De Oude Pastorie Lisse B.V.
General Data Protection Regulation 2019 (GDPR)
Updated: August 2019
Privacy Policy
The Oude Pastorie handles personal information with great care and keeps it safe. A privacy policy is set up thanks to the General Data Protection Regulation (GDPR), describing how personal and other confidential information should be handled.
Privacy Policy The Oude Pastorie Lisse B.V.
This privacy policy for Oude Pastorie Lisse B.V. is the basis for how a company handles the privacy and data processing of their customers. These regulations meet the legal requirements set by the General Data Protection Regulation (GDPR).
Article 1. General definitions
1.1. Unless explicitly stated otherwise, the terms in these regulations are used in the importance that the General Data Protection Regulation (GDPR) assigns to them.
1.2. Personal Data
Any information concerning an identified or identifiable person.
1.3. Processing of personal data
Any action or set of actions with regard to personal data, including in any case the collection, recording, organizing, storing, updating, changing, retrieving, consulting, using, providing by means of transmission, distribution or any other form of making available, bringing together, relating to each other, as well as protecting, erasing and destroying all data.
1.4. Responsibility
The Oude Pastorie on behalf of who, whether or not together with others, is carrying out the objective of processing personal data. ‘Responsible party’ can also be read as ‘De Oude Pastorie’ or ‘We’; being the private limited liability company De Oude Pastorie B.V. having its registered office in Lisse, registered in the trade register of the Chamber of Commerce under number: 61216429.
Contact details:
- T: 0252-204004
- E: info@deoudepastorielisse.nl
1.5. Processor
The person/company who processes personal data for the responsible company, without being subject to his/her direct authority.
1.6. Usage of personal data
The person who is authorized as a staff member or otherwise to process personal data by or on behalf of the controller.
1.7. Data Subject
The person or organization/company to whom the personal data can relates
1.8. Client
A natural or legal person who has given an order to provide services to the responsible party.
1.9. Third parties
Any person other than the third party, the responsible party, the user or any other person who is authorized to process personal data under the direct authority of the responsible party or on behalf of the processor.
1.10. Permission Data Subject
Any free, specific and information-based expression of will, of which the data subject accepts that personal data about him/her are being processed.
1.11. Special Personal Data
Some examples of special personal data are details that say something about a person’s health, race, religion, criminal history or sexual life. Membership of a trade union and the citizen service number (BSN) are also special personal data.
In the case of health, medical or nursing data are requested, such as resuscitation, use of a stoma, syringe injection, respiration and similar special procedures or allergies, which may be essential or important for the health of the person or party involved. The client should inform the responsible party about this in case of any calamities.
Article 2. Reach
2.1. This regulation applies to all processing of personal data of customers by or on behalf of the responsible party.
Article 3. Purpose of Processing Personal Data
3.1. The responsible processes data for the following purposes:
Address details of the client are required to come to an agreement, for example when booking one or more rooms in the B&B of The Oude Pastorie in Lisse for a minimum of 1 night and invoicing this night(s). This is a contractual obligation.
- The client must identify himself with a valid proof of identity upon registration. Here too there is a contractual obligation.
- Personal data is processed via the booking system of RoomRaccoon B.V. in Breda. This party will not and may not use the personal data for its own purposes. Persons employed by or working for RoomRaccoon B.V. who are eligible with the relevant data are bound to the right of confidentiality.
- Personal data of the guest(s) must be registered for the night register of the Bed & Breakfast. This information is necessary, because The Old Pastorie is required to keep the night register on request of the municipality. The requirement for maintaining a night register is set out in the Criminal Code. Moreover, the General Local Regulation (GLR) of the municipality often requires a night register. The data is therefore necessary for compliance with legal obligations. For the night register, the name, place of residence of the guest, date of arrival, date of departure and which type of identity document are registered, among other things. There is no need to make a copy of the proof of identity.
- With the permission of the client, the e-mail addresses, the first and last names of some guests may be kept for the list of newsletters of The Oude Pastorie. The person in question must give permission beforehand. The person in question can unsubscribe at any time to newsletters sent by The Oude Pastorie. Every email will contain this link to unsubscribe (mainly at the bottom of the mail). If the person in question unsubscribes, he or she will no longer receive newsletters and the data mentioned above will be removed from our system.
Personal data is only processed in accordance with the purposes for which it was obtained.
Article 4. Processing Personal Data
4.1. The Oude Pastorie is responsible for the proper functioning of the processing of personal data and for compliance with the provisions of these regulations.
4.2. The Oude Pastorie makes the necessary provisions to promote the accuracy and completeness of the recorded data. We are also responsible for the necessary technical and organizational provisions to protect the personal data against loss or damage to the data and against unauthorized access, modification or provision thereof.
4.3. Regarding the special data, the Oude Pastorie will not rely on the processing of information such as race, religion, criminal history or sexual life. A membership of a trade union and the citizen service number (BSN) are also special personal data, so they may not and will not be copied or scanned by De Oude Pastorie B.V. Only the type of identity document and document number will be registered.
Article 5. Access to Personal Data
5.1. Personal data will never be shared with or sold to third parties for commercial purposes.
5.2. Only users of personal data have access to these personal data to the extent that this is necessary for the performance of their duties.
5.3. Every user of personal data has a strict confidentiality obligation with regards to the data that he acquires based upon that access.
Article 6. Protection of Personal Data
6.1. The Oude Pastorie handles personal data with care. To this end, the personal data is adequately secured.
6.2. The Oude Pastorie sees to it that security regulations for personal data are drawn up and observed.
Article 7. Provision of personal data
7.1. Unless this is necessary for the implementation of a legal requirement, the prior consent of the Data Subject is required for the provision of personal data to Third Parties.
7.2. The Oude Pastorie may be required in the context of a legal obligation to provide data from the Data Subject to Third Parties. This provision does not require the consent of the person concerned. We will not give your personal data to other companies or institutions under any circumstances, unless we are legally obliged to do so (for example, if it is required on behave of the police, in the event of a suspicion of a crime).
Article 8. Access to recorded data
8.1. The Data Subject has the right to inspect and copy the data relating to a person. The Data Subject must submit a request for this.
8.2. A request as referred to in this article will be met within four weeks of receiving the request.
8.3. The right to inspect data is only allowed by Data Subject(s) or his/her authorized representative. The person/organization concerned or his/her authorized representative must be able to identify himself and / or prove their authority in appropriate cases.
8.4. The Oude Pastorie may refuse to comply with a request as referred to in this article, that are based upon the extent necessary in the interest of the protection of the Data Subject(s) or of the rights and freedoms of others, the prevention, detection and prosecution of criminal offenses.
8.5. No fee will be charged for sending and providing statements.
Article 9. Addition, Correction or Deletion of Recorded Data
9.1. If requested, the recorded data will be supplemented with a statement issued by or on behalf of the Data Subject with regards to the recorded data.
9.2. If the recorded data are factually incorrect, incomplete or not relevant for the purpose of the processing, or contrary to a legal requirement for the processing, the Data Subject must submit a written request to The Oude Pastorie requesting improvement, addition, deletion of the data. The Oude Pastorie does not make a decision until the user or the processor who has collected the data or his successor or observer has been heard.
9.3. The Oude Pastorie will inform the Data Subject in written form within four weeks of receiving the request whether or to what extent the request will be accepted. A refusal is always supported by reasons.
9.4. Removal is not required insofar as storage on the basis of a legal regulation is required.
9.5. The Oude Pastorie will ensure that a decision to supplement, correct or remove is implemented as quickly as possible.
9.6. In case of deletion of data, a statement shall be included in the data that the data has been deleted at the request of the person in question.
Article 10. Right to Object
10.1. If data is processed in connection with the establishment or maintenance of a direct relationship between The Oude Pastorie or a Third Party and the Data Subject for the purpose of recruitment for commercial or charitable purposes, the Data Subject must have given explicit permission for this processing. The Data Subject may lodge a statement of opposition with The Oude Pastorie at any time.
10.2. In the event of an objection, The Oude Pastorie will take measures to end this form of processing immediately. There is a right to withdraw a permission that has been granted.
Article 11. Retention period(s)
11.1. Personal data is no longer stored in a form that makes it possible to identify the Data Subjects, than is necessary for processing the purposes for which they are collected or subsequently processed.
11.2. Unless specified otherwise, the retention period ends two years after the last contact by or on behalf of the Oude Pastorie with the Data Subject. The data necessary for the legal retention obligation are retained for seven years.
11.3. After termination of the agreement concluded with the Client, all personal data to be traced back to the Data Subject will be deleted two years after the agreed termination of the guidance of the Data Subject. The data necessary for the legal retention obligation are retained for seven years.
Article 12. Complaints
12.1. If the Data Subject is of the opinion that the provisions of these regulations are not being honored and/or if the Data Subject believes that he has other reasons to complain, he/she should go to The Oude Pastorie BV. Furthermore, the Data Subject has the right to file a complaint at the Dutch Data Protection Authority.
12.2. De Oude Pastorie will take care of the complaint in accordance to the complaint procedure of The Oude Pastorie Lisse B.V.
Article 13. Data Transfer
13.1. The person concerned has the right to transfer or have his/ her data transferred. We may also be requested to make sure that the personal data is transferred to another party.
Article 14. Reason and Purpose of Providing Personal Data
14.1. The provision of personal data by the Data Subject is based upon a legal obligation or a necessary condition to conclude an agreement for this purpose.
Article 15. Change of privacy statement
15.1. The privacy statement may change occasionally (for example due to legislative changes). This may be necessary, for example: after a further interpretation of the regulations by the Dutch Data Protection Authority.