Thank you for visiting our website and taking the time to read our privacy statement (“ Statement”). Our website – dopecode.com – (the “DopeCode Website”) is owned and operated by ErnestoZ Beheer B.V., an entity incorporated under the laws of the Netherlands (referred to in this Privacy Statement as “DopeCode”, “we”, “our”, or “us”).
If you have any questions about this Privacy Statement after reading it, please contact us at email@example.com.
In this Privacy Statement we explain DopeCode’s privacy practices and principles. Below you will find information about the personal data that we collect from the visitors of the DopeCode Website. We also provide information about the personal data that we collect from our clients in the context of the services we provide.
Who is responsible?
When it comes to the DopeCode Website, DopeCode (ErnestoZ Beheer B.V.) is in principle responsible for the processing of your personal data. This means that DopeCode is the ‘data controller’ within the meaning of the General Data Protection Regulation (“GDPR”; (EU) 2016/679).
Other services DopeCode provides
DopeCode provides a number of IT related services to its clients. When doing so, we often process certain personal data on behalf of our clients. In such case, we are acting as a ‘data processor’ within the meaning of the GDPR and not as a ‘data controller’. For this data processing, the client for which we process your personal data is responsible. This is for example the case if we use a dataset of our client to develop software.
Categories of data subjects
Categories. As data controller, we process personal data of website visitors and (the personnel of) our clients.
No personal data of minors and other persons with a legal representative. DopeCode does not intend to process the personal data of persons younger than 16 years old. We also do not focus on persons who are placed under a legal relationship, such as guardianship or persons who are supervised or administered by someone else. If, in exceptional cases, we do process personal data of these persons, DopeCode will take into account the vulnerable position of these persons and take extra precautions
Which personal data is used and for what purposes?
We collect personal data via the DopeCode Website and in the context of our services. We process this personal data in various ways. In this section 4 we provide information about the processing of your personal data per activity/topic.
Processing purposes. In addition to the specific data processing activities conducted by DopeCode that are explained below, we process your personal data for the following (general) purposes:
For maintenance, administration and network and security purposes;
- For internal control and business operations;
- For analyzing and improving our services;
- For handling any requests, complaints and disputes;
- For determining, exercising and defending our rights; and
- For complying with legal obligations (incl. fraud prevention) and requests of authorized governmental institutions
General processing grounds. We may also process your personal data based on the following legal grounds:
- Legal obligation. We may process your personal data based on a legal obligation. This means that we will process your personal data for as far as we are legally obliged to do so, for instance to comply with statutory minimum retention periods imposed by tax laws.
- Legitimate interest. We may also process your personal data based on our ‘legitimate interest’. This means that a balance of interests is performed between the interests that are served by the processing on the one hand and your privacy interests on the other hand, and that the interests in favor of the processing prevail. The related legitimate interests are included below per topic. If you prefer more information, you may always contact us directly via the contact details in section 12 below.
- Consent. Only in exceptional cases we base the processing of your personal data on your (explicit) consent.
The DopeCode Website
We process your personal data for providing, maintaining and improving the DopeCode Website, and for our social media activities.
The persons involved. Our website visitors: people who visit the DopeCode Website
The purpose of the processing. When you visit the DopeCode Website, we will process your personal data for the following purposes:
- Functioning of the DopeCode Website; and
- The general processing purposes mentioned above.
The personal data that is processed. When you visit the DopeCode Website, we may process the following information about you which is collected automatically:
- IP address;
- Device ID;
- Browser type;
- Global geographic location (e.g. location on national or city level);
- Other technical information (e.g. regarding the interaction between your device and the DopeCode Website, the web pages that were visited, the links clicked and the log data).
Sensitive information. In the context of the DopeCode Website we do not, in principle, process sensitive information such as information about your health. If, in specific cases, we do decide to process sensitive information, you will be separately informed about this processing and where necessary, we will request your explicit consent.
Legal grounds for the processing. We base the use of your personal data in the context of the DopeCode Website on one of the following legal grounds:
- Consent. Sometimes we base the processing of your personal data on the (explicit) consent of the relevant person.
- Legitimate interest. Our legitimate interest in offering and using the DopeCode Website and social media; and pursuing the other processing purposes listed above.
We process your personal data in order to provide our services to our clients. Which specific data we process depends on which specific service(s) we provide to our clients.
The persons involved. (Personnel of) our clients and other individuals who engaged us for specific services.
The purpose of the processing. When you engage DopeCode for specific services, we may process your personal data for the following purposes:
- To provide you with the requested services; and
- The general processing purposes mentioned above.
The data that is processed. When you engage DopeCode for specific services, we may process the data required to enter into a contract with you and the data required to provide our services to you. We can for example process the following information:
- Personal data about our clients (such as full name or company name);
- Contact information (of contact person (s)) of our clients, such as first and last name, gender, position, company name, phone number email address, work address, spoken language and LinkedIn URL (or other communication channels chosen by you);
- Description of services;
- Financial data of our clients
Legal grounds for the processing.We base the use of your personal data in the context of the DopeCode’s services on one of the following grounds:
- Performance of contract. The performance of our contract with our client
- Legitimate interest.Our legitimate interest is to provide you with the requested services.
DopeCode’s Let’s Talk
The persons involved. Website visitors who fill out our contact form on the DopeCode Website and send us a message.
The purpose of the processing. When you contact DopeCode via the form on the DopeCode Website or contact DopeCode otherwise, we may process your personal data for the following purposes:
- To get in touch (about our services) on your initiative;
- Provide you with support; and
- To answer any questions you have for us.
The data that is processed. When you contact DopeCode via our Let’s Talk form on the DopeCode Website or contact DopeCode otherwise, we will process the following information about you:
- Full name;
- Email address;
- Phone number;
- Company name;
- Your question or request.
Legal grounds for the processing. We base the use of your personal data in the context of the DopeCode’s Let’s Talk contact form on our legitimate interest to provide you with support and answer any questions you have for us
How do we obtain your personal data?
We obtain your personal data in various ways:
- Provided by you. Some data about you, we receive straight from you. Examples include information in your messages to us and information you enter in our contact form on the DopeCode Website
- Obtained from third parties. We could also obtain personal data about you from our client or supplier in as far as required for providing our services. We will only use your contact details with the approval of the client or supplier. .
- Automatically obtained. A small part of the data we process, we obtain automatically. This information is limited to information we need to protect our website visitors or to provide a safe and secure cloud environment. When your computer or mobile device contacts our web servers, our web servers automatically collect usage information. We will delete such information after one day.
- Derived. Certain data we do not receive directly, but can be derived from the information already in our possession. For example, information about your language preferences.
In principle you are under no obligation to provide any information about yourself to us. However, refusal to supply certain information could have a negative influence on, for example, your experiences on or the functionality of the DopeCode Website. If the provision of certain personal data is a legal or contractual obligation or an essential requirement for concluding an agreement with us, we will separately provide additional information about this for as far as this is not clear in advance. In this case we will also inform you about the possible consequences if this information is not provided.
Who do we share your personal data with?
We limit the data sharing with service providers as much as possible. We use for example our own dedicated servers and do not make use of clouds of big tech companies. We only share your personal data with third parties if
- In exceptional cases, when this is necessary for the provision of a service or the involvement of the third party. Sub-contractors will in principle only get access to the data that they require for their part of the service provision
- The persons within the third party that have access to the data are under an obligation to treat your personal data confidential. Where necessary this is also contractually agreed upon.
- The third party is obliged to comply with the applicable regulations for the protection of personal data, for instance because we have concluded an agreement with this party or because our Terms & Conditions apply. This includes that the party involved is obliged to ensure appropriate technical and organizational security measures.
We could share your personal data on a need-to-know basis with the parties mentioned below. In this context, “need-to-know” means that a party only gets access to your personal data if and insofar as this is required for the professional services provided by this party.
- Authorized persons, working for DopeCode, who are involved with the processing activity concerned. Such as, the members of the project you are in contact with.
- Authorized persons, employed by service providers / sub-contractors engaged by DopeCode, who are involved with the processing activity concerned. Such as, law firms or accountant.
- Authorized government institutions, such as, courts, police, and law enforcement agencies. We may release information about our website visitors, when legally required to do so, at the request of governmental institutions conducting an investigation or to verify or enforce compliance with the policies governing the DopeCode Website and applicable laws. We may also disclose such user information whenever we believe disclosure is necessary to protect the rights, property or safety of DopeCode, or any of our respective business partners, clients or others.
How do we secure your personal data?
Protecting your privacy is one of our key concerns. Therefore, DopeCode has implemented appropriate technical and organizational measures to protect and secure personal data, in order to prevent violations of the confidentiality, integrity and availability of the data. All DopeCode employees and other persons engaged by DopeCode for the processing of data are obliged to respect the confidentiality of personal data. We also apply strong technical measures, we apply encryption to data at rest and to data in transit whenever this is possible.
DopeCode has in place appropriate organizational measures. We have for example, a data breach procedure within DopeCode, in which it is explained how (potential) data breaches need to be handled. We will, for example, inform the competent supervisory authority and involved data subjects when this is required by the applicable law.
To which countries will we transfer your personal data?
Parties involved with the processing of your personal data originating from the European Economic Area (EEA), may be located in a different country. In principle we do not use service providers outside the EEA. In case the data is processed outside the EEA, the transfer is legitimized in the manner described below. See this link for an overview of the EEA countries.
Transfers outside the EEA. The transfer of your personal data to a third party outside the EEA (for example because you as our client are located in such a country), this can (in the first place) be legitimized based on an adequacy decision of the European Commission, in which it is decided that the third country in question (or a part of that country) ensures an adequate level of data protection. See this link for a summary of the applicable adequacy decisions.
If your personal data is transferred to a country outside the EEA for which there is no adequacy decision or adequacy regulation in place, we agree on the applicability of the relevant version of the Standard Contractual Clauses with the relevant party and perform a ‘Transfer Impact Assessment’. This is a standard contract to safeguard the protection of your personal data, which is approved by the European Commission in which the parties fill out the appendices. See this link for the various versions of the Standard Contractual Clauses. Where appropriate, additional safeguards will be taken.
In specific situations we can also rely on the derogations from article 49 GDPR to legitimize the data transfer. This means that we may transfer your personal data: (i) with your explicit consent, (ii) if this is necessary for the performance of a contract that has been concluded with you or has been concluded in your interest, or (iii) if this is necessary for the establishment, exercise or defense of legal claims. Lastly, in exceptional cases we may also transfer your personal data if the data transfer is necessary for our compelling legitimate interests and is not overridden by your interests or rights and freedoms.
You can contact us if you want additional information about the way in which we legitimize the transfer of your personal data to countries outside the EEA.
How long do we retain your personal data?
In general, we do not keep your personal data any longer than necessary in relation to the purposes for which we process your data. We are keen on really technically deleting (purgen) all data when these are no longer necessary. We delete our client data after the fiscal deletion term or two years after the ending of the business relation. We delete data inserted in the request (Let’s Talk) form online after we have answered your question and we will not put this information in our CRM system for use for other purposes, unless requested by our clients.
There could however be exceptions applicable to the general retention terms.
Exception: shorter retention period. If you exercise certain privacy rights, it is possible that DopeCode will remove your personal data earlier than the general applicable retention period or – oppositely – retain it for a longer period of time. For more information about this, please refer section 11 "What are your privacy rights (incl. the right to object)?"
Exception: longer retention period. In certain situations, we process your personal data for a longer period of time than what is necessary for the purpose of the processing. This is for instance the case when we have to process your personal data for a longer period of time:
- Retention obligation. To comply with a minimum retention period or other legal obligation to which we are subject based on the applicable law;
- Procedure. Your personal data is necessary in relation to a legal procedure;
- Freedom of expression. When further processing of your personal data is necessary in order to exercise the right to freedom of expression and information.
What are your privacy rights (incl. right to object)?
Based on the GDPR you have various privacy rights. To what extent you can exercise these rights depends on the circumstances of the processing, such as the manner in which DopeCode processes the personal data and the legal ground for the processing. Below, we included a summary of your privacy rights under the GDPR. For more information about your privacy rights, go to this webpage or this webpage of the European Commission
We will respond to all requests without undue delay. If our full response will ever take more than one month due to complexity or number of requests, we will notify you of this and keep you updated. Furthermore, please note that we may request more information to confirm your identity before acting on any request.
Your privacy rights. In relation to our processing of your personal data, you have the below privacy rights.
- Right to withdraw consent. In so far as our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time via our contact details stated below. Withdrawal of consent does not influence the legitimacy of the processing before you withdrew your consent. If you withdraw your consent, DopeCode will no longer process your personal data for the purpose that you consented to. It can however be possible that we still process the personal data for another purpose, such as to comply with a minimum retention period. In that case you will be informed about this.
- Right of access. You have the right to request access to your personal data. This enables you to receive a copy of the data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data. For example, the purposes for which we process your personal data, where we got your personal data from, and with whom we share it.
- Right to rectification. You have the right to request rectification of the personal data that we
hold about you. This enables you to have any incomplete or inaccurate data we hold about you
corrected. You have this right in case we process personal data about you that: (i) is factually
incorrect; (ii) is incomplete or not related to the purpose it was collected for; or (iii) is in any other
way used in a manner that is in conflict with an applicable law.
The right of rectification is not intended for the correction of professional opinions, findings or conclusions that you do not agree with. However, DopeCode could in such case consider adding your opinion about this to your personal data.
- Right to erasure. You have the right to request erasure of your personal data. This enables you to ask us to delete or remove your personal data where: (i) the data is no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the data has been unlawfully processed, (v) the data has to be erased on the basis of a legal requirement, or (vi) where the data has been collected in relation to the offer of information society services. However, we do not have to honor your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defense of legal claims.
- Right to object. You have the right to object to the processing of your personal data where we are relying on ‘legitimate interest’ as processing ground (see above). Insofar as the processing of your personal data takes place for direct marketing purposes, we will always honor your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim. If such is the case, we will inform you on our compelling grounds and the balance of interests made.
Right to restriction. The right to restriction of processing means that DopeCode will continue
to store personal data at your request but may in principle not do anything further with it. In
short, you have this right when DopeCode does not have (or no longer has) any legal grounds
for the processing of your personal data or if this is under discussion. This right is specifically
applicable in the following situations:
- Unlawful processing. We may not (or no longer) process certain personal data, but you do not want us to erase the data. For example, because you still want to request the data at a later stage.
- Data no longer required. DopeCode no longer needs your personal data for our processing purposes, but you still require the personal data for a legal claim. For example, in case of a dispute.
- Pending an appeal. You objected against the processing of your personal data by DopeCode (see the right to object above). Pending the verification of your appeal we shall no longer process this personal data at your request.
- Contesting the accuracy of data. You contest the accuracy of certain data that we process about you (e.g. via your right to rectification; see above). During the period in which we assess your contest we shall no longer process this personal data at your request.
- Right to data portability. You have the right to request the transfer of your personal data to you or to a third party of your choice (right to data portability). We will provide you, or such third party, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).
- Automated decision-making. You have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making which significantly impacts you.
- Right to complaint. In addition to the above-mentioned rights, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or where an alleged infringement took place. Please refer to this webpage for an overview of the supervisory authorities in the EU and their contact details. However, we would appreciate the chance to deal with your concerns before you approach them, so please contact us beforehand.
How to exercise your rights. You can exercise your privacy rights free of charge, by phone or by email via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.
Verification of your identity. We may request specific information from you to help us confirm your identity before we further respond to your privacy request.
Follow-up of your requests. We will provide you with information about the follow-up of the request without undue delay and in principle within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The applicable (privacy) legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
How can you contact us?
If you have any questions concerning this Privacy Statement, or data collection in particular, please contact us at firstname.lastname@example.org or via:
+31 6 21 27 84 64
+31 78 6 13 72 76
We may change this Privacy Statement from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. The latest version can always be consulted via the DopeCode Website. Important changes will also be communicated to our clients.