Version: 1.1
Date: 30-04-2019
1 General
1.1 Stichting Rotterdam Partners
This privacy statement was prepared by Stichting Rotterdam Partners. Our contact details are:
Address: Korte Hoogstraat 31, Rotterdam (3011GK)
Telephone: 010-7900140
E-mail: info@rotterdampartners.nl
KvK: 24313403
1.2 Data Controller
We determine the purposes and means for which and based on which personal data is used within our business activities. We, therefore, qualify as a data controller under the General Data Protection Regulation (GDPR).
1.3 Data Protection Officer
We have appointed an internal data protection officer who is involved in all matters relating to the protection of personal data. The contact details of the data protection officer are:
Name: Mrs J. Pietersma
Company: Stichting Rotterdam Partners
Visitor’s address: Korte Hoogstraat 31, Rotterdam (3011GK)
Postal address: Postbus 23514, Rotterdam (3001 KM)
Telephone (general): 010-7900140
E-mail (direct): privacy@rotterdampartners.nl
1.4 Duty to Inform
We have an obligation to inform the individuals whose personal data we process about how and why we process it. We fulfil this information obligation by means of this Privacy Statement.
1.5 Changes
This Privacy Statement was prepared in April 2019. This statement is subject to change. If we amend this statement, the amended version will be posted on our corporate website (www.rotterdampartners.nl) and all websites affiliated with Rotterdam Partners, stating the date on which the amendments come into effect. If any changes could substantially affect you, we will do our best to inform you immediately.
2 Purposes and Means
This section is structured as follows: for each group of data subjects, we fulfil our information obligation. See which group(s) of data subjects applies to you, and for what purposes and by what means we process what personal data of yours within that group. Multiple groups may apply to you.
| 2.1 You visit one of our websites |
If you visit one of our websites,
- rotterdampartners.nl
- rotterdam.info
- woneninrotterdam.nl
- rotterdammakeithappen.nl
- schielandshuis.nl
- shop.rotterdam.info
- iabrotterdam.com
we process personal data and use cookies and other techniques. We process your personal data for the purposes set out below using the means set out below:
A. Purpose and Basis
| # | Purpose | Basis |
| 1 | Optimising your visit to our website | Legitimate interest |
| 2 | Keeping statistics on your visit to the website | Legitimate interest |
| 3 | Keeping statistics on the images you download | Consent |
| 4 | Answering a question submitted by you via the contact form | Consent |
Insofar as the basis for processing personal data for a purpose is based on the existence of a legitimate interest (Article 6.1.f – GDPR), our legitimate interest or that of a third party is formulated below (per purpose):
| Purpose | Legitimate Interest | From who? |
| A.1 | We have a legitimate interest in ensuring that our websites function optimally for you | Rotterdam Partners |
| A.2 | We have a legitimate interest in continuously improving our websites and tailoring them to your use | Rotterdam Partners |
B. (Groups of) Personal Data
We may process the following (groups of) personal data from you per purpose:
| Purpose | (Groups of) Personal Data | |
| A.1 | Filled-in pages Preference settings Display settings Browser settings Login data |
|
| A.2 | Surfing behaviour | |
| A.3 | Name* E-mail* Downloaded images Consent* |
|
| A.4 | Gender* Name* E-mail* Question subject* Your message* Consent* |
|
C. Obligation to Provide Personal Data
The provision of personal data is necessary if you wish to receive certain information or visual material from us. Personal data necessary for us to provide the information requested by you is indicated with an * under B.
The websites of Rotterdam Partners also use functional, analytical and social media cookies. The functional cookies are necessary for the website to function optimally. The analytical cookies are used to keep statistics on the use of our websites. If they are not essential, we will ask for your consent. For more information, see our Cookie Statement.
D. (Groups of) Recipients
The following (groups of) recipients may receive personal data from you:
| Purpose | (Groups of) Recipients |
| A.1 | Ongezoet Label A Arjan Hoffman Creating Connections Brize |
| A.2 | Ongezoet Label A Arjan Hoffman Creating Connections |
| A.3 | Ongezoet |
| A.4 | Ongezoet |
E. Source of Personal Data
The personal data we process from you is – or may be – from:
| Purpose | Source of Personal Data | Public or Private |
| A.1 | Yourself | Private |
| A.2 | Yourself | Private |
| A.3 | Yourself | Private |
| A.4 | Yourself | Private |
F. Retention Periods
We retain your personal data for the periods or criteria below. After these retention periods expire, we delete/destroy the personal data concerned:
| Purpose | Retention Period |
| A.1 | This personal data will be kept for one (1) year after your last visit on the device |
| A.2 | This personal data will be kept for one (1) year after your last visit on the device |
| A.3 | This personal data will be kept for one (1) year after your request |
| A.4 | This personal data will be kept for one (1) year after your enquiry |
| 2.2 You receive a digital newsletter or invitation from us |
If you subscribe to one of our newsletters (Uit in Rotterdam, Rotterdamse Nieuwe, Corporate, Press, Travel Trade, MICE or Living in Rotterdam) or the Rotterdam City Card, we will process your personal data for the purposes set out below using the means set out below:
A. Purpose and Basis
| # | Purpose | Basis |
| 1 | Sending a personalised e-mail in response to your specified interests | Consent |
| 2 | Sending offers and tips for your visit to Rotterdam for a conference or event | Consent |
| 3 | Sending an informative e-mail following relevant developments in the Rotterdam Partners network | Legitimate interest |
| 4 | Alerting/inviting you to relevant receptions, events or meetings for which you have previously registered | Legitimate interest |
| 5 | Processing your consent or deregistration | Legitimate interest |
| 6 | Keeping statistics to make the newsletter/invitation and your visit to Rotterdam more relevant and effective for you | Legitimate interest |
Insofar as the basis for processing personal data for a purpose is based on the existence of a legitimate interest (Article 6.1.f – GDPR), our legitimate interest or that of a third party is formulated below (per purpose):
| Purpose | Legitimate Interest | From who? |
| A.3 | We have a legitimate interest to inform the Rotterdam Partners network about our activities and developments within our operating area | Rotterdam Partners |
| A.4 | We have a legitimate interest to inform our network about receptions, meetings and events relevant to them | Rotterdam Partners |
| A.5 | We have a legitimate interest to establish who has subscribed or unsubscribed to our newsletters/invitations | Rotterdam Partners |
| A.6 | We have a legitimate interest to tailor the content of the newsletters and invitations and the Rotterdam City Card offers to your interests and preferences | Rotterdam Partners |
B. (Groups of) Personal Data
We may process the following (groups of) personal data from you per purpose:
| Purpose | (Groups of) Personal Data | |
| A.1 | · Name* · E-mail* · Log details from subscribing · Interests |
|
| A.2 | · First name* · Surname* · E-mail* · Registration ID · Platform e-mail · Transport e-mail · Country/time zone · Language/region · Registration date · Last date active |
|
| A.3 | · Name* · E-mail* |
|
| A.4 | · Name* · E-mail* · Previously attended receptions, events or meetings |
|
| A.5 | · Log details from subscribing · Log details from unsubscribing |
|
| A.6 | · Mailing statistics: o Mails sent o Mails opened o Items clicked on |
|
C. Obligation to Provide Personal Data
The provision of personal data is necessary if you wish to receive digital information about the interests or developments at Rotterdam Partners, its network or the city of Rotterdam as specified by you. Personal data necessary for us to provide the information requested by you is indicated with an * under B.
D. (Groups of) Recipients
The following (groups of) recipients may receive personal data from you:
| Purpose | (Groups of) Recipients |
| A.1 | Archie Spotler Mailchimp |
| A.2 | Notificare |
| A.3 | Archie Spotler Mailchimp |
| A.4 | Archie Spotler Mailchimp Invitado |
| A.5 | Spotler Mailchimp |
| A.6 | Spotler Mailchimp |
E. Source of Personal Data
The personal data we process from you is – or may be – from:
| Purpose | Source of Personal Data | Public or Private |
| A.1 | · Yourself | · Private |
| A.2 | · Yourself | · Private |
| A.3 | · Yourself | · Private |
| A.4 | · Yourself · Rotterdam Partners |
· Private |
| A.5 | · Yourself | · Private |
| A.6 | · Yourself | · Private |
F. Retention Periods
We retain your personal data for the periods or criteria below. After these retention periods expire, we delete/destroy the personal data concerned:
| Purpose | Retention Periods |
| A.1 | This personal data will be kept as long as you remain subscribed to our newsletter. After unsubscribing, you will no longer receive newsletters with immediate effect. On 1 July each year, the personal data of all those who unsubscribed from our newsletter in the previous year is deleted. |
| A.2 | This personal data will be kept for one (1) year after the end date of the conference or event. After the end of the conference or event, you will no longer receive any e-mail with immediate effect. |
| A.3 | This personal data will be kept for five (5) years after receipt if there is no legitimate interest. |
| A.4 | This personal data will be kept for two (2) years after the relevant reception, event or meeting. |
| A.5 | This personal data will be kept for five (5) years after consent has been given or after a notice to unsubscribe has been sent. |
| A.6 | This personal data will be kept for two (2) years after sending the newsletter or invitation. |
| 2.3 You register for one of our receptions, events or meetings |
If you register for or participate in site inspections, fact-finding trips, famtrips, press receptions, network meetings or other receptions, events or meetings organised by Rotterdam Partners, we collect your personal data for the purposes listed below using the means listed below:
A. Purpose and Basis
| # | Purpose | Basis |
| 1 | Realising your registration or application for our receptions, events and meetings | Implement agreement |
| 2 | Implementing the agreement we entered into with you in this context (including communicating about it, sending you admission tickets, programme information and processing your deregistration) | Implement agreement |
| 3 | Performing admission checks at receptions, events and meetings | Legitimate interest |
| 4 | Maintaining attendance records at our receptions, events and meetings | Legitimate interest |
| 5 | Reimbursing – if applicable – travel expenses incurred by you for our receptions, events and meetings | Implement agreement |
| 6 | Arranging – if applicable – your return journey to and from our receptions, events and meetings | Implement agreement |
| 7 | Taking your dietary requirements into account for the catering at our receptions, events and meetings | Consent |
| 8 | Sending you a list of the other participants before, during or after our receptions, events and meetings | Implement agreement |
| 9 | Sending you a (photo) report of the receptions, events and meetings | Legitimate interest |
Insofar as the basis for processing personal data for a purpose is based on the existence of a legitimate interest (Article 6.1.f – GDPR), our legitimate interest or that of a third party is formulated below (per purpose):
| Purpose | Legitimate Interest | From who? |
| A.3 | We have a legitimate interest in establishing that we are granting access to individuals who have registered or been invited to a reception, event or meeting | Rotterdam Partners |
| A.4 | We have a legitimate interest in establishing who is present at a reception, event or meeting and for how long. This is partly for consideration for future invitations and the organisation of receptions, events and meetings. Furthermore, keeping attendance records is important in the event of an emergency. | Rotterdam Partners |
| A.9 | We have a legitimate interest in providing participants with information/confirmation of what has been discussed or has taken place during receptions, events and meetings as a service | Rotterdam Partners |
B. (Groups of) Personal Data
We may process the following (groups of) personal data from you per purpose:
| Purpose | (Groups of) Personal Data | |
| A.1 | · Gender · First name* · Surname* · E-mail* · Telephone number · Organisation/employer* |
|
| A.2 | · First name* · Surname* · Correspondence |
|
| A.3 | · First name* · Surname* · Time of entry* |
|
| A.4 | · First name* · Surname* · Time of entry* |
|
| A.5 | · Name · Address · Bank account number · Proof of travel expenses incurred |
|
| A.6 | · Gender · Name · Address · Nationality · Copy of ID · Travel details · Payment details |
|
| A.7 | · Name · Dietary needs |
|
| A.8 | · Name* · Organisation/employer* |
|
| A.9 | · Name · Reports · Visual material (photos, video) of meeting |
|
C. Obligation to Provide Personal Data
The provision of personal data is necessary if you wish to participate in our receptions, meetings or events. Personal data necessary for us to invite and admit you to our receptions, events or meetings is indicated with an * under B.
D. (Groups of) Recipients
The following (groups of) recipients may receive personal data from you:
| Purpose | (Groups of) Recipients |
| A.1 | Archie Spotler Invitado |
| A.2 | Archie Spotler Invitado |
| A.3 | Archie Invitado |
| A.4 | Archie Invitado External venues hosting a reception or event |
| A.5 | Bank |
| A.6 | NBTC (Netherlands Board of Tourism) if contact details were received via NBTC Travel organisation Transport company (train, plane, bus etc.) |
| A.7 | |
| A.8 | Archie Spotler Invitado Other participants at a reception, event or meeting |
| A.9 | Archie Spotler Invitado |
E. Source of Personal Data
The personal data we process from you is – or may be – from:
| Purpose | Source of Personal Data | Public or Private |
| A.1 | · Yourself | · Private |
| A.2 | · Yourself | · Private |
| A.3 | · Yourself | · Private |
| A.4 | · Yourself · Your employer/organisation |
· Private |
| A.5 | · Yourself · Your employer/organisation |
· Private |
| A.6 | · Yourself · NBTC (Netherlands Board of Tourism) · Your employer/organisation · Travel organisation · Transport company |
· Private |
| A.7 | · Yourself | · Private |
| A.8 | · Yourself | · Private |
| A.9 | · Yourself · Rotterdam Partners · Visited location(s) |
· Private |
F. Retention Periods
We retain your personal data for the periods or criteria below. After these retention periods expire, we delete/destroy the personal data concerned:
| Purpose | Retention Period |
| A.1 | This personal data will be kept for one (1) year after the relevant reception, event or meeting for which registered |
| A.2 | This personal data will be kept for one (1) year after the relevant reception, event or meeting for which registered |
| A.3 | This personal data will be kept for two (2) years after the relevant reception, event or meeting for which registered |
| A.4 | This personal data will be kept for two (2) years after the relevant reception, event or meeting for which registered |
| A.5 | This personal data will be kept for two (2) years after the relevant reception, event or meeting for which registered unless it concerns administration. Administration will be kept for seven (7) years |
| A.6 | This personal data will be kept for two (2) years after the relevant reception, event or meeting for which registered unless it concerns administration. Administration will be kept for seven (7) years |
| A.7 | This personal data will be kept for one (1) year after the relevant reception, event or meeting for which registered |
| A.8 | This personal data will be kept for one (1) year after the relevant reception, event or meeting for which registered |
| A.9 | This personal data will be kept for one (1) year after the relevant reception, event or meeting for which registered unless it concerns reports. Reports will be kept for a maximum of six (6) years |
| A.10 | Limited time (until you unsubscribe from the newsletter). After unsubscribing, you will no longer receive newsletters with immediate effect. At the start of the next year after unsubscribing, your personal data will be deleted |
| 2.4 You buy a product or service from us |
If you buy a product or service from Rotterdam Partners, from one of our stores or our webshop www.shop.rotterdam.info, we collect your personal data for the purposes listed below using the means listed below.
A. Purpose and Basis
| # | Purpose | Basis |
| 1 | Executing the sales agreement we entered into with you in this context | Implement agreement |
| 2 | Carrying out the financial settlement of ordered products and services | Implement agreement |
| 3 | Shipping the products ordered by you | Implement agreement |
| 4 | Keeping you informed of developments concerning the products and services you purchased or ordered | Legitimate interest |
| 5 | Keeping statistics on the sale of our products and services | Legitimate interest |
Insofar as the basis for processing personal data for a purpose is based on the existence of a legitimate interest (Article 6.1.f – GDPR), our legitimate interest or that of a third party is formulated below (per purpose):
| Purpose | Legitimate Interest | From who? |
| A.4 | We have a legitimate interest to keep you informed of any changes to the products and services you purchase | Rotterdam Partners |
| A.5 | We have a legitimate interest to tailor the products and services we offer to your interests and preferences | Rotterdam Partners |
B. (Groups of) Personal Data
We may process the following (groups of) personal data from you per purpose:
| Purpose | (Groups of) Personal Data | |
| A.1 | · Name* · Address* · E-mail* · Telephone number · The products and services you purchased* |
|
| A.2 | · Bank account number* · Credit card number* |
|
| A.3 | · Delivery address* | |
| A.4 | · Name* · Address · E-mail* · Telephone number * |
|
| A.5 | · The products and services you purchased* | |
C. Obligation to Provide Personal Data
The provision of personal data is necessary to financially and logistically process the products and services ordered by you. Personal data necessary is indicated with an * under B
D. (Groups of) Recipients
The following (groups of) recipients may receive personal data from you:
| Purpose | (Groups of) Recipients |
| A.1 | · TWI · Crossmotion |
| A.2 | · MultiSafePay |
| A.3 | · TWI · Crossmotion |
| A.4 | · TicketMatic |
| A.5 | N.A. |
E. Source of Personal Data
The personal data we process from you is – or may be – from:
| Purpose | Source of Personal Data | Public or Private |
| A.1 | · Yourself | · Private |
| A.2 | · Yourself | · Private |
| A.3 | · Yourself | · Private |
| A.4 | · Yourself | · Private |
| A.5 | · Yourself | · Private |
F. Retention Periods
We retain your personal data for the periods or criteria below. After these retention periods expire, we delete/destroy the personal data concerned:
| Purpose | Retention Period
|
| A.1 | This personal data will be kept for two (2) years after receipt of relevant products or services unless it concerns administration. Administration will be kept for seven (7) years |
| A.2 | This personal data will be kept for two (2) years after receipt of relevant products or services unless it concerns administration. Administration will be kept for seven (7) years |
| A.3 | This personal data will be kept for two (2) years after receipt of relevant products or services unless it concerns administration. Administration will be kept for seven (7) years |
| A.4 | This personal data will be kept for two (2) years after receipt of relevant products or services unless it concerns administration |
| A.5 | This personal data will be kept for two (2) years after receipt of relevant products or services unless it concerns administration |
3 Transfer outside the EEA
We – or the contractors engaged by us – may transfer your personal data to an organisation in a country outside the European Economic Area (EEA) with a personal data protection level lower than that based on the GDPR and other regulations within the EEA. If such a situation arises and personal data is transferred to a country outside the EEA that provides less legal protection for personal data, we will ensure that appropriate safeguards are in place so the transfer takes place per applicable privacy laws.
Apart from this, we – or the contractors engaged by us – may transfer personal data to an organisation in a country outside the European Economic Area (EEA) with a personal data protection level lower than that based on the GDPR and other regulations within the EEA if there is a statutory exception as mentioned in Article 49 of the GDPR (e.g. based on your explicit consent or necessary to perform an agreement that is of interest to you).
We may process personal data about you in the following countries or international organisations:
| Location | Recipient | Warranty |
| N.A. | N.A. | N.A. |
If you would like further information on the processing of your personal data outside the EEA, please contact our Data Protection Officer at privacy@rotterdampartners.nl.
4 Processing Based on your Consent
If we process your personal data based on your explicit consent (basis), you have the right to withdraw this consent at any time. If you wish to withdraw your consent, we will no longer process your personal data for the purpose for which you withdraw your consent. Withdrawing your consent does not affect the legality of the processing of your personal data prior to the withdrawal of your consent.
5 Automated Decision-Making
We do not use fully automated decision-making processes for your data.
6 Your Rights as a Data Subject
With regard to our processing of personal data, you always have the right to:
- access the personal data we process about you (right of inspection);
- have your personal data corrected if it is incorrect (right of correction);
- have your personal data deleted (right of deletion/right to oblivion);
- have the processing of your personal data restricted (right to restrict processing);
- object to the processing of (some of) your personal data (right to object);
- have your personal data disclosed to yourself or to another processing controller (right to data portability).
You have the above rights under the GDPR. However, these rights are not always applicable. The exercising of some rights will require specific circumstances for them to be invoked. We refer to Articles 15 to 18, 20 and 21 of the GDPR for these specific circumstances.
If you would like to exercise your rights, please send us an email at privacy@rotterdampartners.nl describing which right you are exercising and which personal data the request relates to.
We may ask you to identify yourself if you are exercising any of your rights; we need to be sure that we are providing or otherwise processing the right personal data at the request of the right person.
If we cannot grant a request from you – to exercise one of the above rights – we will substantiate in writing why we cannot do so.
7 Complaints
In the unfortunate event that you have a complaint about the way we handle your personal data, we would like to first try to resolve it with you ourselves. In that case, you can send an e-mail to privacy@rotterdampartners.nl.
However, in the event of a complaint about how we process personal data, you are also free to complain directly to the Personal Data Authority (Autoriteit Persoonsgegevens).
