The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. GDPR has given rise to many questions about personal information. Our aim in this policy is to make clear to our visitors and customers how we collect, store, protect, and use personally identifiable data and how your data can be updated or removed. We have included every aspect we can identify, however, if you have any questions which are not answered by this policy, we are of course available to answer these.
The sections of this policy are:
- To whom does this Privacy Statement apply?
- What personal data do we process?
- For which purposes do we process your personal data?
- The legal basis for the processing of your personal data
- How did we obtain your personal data?
- How long do we use and store your personal data?
- Who has access to your personal data?
- Transfer of personal data to countries outside the EEA
- How do we keep your personal data safe?
- Your rights
- How to contact us
1. To whom does this Privacy Statement apply?
This Privacy Statement applies to everyone who visits our website and to people whose personal data are processed in the context of our service provision.
2. What personal data do we process?
Depending on your level interaction with us, will gather and store various types information. For example, an inquiry will require less information than if we provide services to you, such as a booking. In order to book a charter with us we will need to collect far more detailed personal information from you which is required both by us and our suppliers.
The personal data we process in relation to you are:
- Personal data you have provided to us;
- Personal data that give insight into the use of our website or other electronic means of communication, such as:
- Personal data obtained from other sources.
Personal data provided by you:
- contact details and other personal data which are needed to conclude a contract with us, such as your name, address, telephone number and identity documents;
- contact details and other personal data filled in on contact forms or other web forms. The precise content of the data depends on the content of the contact forms and web forms;
- contact details provided during initial meetings, events, seminars, etc. These may include details provided on business cards;
- Other personal data that are provided by you.
Personal data that give insight into the use of our website or other electronic means of communication. These could be data such as:
- IP address (unique number identifying your device when you connect with the internet), which we use to measure your interest in our website;
- your browsing behavior on the website, such as data on your first visit, previous visit and current visit, the pages visited and how you navigate through the website;
- the opening and reading of a newsletter or commercial email. This also includes clicking behavior in the email or newsletter.
- In this context, we also refer to our Cookie Statement.
Personal data obtained from other sources:
- personal data available on public professional social media platforms such as Facebook or LinkedIn. These are names and contact details;
- personal data available on public professional websites, such as company websites.
3. For which purposes do we process your personal data?
We may use your personal data for the following purposes:
- To perform a contract with you;
- To invoice for services rendered;
- To comply with statutory obligations;
- To stay in contact with you;
We feel it is important to contact you with information that is relevant for you. We combine and analyze the personal data available to us in order to be able to do so. Based on this, we determine what information and channels are relevant and which moments are most suitable for providing information or making contact.
To prepare analyses;
- Interaction data:
Personal data obtained from contact between you and us. For example, on your use of our website or supporting applications. This also applies to offline interactions, including how often there is contact between you and us.
- Behaviour data:
Personal data that we process on your behavior, such as your preferences, opinion, wishes and needs. We can derive these data from your browsing behavior on our website, for instance, the reading of our newsletters or because you requested information. But also from inbound telephone conversations and email contact with our employees. We collect and use information obtained via tracking cookies only with your consent, which you can withdraw at any time. See also our Cookie statement.
- To conduct client satisfaction surveys;
- To improve and secure our website;
- To prepare user statistics
The user statistics from the website enable us to get a picture of, among other things, the number of visitors, the duration of the visit, what parts of the website are viewed and the clicking behavior of visitors. These are generic reports without any information on individual persons. We use the information obtained to improve the website.
4. The legal basis for the processing of your personal data
We process your personal data only when this is permitted on grounds of one of the legal bases cited in the GDPR. The legal basis of processing personal data are:
- The processing is necessary in order to establish a contract or in the run-up to the establishment of a contract
- Statutory obligation
- Legitimate interest
- We ask your consent for participation in a client satisfaction survey.
- If we have requested and obtained your consent to process your personal data, you have the right to withdraw such consent at any time. You can do this by contacting us.
The processing is necessary in order to establish a contract or in the run-up to the establishment of a contract
- If you give us an assignment to provide services, we process personal data if and to the extent this is necessary in order to perform the services.
We sometimes need to obtain and document certain information. This could include, among other things, a copy of an identity document (passport).
We may also process personal data if we have a legitimate interest and this does not breach your privacy disproportionately. We have a legitimate interest if we use your personal data to contact you after you have approached us yourself. We do not always need permission to contact you. If we obtain your email address as a result of providing services, we can offer you similar services via e-mail. In that case, we have a legitimate interest in offering you these services.
5. How did we obtain your personal data?
We collect information through many different avenues. To simplify this, we have broken it into the channels of enquiry and communication with us.
- Phone: Upon calling us to make an inquiry, we will ask you for some basic information; contact details and requirements. We will enter the provided contact details (email address and phone numbers) into our reservation system. This so is as to formulate and send our offer to you.
- Email: Upon receipt of an email inquiry, we will enter the provided contact details (email address and phone numbers) into our reservation system. This so is as to formulate and send our offer to you.
- Website: So we can continuously improve the user experience on our website, we use data analytics tools. These track the pages visited, actions taken (clicks and searches), devices used (mobile, tablet or desktop) and source of the visit (google search, advert etc.). Your identity is not recorded at this stage, beyond the town in which you are located. Only upon entering information into the website will we be able to match the user to a recorded website visit. Information can be submitted via several methods.
- Third party services: This type of services allows you to view content hosted on external platforms directly from the pages of our website and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when you do not use it. On our website we make use of the YouTube video widget from Google Inc.. YouTube is a video content visualization service that allows the website to incorporate content of this kind on its pages. Another service we use is the Google Maps widget from Google Inc. Google Maps is a maps visualization service provided by Google Inc. that allows the website to incorporate content of this kind on its pages. Please see the privacystatement of Google for more information about the processing of personal data.
6. How long do we use and store your personal data?
We will not keep your personal data longer than strictly necessary for the purposes for which they are processed.
Unless statutory requirements obligate us to keep your personal data longer:
- We will delete your personal data if you have withdrawn your consent or have decided to opt out.
- We will delete your personal data from our contact database within three years from the day our business relationship ends.
For the retention periods in relation to cookies, we refer you to our Cookie Statement on the website.
7. Who has access to your personal data?
We must share your information with certain parties so as to ensure we can provide the best possible service. We only share your information when and where necessary.
Below are explanations of why we share this information.
Your user account is managed for you by a domain administrator; an employee of our company. Your domain administrator is there to provide user support to you. You will have access to your account and the information contained within it (including your email and other data). Your domain administrator may be able to:
- change your account password
- suspend or terminate your account access
- access or retain information stored as part of your account
- amend the information if the order is changed.
- receive your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
The staff also need access to the information to provide the requested services.
In order for us to get a better understanding of how you use our website and services we use third party companies. This ranges from our IT provider, analytics companies, pay per click (PPC) advertising, to E-Newsletters.
8. Transfer of personal data to countries outside the EEA
Some of our services, notably emails and data storage, are provided by external suppliers. These may process and store personal information on their servers in many countries around the world. They may process and store your personal information on a server located outside the country where you live and some parties may be located outside the EEA. When applicable, we have taken appropriate security measures for sharing the personal data.
The processor outside the EEA which provides us with services (Mailchimp) in the sending of online newsletters and email campaigns and the processing of data filled in on the web forms on our website is The Rocket Science Group, LLC. and is located in the United States and has a registration for the EU-US Privacy Shield. More information on this can be found at: https://www.privacyshield.gov/welcome
9. How do we keep your personal data safe?
We do our utmost to take appropriate technical and organizational security measures to protect against the loss, abuse and alteration of your personal data for which we are responsible.
We work with a mix of online buyer information systems and e-mailed forms. In cases where we are transferring your information to a third party via email, our accounts are covered by extra security measures (two steps verification). After researching alternative methods, we found this to be the safest method (versus shared drives). Any information stored by third party systems require encrypted log in.
10. Your rights
Under the GDPR you have certain rights regarding your personal data. These rights are the right to:
- to inspect the personal data we process in relation to you (the right of access to your personal data);
- to amend your personal data or supplement these if you believe that the personal data we process in relation to you are incomplete or inaccurate (the right to rectification);
- to have certain personal data relating to you erased (the right to erasure);
- to request to restrict the use of personal data (the right to restriction of processing);
- to have your data – which you have uploaded on your own – transferred to another party (the right to data portability);
- You can also object to the processing of your personal data (the right to object).
If you do not agree with the way we handle your personal data, you also have the right to submit a complaint with the Data protection authority of your country.
12. Our contact details
You may request details of personal information which we hold about you. If you would like a copy of the information held on you, please email us at [email protected]
You can also contact us if you have any questions or comments with regard to how we handle your personal data:
Dream Yacht Sales
7080 Bembe Beach Road
MD. 21403 USA