Privacy Statement

Prepared on: 26/01/2024

Controller
Explanation of personal data and purpose limitation
Legal bases
Sharing with third parties
Data security
Rights regarding personal data
Cookies
Liability limitation
Retention period
Transfer
Questions or complaints
Amendments

Privacy Statement

Click here to download the Privacy Statement in PDF format.

MITE3 B.V., also trading under the name MITE, MITE3 Cybersecurity and MITE3 Publishing (“MITE3”), located and having its office at Paxtonstraat 3N, Unit C1997, Zwolle (8013 RP) (Chamber of Commerce number: 71698892), attaches great importance to responsible handling of personal data of its users. MITE3 therefore processes your personal data in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

In this Privacy Statement (“Privacy Statement”), MITE3 informs you about the way in which MITE3 processes your personal data and what rights you have in this regard.

This Privacy Statement applies to every processing of personal data of the users of MITE3. ‘Personal data’ means any information about an identified or identifiable natural person. ‘Users’ include both visitors to the websites of MITE3, including mite3.nl, and purchasers of its products and services. The user hereby declares to have read this Privacy Statement.

Our services and websites are not for children. If you are under 16 and want to use our services, a parent or guardian must assist you.

Article 1 Controller

MITE3 is the ‘controller’ regarding processing data of users if they themselves determine the purpose and means of data processing. Examples include data processing for marketing purposes or offering its products and services.

This Privacy Statement does not apply to the extent that we process personal data as a processor in the performance of our services. A ‘processor’ is an organization that processes personal data on behalf of the responsible party. If we are the processor, we enter into a processing agreement with the responsible party. The processing agreement regulates data security, confidentiality, and your rights, among others. For those cases, MITE3 refers you to the privacy statement of the respective responsible party.

Article 2 Explanation of personal data and purpose limitation

Purposes and data categories
MITE3 processes your personal data for the purposes described below. We use data received from you, and data collected by ourselves, such as data about your visit to our websites.

1. Provision and development of services

To provide services, and thereby execute agreements, MITE3 needs your full name, email address, phone number, address, and your IBAN bank account number. This enables us to provide the service, support you in this regard, and keep you informed of developments related to the service.

2. Customer service

You can call and email our customer service. To help you quickly with questions, we use your data as mentioned in Article 2 section 1 and make necessary notes for the service. MITE3 records data about the phone call (start time, end time, phone number) for analysis and improvement of its services. If necessary, MITE3 uses another party to answer your questions. They may use your data for this purpose.

3. Customer review

When writing a customer review, you can choose whether your personal data is visible to other visitors and whether MITE3 may contact you about your customer review.

4. Newsletter

You can sign up for our newsletter with your email address. MITE3 can compile the newsletter based on your data as mentioned in Article 2 section 1. This can make the newsletter more interesting for you. If you no longer wish to receive newsletters from MITE3, you can unsubscribe via the unsubscribe link in each newsletter.

5. Relationship management, customer and market research

MITE3 may use your data as mentioned in Article 2 section 1 for maintaining the relationship and also to ask you to participate in a voluntary customer or market survey. If third parties conduct this survey for MITE3, MITE3 will give your email address to that third party only to conduct that survey.

6. Fraud, abuse, infringement or other unacceptable user behaviors

MITE3 uses your IP address, click behavior, computer and web browser data to investigate, prevent and/or combat fraud, abuse, spam, and infringement. MITE3 may, if necessary, provide your data as mentioned in Article 2 section 1 to police, judicial and other competent investigative services and other third parties to comply with legal obligations or a court order, or to prevent, detect or prosecute criminal offenses or unlawful behavior. See also under Article 4.

7. Post-payment

If you purchase services and do not pay immediately, MITE3 can assess your creditworthiness. MITE3 may use external agencies/third parties for this assessment. For that investigation, MITE3 can provide certain data to others, who may use these data only for that purpose.

8. Business processes, internal management and management reporting

This includes activities such as asset management of the company, conducting internal audits and investigations, finance and accounting, implementing business controls, providing central processing facilities to work more efficiently, managing mergers, acquisitions and disposals, and processing personal data for management reporting and analysis.

9. Business customers

Data of business customers, partners or (their) contacts are treated with the same care as private customers.

Article 3 Legal bases

Personal data is processed when it is necessary within the framework of a responsible, efficient, and effective operation of MITE3. In general, MITE3 processes your personal data based on one of the following legal bases:

  • The processing is necessary to execute an agreement between you and MITE3.
  • The processing is necessary to comply with our legal obligations.
  • The processing is necessary for the legitimate interests of MITE3, provided such interests do not outweigh your interests or fundamental rights and freedoms.
  • We ask for your consent if this is an appropriate basis.

Consent

Where applicable, MITE3 will only collect, use, or otherwise process personal data if explicit consent for processing has been given. Below are the sections of Article 2 that are processed based on consent.

  • 3. Customer review
  • 4. Newsletter

Performance of contract

To execute agreements, MITE3 will only collect, use, or otherwise process personal data if this is necessary for that purpose. Below are the sections of Article 2 that are processed based on the performance of a contract.

  • 1. Provision and development of services
  • 2. Customer service
  • 5. Relationship management, customer and market research
  • 7. Post-payment
  • 8. Business processes, internal management and management reporting
  • 9. Business customers

Legitimate interest

MITE3 will only collect, use, or otherwise process personal data if the processing falls within the scope of a legitimate interest. Below are the sections of Article 2 that are processed based on legitimate interest.

  • 6. Fraud, abuse, infringement or other unacceptable user behaviors

Article 4 Sharing with third parties

The principle is that MITE3 does not share your personal data with third parties. However, in the following situations, MITE3 may share your personal data:

  • With affiliated companies, operational groups, subsidiaries, branches and/or third parties if necessary for the purposes described above. If applicable, MITE3 will require third parties to carry out processing activities in accordance with MITE3’s policy and guidelines regarding data protection.
  • With processors, i.e. parties handling your personal data on behalf of MITE3. In such cases, these third parties may only use your personal data for the purposes described above and only in accordance with the instructions of MITE3. MITE3 only engages processors who guarantee that appropriate technical and organizational measures have been taken and the rights of data subjects are protected.
  • With its employees to the extent necessary for the performance of their tasks. In such a case, access will be granted as far as necessary for the purposes described above and only if the employee is bound by confidentiality.
  • If and to the extent required by law, a court order, or other legal process, for example with regulators, judicial bodies, or other competent government authorities to establish and/or exercise the rights of MITE3.
  • In connection with a business transaction, such as a division, merger, consolidation, or sale of assets, or in the event of bankruptcy.

Article 5 Data security

  1. MITE3 has taken appropriate technical and organizational measures to protect your personal data against accidental or unlawful processing, including measures that:
    1. Your personal data is secured against unauthorized access;
    2. Your personal data remain confidential;
    3. The integrity and availability of your personal data are maintained;
    4. Staff is trained in information security requirements; and
    5. Data breaches are reported in accordance with applicable laws and regulations.

  2. The security measures are explained in our Security Statement.

  3. The geographical storage locations of our main suppliers are explained on our Transparency page.

Article 6 Rights regarding personal data

Under applicable law and regulations, you have rights that you can exercise with respect to your personal data. In some cases, we are not obliged to – fully – comply with your request, as certain rights are conditional or because we need to balance your rights against our rights and obligations to process your personal data and to protect the rights and freedoms of others. A number of rights you have concerning your personal data, as applicable in the European Economic Area (“EEA”), are explained below.

Right of access

You have the right to a copy of the personal data that we process about you and information about how we use it. Your personal data is typically provided to you digitally. We may require you to identify yourself before providing the necessary information.

Right to rectification

We strive to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you have the right to ask us to correct incomplete or incorrect personal data that we process about you.

Right to erasure

You have the right to ask us to delete your personal data, for example, when the personal data we have collected are no longer necessary for the original purpose, when personal data are no longer current, or when you withdraw your consent. However, this must be weighed against other factors. For example, we may not be able to comply with your request due to certain legal obligations.

Right to restriction of processing

You have the right to ask us to (temporarily) not process your personal data, for example, when you suspect that the personal data we hold are incorrect or when you think it is no longer necessary for us to process your personal data.

Right to data portability

You have the right to ask us to transfer your personal data to a third party you specify. This right can only be exercised when you have provided the personal data to us yourself, and when we process that data automatedly on the basis of your consent or to fulfill our obligations under a contract with you.

Right to object

You have the right to object to processing based on our legitimate interests. If personal data processing occurs for marketing purposes, you can generally object at any time. If you ask us to stop using your personal data for marketing purposes, MITE3 will immediately cease further use of your personal data. For other purposes than marketing, based on our legitimate interests, we will no longer process your personal data when you object in relation to your specific situation, unless we have compelling legitimate grounds for the processing. Note: we may not be able to provide certain services or benefits if we cannot process the necessary personal data for that purpose.

Rights regarding automated decision-making

You have the right not to be subject to automated decision-making, including profiling, which has legal effects on you or similarly significant effects. If you have been subjected to an automated decision and disagree with the outcome, you can contact us and ask us to reconsider the decision.

Right to withdraw consent

In specific cases, we may ask for your consent to process your personal data. If we do, you have the right to withdraw your consent at any time. MITE3 will stop processing as soon as possible after your consent is withdrawn. However, this does not affect the legality of processing before consent is withdrawn.

Contact us at [email protected] to exercise your rights or for questions and/or comments about your rights.

Article 7 Cookies

MITE3 uses cookies and similar techniques on its websites (hereinafter collectively referred to as “cookies”). Through these, MITE3 may process personal data when you visit our websites. All processing of personal data based on cookies is subject to this Privacy Statement. More information about cookies can be found in our Cookie Statement.

Article 8 Limitation of liability

On the websites of MITE3, links to websites and/or apps of other parties may be included. When users visit the websites and apps of other parties, the privacy and cookie statements of those parties apply. MITE3 is not responsible for how other parties handle users’ data or for the cookies used by those parties. MITE3 excludes all liability in this regard.

Article 9 Retention period

We do not keep your personal data longer than necessary for the purpose for which we process your personal data. After the retention period, we delete or anonymize your personal data, unless we need to retain certain personal data for another purpose. We only do this if we have a legal basis for keeping your personal data. We will also ensure that personal data is only accessible for that other purpose.

For example, MITE3 keeps your personal data for a period of 12 months after your last visit to our websites, unless MITE3 is obliged by law to retain personal data for a longer period.

Contact us at [email protected] if you have questions about specific retention periods.

Article 10 Transfer

Due to the nature of our business and the services we provide to our customers, it may be necessary for MITE3 to transfer your personal data to locations outside the country in which you reside. If we transfer personal data, we ensure that the transfer is appropriately secured. Transfers of personal data within the EEA or Switzerland to parties outside the EEA or Switzerland are subject to the Model Contractual Clauses approved by the European Commission or other appropriate safeguards. For more information, please contact us at [email protected].

Article 11 Questions or complaints

If you believe that the processing of your personal data infringes applicable law and regulations, you can contact us at [email protected]. You also have the right to file a complaint with the Data Protection Authority or go to court.

Article 12 Amendments

MITE3 may amend this Privacy Statement from time to time. If an amendment has a significant impact, MITE3 will inform you about it. MITE3 will always publish a current Privacy Statement on its websites. Continuous use of our products and services or visiting our websites implies that you have read the amended Privacy Statement. Keep an eye on this page and our websites regularly for any changes.