HERO-MV2

Privacy Statement Rotterdam Port Promotion Council

Personal Data Processed

This privacy statement explains how the Rotterdam Port Promotion Council (hereafter: "RPPC," "we," "our") handles personal data and how you can exercise your rights regarding it. We take your privacy very seriously and ensure that any personal data you share with us is handled with care. In this privacy statement, we explain how we do this. If you have any questions, we are happy to answer them! You can reach us at rppc@rppc.nl.

We process your personal data because you use our services and/or because you have provided this information to us. Below is an overview of the personal data RPPC may process, depending on the service you use:

  • Company Details:
    • Company name and contact details (address, general phone number, general email address) from the Chamber of Commerce register.
    • Company bank account number.
  • Personal Data of Contact Person(s):
    • First and last name.
    • Gender (for addressing purposes only).
    • Job title.
    • Email address.
    • Phone number.
  • Relationship-Specific Information:
    • Membership or donor status.
    • Membership status.
    • Communication preferences and community participation.
    • Visit reports (only with explicit consent):
      • Information about your company’s progress, sector, services, and products.
      • Personnel changes to keep our contact list up-to-date.
      • Information about partner companies that may benefit from RPPC membership.

This information is handled confidentially and not shared with external parties. It is intended to record your interests.

  • Other Personal Data Actively Provided:
    • For example, data shared by creating a profile on our website, in correspondence, or via phone.

Purposes for Processing Personal Data

RPPC processes personal data for the following purposes. If you object, please let us know:

  • To handle your registration after purchasing a product or service.
  • To contact you via phone or email if necessary to provide the service you have purchased.
  • To deliver the goods and services you have purchased.
  • To carry out our services effectively.
  • To send newsletters and mailings for which you have subscribed.
  • To tailor our services to your preferences based on your browsing behavior.
  • To optimize RPPC's website.
  • To send you invitations to upcoming and future events.
  • For direct marketing purposes, including sending promotions and offers.

Legal Basis for Processing

The processing of personal data is based on one of the following legal grounds:

  • Consent (Article 6(1)(a) GDPR): When we have received explicit consent.
  • Legitimate Interest (Article 6(1)(f) GDPR): For example, for direct marketing purposes.
  • Contractual Necessity (Article 6(1)(b) GDPR): To provide our services and products.
  • Legal Obligation (Article 6(1)(c) GDPR): For tax purposes and legal reporting requirements.

Retention Periods

Personal data will not be retained longer than necessary for the purposes for which it was collected. Below are the retention periods per category:

  • Customer Data: Maximum 7 years after termination of the customer relationship (legal retention period).
  • Data for Direct Marketing: As long as the individual remains a member and has not objected to marketing communications.
  • Visit Reports and Relationship Management Information: Maximum 3 years unless otherwise agreed.

Sources of Personal Data

The personal data processed by RPPC are obtained from:

  • The RPPC website.
  • Telephone contact.
  • Google Analytics.
  • RPPC LinkedIn account.
  • Survey Monkey.
  • Website forms (completed by you).

Sharing Data with Third Parties

RPPC shares personal data with third parties if necessary for the execution of our services. These include:

  • IT Service Providers: For hosting and website management.
  • Marketing Partners: For newsletters and campaigns.
  • Financial Service Providers: For invoicing and payments.
  • Security Services: To protect our data.

For each of these parties, RPPC signs data processing agreements to ensure the protection of your personal data.


Data Protection and Security Measures

We take the protection of your data seriously and have implemented appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized changes. These measures include:

  • Servers and devices used by employees are secured with up-to-date software (e.g., antivirus and firewalls).
  • Data is transmitted only through secure internet connections (TLS/SSL).
  • Access to personal data is limited to essential staff and authorized based on their roles.

Data Protection Impact Assessment (DPIA)

For specific data processing activities with increased risks, RPPC conducts a DPIA to identify risks to individuals and implement appropriate measures.


Cookies

Our website uses functional, analytical, and tracking cookies to improve your user experience. Upon your first visit, we request your consent. You can manage your cookies at any time through your browser settings.


Event Photography

At our events, you may be photographed. These photos are used solely to capture the atmosphere and are not intended to identify specific individuals. For promotional purposes, we consider the use of such photos a legitimate interest under the GDPR. If you wish to have a photo removed, please send your request to rppc@rppc.nl.


Data Subject Rights

You have the following rights regarding your personal data:

  • Right to access, rectification, erasure, restriction, objection, and data portability.

We handle each request with care and aim to respond within four weeks. Requests can be submitted to:

RPPC
Postbus 54200
3008 JE Rotterdam
Email: rppc@rppc.nl

Complaints can be submitted to the Dutch Data Protection Authority.

Last updated: 12-12-2024.