Privacy Statement

1. Introduction
2. Personal data we collect
3. Why we collect your personal data: purposes
4. Legal bases for processing
5. Personal data of minors
6. Cookies
7. Google analytics
8. How long we store your data
9. How we secure your data
10. Where your personal data is processed
11. Who has access to your data
12. Changes to our policy
13. How can you exercise your rights?
14. Objection and right of complaint
15. Contact



1. Introduction

Your privacy is important to Xindao. This Privacy Statement describes how we handle your personal data.
We shall only use your personal data for the purposes stated in this Privacy Statement and for no other purposes unless the further processing of the personal data is compatible with the purposes for which this data was originally processed.

2. Personal data we collect


We collect personal data via our website www.xindao.com, when you contact us and/or when we send a newsletter.
Personal data is data that can be used to identify your identity. We collect the following information from you in the following way:
• If you create an account on our website, we ask you for your name, e-mail address and password so that you can log in and use our services. We request your billing information and delivery address so that you do not have to enter it again for your next order.
• When you place an order on our website, we ask you for your name, address, contact details and invoicing details in order to process the order and deliver your order.
• If you write a review, we will ask for your e-mail address to contact you if you are not satisfied with your purchase.
• If you contact our customer service by means of the chat function, filling in the web form, or sending us an e-mail, we ask you for your name and e-mail address in order to be able to answer your question.
• If you wish to receive our newsletter, we ask you for your e-mail address in order to be able to send you this newsletter.
• When you visit our website, we collect information about your visit and click behaviour on our website in order to bring our products to your attention and to personalise your website visit. This concerns the IP address of your computer, your username, the time of retrieval, and any other data your browser sends to us.
• We collect technical data from our website visitors in order to analyse and improve our services. This includes the measurement and analysis of statistical data and the generation of user statistics. We use technical data through the use of cookies.

3. Why we collect your personal data: purposes

We only process your personal data for the purposes described above.
We shall ask you for your consent before we use your personal data for other purposes, unless the further processing of the personal data is compatible with the purposes for which this data was originally processed. If we wish to process your personal data for other purposes, we shall inform you in advance.
We may have to share your personal data with authorities or other third parties, for example when there are legal obligations.
We shall not use your personal data to take a decision based solely on automated processing, including profiling.

4. Legal bases for processing

Contract
When you place an order, you enter into a contract with us, which means we require certain information from you, such as your name, e-mail address and billing information.

Justified interests
We may process your data if we have certain legitimate interests in processing your personal data, except if your interest in not having the data processed is greater.
Optimising our marketing campaign, personalising our website, and answering your questions is part of our regular business activities. In addition, we would like to keep you informed about our products via the newsletter as part of our regular business activities. Xindao also has an interest in a website with good functionality that is tailored to the wishes of the visitors of the website.
When you place an order for the first time via www.xindao.com we first ask you to create an user account. This fits in our justified interests, because this will speed up the order process and your personal data only needs to be filled in once.

You have the right to object to these processing operations. If you wish to object, please contact us. You can reach us via e-mail: info@xindao.nl or call : +31 (0) 70 319 99 00. In that case, we shall cease processing your personal data unless there are compelling, justifiable reasons why our interest in the processing is greater than your interest in stopping the processing. You may not be able to make the best use of our services if you request us to cease processing.

Permission
In certain cases, we ask you for permission before we process your data. This concerns the following processing:
• Before you create an account on our website
• Before we send you a newsletter

You have the right to withdraw your consent at any time. In that case your personal data shall be deleted.
You can withdraw your consent in the following way:
• Send an e-mail to: info@xindao.nl.
• Via telephone: +31 70 319 99 00.
• Newsletter: each newsletter contains a link that allows you to unsubscribe with one click.

5. Personal data of minors

We only process the personal data of minors if written permission is given by the parent, caregiver or legal representative.

6. Cookies

We use so-called “cookies”. Cookies are small text files that are stored on a computer or other device such as a tablet or telephone when a visitor views or uses our website. Because some cookies can be traced to personal preferences, they fall under personal data. The purpose of the use of cookies by Xindao is:
• To allow the website to function properly or better by, for example, recognising the visitor and thus providing a better service.
• Traffic analysis on a website with the aim of identifying potential improvements.
• Recording visitor surfing behaviour with the aim of being able to make more targeted offers.
You can decide yourself whether to accept or refuse cookies. Most internet browsers are set to accept cookies automatically by default. You can, however, change the settings of your browser to prevent this. The Help function of your internet browser shows how you can block cookies. When you choose this, it is possible that certain parts of the website do not function optimally or are not accessible. It is also possible to adjust the settings so you receive a notification before a cookie is saved. We do not keep unique personal data. Therefore, no information is included in our cookies that can be traced back to individual persons. We deal with the data collected by means of cookies confidentially.

7. Google analytics

We use Google analytics for gathering statistic information about our website-use with the purpose of creating targeted marketing campaigns.

8. How long we store your data

We do not store your personal data longer than is necessary for the purpose for which we process the data.
• Newsletter: your name and contact details will be kept for as long as you are interested in receiving our newsletter.
• Answering your questions: your name and contact details are stored with a maximum period of 1 year. Unless there are other (legal) reasons for retaining the data.
• Delivery of our products: we do not store your data longer than is necessary to deliver the product, to collect the invoice and for other administrative purposes. We shall not store the data we need to collect the invoice for more than two years, unless there are other (legal) reasons for retaining the data.
• Technical reasons, such as website optimisation: technical data is stored in an anonymous form as far as possible and used as long as necessary to optimise the website, but not longer than six months.
• Surveys : we keep this information no longer than necessary to monitor our quality of service.

9. How we secure your data


We have taken technical and organisational measures to protect your personal data against unlawful processing or loss.
The security measures we have taken include, but are not limited to, the following measures:
• All persons working with us are bound to maintain confidentiality of your personal data.
• We ensure third parties who have access to your personal data comply with the requirements we set for security. We have entered into contracts with these third parties to protect your data.
• Where possible, we pseudonymise your data and we encrypt personal data.
• We have created a secure backup environment in order to be able to restore personal data in the event of physical or technical incidents.
• We test and evaluate the set measures regularly.

We cannot completely prevent third parties from accessing your data or prevent a loss of your data through a breach of our security measures, but we shall take all appropriate measures to ensure your personal data is not accessible to unauthorised persons.

10. Where your personal data is processed

We process your personal data in the European Union. Your personal data will not be processed or transmitted to other countries.

11. Who has access to your data

We shall not provide your personal data to third parties, except to the parties described below or if you have given permission for this.
We work with the following external parties who have access to your personal data:

• Maintaining our financial administration via our ERP system (Microsoft Dynamics)
• Copernica for direct mailings.
• Salesforce, for statistic purposes.

We have entered into a processing agreement with those parties that process your personal data in order to protect your personal data.
We reserve the right to share your personal data with third parties when this is required by law or when this is necessary to protect the interests of you, us or third parties.

12. Changes to our policy

This Privacy Statement may be amended in the event of changes to our products or services, or changes in privacy legislation. We shall publish every amendment on this website. In the case of substantial amendments that apply to you, we shall inform you personally about this by sending you an e-mail for example.

13. How can you exercise your rights?

You have a number of rights under the privacy legislation (including the GDPR). These rights are described in articles 12 - 23 of the GDPR and in related legislation. In any case, you have the following rights with regard to your personal data:

• Right to request access to your personal data
• Right to request the correction of your personal data if it is incorrect (rectification)
• Right to request the removal of your personal data
• Right to request restriction of your personal data
• If we have processed your personal data on the basis of our legitimate interests: the right to object to the (further) processing of your personal data (opposition)
• If we have processed your data on the basis of your permission: right to request the transfer of personal data (data portability)

If you want to receive more information about this or if you want to use one or more of these rights, you can contact us via info@xindao.nl

14. Objection and right of complaint

We process certain personal data about you based on our justified interests. You have the right to object to the processing of your personal data on this basis at all times. In that case, we shall cease processing your personal data unless there are compelling, justified reasons why our processing interest is greater than your interest to stop the processing.

What should you do if you disagree with a decision by us, for example when we decide not to delete your personal data? You can use one or more of the following options:

• Contact us: in that case we shall try to work with you to find a solution. You can find our contact information at the bottom of this Privacy Statement.
• File a complaint: you have the right to file a complaint with the Data Protection Authority: https://www.autoriteitpersoonsgegevens.nl/
• Request for mediation: you can ask the Data Protection Authority to mediate between you and us: https://www.autoriteitpersoonsgegevens.nl/
• Litigate: you have the right to turn to the competent court to settle the dispute.

15. Contact

The responsibility for processing personal data lies with:

Xindao B.V.
Verrijn Stuartlaan 1D
2288 EK Rijkwijk
E-mail: info@xindao.nl
Telephone: +31 (0)70 319 99 00