In this policy Mifa describe how and for what purposes Mifa collects and uses personal data. Mifa respects the privacy of data subjects and will treat personal data in compliance with the applicable laws, in particular data protection laws, including the General Data Protection Regulation (“GDPR”).
1. WHOSE... personal data is being used?
Mifa may collect and handle personal data in relation to contact persons of its business partners (including customers) and visitors of its website(s).
2. WHAT... personal data is being used?
With respect to its business partners, Mifa will collect and handle the name and contact details of its contact persons and any other information that may be specifically asked for by us or made available by our business partners to us. With respect to our website visitors we collect and handle the personal data that they input on our website. Besides, Company’s servers automatically record certain data, such as URL, IP address, browser type and language, and the date and time of the visit to the website.
3. WHY... is the personal data being used?
We shall use of the personal data in the normal course of business. More specific, the purposes will include the following:
- legal and compliance purposes;
- sending personalized content and newsletters, mail, e-mails, features, promotional material, surveys and other updates;
- delivering products and services and otherwise performing our agreements;
- facilitating the online experience on the Company’s website(s);
- to test information security measures of Company, e.g. by performing pen tests;
- any other purposes that we may notify our business partners and data subjects of from time to time.
The use of data is based on the following legal grounds mentioned in the GDPR:
- the conclusion and performance of a contract with Company;
- to achieve the legitimate business interests of Company;
- to protect a vital interest of a natural person;
- compliance with a legal obligation to which Mifa is subject or with the consent of the data subject.
4. WHOM... does Mifa share personal data with?
Mifa may make use of processors to support certain of our business functions for the purposes set out above. If and insofar as these third parties process personal data while doing this, they will do so on the basis of a processing agreement in accordance with the GDPR. Mifa will only supply personal data to surveillance, tax and investigative authorities if Mifa is obliged by law to do so. Only where a data subject has given his/her unambiguous consent beforehand, we may share the personal data with third parties who advertise in and around our programs and digital extensions, provide sponsorship and offer prizes, etc.
Mifa operates its business globally through its parent companies and its ultimate parent Aalberts N.V. in the Netherlands, affiliates and other related companies. The details of Aalberts’ global operations are available on the website www.aalberts.com. With the globalization of the business, the internal need to share information within the Group is also becoming more important in order to meet operational needs, for shared sales and marketing activities and to comply with legal requirements. Personal information may therefore be shared amongst affiliates for the purposes mentioned above under WHY.
Sometimes it may be required to transfer personal data outside the European Union. Mifa will in such case only transfer the data in accordance with the applicable law and additional legal safeguards implemented by Mifa. Also where countries outside the European Union so not offer adequate safeguards for the protection of personal data, Mifa will satisfy the requirements the GDPR, e.g. by Mifa using contracts approved by the European Commission for the transfer of data to such countries.
5. WHAT... rights do data subjects have?
Mifa endeavours to only collect the minimum amount of personal data required. Mifa shall only retain personal data for the terms included in its data retention policy.
Any data subject can request
- to be provided with a copy;
- to correct;
- to delete the personal data kept on file by Mifa;
- to restrict the processing of the personal data;
- to object to the use of the personal data;
- to exercise any rights of data portability (i.e. to transfer the personal data), in accordance with applicable local laws including the GDPR.
A data subject may also raise complaints or concerns about Company's use or other processing of his/her personal data with his/her local data protection authority if the data subject has residence in the European Union.