Privacy policy

In this Privacy Policy we inform you about how we handle your personal data. This Privacy Policy applies to the processing of the personal data of (the contact people at) our clients, business relations and referrers, recipients of our communications and those who attend our events, as well as to the visitors to our website [ ].

Pertimo Management N.V. (“Company”, “we” “us” and/or “our”), a limited liability company (naamloze vennootschap) existing under the laws of Curaçao, registered in the Commercial Register of the Curaçao Chamber of Commerce & Industry under number 157631, is the controller for the processing of your personal data. We may amend this Privacy Policy from time to time, if there are changes to how we process your personal data, for instance, or if this is necessary on the basis of regulations. We shall inform you of essential changes.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using the ENVOY Marketplace you acknowledge you have read and understood this Privacy Policy.

1. To whom does this Privacy Policy apply?

This Privacy Policy applies to everyone who visits our website and to people whose personal data are processed by us in the context of its provision of our services.

People whose personal data are processed by us in the context of its provision of our services are:

  • Contact persons at our clients;

  • Contact persons at our potential clients;

  • Contact persons at our business relations;

  • Contact persons at our referrers;

Recipients of our communications, such as our newsletters and invitations to events organised by or in cooperation with us;

People who contact us otherwise or whose personal data we process otherwise in the context of our service provision;

Visitors to our website [ ].

2.What personal data do we process in relation to you?

The personal data we process in relation to you are:

Personal data you have provided to us;

Personal data that give insight into the use of our website or other electronic means of communication;

Personal data obtained from other sources;

Technical information, which may include the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

Information about your visit, which may include the full Uniform Resource Locators (URL), clickstream to, through, and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

Personal data provided by you:

    this is information about you that you give us directly when you interact with us and includes your username, and your email address or Twitter handle if you choose to give us this information;

    contact details and other personal data which are needed for you to be able use the ENVOY Marketplace. These include details such as your name, address, telephone number, email address, job title(s) and (details of) your identification documents (identification data), and also other specific special details;

    contact details and other personal data filled in on contact forms or other web forms. The precise content of the data depends on the content of the contact forms and web forms;

    contact details provided during initial meetings, events, seminars, etc. These may include details provided on business cards;

    other personal data that are provided by you.

Personal data that give insight into the use of our website or other electronic means of communication. These could include data such as:

IP address (unique number identifying your device when you connect with the internet), which we use to measure your interest in our website;

your browsing behavior on the website, including data on your first visit, previous visit and current visit, the visited pages and how you navigate through the website and the kind of device you are using; and

the opening and reading of a newsletter or commercial email. This also includes clicking behavior in the email or newsletter. In this context, we also refer to our “Cookie Statement”.

Personal data obtained from other sources:

personal data available on public professional social media platforms such as LinkedIn. These are names and contact details;

personal data obtained from the Trade Register of the Chamber of Commerce and the Land Registry Office. This could include a Chamber of Commerce number and contact details; and

personal data available on public professional websites, such as company websites.

3. For what purposes do we process your personal data?

We may use your personal data for the following purposes:

    To perform a contract in which you have engaged us to provide you with our services.

    If you engage us to use our services, your contact details will be requested in that context. Other personal data may also be necessary for the handling of the matter, depending on the nature of your request. Data from other parties involved may also be processed.

    To invoice for services rendered.

    To comply with any other our statutory obligations.

    To identify our clients or their representatives. We establish your identity on the basis of a valid identification document (a legalized copy is required in case of remote identification). The document type and document number will be stored as proof of compliance. Under the money laundering and terrorist financing (prevention) regulation we have the obligation to retain data for a longer period of time. If the services fall under the money laundering and terrorist financing (prevention) regulation a copy of the identification document will be stored. The photograph and the citizen service number will be blacked out. Also local tax legislation may require us to process and store certain personal data.

    To stay in contact with you. We feel it is important to contact you with information that is relevant for you. We combine and analyze the personal data available to us in order to be able to do so. Based on this, we determine what information and channels are relevant and which moments are most suitable for providing information or making contact. In conducting marketing campaigns, we do not process any special personal data or any confidential data.

    For (the communication regarding) webinars. When registering for a webinar, we ask for your email address to enable us to communicate with you regarding the webinar. You will receive a registration email at the email address you have provided. After the webinar you will also receive an email including a link to the recorded webinar. You will also receive this email if you indicated that you cannot attend the live webinar. Furthermore, we ask you to provide the name of your company and your job title on a voluntary basis. If you provide that information, it will enable us to tailor the webinar to you more effectively. In order to attend a webinar, you need to register your name and email address via the link we send you. We shall process the data regarding the webinar attendance (including registration details, time of registration, time of attendance and duration of your attendance). With prior consent from you, we shall contact you to evaluate the content of the webinars and to check if we can be of further assistance to you. In the latter case, we may contact you through various communication channels, including by telephone, if you have filled in your phone number. The list of participants will be shared internally with our education department for the purpose of allocating training points. We shall also analyze this data to enable us to improve our webinars. The participants are not audible or visible during the webinar, nor are their names visible. When asking questions during the webinar, the name of the individual asking the question will only be visible to the host and not to the other participants. We shall process this data to enable us to answer questions during or, if necessary, after the webinar.

    To evaluate. With your consent, we shall send you an email including a link to the evaluation, an online questionnaire. Participation is on a voluntary basis and can be done anonymously. Prior to the evaluation, you will receive further information on how we shall handle the obtained information.

    To prepare analyses. To prepare analyses we use:

Interaction data:

Personal data obtained from contact between you and us. For example, on your use of our website or supporting applications. This also applies to offline interactions, including how often there is contact between you and us.



Behavioral data:

Personal data that we process on your behavior, such as your preferences, opinion, wishes and needs. We can derive these data from your browsing behavior on our website, for instance, the reading of our newsletters or because you requested information. But also from inbound telephone conversations and email contact with our employees. We collect and use information obtained via tracking cookies only with your consent, which you can withdraw at any time. See also our Cookie Statement

    To conduct client satisfaction surveys. We sometimes ask clients to participate in a client satisfaction survey, through an online questionnaire. Participation is voluntary. Before each client satisfaction survey, you will receive further information on the procedure and the way in which we handle the information obtained.

    To improve and secure our website.

    To prepare user statistics. The user statistics from the website enable us to get a picture of, among other things, the number of visitors, the duration of the visit, what parts of the website are viewed and the clicking behavior of visitors. These are generic reports without any information on individual persons. We use the information obtained to improve the website.

    To perform audits.

4. What is the legal basis for the processing of your personal data?

We process your personal data only when this is permitted on grounds of one of the legal bases cited in the general data protection regulation (GDPR). We are guided by the following legal bases:

Consent

    We ask your consent for participation in a client satisfaction survey.

    We ask your consent for direct marketing purposes, which will be specified in detail when you give your consent. You can find more information on this subject in this Privacy Policy.

    We ask your consent for the use of cookies on our website.

    We ask your consent for the use of cookies on our website. See our Cookie Statement for more information on this.

    If we have requested and obtained your consent to process your personal data, you have the right to withdraw such consent at any time. You can do this here or by contacting us ([ ]).

    The processing is necessary in order to establish a contract or in the run-up to the establishment of a contract.

Statutory obligation

The money laundering and terrorist financing (prevention) regulation may require us to obtain and document certain information. This includes, among other things, a copy of an identification document (passport) with the citizen service number and photograph made unrecognizable.

Legitimate interest

We may also process personal data if we have a legitimate interest and this does not breach your privacy disproportionately. We use your contact details to invite you to seminars and events, for instance. We also have a legitimate interest if we use your personal data to contact you after you have approached us yourself. We do not always need permission to contact you. If we obtain your email address as a result of providing services, we can offer you similar services via direct marketing. In that case, we have a legitimate interest in offering you these services.

5. How did we obtain your personal data?

We obtain some information automatically when you visit our website. We collect this information via cookies, for instance. We obtain other information if you actively provide it to us. For example, if you are or become our client or if you sign up for newsletters or events. We also obtain information from third parties, such as personal data from the Trade Register of the Chamber of Commerce and the Land Registry Office, or personal data available on public professional websites. We also obtain information from professional social media sources like LinkedIn.

6.How long do we keep your personal data?

We will not keep your personal data longer than strictly necessary for the purposes for which they are processed, unless statutory requirements obligate us to keep your personal data longer. More specifically, the applicable retention periods are listed below.

We will delete your personal data if you have withdrawn your consent or have decided to opt out.

We will keep your personal data in our contact database for up to five years from the day the business relationship ends. After this period of five years we shall delete your personal data.

The personal data that were processed to verify the identity of a client or its representative will be kept for five years from the day the business relationship ends.

The retention period of the client files is subject to several factors, including the type of matter it concerns. We usually keep client files for a period of five or twenty years after the file is closed. It depends on the applicable time limit of the file in question. We shall keep certain documents in accordance with the statutory retention periods.

In the event that you have registered for a webinar, we shall delete your registration details from our CRM system after we have sent you the recording of the webinar, unless you have given us your consent to use your details in the future. In that case, such data processing is subject to the applicable retention periods. The information regarding the webinar, which has been provided to or registered by our supplier ([ ]) will be stored for one year, to enable us to analyse and continue to improve the webinars. For the reasons described above, evaluations of the webinar will be stored for six months. In the event that you have provided your telephone number and/or email address with the evaluation, we shall delete that information as soon as we have contacted you.

Any camera footage will be destroyed within four weeks, unless there is an incident which requires us to hold on to the footage for longer.

We will delete visitor registration details within seven weeks from the date the right to access the information expires or from the date of the visit.

7. Who has access to your personal data?

Your personal data are only accessible to people at the Company authorized to access them on a ‘need-to-know’ basis. Outside of the situations mentioned in this Privacy Policy, we will not disclose your personal data unless we deem this disclosure necessary in order to satisfy our statutory obligations, to protect our rights or someone else’s rights, or to enforce compliance with this Privacy Policy.

Sometimes it is necessary to share your personal data with third parties. Depending on the circumstances of the case, this may be necessary in order to handle your file. There are also statutory obligations which mean that personal data must be passed on to third parties.

Personal data are provided to third parties in the following cases, among other things:

    When handling a file, it may be necessary to share your personal data with third parties. For example, when litigating against another party, concluding a contract or for a notarial deed involving several parties.

    If a court order requires us to provide personal data to third parties, we must comply with that.

    Your personal data are not shared with third parties for commercial purposes. There is one exception to this. We sometimes work with other organizations to organize a joint activity, such as an event or seminar. In that case, only the necessary contact details will be exchanged.

    Personal data may also be provided to third parties in the event of a reorganization or merger of our business or sale of (part of) our business.

    We may engage service providers (processors) for the processing of your personal data, who process personal data exclusively on our instructions. We conclude processing agreements with these processors which fulfil the requirements of the general data protection regulation.

8. Transfer of personal data to foreign countries

The files handled by us will be documented and saved in Curaçao. The personal data contained in these files are not transferred to other countries unless this is necessary for the establishment, exercise or defense of legal claims.

When your personal data are processed, your personal data may be shared with third parties. These parties may be located outside Curaçao. When applicable, we have taken appropriate security measures for sharing the personal data.

9. How do we secure your personal data?

We do our utmost to take appropriate technical and organizational security measures to protect against the loss, abuse and alteration of your personal data for which we are responsible. To ensure the security of your personal data, we have taken the following technical and organizational measures, among other things:

    Availability and continuity: We do our utmost to ensure optimal availability and continuity of our website and our systems.

    Device management and security: Exclusively devices managed by us have direct access to our systems. [Devices that are not managed by us only have access to our system via a VPN connection secured by means of passwords and two-factor authentication.]

    Physical security: Our building is secured by physical access control and camera security. Only people authorised to access our building may enter.

    Authorisations: The access to our systems is protected via role-based security.

    Encryption: We use encryption to secure our laptops and the exchange of data with you can, on request, also take place using encryption.

    Monitoring of our systems: Our systems are constantly checked for suspicious behavior via monitoring by a certified third party.

    Periodic penetration testing: A certified third party regularly conducts penetration tests on our network for internal and external vulnerabilities.

    Thread protection: Various systems have been put in place to prevent unauthorized access and exchange of personal data.

    Data protection: Every new system we consider adopting must be tested in advance for the principles of privacy by design and privacy by default. Before we put a new system into use, we will also subject that system to a data protection impact assessment, if required by law.

    Data Leaks: We have established a Data Leak Team to detect and report data leaks.

10. Your Rights

You have various privacy rights pursuant to the privacy regulation. For example you can request:

to inspect the personal data we process in relation to you.

to amend your personal data or supplement these if you believe that the personal data we process in relation to you are incomplete or inaccurate.

to have certain personal data relating to you erased.

to have your data transferred to another party.

You can also object to the processing of your personal data.

11. Cookies

The ENVOY Marketplace uses cookies and similar technologies to distinguish you from other users on its website. A cookie is a small text file that a web browser saves to your computer. You can block the use of cookies generally by changing your browser settings accordingly. This could affect the functioning of the website, however.

Most web browsers automatically accept cookies and similar technologies, but if you prefer, you can change your browser to prevent that and your help screen or manual will tell you how to do this. We also give you information about how to disable cookies in the table. However, you may not be able to take full advantage of our website if you do so.

A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser. Others are used to remember you when you return to the Platform and will last for longer.

We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use.

We use the following types of cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or, make use of e-billing services.

Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us for our legitimate interests of improving the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognize you when you return to our website. This enables us, subject to your choices and preferences, to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region).

12. Third-party websites

Our website contains hyperlinks to websites of other parties and social media buttons. We are not responsible for the content of these websites or the services of the particular social media platforms. Nor are we responsible for the privacy policy and use of cookies on those websites and social media platforms.

13. Our contact details

Please contact us, if you have any questions or comments with regard to how we handle your personal data: [ ]