Last updated: 11 May 2017
The Policy applies to all processing of data that identifies you or may be used to identify you with (“Personal Data”) by ATO-GEAR as performed via the website located at https://www.ato-gear.com (hereinafter: “Website”) and the services ATO-GEAR makes available through the Website (hereinafter “Services”), including but not limited to purchasing ‘ARION’-gear (hereinafter: “Products”) from our webshop and the delivery of these Products to you.
We may amend the Policy at any time. In case the Policy is amended, this amended Policy will be made available to you through the Website and can be found here:
Should you have any questions after reading this Policy, or would like to exercise your data protection rights, please contact us through the contact details stated in article 1.1.
Processing of Personal Data
When we process your Personal Data throughout the Website to perform our Services to you or deliver the Products you purchased, ATO-GEAR is responsible for determining the purpose and the means of this processing and is therefore referred to as a data controller pursuant to the Dutch Data Protection Act.
When you are aged 16 or below you need the permission of your parent or legal guardian. Should you not have such permission, you cannot provide your Personal Data to us to purchase Products. When ordering Products, we will ask you whether you are aged 16 or above, to which question you are to answer truthfully.
We collect Personal Data by asking you to provide us with them. Apart from that, we may collect Personal Data automatically. We collect and process the following Personal Data:
For the performance of Services and ordering Products:
i) Name and surname;
ii) Address and the delivery address;
iii) E-mail address;
iv) Telephone number;
v) Your bank account number, name of the account holder and other payment details that entail Personal Data;
Information marked with * is mandatory and necessary to enter into a contract regarding the purchase of Products. When you fail to provide the mandatory Personal Data, we cannot enter into a contract regarding the purchase of Products with you.
We process the above stated Personal Data as this is necessary for the performance of a contract we have entered into with you, such as the contract for the purchase of Products.
i) The information that is collected via cookies.
Please note that when you fail to provide the above stated Personal Data, we may not be able to offer our Services the way they are intended. For example, you may not be able to keep Products in your shopping chart while proceeding to the check-out, due to the absence of a cookie that provides that functionality.
We store your Personal Data as long as necessary to perform the purposes of processing as stated in article 3 of the Policy. This means that we store your Personal Data at least for the period as is necessary to perform the Services you requested, such as the purchase of Products.
We may choose to pseudonymise the Personal Data, which means we transform the Personal Data into data that can no longer be attributed to you without the use of additional information. We call this data ‘Non Personal Data’. We hereby reserve the right to store Non Personal Data for the purposes as referred to in article 3 of the Policy and as long as we find to be necessary.
Purposes of Personal Data collection
Personal Data is collected and processed by ATO-GEAR for the following purposes:
i) Identifying you to perform the Services you requested;
ii) Performing the Services that you requested;
iii) When you order any Products, invoicing you when applicable;
iv) When you order any Products, delivering these Products to you;
v) Contacting you in case of any questions or comments you may have;
vi) Collecting feedback on our Services;
vii) Promoting the use of our Products and Services;
viii) Analysing Personal Data to improve the Services of ATO-GEAR;
ix) Analysing the market for our Services and Products;
x) Building the community for our Services;
xi) Analysing Personal Data to promote the use of ATO-GEAR, such as use in advertisements and promotions;
Xii) Improving the Services.
The electronic contact details you choose to provide us with, such as your e-mail address, are used to make sure the Services are performed for you in the most optimal way. Therefore, some e-mails are strictly necessary. We may, for example, contact you to inform you on the process of the delivery of your Product.
Further to the above stated e-mails, we may contact you to further promote the Services, our Products, ATO-GEAR, affiliated companies or any of our future services and / or products. For these e-mails you have granted your permission when registering for an account on our Website or when you requested Services. Should you wish to withdraw your permission, please do so by making use of the opt-out provided to you in every e-mail we send you.
Recipients of Personal Data
We will transfer your Personal Data to third parties, being:
Suppliers: When such is necessary to perform our Services to you, we may transfer your Personal Data to our suppliers, such as but not limited to the company that hosts the Website, the company that makes sure your Product is delivered to you and the company that hosts the applications as necessary for our Services. Suppliers shall always act and process the Personal Data on behalf of ATO-GEAR and the instructions we provide them with
ATO-GEAR highly values the security of your Personal Data. Therefore, ATO-GEAR will apply technical and organizational measures to protect your Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. To keep your Personal Data safe, we take the following steps:
i) Encrypt the transfers of data via the Website;
ii) Protect the servers on which your Personal Data is stored with passwords and appropriate security measures;
iii) Block search engines from indexing the Personal Data.
Should any Personal Data breach occur and result in a high risk to your rights and freedoms, we will communicate this to you without undue delay.
Applicable data protection laws and regulations guarantee you the following rights:
Objection: Depending on the situation and the Personal Data that is processed, you have the right to consent or object to the processing of your Personal Data and the conditions under which this processing takes place.
Access: You have the right to obtain from us a confirmation as to whether or not Personal Data concerning you are being processed, and, when such is the case, access to the Personal Data and the following information:
i) The purposes of the processing;
ii) the categories of Personal Data concerned;
iii) the recipients or categories of recipient to whom the Personal Data is or will be disclosed, in particular recipients in third countries or international organisations;
iv) where possible, the envisaged period for which the Personal Data is or will be stored, or, if not possible, the criteria used to determine that period;
v) the existence of the right to request from the us rectification or erasure of Personal Data or restriction of processing of Personal Data concerning you or to object to such processing;
vi) the right to lodge a complaint with a supervisory authority, such as the Autoriteit Persoonsgegevens;
vii) in the event that the collected Personal Data are not originating from you, any available information as to its source;
viii) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
In the event that Personal Data are transferred to a third country or to an international organisation, you also have the right to be informed of the appropriate safeguards as applied. We will provide to you a copy of the Personal Data undergoing processing. For any further copies as requested by you, we may charge a reasonable fee based on administrative costs.
Rectification, erasure, blocking or deletion: You have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
You have the right to obtain from us the erasure of Personal Data concerning you without undue delay and we shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:
i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
ii) you withdraw consent, in case the processing of such is based on your permission, and where there is no other legal ground for the processing;
iii) you object to the processing pursuant and there are no overriding legitimate grounds for the processing;
iv) the Personal Data is unlawfully processed;
v) the Personal Data is to be erased for compliance with a legal obligation in the European Union or a Member State of such Union law to which we are subject;
vi) the Personal data have been collected for the performance of a contract to purchase Products while you are not aged 16 or above.
When we have made the Personal Data public and we are obliged to erase the Personal Data, we shall take all reasonable steps, taking account the available technology and the costs, to inform other controllers which may process your Personal Data that you have requested the erasure of Personal Data.
Notification: You have the right to a notification to third parties to whom your Personal Data has been disclosed, when you have been granted any rectification, erasure, blocking or deletion as stated above, unless such notification proves to be impossible or requires a disproportionate effort from us.
Data Portability: You have the right to receive the Personal Data you have provided to us yourself, in a structured, commonly used and machine-readable format and you have the right to transmit the Personal Data to another controller.
Complaint: You have the right to lodge a complaint with the supervisory authority, such as the Autoriteit Persoonsgegevens.
Right to restriction of processing: You have the right to obtain restriction of processing when:
i) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy of your Personal Data;
ii) the processing is unlawful and you oppose the erasure of this Personal Data and request the restriction of this use instead;
iii) when we no longer need your Personal Data for the purposes of the processing.
In order to fulfil your possible requests pursuant to the rights as stated above, we might request specific additional information of you to identify you with. We only collect and process such specific Personal Data for the purpose of executing your above stated rights.
Please be informed that when you exercise your right to objection, we are no longer able to perform the Services to you and you should refrain from using these Services and the Website.
Should you have any questions after reading the Policy, or would like to exercise any right as stated in the Policy, please do not hesitate to contact us with the details provided to you in the Policy or e-mail us at firstname.lastname@example.org.