New GDPR legislation
As of May 25, 2018, the General Data Protection Regulation (GDPR) is the new privacy legislation (known in European terms as the General Data Protection Regulation (GDPR)) and replaces the current Personal Data Protection Act (Wbp). In addition to the envisaged broader protection of personal data, the GDPR requires the controller and the processor to be accountable and verifiable for the entire data processing and security process. These are the principles of accountability and auditability as set out in the GDPR.
Privacy-sensitive data or personal data is processed via the website www.ReSViNET.org. The ReSViNET Foundation considers careful handling of personal data of great importance.
Personal data is therefore carefully processed and secured by us. In our processing, we adhere to the requirements that the GDPR places on us. This means, among other things, that we:
- limit our collection of personal data to only the personal data needed for legitimate purposes;
- first ask you for explicit permission to process your personal data in cases where your permission is required;
- take appropriate security measures to protect your personal data and also require that of parties that process personal data on our behalf;
- respect your right to make your personal data available for inspection, correction or deletion at your request.
Use of personal data
By using our website you leave certain information with us. That can be personal data. We only store and use the personal data that is directly provided by you or that is clearly stated to be provided to us for processing. The ReSViNET Foundation will not use the personal data, as discussed below, for other purposes, unless you have given permission in advance. If you gave permission but you want to retract this permission, we will delete your data at your request within 3 months.
On our website or through an online campaign, we offer the opportunity to:
- make a donation;
- place an order;
- request a contact moment;
- participate in our webinar series;
With each of these options we ask you for your details. Which data we request from you depends on the possibility you use. Below we list per option on which data we request from you and what we do with this data.
If you make a donation via our website, we will ask you for the following information via the donation form:
- First name
- Last name
- Organization (optional)
- Frequency of donation
- Amount of the donation
- The payment method
- Where you heard about the ReSViNET Foundation
The purpose of the donation form is to register the data of you as a donor, so that we have insight into the number of donors that we have, in which ways we donate and how much is donated. We analyze this data.
At the bottom of the donation form, we ask you if you want to receive our newsletters. You have made a donation for healthy babies, so we would like to keep you informed about the money spent, developments in research and actions in the country. You will only receive our regular email newsletters if you tick the box that you wish to be informed by email. If you no longer wish to receive this information, you can always unsubscribe by telephone, post or e-mail for the form of information received (eg newsletter, magazine, etc.).
Online ordering webshop
If you place an order via our webshop on our website, we ask you to sent an email to firstname.lastname@example.org. To be able to place and sent you your order, we ask you for the following information:
- your order
- zip code
- house number
- street name
- send to this address
- send to another address
In reply to your order we will ask you for information about your billing address and provide you payment details.
The purpose of this email with this information is to register the details of you as an orderer, so that we can send you the order and reach you if an order cannot be delivered (fully) or on time.
Request online contact (general)
If you make a contact request via our website, we will ask you for the following information via the contact form:
- First name
- Last name
- Occupation/relation to RSV
- Company/ Organization
The purpose of the contact form is to be able to contact you to respond to your request.
Participate in our webinar series
If you register for a webinar via the registration form on Webinar Geek (see also websites of third parties below), we will ask you for the following information:
- First name
- Last name
- Company name
The purpose of this registration form is to register you as a participant for the upcoming webinar and to allow us to contact you via email for updates on the webinar. We analyze this data, to get insights on who registers for our webinars, and where they come from, and it enables us to tailor our webinars to our audience. The processed data will not be linked to individual participants when published.
When participating during the webinar via the live chat, you agree for your questions, remarks and/or name to be seen by the presenters and moderators and for your questions, remarks and/or name to be mentioned during the webinar.
Disclosure to third parties
We will not provide the information you provide to other parties if you have not given permission for this, unless this is necessary in the context of the execution of the agreement that you conclude with us or if this is required by law.
Websites of third parties
We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend that you read the privacy statements of these websites before using these websites.
For example (Donorbox and Stripe our payment processor, Webinar Geek our webinar platform).
If your data is stored with us and there is no longer an active relationship between you and ReSViNET Foundation, we will not store your data longer than necessary or required by law. If there is no active relationship and everything has been settled, your data will be stored for a maximum of seven years. If you have made a request to have your data deleted earlier and there are no legal or other obligations to keep your data, your data will be deleted at your request.
Inspection, correction and right to object
After a written request, you have the option of viewing, correcting or removing your data. You can send an email to email@example.com. Written requests can be sent to the ReSViNET Foundation Broederplein 41 -43 Zeist, The Netherlands.
The General Data Protection Regulation (GDPR) grants the following rights to persons whose personal data are processed (the data subjects):
Right to information (art 33-34 Wbp / art 13-14 GDPR)
A data subject must be informed that the processing of his personal data is or will take place and what its purposes are. The data subject will also be informed again if the purpose of the processing changes.
Right of access (art 35 Wbp / art 15 GDPR)
A data subject has the right to view the personal data processed by him / her. The controller must provide access to the data subject at the first request of the data subject.
Right to rectification (art 36 Wbp / art 16 GDPR)
A data subject has the right to have his / her incorrect personal data corrected or supplemented.
The controller is obliged to inform any recipient to whom personal data has been provided of any rectification, unless this is impossible or requires a disproportionate effort.
Right to data erasure / oblivion (art 36 Wbp / art 17 GDPR)
The controller is obliged to delete personal data of the data subject without unreasonable delay, including when:
- personal data is no longer necessary for the purposes for which it was collected or processed;
- the data subject withdraws consent and there is no other legal basis for processing;
- the data subject objects to the processing;
- the personal data have been unlawfully processed.
Right to object / right to restriction of processing (Art 18 GDPR)
The right to restriction means that the personal data may (temporarily) not be processed and may not be changed. The fact that the processing of the personal data is limited must be clearly indicated by the controller in the file so that this is also clear to recipients of the personal data.
When the restriction is lifted, the person concerned must be informed.
Right to portability / data portability (Art 20 GDPR)
This right means that a data subject must be able to obtain the data from a controller in a structured, common and machine-readable form and has the right to transfer or have this data transferred to another controller without being hindered unless this is detrimental rights and freedoms of others. A data subject has the right to data portability insofar as it concerns data provided by himself.
Right to object (art 40-41 Wbp / art 21 GDPR)
A data subject can exercise this right to object to the processing of personal data concerning him for reasons related to his specific situation, if the requirements set out in the regulation are met. If a data subject objects, the controller stops processing, unless compelling legitimate grounds determine otherwise.
Right not to be subject to automated individual decision-making / profiling (Art 42 Wbp / Art 22 GDPR)
This right could, for example, include the processing of applications via the Internet without human intervention. In the following three cases, automated individual decision-making is possible:
- it is necessary for the conclusion or execution of an agreement;
- it is permitted by Union or Member State law;
- it is based on the express consent of the person concerned.
Changes to this privacy statement
We reserve the right to make changes to this statement. Changes will be published on this website and we will keep old versions available. It is recommended to consult this statement regularly so that you are aware of these changes.
This privacy statement was last modified on September 9, 2020.