This is the Privacy Statement of Semifest B.V. registered at the Overhoeksplein 31, 13e verdieping, Unit F in Amsterdam, the Netherlands hereafter referred to as “Semifest” or “we”).
We are a Dutch organization that processes personal data. Processing includes, but is not limited to, using the personal data. Semifest processes your personal data because you use Semifest’s services, or because you gave permission for us to do so for a certain processing.
As Semifest is committed to using personal data responsibly, Semifest handles your personal data carefully. Semifest respects the privacy of all people who are in any way involved with it or use its services. Semifest processes your personal data in accordance with the current privacy legislation. For example, that means that your personal data are processed for the processes as described in this Privacy Statement.
In all other circumstances, Semifest processes your personal data if you have given consent for Semifest to do so.
This Privacy Statement explains which data Semifest uses for which purposes and what we do to protect your privacy. If you have any questions related to privacy, please contact us by sending an e-mail to: email@example.com
We ensure that there is a legitimate interest (which means a reason) for every processing of personal data. If processing would be unlawful, Semifest will not process your personal data. Our processing of personal data is legitimate if:
Semifest only processes data that are required for the pursuit of commercial and business activities. This means that Semifest does not process any data that reveals religious beliefs, ethnicity, or political opinions.
If we perform a customer investigation, we will process at least the data listed below. This depends on whether you are a natural person, a sole proprietorship, or a legal entity such as a private limited company or a public limited company.
If the involved party is a natural person or a sole proprietorship, then we will process the following personal data to perform a customer investigation.
· First name(s) in full
· Address (including country)
· Date of birth
· Place and country of birth
If the involved party is a legal person, partnership, company, or type of business other than a sole proprietorship, then we will process the following personal data to perform a customer investigation.
· First name(s) (in full) of the manager(s)
· Surname(s) of the manager(s)
· Date of birth(s) of the manager(s)
· First name(s) (in full) of the ultimate stakeholder(s)
· Surname(s) of the ultimate stakeholder(s)
· Proof of identity of the ultimate stakeholder(s)
· Type(s) of proof of identity of the ultimate stakeholder(s)
· Nature and size of the stake each ultimate stakeholder has
· Ownership and input structure
If a proof of identity document expires, we may ask you to send us a new copy of a valid proof of identity.
In certain cases, we must perform an in-depth customer investigation. In those cases, we will request supplementary information (including personal data) from you, such as proof that you reside at the address you have submitted, a statement from you or another party (such as a civil-law notary or an accountant) regarding your transactions or your assets.
Furthermore, we may process the following personal data:
· contact details such as phone numbers (cell phone or otherwise) and e-mail address;
· date of birth;
· sex, marital status, family composition;
· payment details such as billing address, bank account number, and – if applicable – credit card details;
· work-related details such as the name of your company, employer, position, and income details;
· origin of the assets;
· technical data on the use of Semifest’s website;
· data on hobbies and interests;
· data for compliance with Semifest’s legal obligations.
Semifest may also, in certain circumstances, process sensitive personal data such as health data or data on crime and criminal justice. These will only be requested if Semifest has a legitimate interest in doing so or if Semifest has received your consent to do so.
The aforementioned personal data may be combined to provide targeted and personalized information.
Semifest acquires personal data from data subjects by asking for it. Additionally, data subjects always have the choice to submit this data to Semifest and can contact Semifest to withdraw their consent for us to process their personal data. We cannot offer, provide, or make available certain services, wholly or in part, if we do not have your personal data.
Furthermore, Semifest also acquires personal data from public sources. This can include information that has been made publicly available, such as which businesses are registered with the Chamber of Commerce and the personal data of contact persons of that business. Semifest approaches each of these persons or legal entities to engage in Semifest’s business and commercial activities. When Semifest first establishes contact with these persons or legal entities, Semifest asks for consent to process personal data.
Semifest always communicates in a transparent manner regarding how the personal data was acquired.
Semifest will process your personal data to enter into agreements and to pursue the goals and corporate interests of Semifest, including engaging in activities, commercial or otherwise, that increase Semifest’s client database, and assessing and accepting customers in relation to fraud prevention and adhering to the applicable laws and regulations.
If you fill in a contact or registration form on Semifest’s website or send Semifest an e-mail, the information you have sent will be saved for as long as is necessary to fully respond to and deal with it based on the nature of the form or the contents of your e-mail. This data will never be used for further unsolicited approaches that are not in line with the interests, question, or request that you indicated.
Semifest uses the personal data that you voluntarily provided to communicate with you and update you on matters that are important to Semifest’s services.
A fixed criterion or retention period does not apply to the categories of personal data that are processed by Semifest. This data will be retained for as long as is necessary.
The personal data will be retained for at least the period during which the data subjects use Semifest services, as well as in the following period. This is because Semifest maintains close contact with its customers as well as the fact that many data subjects invest in Semifest for longer periods of time.
In exception to the aforementioned, Semifest must retain certain data for longer periods of time to comply with legal requirements. An example of this is that payment details must be retained for the Dutch Tax and Customs Administration for seven years in accordance with the Algemene wet inzake rijksbelastingen (State Taxes Act).
Your personal data may be exchanged and combined at Semifest.
To process your personal data, Semifest sometimes employs third parties that are given access to your personal data, including banks and administrative offices that are relevant to our service provision, external service providers connected to the processing of your personal data such as ICT service companies, accountants, or other parties to which we outsource some supporting services. Where possible, Semifest obligates these parties to act in their capacity as processors, which means that Semifest determines the goal and means in advance and that the processor works in accordance with Semifestl’s instructions and safety requirements. These agreements are documented in processing agreements.
It is possible that some processors are located outside of the EU, where different laws and rules apply. In such cases, supplementary agreements will be made in which Semifest ensures that the same level of privacy protection can be guaranteed for Semifest’s data subjects.
Semifest makes the utmost effort to take appropriate technical and organizational measures to prevent the loss of personal data or unauthorized access. Semifest works with vendors active in software and IT security that have sufficient resources and management procedures to secure the personal data Semifest processes to prevent unauthorized access or publication while guaranteeing the accuracy and correct use of the data.
You can request access to the personal data that Semifest has collected on you at any time. You have the right to:
· publicly inspect the personal data known to Semifest;
· access information on which processing is applied to your personal data;
· correct or modify personal data known to Semifest;
· remove the personal data (the right to be forgotten);
· limit the processing of your personal data;
· transfer your data to other parties if possible (data portability).
Semifest hereby informs you that you have the right to submit a complaint to the Dutch Personal Data Protection Authority. As Semifest makes the utmost effort to ensure you are satisfied with Semifest’s services and handling of your personal data, Semifest would prefer to first review the options for an appropriate solution with you.
If you wish to exercise the right to be forgotten, this may conflict with Semifest’s ability to provide services or comply with regulations such as Semifest’s legal obligations. Together with you, Semifest will ensure that an appropriate solution is found for you to best exercise your right.
You can also revoke any previously granted consent to process your personal data.
You can submit a request as specified above, if Semifest processes your personal data. This application must be submitted in writing by mail or by e-mail.
Semifest reserves the right to change this Privacy Statement. In that case, the review date will be updated. You can find the most recent version on Semifest’s home page.
Published: November 2019