Label

Privacy Statement –
Somersault Holding BV

Download

This Privacy Statement applies to everyone (hereinafter "you") who visits the website of Somersault.

Somersault Holding BV and its related parties (hereinafter referred to as "Somersault" or "we") would like to inform you via this statement about why and how we collect and process your personal data. This statement was prepared by Somersault in order to provide as much transparency as possible to anyone who we process personal data from.

This statement only applies to the processing of personal data regarding visitors of the website and visitors of one of our offices. If you are an employee of Somersault, we recommend that you read the privacy statement for employees and/or request more information directly from our Privacy Officer. If you are a guest in one of the hotels or restaurants of Somersault, we recommend that you read the privacy statement of the hotel or restaurant. For remaining questions, please contact our Privacy Officer who will assist you in receiving the right information.  

This statement has been drafted in accordance with the General Data Protection Regulation (the “GDPR").

Definitions

Within this privacy statement, the following definitions apply:


  • Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly.

  • Processing: any operation or set of operations performed upon personal data or sets of personal data, whether or not carried out by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

  • Data subject: refers to a person who can be directly or indirectly identified by personal data.

  • Controller: a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • Third party: a natural or legal person, a governmental body, an agency or another body, not being the data subject, nor the controller, nor the processor, nor the persons under the direct authority of the controller or the processor who are authorised to process the personal data.

Controller and Processor

Somersault acts as a data controller. If you have any questions, complaints or comments about your privacy, please contact us at privacy@somersault-group.com.

Controller and Processor

If you fill in a contact form on our website, or send us an e-mail, we process the following personal data:

  • First name

  • Last name

  • Email address

  • Company name

  • Message (subject) – if these contain any personal data

The legal basis for this processing activity is “consent”.

If you apply via the website, we process the following personal data:

  • Email address

  • Personal data you provide us with, think of: CV and cover letter.

The legal basis for this processing activity is “necessary for the performance of a contract”.

With whom do we share your data?

We do not share your personal data with anyone, unless it is necessary to comply with a legal obligation.

Will my personal data be transferred outside the EU or EEA?

In principle, the personal data we process is not transferred outside the European Union (EU) or the European Economic Area (EEA).

However, should this happen, we will ensure that the minimum legal requirements and security standards are met at all times. If we suspect that your personal data will be stored and processed outside the EU, we will explicitly inform you and ensure that the same level of protection is applied as applies within the EU.

How long will your personal data be retained?

We do not keep your personal data longer than necessary to achieve the stated purposes.

Since the need to retain personal data depends on the type of personal data in question and the purpose of the processing, retention periods may vary. We will delete your personal data when it is no longer needed for the purposes for which it was collected.

Should there be personal data that we cannot completely erase from our systems for technical reasons, we will take appropriate measures to secure it by anonymising it and/or by preventing any further processing or use of the data.

How is your personal data protected?

We have implemented generally accepted standards of technological and operational security to protect personal data from loss, misuse, alteration or destruction by unauthorised persons.

We require of our employees, the employees of the hotels and independent contractors, to keep personal data confidential. Also, we ensure that only authorised employees have access to your personal data on a need-to-know basis.

In addition, we only use suppliers who provide sufficient guarantees to implement adequate technical and organisational measures to protect your personal data.

Which rights do you have as a data subject?

Somersault believes it is important for our (website) visitors to be able to properly exercise rights based on the GDPR. These are as follows:

  • The right of access: you have the right to access what personal data we process about you;

  • The right of correction: if the personal data we process from you is incorrect, you have the right to have it amended;

  • The right of deletion: if we no longer need your personal data for the purpose for which we received it, you have the right to ask us to delete it. There are some exceptions to this, such as our obligation to retain certain data for, among other things, the tax authorities;

  • The right to restriction: during the period we are in the process of determining whether your data should be rectified, determining the unlawfulness of data processing, determining whether data should be deleted or you have objected to the processing, you have the right to request the restriction of processing;

  • The right of data portability: upon your request, we must transfer all personal data we hold about you to you or another organisation of your choice. You can only exercise this right if the data is processed on the basis of consent or agreement;

  • The right to object: if we process data based on legitimate interest or public interest, it is possible to object after which a balancing of interests will follow. In the case of direct marketing you always have the right to object.

    If you want to exercise your rights or want to receive information about exercising your rights, you can mail to privacy@somersault-group.com.

Filing a complaint with the competent authority

Even though we do everything we can, it may happen that you are not satisfied with the way your personal data are handled. It is then possible to submit a complaint to the competent Data Protection Authority. We would appreciate it if you would contact us first, so that we can resolve the complaint together.