Privacy Policy - Disease Prevention Protocol for seeds

Welcome to our website http://www.DPPveg.org and thank you for taking an interest in our activities.

This Privacy Statement clarifies:

the personal data that we collect when you interact with DPP, either via a visit of our website or as an applicant or member of DPP
the purposes for which we use said data
the legal grounds for processing personal data
the recipients we transfer the data to
the retention period for personal data
whether you are required to provide your personal data

We would also like to inform you about:

your rights in terms of personal data processing
the Data Controller under applicable data protection law (GDPR)

If you have questions about this Privacy Statement, please contact DPP at info@DPPveg.org.

1. Which personal data do we collect when you interact with DPP?

In this paragraph we explain what personal information DPP collects when you interact with us, either via a visit of our website (A), or as an applicant to DPP-membership (B) or as a member of DPP.

A. When you visit our website

When you visit our website, without contacting us or clicking access, your browser automatically sends DPP the following information:

your browser information
your IP address
the website you were visiting before our website
the date and time of your visit
status information, for example error messages

What are the purposes of that processing?

The above-mentioned personal data processing by DPP is necessary to send the content requested by your browser. In addition, in order to protect us from attacks and safeguard the correct functioning of our website, we store the data temporarily and with limited access for up to 180 days. That retention period might be extended if we are required to react to attacks and incidents. We only examine the User of an IP address in the event of an illegal attack.

What are the legal grounds for data processing?

The legal grounds for the processing of personal data are that said processing is necessary in order to provide the website functions requested by the user (article 6(1)(b) of the European Regulation on Personal Data Protection (General Data Protection Regulation; “GDPR”). Moreover, the above-mentioned personal data is stored for the purpose of safeguarding our lawful interests, to defend and protect our website and to launch investigations in the event of unlawful attacks under article 6(1)(f) of the GDPR.

B. When you are an applicant to the DPP-membership

When you represent a company that wants to apply for the DPP-membership, we collect the following personal information of you in the application process:

name and surname
your corporate e-mail address
your corporate telephone number

What are the purposes of that processing?

The purpose of the processing of your personal information is the use of your data in the application process. More precisely, we use your data to communicate with you in the process of considering the company that you represent as a candidate for the DPP-membership. The personal information described above will be stored to the extent necessary for these purposes. In addition, DPP may store such personal information if and to the extent that this is provided for by the applicable laws. Your personal information will thereafter be stored and kept (temporarily) in the filing system of DPP.

What are the legal grounds for data processing?

The legal grounds for processing are article 6(1)(b) of the GDPR and article 6 (1) (f) regarding DPP’s legitimate interest in safeguarding our legal interests, assessing the application of the company that you represent for DPP-membership, including exchanging necessary information between the company that you represent and DPP and sharing the outcome of this assessment.

C. When you are a DPP member

When you represent a company that is a member of DPP, we collect the following personal information of you in our filing system:

name and surname
your corporate e-mail address
your corporate telephone number

What are the purposes of the processing?

The purpose of the personal data processing is to reach the goals as defined by DPP in relation to disease prevention in the vegetable seeds industry. You can read these goals here: https://dppveg.org/about-us.

What are the legal grounds for the data processing?

The legal grounds for the processing is our legitimate interest pursuant to Article 6(1)(b) of the European Regulation on Personal Data Protection GDPR, namely the need to enter into a contract between DPP and the member (company) that you represent.

2. Do you need to provide your data?

When you visit our website, your browser automatically transmits the information indicated in Section 1.A. to DPP, on the terms detailed above. You are free to transmit said data. If you do not provide the data, we will not be able to provide you with the content you request.

3. Who do we transmit your data to?

We transfer the data detailed in Section 1 above to third parties, who are mostly based in the EU. Sometimes we transfer the data outside teh EU, e.g. to the USA. In that case we ensure that we have taken appropriate and legal measures to safeguard the protection of your personal data. Specifically for the transfer of personal data to the USA, we have put in place Standard Contractual Clauses with the Data Processor.

Your personal data may only be transferred without your express consent if it is legally permitted or necessary.

Your personal data may also be transferred to the following third-party suppliers of DPP that perform services on our behalf, for example, companies that provide support services to us (such as credit card processing services, data storage services, and web hosting services)

In any event:

The data you provide when you access the website shall be shared within DPP for internal administrative purposes, including customer assistance when required. That transfer is made in our legitimate interest in processing data for administrative purposes within DPP.

Your personal data may be transmitted to competent authorities (for example, tax authorities, the police, the courts). The data will be transferred to the extent required by law, or because it is in our legitimate interest to share said data to report abuse or as part of legal proceedings.

We have carefully selected our external partners and suppliers, such as data controllers, and they are under the obligation to process all personal data solely in accordance with our instructions.

With respect to transactions that may affect the structure of our company, information relating to customers may be shared with the relevant part of the company to be transferred. Any transmission of personal data shall be justified on the grounds of a legitimate interest in amending and adapting our business to requested economic or legal circumstances.

4. How do we protect your personal data?

We have implemented technical and organisational measures to ensure an adequate level of security for your personal information against accidental or unlawful modification, destruction, loss or unauthorised dissemination. Those measures shall be constantly implemented in accordance with technological developments.

5. Data retention period

We delete or anonymise your personal information as soon as it is no longer required for the purposes for which it was processed, as detailed in the sections above, unless its deletion or block would infringe applicable law requirements relating to record retention (such as the retention periods required by tax laws and/or accounting obligations).

Personal data processed in accordance with your consent shall be retained until said consent is revoked.

We delete your personal information as soon as said data is no longer required for one or more of the purposes outlined in this Privacy Statement, unless deleting or blocking said data constitutes an infringement of our legal retention obligations (for example, the retention periods required by applicable tax laws).

6. Does our website use cookies?

When you visit our website, we inform you regarding our use of cookies via a banner. You accept the use of cookies when you decide to proceed with using our website.

List of cookies

A cookie is a string of data (a text file) that when a user visits a website, the latter asks the browser to memorise on the device to register certain information, such as the preferred language or access credentials. The cookies we use are called proprietary cookies. We also use third-party cookies, which are cookies from a domain other than the website you are visiting, for advertising and marketing purposes. In particular, we use cookies and other tracing technology for the following purposes:

Strictly necessary cookies

These cookies are necessary for the website to function properly and cannot be disabled by our systems. They are usually only used in response to actions that you take when requesting a service, such as amending your privacy preferences, accessing or filling in forms. It is possible to change your browser settings to block these cookies or alert you to their presence, however, some sections of the website may no longer function properly. This type of cookie does not retain personal information.

Performance cookies

These cookies make it possible to keep a count of traffic to the website and to monitor and improve the performance of the website. They help us to understand the most and least popular pages and to see how visitors navigate our website. All the information collected by the cookies is aggregated and anonymous. If you block these cookies, we will not be able to know when you visited our website.

Functionality cookies

These cookies allow the website to provide advanced functions and personalised features. They can be set by us or by third-party providers whose services have been added to our web pages. If these cookies are not authorised, some or all of those services might not function properly.

It is possible to adjust your browser settings according to your preferences and to decide which cookies you want to accept or refuse. Please note that if you refuse the above-mentioned cookies, some sections of the website may not function properly and some preferences are mandatory in order to use the platform.

7. What are your rights?

You have a series of rights under the GDPR, including the right to request a copy of your personal information that we store, if you lodge a request in writing:

Right of access: the right to access your personal data (if they are processed by us) and other information (such as the information provided in this Privacy Statement)

Right to rectification: you have the right to obtain the rectification of your personal data that is inaccurate or incomplete

Right to erasure: the right “to be forgotten”, which means the right to request the erasure or the removal of your information if there is no valid reason to continue to use it. This is not a general right to erasure; there are exceptions. For example, we are entitled to continue to use your personal data if it is necessary to comply with our obligations under law or to accept, to enforce or to defend a right in legal proceedings

Right to the restriction of processing: it is your right to suspend the use of your personal information or to limit our use of it. Please note that said right is limited to certain situations: in the event of the processing of your personal information that we collect from you with your consent, you are entitled to request the limitation of the use thereof only in the event: (a) the data is inaccurate; (b) our processing is unlawful and you don’t want your data to be erased; (c) for legal reasons; or (d) we no longer need to use the data for the purposes for which it was stored. When the processing of data is limited, it is our right to store information but not to use it further. We store a list of individuals who have requested the limitation of their data in order to ensure that said limitations are applied in the future.

Right to data portability: the right to request to move, copy or transfer (if technically feasible) your personal data in a structured, commonly used and machine-readable format, for your use via other services

The right to object: the right to object to our use of your personal data also in the event such use is in our legitimate interest or for direct marketing purposes

The right to be informed: you have the right to receive clear, transparent and easily comprehensible information on how we use your personal data

The right to withdraw consent: if you consent to our use of your personal data, you are entitled to withdraw that consent at any time (this does not mean that the actions we took using your personal data with your consent up until the revocation of that consent were illegal).

The exercise of those rights is free however you must provide documental proof of your identity. We are focussed on making the utmost effort, also in accordance with law, to provide, rectify or delete your personal data from our records.

In order to lodge a request or to exercise any of your rights identified by this Privacy Statement and/or to lodge a complaint, please e-mail or write to us and we will strive to reply within 30 days. Please see Section 9 for our contact details.

If we receive a formal complaint in writing, we undertake to contact the relevant data subject in order to follow up on that complaint. We work closely with the regulatory authorities, including the Data Protection Authority, in order to resolve any issues that we are unable to directly resolve.

If you are unhappy with how we are handling a complaint regarding your personal data, you may contact the Personal Data Authority directly.

8. Where can you lodge a complaint?

You have the right to lodge a complaint via our contact detailed below or with the Data Protection Authority, or before the Data Protection Authority, for example before the Dutch Authority for Personal Information (https://www.autoriteitpersoonsgegevens.nl).

9. Who is the Data Controller?

The Data Controller is:

Disease Prevention Protocol (DPP) Foundation

Burgemeester Crezeelaan 40

2678KX De Lier