Introduction
This Privacy Policy will govern the processing of personal data of all our users in relation to the services provided by Gassan Diamonds B.V., Nieuwe Uilenburgerstraat 173, 1011 LN Amsterdam; Gassan Schiphol B.V., Vertrekpassage 1, 1118 AP Schiphol, Gassan PC 84 B.V., PC Hooftstraat 84H, 1071 CB Amsterdam, Amsterdam Diamond Center B.V., Rokin 1, 1012 KK Amsterdam, Gassan Rotterdam B.V., de Meent 102, 3011 JR Rotterdam, CoGa Outlet B.V., Nieuwe Uilenburgerstraat 173, 1011 LN Amsterdam, Gassan Watches B.V., Nieuwe Uilenburgerstraat 173, 1011 LN Amsterdam, and Gassan MB B.V., PC Hooftstraat 57H, 1071 BN Amsterdam (hereinafter jointly to be referred to as “GASSAN”).
This Privacy Policy describes how such data processing takes place and for which purposes those data are processed. By using our websites and/or agreeing to this Privacy Policy, the user accepts the following terms and conditions as applicable thereto.
Disclosing personal data is not required
A user will at all times have the choice whether or not to provide, or disclose, their personal data. To be able to use some of our services, however, it is necessary to provide us with your personal data. Wherever the entry and/or submission of your data is requested, we will indicate the data that are 'necessary' to be able to use the products and/or services, and the data the provision of which is 'optional'.
Processing of personal data
If you use our services, we process your personal data. Such data are collected for specific purposes on a legitimate legal basis. The categories of data, purposes and legal bases involved are as follows.
When placing an order: full (company) name and address details, email address, telephone number, copy ID card (special and sensitive personal data are removed), and financial data, such as a bank account number.
Personal data are processed for the following purposes:
In the foregoing situations, the full (company) name and address details, gender, telephone number, email address and bank account number are essential to the performance of the contract.
In the foregoing situations, the personal data, namely the full name, gender, email address, mobile telephone number and/or social media account are provided optionally, for which the user grants their consent.
In the foregoing situations, personal data, such as the name, address details and/or passport number are processed, on the basis of our legitimate interest.
We will process the personal data provided for the provision of our products and/or services only, and in particular exclusively for the purpose for which such personal data are collected.
Data collected by automatic means
Apart from cookies, as referred to in our cookie policy, we do not collect any data by automatic means.
Sensitive personal data
We do not process any sensitive personal data.
Retention periods
The personal data will be retained exclusively for the period necessary for the proper performance of the purposes listed above. Where longer statutory retention periods are applicable, the statutory retention periods, as prescribed by law, will apply.
Users' rights
All our users have specific rights under the GDPR legislation enabling them to manage their own personal data:
In addition, a user may at all times withdraw their consent granted for the processing of their data. Moreover, the user has the right to lodge a complaint about our data processing operations with a data protection authority.
If a user wishes to exercise any of these rights, they may contact GASSAN via securityofficer@gassan.com.
Data obtained from third parties
GASSAN does not process any personal data obtained from third parties.
Transfer to third parties
Only the persons authorised by GASSAN to secure and/or otherwise process personal data and/or perform IT maintenance work will have access to the personal data of the Users.
If, for purposes of provision of the services in this Privacy Policy, we work with third parties, such as postal companies and payment services, we have entered into an agreement with such processors, so that the processor offers adequate safeguards in terms of technical and organisational security measures for personal data.
In the unhoped-for event that you should discover a data breach, it is highly important to notify us thereof immediately. You may report any data breaches directly via securityofficer@gassan.com. Your report and data will at all times be treated confidentially.
Otherwise, we will not disclose the personal data of our users to any third parties, unless this is necessary for the provision of our services pursuant to a statutory requirement, to the extent that, at our reasonable discretion, this is in the interest of our users. This will also include any lawful requests to that effect from authorities, summonses or court orders, acts to trace or prevent damage or fraud, or acts to warrant the safety of our network and our services.
Storage of personal data
The personal data that we process will be stored in the Netherlands to the extent possible. Therefore, the GDPR will apply to such stored personal data.
If and to the extent that processing takes place with the assistance of third parties (such as cloud services), we will only work with parties who state that they adhere to the Data Privacy Framework. This means that there is an adequate level of protection for the processing of any personal data.
Security
We have implemented technical and organisational measures to secure personal data of users against accidental or unlawful destruction, loss or alteration, or in unauthorised granting of access to personal data that are transmitted, stored or otherwise processed. We use (i) secure servers and encrypted passwords, and (ii) payment orders to GASSAN via secure payment systems.
Contact details
For questions or complaints about this Privacy Policy or in respect of our working method, we may be contacted via: securityofficer@gassan.com.
2023 November V1.0EN