HayInvicta (HI) respects the privacy of its users, in particular their rights regarding the autonomic processing of personal data. Therefore, we are convinced that careful handling of your Personal Data is of a great importance. Thus, we have formulated and implemented a policy on complete transparency with our users with regard to the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the possible way.
In doing so, we comply with the legislation in the field of the protection of personal data, the most important of which is the General Data Protection Regulation (GDPR).
Article 1 – Legal definition
Controller: Party responsible for processing Personal Data will be called the controller.
Personal data: means any information relating to an identified or identifiable natural person (‘data subject’);
Processing: means any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Pseudonymisation: means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person;
Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor: is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
Article 2: The processing data
HI process the following categories of Personal Data of its users:
- Location data
- Name (also regarding to personal data such as date of birth, place of birth, nationality m marital status.
- E-mail address(es);
- Bank and payment details (such as account holder, bank account number / IBAN, bank identification code);
- Information about the job title and work situation (such as self-employed, employed);
- Information about the assets (such as the source of wealth, source of funds, the amount of the bank account balances, debts, other financial data);
- Other data (such as IP address, login details, navigation behavior);
- (copy) ID or passport.
Article 3 Your rights in connection with your Personal Data
The controller shall take appropriate measures to provide any information and any communication to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
Pursuant to Article 13 paragraph 2 sub b in conjunction with article 15 – 22 GDPR each data subject has the right to:
- Request access to your Personal Data. This enables You to receive a copy of the Personal Data. This allows you to check which data we keep about you.
- Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
- Request erasure of your Personal Data. This enables You to ask us to delete or remove personal information where there are no good reasons for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised your right to object to processing (see below).
- Right to object on grounds relating to your particular situation, at any time to processing of personal data concerning which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
- Request the restriction of processing of your Personal Data. This enables You to ask us to suspend the processing of about You, for example if You want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data to another party (data portability).
If You are dissatisfied with any aspect of our handling of your Personal Data, You have the right to make a complaint at any time to the Supervisory Authority.
Article 4 Term of retention of your personal data
We store your Personal Data in accordance with our retention policy. HI does not store Personal Data longer than necessary to achieve the purposes for which the data is processed and, in any case, as long as specific regulations require. The length of time each category of data will be retained will vary depending on how long we need to process it for, the reason it was collected and in line with any statutory requirements. If you would like to know more about the specific retention periods, please contact us.
Article 5 Responsibility for the processing of your personal data
The HI is the controller, which means that the HI itself determines the purposes and means for the processing of your Personal Data and that the HI is responsible for compliance with the relevant regulations.
Article 6: Why does the HI process your personal data?
When you use our (web) application, register as a user or contact us for another activity, we will register your personal data. HI processes your Personal Data for various purposes, whereby we only process the necessary data. The following purposes apply to the processing of Personal Data by the HI:
- To be able to contact you;
- To send you information;
- For entering into and executing (member) agreements;
- For carrying out actions in connection with aid and other HI activities.
- For relationship management and activities to increase our database of members, volunteers and other stakeholders in the HI and to inform them about our activities.
- In order to perform under (an) agreement(s) that you have entered into with HI;
- In order to reduce risks, for example by verifying that the data of entrepreneurs who want to start a crowdfunding campaign are correct and that their representatives are duly authorised;
- In order to comply with legal obligations, for example, the identification and verification of business contacts;
Personal Data of persons who receive assistance from the HI are only processed in the context of the assistance provided. These Personal Data are not processed for other purposes.
Article 7 Legal grounds for the processing of personal data
According to the law, HI may only process Personal Data if it has a legal basis for doing so. HI bases the processing of your Personal Data on the following bases:
- After permission has been obtained from those involved
- In the context of the formation and / or implementation of an agreement;
- In connection with the legitimate interests of the HI, whereby the HI ensures that the impact on your privacy is as limited as possible. For example, Personal Data is processed in connection with:
- making studies, models and statistics;
- member / data management or support thereof, including the creation of segments and profiles for member management or member needs detection;
- If we have a legitimate interest in doing so, such as verifying that entrepreneurs involved in a crowdfunding campaign do not have a negative BKR registration; or;
- If you have given your explicit consent for the processing of your data.
Article 8 Website and Cookies
Article 9: Security of personal data
The HI has taken appropriate technical and organizational measures to protect Personal Data against loss or any form of unlawful processing. In addition, the HI has adopted an information security policy and has taken physical, organizational and electronic measures with due observance of this.
Article 10 Exchange of personal data
- The transmission and receipt of Personal Data within the HI.
- HI will ensure that European data protection standards are applied to Personal Data to the greatest possible extent, even when exchanges take place outside the EU.
- The HI will observe the applicable rules for exchanges outside the EU.
- HI can share your data with (potential) private or business investors;
- (potential) entrepreneurs;
- Ultimate beneficial owners of the (potential) business investors or (potential) entrepreneurs;
- contact persons of our business partners; and
- employees or applicants.
- HI will not sell, rent, distribute or otherwise make your Personal Data commercially available to third parties, except as described in this privacy statement or with your prior consent.
Article 11: Age limit
The users of HI must be 18 year or older.
Article 12: Complaint
If you are not satisfied with the processing of your personal data or with the information you have received about it, please contact us at: firstname.lastname@example.org
If you are still not satisfied with the way your complaint has been dealt with, you can submit a complaint to the Dutch Data Protection Authority.
Article 13 Summary
In accordance with the GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- Processing will be fair, lawful and transparent;
- Data be collected for specific, explicit, and legitimate purposes;
- Data collected will be adequate, relevant and limited to what is necessary for the purposes of processing;
- Data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay;
- Data is not kept for longer than is necessary for its given purpose;
- Data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures;
- We will comply with the relevant GDPR procedures for international transferring of personal data.
Article 14: Amendments