Privacy Policy

You share all kinds of personal data with the websites you visit without noticing it. While we minimize the amount of data we collect, we naturally handle the data we do collect carefully. This Statement provides information on how we approach processing your personal data. This is clarified through examples that make it easier to understand. If you have any questions about this Privacy Statement, please contact us: joyce@mijnimpact.app. In this privacy statement we will use certain terms. Below is an explanation of those terms.

Personal data

Information that says something directly or indirectly about you is referred to as personal data. Examples include your name and email address, or telephone number. Information relating to a legal entity is not personal data, but information relating to a legal entity’s contact person or representative does count as personal data.

Processing

Processing means anything that can be done with personal data. This includes the collection, storage, use, transfer and removal of data.


1. Whose personal data do we process?

We only process personal data from direct visitors to our website.


2. Who is responsible for the processing of your personal data?

This privacy statement considers the processing of personal data by us.


Data may be shared within Rabobank Group to the extent that this is permitted by law. When sharing data within Rabobank Group, we comply with the rules that we have agreed within Rabobank Group, the Rabobank Privacy Codes. These rules describe how the divisions of Rabobank Group deal with personal data.


3. Which personal data do we process?

We process different types of personal data:


Information that allows an individual to be identified directly or indirectly

Types of data

Data that say something about the use of our websites

Data we share with other parties

Name, e-mail

What kinds of data might be involved?

Cookies, IP address and data relating to the device on which you use our oline services or our websites.

  • Data we provide to other parties within the Rabobank Group that we engage to help us provide services.
  • Data you have asked us to share with another party.

Information that allows an individual to be identified directly or indirectly

Examples of how we use the data

Data that say something about the use of our websites

You may also ask us to share specific data with a third party.

  • For example Typeform helps us process questionnaires

4. How do we come by your personal data?

We receive your personal data because you provide it to us yourself. Example: data you send to us in order that we can contact you.


5. For which purposes, and on what basis, do we process personal data?

The purposes for which we process personal data are described below. In addition, we indicate the basis on which this processing is done. By law, every personal data processing operation must have a legal basis.


a. To help develop and improve products and services

 In order that we can be of service to you and can innovate, we develop and improve products and services on an ongoing basis. 

  • We also process data when analyzing your visit to our website. We do this with the aim of improving our website and/or products services. We use cookies and comparable technology for this.

Legal basis

We process your data because we have a legitimate interest in this. We may also ask you for your consent to process your data for the purpose of developing and improving our products and services. If you do not give your consent for the purpose of developing and improving our products and services, this will not affect the services we provide to you. You can withdraw your consent at any time by contacting us.


b. For archiving purposes, scientific or historic research purposes or statistical purposes

We may also process your personal data if this is necessary for archiving purposes in the public interest, scientific or historic research purposes or statistical purposes. Where possible, we will seek to anonymise or pseudonymise your data first.


Legal basis

When processing personal data for archiving purposes, scientific or historic research purposes or statistical purposes, we process the data on the basis of the legitimate interest of us, the financial sector or our clients and employees.


6. How long do we keep your personal data?

We do not keep your data for any longer than necessary to fulfil the purposes for which we collected the data or the purposes for which data are reused. Once we no longer require the data for the purposes described in sections 5 a to 5 b, we may still keep the data for archiving purposes, in the event of legal proceedings, or for historic or scientific research purposes or statistical purposes.


7. Do we use automated individual decision making including profiling?

We will only make a decision based solely on automated processing including profiling which produces legal effects concerning you or significantly affects you, in case it is allowed by law and we have notified you. We do not envisage that any decisions will be taken about you that produces legal effects or significantly affects you.


8. Which people have access to your data?

Your personal data can be accessed only by individuals who need to have access owing to their role and for official business purposes. All of these people are bound by a duty of confidentiality.


9. Do we use personal data for any other purposes?

If we want to use information for any purpose other than the purpose for which it was obtained, we may do this as long as the two purposes are closely related. If there is not a sufficiently strong connection between the purpose for which we obtained the data and the new purpose, we will ask you to give your consent. If you have given us consent you may withdraw that consent at any time. To do this, please contact joyce@mijnimpact.app.


10. Do we transfer your personal data to other parties and to other countries outside the EU?

We may only engage parties if this is in keeping with the purpose for which we processed your personal data, for example for outsourcing and ICT. Moreover, this other party can be engaged by us only if it reaches specific agreements with us, has demonstrably implemented appropriate security measures and guarantees that your personal data will remain confidential. Your personal data may also be shared with other parties that we engage in the course of our business or for the provision of our services.


If we transfer your data to other parties outside the European Union, we take additional measures to protect your data. In some countries outside the European Union, the rules for protecting your data are different from those that apply within Europe. If we make use of a third party located outside the European Union, and if the European Commission believes that the country in which this third party is located does not offer adequate protection in the area of personal data processing, we will only transfer your data if other, suitable guarantees are in place, such as the contractual arrangement approved by the European Commission, or on the basis of the Privacy Shield (United States).


13. What rights do you have concerning your personal data held by us?

a. right of information

This privacy statement describes what we do with your data. In certain cases, we provide additional or different information. We will do this if there are other reasons for providing you with information in addition to the privacy statement. We may do that by means of a letter, by leaving a message in your inbox or in another way to be determined by us.


b. right of access to and rectification of personal data

You may ask joyce@mijnimpact.app whether we process data relating to you, and if so, which data this concerns. In that case, we can provide you with access to the data processed by us that relates to you. If you believe your personal data has been processed incorrectly or incompletely, you may request that we change or supplement the data (rectification).


c. right to erasure (‘right to be forgotten’)

You may request that we erase data concerning yourself that we have recorded, for example if you object to the processing of your personal data. Your interest must also be greater than our interest in processing the data.


d. right to restriction of processing

You may request that we restrict the personal data relating to you that we process. This means that we will process less personal data relating to you.


e. right to data portability (only applicable if the GDPR applies to the processing of your personal data)

You have the right to request that we supply you with data that you previously provided to us in the context of a contract with us or with your consent, in a structured, machine-readable format, or that we transfer such data to another party. If you ask us to transfer data directly to another party, we can do this only if this is technically feasible. 


f. right to object to processing based on a legitimate interest

If we process your data because we have a legitimate interest in doing so you may object to this. In that case, we will reassess whether it is indeed the case that your data can no longer be used for that purpose. We will stop processing your data if your interest outweighs our interest. We will inform you of our decision, stating the reason.


g. right to object to direct marketing

You have the right to request that we stop using your data for direct marketing purposes. It may be the case that your objection relates to being approached through a specific channel, for example if you no longer wish to be contacted by telephone but still want to receive our newsletters. We will then take steps to ensure you are no longer contacted through the relevant channel. 


If you make a request as described above, we will respond no later than one month after we receive your request. You may send your request to joyce@mijnimpact.app. We may ask you to explain your request for access in more detail. In very specific cases, we may extend this period in which we must respond to a maximum of three months. In that case, we will keep you informed about the progress made with your request. If you make a request, we may ask you to provide proof of your identity. For example, if you submit a request to exercise your right of access or right to data portability, we will want to be certain that we provide your personal data to the right person. In that case, we will ask you to come to our office so that you can make your identity known and we can verify your identity. In some cases, there may be doubts as to whether we can send you the data securely. If so, we may ask you to come to our office to collect your data. In certain cases, we may not be able to comply with your request, for example because this would violate the rights of others, would be against the law or is not permitted by the police, or another public authority, or because we have weighed up the relevant interests and determined that the interests of us or others in processing the data take precedence. In that case, we will inform you. If we adjust your data or erase your data at your request, we will notify you of this and also inform the recipients of your data wherever possible.


14. Who can you contact if you have a question or complaint concerning personal data held by us?

If you have any questions concerning the processing of personal data by us, please contact:

  1. in the case of matters concerning the exercising of your rights and other questions about the processing of your personal data; or
  2. The Data Protection Officer via joyce@mijnimpact.app


If you have a complaint concerning the processing of your personal data by us, please contact:

  1. The Data Protection Officer via joyce@mijnimpact.app or;
  2. or Your local Data Protection Authority (DPA).


15. Can we change this privacy statement?

Yes, our privacy statement may change from time to time. We will adjust the privacy statement when new data processing operations are introduced. If these changes are also relevant for you, we will draw your attention to these changes or clearly communicate them to you. The most recent version of our privacy statement is always made available online at www.mijnimpact.app