Switzerland to parties outside the EEA or Switzerland are subject to the Standard Contractual Clauses, approved by the European Commission, or other appropriate safeguards. For more information, please contact us at [email protected].

Article 11 Questions or complaints

If you believe that the processing of your personal data violates applicable laws and regulations, please contact us at [email protected]. You also have the right to file a complaint with the Dutch Data Protection Authority or to go to court.

Article 12 Amendments

MITE3 Cybersecurity may amend this Privacy Statement from time to time. If an adjustment has a major impact, MITE3 Cybersecurity will inform you about this. MITE3 Cybersecurity will always publish an up-to-date Privacy Statement on its websites. Continuous use of our products and services or visit our websites means that you have read the amended Privacy Statement. Keep an eye on this page and our websites regularly for all changes.