Dear Customer,

When visiting our Company’s website, requesting quotes, ordering, registering, using the Smart Qubix product line and related applications, and communicating with us, we manage personal data about you. Here is the most important information about managing your personal data and about your rights. If you have any further questions regarding the management of your personal information, please do not hesitate to contact us at the sales@smartqubix.com email address or the contact details below.

What is personal data?

Personal data is any data relating to an identified or identifiable natural person (s). For example, your name, address, date of birth, content of the message sent to us, or details of your order.

Data relating to any other entity than a natural person is not considered personal data. That is, data relating to a company, institution, public office, association (such as company name, contact details, or order information provided by a company) are not covered by the concept of personal data. Also excluded is data where the data subject is not identifiable, i.e. anonymised or statistical data.

Who handles your personal data?

Name of the data controller: Smart Qubix b.v. (hereinafter referred to as the Company)

Address: Kroonstraat 35, NL-4879 AV ETTEN-LEUR

Name of Statutory Representative: Mark Stellmach

Company registration number: 65114353

Phone: +31 85 2019708

e-mail address:  sales@smartqubix.com

What kinds of personal data does the Company handle and for what purpose?

Personal data is any data relating to an identified or identifiable natural person (s). For example, your name, address, date of birth, content of the message sent to us, or details of your order.

Data relating to any other entity than a natural person is not considered personal data. That is, data relating to a company, institution, public office, association (such as company name, contact details, or order information provided by a company) are not covered by the concept of personal data. Also excluded is data where the data subject is not identifiable, i.e. anonymised or statistical data.

1. Registration independently

If you register on the online interface required for the management of the Smart Qubix product family or in a mobile phone application, the Company will manage your registration data, including your username, password, e-mail address used to communicate and receive messages, and the type and settings of the products you use. In addition, the Company may manage your address and location to use certain services. In connection with the service, it is also possible to upload a photo, in which case the Company will also manage the photos you upload.

In the above cases, the purpose of data management is to provide the service you use and to maintain contact with you.

2. Registration by invitation

When using the services provided by the Company, it is possible for the owners of the devices or the administrators of company systems (hereinafter: managers) to send invitations to additional users. An invitation by a manager enlists the invited user (upon the completion of the registration) to the user group of the company administrated by the aforementioned manager. In this case, the information used by the inviting party for the invitation, in particular the email address of the invited person, will be managed by the Company. The Company will use the data thus obtained solely for the purpose of sending the invitation or for the pre-registration of the invited person.

The registration becomes final by acceptance by the addressee, in which case the scope of the data processed and the purpose of the data management is established in accordance with point 1 above.

The invited party has the opportunity to reject the invitation or to indicate that the invitation is not meant for him. In this case, the data used for the invitation will be deleted from the Company’s system. The Company sends a message about the deletion. If the invited party does not finalize the registration within 14 days, the Company will delete the data used for the invitation.

A user with manager privileges in the system has the power to send invitations as well as to reset accounts. In case of resetting an account, the personal data connected to the former user of such an account (username, password) will be deleted, but the account and the device data and history connected to it remains intact.

3. Messages and inquiries

It is possible to send a message to the Company or ask questions about the use of the service during the registration process and before registration. In this case, the subject, content, and the sender details and email address of the message will be transferred to the Company. The purpose of data management is to respond to the message and to stay in touch.

4. Data retention based on the legitimate interest of the Company as a data controller

In order to prevent future litigation and to prove the facts in case of legal dispute, after the registration in the service, the cancellation of the registration or its failure, the Company shall retain the provided personal data for five years after the registration has been cancelled or terminated, in accordance with the rules on the statute of limitations laid down in Title 3.11 of Book 3 of the Dutch Civil Code. The purpose of data management in accordance with this clause is to enable the Company to enforce any rights and claims arising from the contract, or to defend itself in the case of such legal claims being raised.

5. Data management on the Company’s website

When visiting the website of our company, the website collects information about the visitors of the site, and places a short code snippet (cookie) on your computer for the purpose of improving the services and providing the best user experience for analysis (analytics). We will inform the user of this fact when the first page is opened, who can confirm the information and thereby consent to the management of his / her data. Cookies placed by our website are stored on your computer, so you can delete them at any time.

What is the legal basis for data management?

a) In the case of personal data provided by you during registration, the legal basis for data management is the preparation of the contract (service provision) to be concluded with you.

b) In the case of data management for the prevention of legal disputes, the legal basis of data management is the legitimate interest of the Company as a data controller.

In the cases mentioned in points a) and b) above, the provision of the requested personal data is a condition of the use of the service or the conclusion of the contract, therefore you must provide it when registering for the service. In the event of failure to provide the data, the Company may refuse to conclude the contract or fulfil your request.

a) In the case of personal data provided during the use of the service, the legal basis for data management is the performance of the contract (service) concluded with you.

b) The legal basis for data management in the event of sending a question to the Company or contacting it is your consent. By submitting the message, you agree to the information provided by you to be known by the Company, to store it and to use it to answer your question.

c) When you visit the Company’s website, the cookies placed on your computer for the purpose of enhancing the user experience or used for analytical purposes are placed with your consent.

d) The placement, storage and reading of cookies placed on the website of the Company ensuring the proper functioning of the website is a condition of the operation of the website, in which case the legal basis for data management is the preparation and performance of the contract with the client. Failure to manage the data would impede the proper functioning of the website, so the Client who accessed the website may not prohibit the processing of such data.

Does the Company forward your personal information?

The Company may only forward your personal data to a court of law or other authority in the cases and in the manner prescribed by law, on the basis of a formal request, legislative, official or judicial obligation.

Using a data processor

The Company’s website and webshop are operated by Smart Qubix b.v. (Kroonstraat 35, NL-4879 AV ETTEN-LEUR), which is considered a data processor according to data protection legislation. The data processor performs its duties solely on the instructions of the Company, and cannot make individual decisions regarding the management of your personal data. The Company has previously verified that the data processor is established in the European Union and provides adequate guarantees that its data management complies with the data protection laws of the Netherlands and the European Union. The data processor has provided the Company with appropriate guarantees that it will apply and maintain data security measures to ensure the confidentiality, integrity, and availability of the personal data it manages.

How long does the Company store your personal information?

In order to prevent future litigation and to prove the facts in case of legal dispute, after the registration of the use of the service, the cancellation of the registration or its failure, the Company shall retain the provided personal data for five years after the registration has been cancelled or terminated, in accordance with the rules on the statute of limitations laid down in Title 3.11 of Book 3 of the Dutch Civil Code. The purpose of data management in accordance with this clause is to enable the Company to enforce any rights and claims arising from the contract, or to defend itself in the case of such legal claims being raised.

The Company retains the personal data handled with your consent as long as it is necessary for the purpose of the data management, or as long as you do not request the deletion of your personal data.

What are your rights regarding the management of your personal data?

Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by you, the controller may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.

 

Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

Right to erasure (‘right to be forgotten’)

You have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) you withdraw consent on which the processing is based, and there is no other legal ground for the processing;

(c) you object to the processing based on the legitimate interest of the Company and there are no overriding legitimate grounds for the processing;

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) the personal data have been collected in relation to the offer of information society services directly to a child; in this case the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

 

Please note that your request for cancellation must be submitted in writing (by post or by e-mail) and must indicate the legal grounds for which you wish to delete it.

If the Company approves your cancellation proposal, it will delete the managed personal information from all their records and inform you accordingly.

If the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The Company shall not erase your personal data to the extent that processing is necessary:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) for reasons of public interest in the area of public health

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(e) for the establishment, exercise or defence of legal claims.

 

Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;

the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;

the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of you.

 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

 

Right to object

You are entitled to object to the processing of your personal data and in this case, the Company may not further process your personal data unless it can be proved that

a) the data processing is justified by compelling legitimate reasons on the part of the Company that take precedence over your interests, rights and freedoms;

b) the data processing is related to the submission, validation or protection of the Company’s legal claims.

 

Withdrawal of consent

If the data management is carried out with your consent, you have the right to withdraw your consent at any time, but this does not affect the legality of the data processing performed prior to the revocation.

 

Right to data portability

You have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

 

Enforcement of claims

In case of violation of your privacy rights, you may go to court against the Company.

At any time, you can request the help of the Dutch Data Protection Authority for privacy issues:

Autoriteit Persoonsgegevens

Postal address: PO Box 93374 2509 AJ DEN HAAG

Telephone number: (+31) – (0)70 – 888 85 00

As regards the enforcement of your rights in matters not covered by these Rules, Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR) shall be applied.

If you have any questions regarding the management of your personal data or if you wish to exercise the rights of the data subject, please contact the Company’s designated contact person, Mark Stellmach at sales@smartqubix.com.