ARTICLE 1 – DEFINITIONSProviders: The organisation of which the Consumer is a member and of which the Consumer wishes to cancel. Also called Organization;
Services Offered: The various subscription options that the Consumer can cancel through Xpendy. Also called Services or Offerings;
GDPR: As of May 25, 2018, the General Data Protection Regulation (GDPR) applies. This means that the same privacy laws apply throughout the European Union (EU). The GDPR is also known as AVG;
Payment details: All data necessary to complete a payment, with the exception of the PIN. This can be the name of the account holder as well as the IBAN (account number);
Consumer: The natural person who is not acting for purposes related to his trade, business, craft or profession;
Direct Marketing: Direct marketing is an English term for advertising products by approaching potential customers directly and personally;
Withdrawal: The possibility for the Consumer to withdraw from the Distance Contract within the cooling-off period;
Agreement: An Agreement between the Provider of the cancellation service and the Consumer within the framework of an organized system for distance selling of products, digital content and/or services, whereby, up to and including the moment the Agreement is concluded, exclusive or joint use is made of one or more techniques for distance communication;
Personal data: All data that is personally tied to the Consumer, such as name, address, date of birth and possibly one customer or membership number with the subscription;
Privacy: The personal sphere that distinguishes and protects us and our actions, properties and information from others;
ARTICLE 2 – INTRODUCTIONWe value and respect your privacy; therefore we want to be as open and transparent as possible about the processing and protection of your Personal Data. Below, we set out what data we processat what point, for what purpose, and on what legal basis. In doing so, we hope to make it clear to you how the Services we offer work and how the protection of your Personal Data is guaranteed.
As you may know, since May 2018 there is a new privacy law, the GDPR (General Data Protection Regulation) or GDPR (General Data Protection Regulation). This new law ensures that your Personal Data processed online is even better protected and that you as a user have more control.
At Xpendy, we promise you the following:
- We do not retain your Payment Information;
- We will never disclose your Personal Data to third parties without your consent;
- We do not store any data that is not necessary for the preparation of the cancellation letter and its processing;
- The content of your letter of termination (including your signature) will be deleted automatically after one year;
You can consult, save or print this privacy statement at any time via https://www.xpendy.com/privacy-policy.
Insofar as we invoke a legitimate interest (Article 6 para. 1 under GDPR), you have the right to object according to Article 21 of the GDPR.
In accordance with Article 21 of the GDPR, you have the right to object at any time to the processing of your Personal Data. We will then no longer process the Personal Data for the purpose of Direct Marketing or related profiling.
We will also cease processing your Personal Data for other purposes unless we can provide compelling legitimate grounds for the processing which override your interests, rights and freedoms or which relate to the establishment, exercise or substantiation of legal claims (see Article 21, paragraph 1 of the GDPR, the so-called “limited right to object”). In this case you must provide reasons for the objection which demonstrate your special situation.
ARTICLE 3 – THE CONTROLLER OF YOUR PERSONAL DATAThe Dutch company ROI is King Group B.V. | Xpendy is the controller of the Personal Data you provide to us and is responsible for your Personal Data under applicable data protection law:
ROI is King Group B.V. | Xpendy
Prinsenkade 5G, 4811VB Breda
No visiting address;
For customer service: [email protected]
For advertising & partnerships:[email protected]
Chamber of Commerce number: 52334538
VAT number: NL850399865B02
If you have any questions about the processing of Personal Data and your rights in relation to the protection of Personal Data, please contact [email protected].
ARTICLE 4 – WHERE DO WE STORE YOUR DATA?Every time you visit our website, we automatically collect data and information from your device. We store these in so-called server log files. This data is information relating to an identified or identifiable natural person (here: website visitor). The data is automatically transmitted by your browser when you visit our website. The following data are recorded:
- The time of the visit to our website (connection to the server of the provider)
- The URL of the website from where you visited our website
- The operating system you use
- The type and version of the browser you are using
- The IP address of your computer
The legal basis for the processing is Article 6 para. 1 of the GDPR. We have a legitimate interest in providing you with a website that is optimised for your browser and in enabling communication between our server and the device that you use. The processing of your IP address is particularly necessary for the latter. The data will be stored for 1 year and then automatically deleted.
You may at any time object to the processing of your data. This may be done by e-mail to [email protected]. The provision of Personal Data is neither legally nor contractually mandatory, nor is it required for the conclusion of an agreement. You are not obliged to provide the Personal Data. However, failure to do so may result in your not being able to use our website fully or at all.
ARTICLE 5 – CANCELLATION SERVICES ON XPENDYOn our website you have the opportunity to create letters of termination for various Services and Providers.
The necessary data are currently available:
- First name
- Last name
- Street and house number
- Customer or member number, or other information provided to you by a provider to identify the agreement.
The information provided by you (also Personal Data) is processed by us for the purpose of drafting, producing and sending the cancellation letter and is necessary for the performance of the Agreement. The legal basis for the processing of the data described here is article 6, paragraph 1 of the GDPR. The data will only be stored for the time required to process your request and to comply with the statutory retention periods.
In addition, we store the time the cancellation letter was written and the corresponding IP address. The purpose of storing these data is to prevent or detect misuse of our services.
The legal basis for this processing of the data is Article 6 (1) of the GDPR. We have a legitimate interest in being able to assess whether and when our Services have been used unlawfully.
If you use the option where we send your cancellation letter directly to the Provider, the Provider you specify will receive the data provided by you. In addition, the data is sent to our web host.
The provision of Personal Data is neither legally nor contractually binding. However, it is necessary in order to be able to use our cancellation service correctly. You are not obliged to provide the Personal Data. However, failure to do so may result in your cancellation letter not being prepared correctly.
ARTICLE 6 – COOKIESCookies contain a so-called cookie ID which enables the recognition of the device on which the cookie is stored. We use the following cookies in particular for this purpose:
- Cookies containing a randomly generated, concrete identification number, which makes it possible to identify you or your device during your visit to our website. These cookies are automatically deleted at the end of your visit.
- Cookies containing a randomly generated, concrete identification number, which makes it possible to identify you or your device on our website. These Cookies save your selected language and protect against fraudulent or improper access to the website. These Cookies are automatically deleted after one year.
The legal basis for the processing is Article 6(1) of the GDPR. We have a legitimate interest in offering you a website that stores your personal settings and makes visiting our website as easy as possible. You have the right to object.
In your browser settings you can limit or completely block the placing of cookies. You can adjust the settings so that the cookies are automatically deleted when you close the browser window.
The provision of Personal Data is neither required by law nor by contract nor is it required for the conclusion of an Agreement. You are not obliged to provide the Personal Data. However, failure to do so may result in your not being able to use our website fully or at all.
ARTICLE 7 – PAYMENT VIA MOLLIEWhen making payment for our Services, we use the payment methods:
- Bancontact / Mister Cash
- Your Payment Details (e.g. bank account number or credit card number)
- Your IP Address
- Your internet browser and device
- In some cases your first and last name
- In some cases your address details
- In some cases information about the product or service you purchased through us
- Other Personal Data that you make available, for example through correspondence or on the phone.
The legal basis for the processing is Article 6 para. 1 of the GDPR. The data will only be stored by us for the time required to execute and process your order and to comply with the statutory retention periods.
The provision of Personal Data is required for the conclusion of an Agreement. Failure to make the data available shall mean that the Agreement cannot be concluded.
ARTICLE 8 – DATA SECURITYWe secure our website and other systems by means of technical and organizational measures against loss, disruption, access, modification or distribution of your Personal Data by unauthorized persons. However, despite regular checks it is not possible to achieve complete protection against all dangers.
ARTICLE 9 – AMENDMENT OF THE PRIVACY DECLARATIONChanges in the law or in our internal processes may require us to amend the privacy statement.
You should note (insofar as you do not exercise your right of revocation) that the current version of the privacy statement always applies.
ARTICLE 10 – REVOCATIONYou have the right to revoke any granted permission at any time with effect for the future. You can do this by sending an e-mail to [email protected].
ARTICLE 11 – RIGHT OF DATA SUBJECTSRight of access:
You have the right to request information about the Personal Data we hold about you at any time. You can request this information by email at [email protected]. We will try to respond to your request as soon as possible.
Right to portability:
Where Xpendy processes your Personal Data by automated means on the basis of your consent or pursuant to an Agreement, you have the right to receive a copy of your data in a structured, commonly used and machine-readable format, transferred to you or another party. This relates only to the Personal Data you have provided to us. You can request this information by email at [email protected].We will try to respond to your request as soon as possible.
Right of correction:
You have the right to request correction of your Personal Data if it is incorrect, including the right to have incomplete Personal Data completed. You can request this correction by email at [email protected]. We will try to respond to your request as soon as possible.
Right to erasure:
You have the right to request at any time that personal data processed by Xpendy be deleted. This can be requested by e-mail at [email protected].We will try to respond to your request as soon as possible.
How can you exercise your rights?
We take data protection very seriously. Therefore, you can send us an e-mail at any time and we will deal with it as soon as possible. You can reach our staff at [email protected].
Cooperation in tax and criminal investigations In some cases, we may be required by law to share your data in connection with governmental tax and criminal investigations. In such a case we are forced to share your data, but we will oppose this within the possibilities of the law.
The right to lodge a complaint with a supervisory authority:
If you believe that Xpendy is not properly processing your Personal Data, please contact us at [email protected]. You also have the right to file a complaint with a supervisory authority.
Updates to our privacy statement:
It may happen that our privacy statement needs to be updated. The latest version of the privacy statement is always available on our website. We will post any material changes to the privacy statement, for example, regarding the purpose of using your personal data or your rights.