Effective as of 25th of May 2018
MatchaParadijs is committed to safeguarding and preserving the privacy of all personal data which may be provided to our company in relation to:
- the ongoing running of our business activities or services;
- visits to our websites; or
- any other interaction with us.
This may include personal data that you provide to us, or that we collect from you.
Terms and Definitions
General Data Protection Regulation (GDPR): The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Controller: the entity that determines the purposes, conditions and means of the processing of personal data.
Data Processing: any operation performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Processor: the entity that processes data on behalf of the Data Controller.
Data Protection Authority: national authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union.
Data Subject: a natural person whose personal data is processed by a controller or processor.
Personal Data: any information related to a natural person or \'Data Subject\', that can be used to directly or indirectly identify the person
Profiling: any automated processing of personal data intended to evaluate, analyze, or predict data subject behavior.
Regulation: a binding legislative act that must be applied in its entirety across the Union.
Subject Access Right: also known as the Right to Access, it entitles the data subject to have access to and information about the personal data that a controller has concerning them.
Who are we?
Where this Policy refers to `we`, `us`, `our` it refers to MatchaParadijs.
Our business provides Matcha Green Tea from Japan.
We act as sole Data Controller only to any data submitted via our website contact form.
Contact Details for Data Controller
The Data controller is: MatchaParadijs , Pastoor Nicolaus de Reimsstraat 3, 6231HJ Meerssen, The Netherlands.
Our Data Protection Principles
Principle 1: Lawfulness, Fairness and Transparency
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. This means, MatchaParadijs must tell the data subject what processing will occur (transparency), the processing must match the description given to the data subject (fairness), and it must be for one of the purposes specified in the applicable data protection regulation (lawfulness).
Principle 2: Purpose Limitation
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means MatchaParadijs must specify exactly what the personal data collected will be used for and limit the processing of that personal data to only what is necessary to meet the specified purpose.
Principle 3: Data Minimisation
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. This means MatchaParadijs must not store any personal data beyond what is strictly required.
Principle 4: Accuracy
Personal data shall be accurate and, kept up to date. This means MatchaParadijs must have in place processes for identifying and addressing out-of-date, incorrect and redundant personal data.
Principle 5: Storage Limitation
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. This means MatchaParadijs must, wherever possible, store personal data in a way that limits or prevents identification of the data subject.
Principle 6: Integrity & Confidentiality
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage. MatchaParadijs must use appropriate technical and organisational measures to ensure the integrity and confidentiality of personal data is maintained at all times.
Principle 7: Accountability
The Data Controller shall be responsible for and be able to demonstrate compliance. This means MatchaParadijs must demonstrate that the six data protection principles (outlined above) are met for all personal data for which it is responsible.
What Personal Data We Collect
We will collect information from the data subject where one of the following apply:
- The nature of the business necessitates collection of the personal data.
- Collection of personal data may be carried out under emergency circumstances in order to protect the vital interests of the data subject; or to prevent serious loss or injury to another person.
The legal basis for processing personal data is to meet our contractual obligations to customers in relating to providing Matcha and associated services; and to respond to potential customer enquiries.
The legitimate interests pursued by MatchaParadijs and/or its customers is to promote the Matcha Green Tea and associated services offered by MatchaParadijs and/or to market the services offered by MatchaParadijs to existing customers.
How we use the information
We will use the information collected to:
- provide legitimate documentation to customers relating directly to the proper performance of our business services;
- process quotations, invoices and other financial information relating to the services provided to you;
- communicate via telephone and email regarding the services you receive, or advise of matters of safety in relation to services;
- discuss and provide information to legitimate suppliers or sub-contractors of associated services in order that those services can be provided as per our service agreement;
The use of such data is based on legitimate business interests in providing services to you. In you making initial contact with us, you consent to us maintaining a dialogue with you until you either opt out (which you can do at any stage) or until services are cancelled by either party. We may also act on behalf of our customers in the capacity of data processor. When working exclusively as a data processor, we will act on the instruction of our customer, and we will work hard to ensure that the customer remains fully GDPR compliant.
People accessing our website (ex. Data Subjects) may visit our site anonymously. We will collect personal data from users only where it is voluntarily submitted, and any such information provided to us is deemed part of taking part in the activity of the site.
Users contacting us via our website enquiry form do so at their own discretion. Personal details provided for the purposes of a website enquiry may include, but are not limited to:
- Phone number;
- Email address;
- Additional data which the enquirer may provide which may include an address or mobile phone number etc.
- Bank Information
Our website enquiry form does not store or retain information. Information is passed securely via email to the company\'s owner. Personal data provided is kept private and stored securely until such time it is no longer required or has no further use. Whilst we have made every effort to ensure a safe and secure contact form to email submission process; we do advise users that in providing personal data that they do so at their own risk.
By using this site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.
No personal details from our website are passed on to third parties, nor shared with other companies or people outside of the company that operates the website. We use Google Analytics to gather data on our website visitors for marketing purposes. All data is anonymous, and no personally identifiable information is collected.
Disclosure of Information
We do not sell or pass on information to third parties for marketing purposes, or any other purpose not associated with our business needs, without your consent. However, we may disclose personal data to meet legal obligations, regulations or valid government department requests.
How Long will We Retain Data For
Data will only be held for as long as necessary to fulfil the purpose of the processing of such data and for statutory or legal reasons.
We will store customer data for the duration of our contractual relationship and up to a period of ten years after our contractual relationship has ended. This may be for financial requirement, tax authorities or if we believe it may be necessary to handle any future potential complaints or claims.
We will store customer contact data for as long as you wish to receive information and service communications from us.
Your Rights as a Data Subject
At any point whilst we are in possession of, or processing your personal data, all data subjects have the following rights:
- Right of access - you have the right to request a copy of the information that we hold about you.
- Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten - in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing - where certain conditions apply you have a right to restrict the processing.
- Right of portability - you have the right to have the data we hold about you transferred to another organisation.
- Right to object - you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling - you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
At your request we can confirm what information we hold about you and how it is processed.
You can request the following information:
- Identity and the contact details of the person or company (MatchaParadijs) that has determined how and why to process your data.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of our business, or a third party such as one of our clients, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (Data Protection Regulator).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn\'t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
We do not store personal data outside of the EEA.
If we suspect that a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data might have occurred, must immediately notify the supervisory authority and provide a description of the circumstances. Notification of the incident can be made via e-mail, by telephone, or in person.