Privacy statement

This is the privacy statement of Booomtag B.V. operating under the name booomtag, based at Gedempt Hamerkanaal 33, 1021 KL in Amsterdam and registered in the commercial register of the Chamber of Commerce in the Netherlands under number 84447184.  


Booomtag and its affiliate companies (“booomtag”, “we”, “us”) respect your privacy and ensure that your personal data are handled with utmost care. 


About this privacy statement 

This privacy statement aims to explain in a simple and transparent way what personal data we gather about you and how we process it. 


“Personal data” refers to any information that tells us something about you or that we can link to you. By “processing” we mean everything we can do with the personal data, such as collecting, adjusting, using, transferring or deleting. 


Booomtag is the controller and is therefore responsible for the processing of your personal data. Exceptions are outlined in this privacy statement. 


This privacy statement applies to, among others, all (potential) customers or relations, third parties whose personal data will be or is stored by us, visitors of our website and people who have otherwise come into contact with us. 


The most recent version of this privacy statement can be found on our website www.booomtag.com/privacy-statement. 


How we process personal data

We process your personal data, among others, in the following situations:


  • when you visit our website;

  • when you register an account on our website;

  • when you register products in your account on our website; 

  • when you use our lost, scan, found services; 

  • when you register for the digital newsletter; 

  • when we perform services for your company;

  • when we deliver orders to your company; 

  • when you act as a supplier to booomtag; 

  • when you contact us.


Personal data processed 

We may process the following personal data: 


  • name;

  • nickname; 

  • age;

  • gender;

  • (mobile) telephone number;

  • ICE/SOS contact details; 

  • e-mail address;

  • any user generated content; 

  • IP address of your device when you visit our website; 

  • browser type when you visit our website.


Additionally we may process the following categories product data:


  • product buy details;

  • product (un)registration details; 

  • product ownership (history);

  • product history;

  • product repair details; 

  • product status.  

  • product details


Purposes of processing personal data

The personal data processed by us is used for the following purposes: 


  • to perform our obligations under our contract with you;

  • to perform our Lost. Scan. Found. services;

  • to invoice; 

  • to maintain contact with (potential) customers and relations;

  • for marketing activities as long as this occurs in accordance with the applicable data protection laws;

  • to generate usage statistics;

  • to develop and improve our website and services;

  • to resolve service disruptions as well as for security reasons;

  • to comply with our legal and regulatory obligations. 


Grounds for processing personal data

We only process personal data based on the following legal grounds:


  • with your consent;

  • when it is necessary for the performance of a contract with you;

  • when it is necessary for our legitimate interests;

  • when it is necessary for the compliance with our legal obligations.


Children

Children need particular protection when processing their personal data because they may be less aware of the risks involved. We do not process any personal data of children below the age of 18. If you think we have processed any personal data of children below the age of 18, please contact us via the contact details below. We will after such notice, reasonably, end the processing of such data as soon as possible and delete al the processed personal data from our systems.    


Sharing personal data with third parties


Service providers (processors)  

We involve external service providers with tasks such as sales and marketing services, hosting and programming. All those service providers are processors of personal data on our behalf. We have chosen those service providers carefully and monitor them on a regular basis. All services providers are obligated to maintain confidentially and to enter a data processing agreement with us, to ensure that those service providers handle personal data with the utmost care and to comply with all the applicable data protection laws. 


Third parties (no processors) 

We will share your personal data within our company such as with parent companies and/or our subsidiaries. 


Principally, your personal data is transferred to other controllers only if required for the fulfilment of a contractual obligation, or if we or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Additionally, while this is unlikely, we may be required to disclose personal data by a court order or to comply with other legal or regulatory requirements. 


Storage of personal data

We only store your personal data within the territory of European Economic Area (“EEA”). 


Transfer of personal data outside the EEA

We may transfer your personal data to recipients located outside the EEA into so called third countries, such as the United States of America. In such cases, prior to the transfer appropriate safeguards will be adopted in order to ensure an appropriate level of data protection, such as the use of Standard Contractual Clauses (SCCs) (which can be found here) and/or we ask for your consent to such transfer. We aim to anonymize personal data as much as possible prior to the transfer of personal data outside the EEA. 


Retention period

We will store your personal data as long it is necessary for the purpose we initially required it, unless we are required by a legal obligation to store your personal data for a longer period. More specifically the retention periods are listed below.


  • we will delete your personal data if you have withdrawn your consent

  • we will delete your personal data if you have deleted your account


Despite the retention periods, we will keep statistical and/or product data that does not contain personal data for our own legitimate interests. 


Security 

We take all the appropriate technical and organizational measures that will protect the personal data from being destroyed, lost, modified or accessed without authorization. To ensure the security of your personal data, we have taken the following technical and organisational measures, among other things:


  • personal data are stored within the EEA;

  • wherever it is possible, two-factor authentication is enabled (including but not limited to the access to our server control panel); 

  • we use encryption for the exchange of personal data; 

  • we make use of encrypted Security Shell (SSH) services;  

  • our systems are constantly checked for suspicious behaviour via monitoring;

  • we make use of separate networks with our own application-, database- and content services; 

  • we make use of firewalls and anti-virus software to protect our systems and services; 

  • we have established a password policy; 

  • passwords are stored encrypted;

  • if required by law, we will subject any new system to a data protection impact assessment;  

  • every new system we consider adopting must be tested in advance for the principles of privacy by design and privacy by default.  


Our security measures are, pursuant to technological process, constantly being improved. 


Your rights 

If your personal data is processed by us, you have the following privacy rights: 


  • right to withdraw your consent;


You have the right to withdraw your consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.


  • right to be informed;


We therefore inform you in this privacy statement what personal data we process and on which grounds. 


  • right of access; 


You have the right to ask us for an overview of the personal data that we process of you.
 

  • right to rectification;


You have the right to obtain the rectification of inaccurate personal data;


  • right to erasure (right to be forgotten);


You have the right to request us to delete all the personal data we have processed about you when there are no legitimate grounds for retaining it. 


  • right to restriction of processing;


You have the right to restrict the processing of your personal data when you dispute the accuracy of the personal data, the processing is unlawfully, we do not need the personal data any longer but you want to keep it for use in a legal claim and when you have objected to us processing your personal data for our own legitimate interests.


  • right to data portability;


You have the right to request us to transfer your personal data electronically to you in a commonly used and machine readable format. 


  • right to object to processing of your personal data; 


You have the right to object to the processing of your personal data if you do not agree with the way how we process it.


  • right to lodge complaint with the Dutch Data Protection Authority;


You have the right to lodge a complaint with t the Dutch Data Protection Authority.


Your account on our website gives you quick access to easy-to-use tools that help you manage your privacy and set your preferences for how frequently you are contacted. 


In addition, you can always contact us (via the contact details below) if you wish to exercise one of your rights. We aim to respond to your request as soon as possible, but in any case within four weeks of receiving your request. 


We only accept requests regarding to your own personal data. To make sure we provide the relevant personal data to the right person, we may request a copy of an identification document for verification. 


Circumstances may occur whereby we cannot give (full) effect to your request.

 

Changes

We are entitled to amend our privacy statement at any time without giving prior notice. The most recent version of this privacy statement can be found on our website www.booomtag.com/privacy-statement. We will inform you via our website in the event that an amendment will significantly affect your rights. 


Contact details with respect to requests and other questions you may have 

You are entitled at any time to exercise your rights regarding your personal data (see paragraph “your rights” above). Please send your requests, as well as other privacy-related questions you may have, to: 


Booomtag B.V. 

Gedempt Hamerkanaal 33

1021KL Amsterdam

The Netherlands

Attn: Privacy 


Email: [email protected]

Privacy statement

This is the privacy statement of Booomtag B.V. operating under the name booomtag, based at Gedempt Hamerkanaal 33, 1021 KL in Amsterdam and registered in the commercial register of the Chamber of Commerce in the Netherlands under number 84447184.  


Booomtag and its affiliate companies (“booomtag”, “we”, “us”) respect your privacy and ensure that your personal data are handled with utmost care. 


About this privacy statement 

This privacy statement aims to explain in a simple and transparent way what personal data we gather about you and how we process it. 


“Personal data” refers to any information that tells us something about you or that we can link to you. By “processing” we mean everything we can do with the personal data, such as collecting, adjusting, using, transferring or deleting. 


Booomtag is the controller and is therefore responsible for the processing of your personal data. Exceptions are outlined in this privacy statement. 


This privacy statement applies to, among others, all (potential) customers or relations, third parties whose personal data will be or is stored by us, visitors of our website and people who have otherwise come into contact with us. 


The most recent version of this privacy statement can be found on our website www.booomtag.com/privacy-statement. 


How we process personal data

We process your personal data, among others, in the following situations:


  • when you visit our website;

  • when you register an account on our website;

  • when you register products in your account on our website; 

  • when you use our lost, scan, found services; 

  • when you register for the digital newsletter; 

  • when we perform services for your company;

  • when we deliver orders to your company; 

  • when you act as a supplier to booomtag; 

  • when you contact us.


Personal data processed 

We may process the following personal data: 


  • name;

  • nickname; 

  • age;

  • gender;

  • (mobile) telephone number;

  • ICE/SOS contact details; 

  • e-mail address;

  • any user generated content; 

  • IP address of your device when you visit our website; 

  • browser type when you visit our website.


Additionally we may process the following categories product data:


  • product buy details;

  • product (un)registration details; 

  • product ownership (history);

  • product history;

  • product repair details; 

  • product status.  

  • product details


Purposes of processing personal data

The personal data processed by us is used for the following purposes: 


  • to perform our obligations under our contract with you;

  • to perform our Lost. Scan. Found. services;

  • to invoice; 

  • to maintain contact with (potential) customers and relations;

  • for marketing activities as long as this occurs in accordance with the applicable data protection laws;

  • to generate usage statistics;

  • to develop and improve our website and services;

  • to resolve service disruptions as well as for security reasons;

  • to comply with our legal and regulatory obligations. 


Grounds for processing personal data

We only process personal data based on the following legal grounds:


  • with your consent;

  • when it is necessary for the performance of a contract with you;

  • when it is necessary for our legitimate interests;

  • when it is necessary for the compliance with our legal obligations.


Children

Children need particular protection when processing their personal data because they may be less aware of the risks involved. We do not process any personal data of children below the age of 18. If you think we have processed any personal data of children below the age of 18, please contact us via the contact details below. We will after such notice, reasonably, end the processing of such data as soon as possible and delete al the processed personal data from our systems.    


Sharing personal data with third parties


Service providers (processors)  

We involve external service providers with tasks such as sales and marketing services, hosting and programming. All those service providers are processors of personal data on our behalf. We have chosen those service providers carefully and monitor them on a regular basis. All services providers are obligated to maintain confidentially and to enter a data processing agreement with us, to ensure that those service providers handle personal data with the utmost care and to comply with all the applicable data protection laws. 


Third parties (no processors) 

We will share your personal data within our company such as with parent companies and/or our subsidiaries. 


Principally, your personal data is transferred to other controllers only if required for the fulfilment of a contractual obligation, or if we or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Additionally, while this is unlikely, we may be required to disclose personal data by a court order or to comply with other legal or regulatory requirements. 


Storage of personal data

We only store your personal data within the territory of European Economic Area (“EEA”). 


Transfer of personal data outside the EEA

We may transfer your personal data to recipients located outside the EEA into so called third countries, such as the United States of America. In such cases, prior to the transfer appropriate safeguards will be adopted in order to ensure an appropriate level of data protection, such as the use of Standard Contractual Clauses (SCCs) (which can be found here) and/or we ask for your consent to such transfer. We aim to anonymize personal data as much as possible prior to the transfer of personal data outside the EEA. 


Retention period

We will store your personal data as long it is necessary for the purpose we initially required it, unless we are required by a legal obligation to store your personal data for a longer period. More specifically the retention periods are listed below.


  • we will delete your personal data if you have withdrawn your consent

  • we will delete your personal data if you have deleted your account


Despite the retention periods, we will keep statistical and/or product data that does not contain personal data for our own legitimate interests. 


Security 

We take all the appropriate technical and organizational measures that will protect the personal data from being destroyed, lost, modified or accessed without authorization. To ensure the security of your personal data, we have taken the following technical and organisational measures, among other things:


  • personal data are stored within the EEA;

  • wherever it is possible, two-factor authentication is enabled (including but not limited to the access to our server control panel); 

  • we use encryption for the exchange of personal data; 

  • we make use of encrypted Security Shell (SSH) services;  

  • our systems are constantly checked for suspicious behaviour via monitoring;

  • we make use of separate networks with our own application-, database- and content services; 

  • we make use of firewalls and anti-virus software to protect our systems and services; 

  • we have established a password policy; 

  • passwords are stored encrypted;

  • if required by law, we will subject any new system to a data protection impact assessment;  

  • every new system we consider adopting must be tested in advance for the principles of privacy by design and privacy by default.  


Our security measures are, pursuant to technological process, constantly being improved. 


Your rights 

If your personal data is processed by us, you have the following privacy rights: 


  • right to withdraw your consent;


You have the right to withdraw your consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.


  • right to be informed;


We therefore inform you in this privacy statement what personal data we process and on which grounds. 


  • right of access; 


You have the right to ask us for an overview of the personal data that we process of you.
 

  • right to rectification;


You have the right to obtain the rectification of inaccurate personal data;


  • right to erasure (right to be forgotten);


You have the right to request us to delete all the personal data we have processed about you when there are no legitimate grounds for retaining it. 


  • right to restriction of processing;


You have the right to restrict the processing of your personal data when you dispute the accuracy of the personal data, the processing is unlawfully, we do not need the personal data any longer but you want to keep it for use in a legal claim and when you have objected to us processing your personal data for our own legitimate interests.


  • right to data portability;


You have the right to request us to transfer your personal data electronically to you in a commonly used and machine readable format. 


  • right to object to processing of your personal data; 


You have the right to object to the processing of your personal data if you do not agree with the way how we process it.


  • right to lodge complaint with the Dutch Data Protection Authority;


You have the right to lodge a complaint with t the Dutch Data Protection Authority.


Your account on our website gives you quick access to easy-to-use tools that help you manage your privacy and set your preferences for how frequently you are contacted. 


In addition, you can always contact us (via the contact details below) if you wish to exercise one of your rights. We aim to respond to your request as soon as possible, but in any case within four weeks of receiving your request. 


We only accept requests regarding to your own personal data. To make sure we provide the relevant personal data to the right person, we may request a copy of an identification document for verification. 


Circumstances may occur whereby we cannot give (full) effect to your request.

 

Changes

We are entitled to amend our privacy statement at any time without giving prior notice. The most recent version of this privacy statement can be found on our website www.booomtag.com/privacy-statement. We will inform you via our website in the event that an amendment will significantly affect your rights. 


Contact details with respect to requests and other questions you may have 

You are entitled at any time to exercise your rights regarding your personal data (see paragraph “your rights” above). Please send your requests, as well as other privacy-related questions you may have, to: 


Booomtag B.V. 

Gedempt Hamerkanaal 33

1021KL Amsterdam

The Netherlands

Attn: Privacy 


Email: [email protected]