Online Privacy Statement

Data Protection Policy

1. INTRODUCTION

Softline Solutions Netherlands B.V., Softline Solutions N.V., Softline Solutions Ltd., operating under trade name and hereafter known as: NOVENTIQ NORTHERN EUROPE is committed to ensure the protection of Personal Data of its Customers, Employees, Business Partners and any other individual. The Data Protection Policy (hereinafter, the “Policy”) shows how NOVENTIQ NORTHERN EUROPE process the personal data of clients, suppliers, employees and other categories of natural persons, namely describes the principles applicable to the personal data processing within NOVENTIQ NORTHERN EUROPE. NOVENTIQ NORTHERN EUROPE’s mission and objective is to observe privacy/data protection legal obligations and highest standards in all data processing instances, throughout the entire personal data life cycle. The Policy is the document that provides a high-level guidance on NOVENTIQ NORTHERN EUROPE’s actions relating to personal privacy and data protection and it is the statement of the management of NOVENTIQ NORTHERN EUROPE of the standards that need to be met.

2. DEFINITIONS

Personal DataAny information regarding an identified or identifiable natural person.
Data SubjectThe natural person identified or identifiable through the personal data processing. An identifiable natural person is a person who can be identified, directly or indirectly, especially through referral to an identification element, such as a name, an identification number, localization data, an online identifier or one or more specific elements, characteristic to their physical, physiological, genetic, psychic, economic, cultural or social identity.
ProcessingAny operation or set of operations performed on personal data or personal data sets, with or without the use of automatic means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, usage, disclosure through transmittal, dissemination or making available through any other means, alignment or combination, restriction, erasure or destruction.
RecipientThe natural person or legal entity, public authority, agency or other organism to which (whom) the personal data is disclosed, regardless if it is a third party or not.
Data Protection Officer/ResponsibleThe person in NOVENTIQ NORTHERN EUROPE responsible for meeting the demands regarding personal data protection, whether they were appointed as Data Protection Officer in the sense of the applicable data protection law or was only assigned certain tasks in this sense, if there is not a Data Protection Officer appointed.
Record of processing activities” or Personal Data RegistryRegistry created by NOVENTIQ NORTHERN EUROPE in order to keep the record of the processing activities performed by NOVENTIQ NORTHERN EUROPE.
Processor/data importerThe natural person or legal entity, public authority, agency or other organism that processes personal data on behalf of the controller/operator.
Controller/operatorThe natural person or legal entity, public authority, agency or other organism which, alone or together with others, establishes the purposes and means of the personal data processing.
Third partyA natural person or legal entity, public authority, agency or organism, other than: the data subject, the controller/operator, the processor and the people who, under the direct authority of the person mandated by the controller/operator, are authorized to process personal data.
NOVENTIQ NORTHERN EUROPE Softline Solutions Netherlands B.V., Softline Solutions N.V. and Softline Solutions Ltd, which are companies operating under the trade name NOVENTIQ NORTHERN EUROPE.

3. SCOPE

NOVENTIQ NORTHERN EUROPE processes personal data from several general purposes, which are listed in the record of personal data processing activities, under the form of a registry. This Policy applies to any Personal Data Processing that is done for or by NOVENTIQ NORTHERN EUROPE. This Policy shall be complied with by all employees, contractors, consultants, including all personnel affiliated with third parties who may have access to any NOVENTIQ NORTHERN EUROPE resources.

4. APPLICATION OF NATIONAL LAW

The present Policy presents the principles applicable to personal data processing, which must be observed within NOVENTIQ NORTHERN EUROPE, without replacing the legislation on data protection applicable in all countries where NOVENTIQ NORTHERN EUROPE is established or does business in. The legislation prevails over this Policy, if it contains divergent provisions or additional conditions. In particular, any conditions regarding reporting and authorization existing in the legislation concerning data processing based in the national legislation must be observed.

5. PRINCIPLES OF DATA PROCESSING

Each personal data processing must observe the rights and freedoms of the data subject, in accordance with the principles stated below. These must be observed even when new data processing is initiated or when the existing ones are extended or diversified. Personal data processing is fair and lawful, meaning NOVENTIQ NORTHERN EUROPE has a legitimate business purpose (and, where required, a legal basis) for processing personal data. Where NOVENTIQ NORTHERN EUROPE acts as a processor, it will generally rely on the controller to establish this legal basis. Personal data processing is limited to the minimum necessary, meaning NOVENTIQ NORTHERN EUROPE collects and retains the minimum amount of personal data necessary for the business purpose. Where NOVENTIQ NORTHERN EUROPE acts as a processor, it must also process personal data only as directed by the controller. NOVENTIQ NORTHERN EUROPE is transparent with data subjects how and why their personal data will be processed. Where NOVENTIQ NORTHERN EUROPE is a processor, this information is likely to be provided to the data subjects by the controller. Personal data is processed in accordance with the rights of data subjects (e.g. to access, erase or correct personal data). Where NOVENTIQ NORTHERN EUROPE acts as a controller, it must respect and observe any exercise of these rights, and where it is a processor it will be required to assist the controller in responding. Personal data is accurate, up-to-date and complete.  Where it acts as processor, NOVENTIQ NORTHERN EUROPE will assist the controller to ensure this. Personal data is kept secure, meaning NOVENTIQ NORTHERN EUROPE applies appropriate security safeguards to personal data, including where processed by third parties. Where NOVENTIQ NORTHERN EUROPE acts as a processor, it will be required to implement its own appropriate safeguards and provide assistance to the controller in doing the same. Personal data is transferred internationally in accordance with applicable law. NOVENTIQ NORTHERN EUROPE is accountable and can demonstrate compliance with its obligations under applicable data privacy laws.

6. RIGHTS OF THE DATA SUBJECT

Together with the principles mentioned above, NOVENTIQ NORTHERN EUROPE keeps in mind and observes the rights of the data subject in all personal data processing according with the applicable law, which might include:

  • Right to information and transparency – NOVENTIQ NORTHERN EUROPE ensures that the data subject is informed with regard to the personal data processing;

  • Right to access – NOVENTIQ NORTHERN EUROPE observes the procedure in order to ensure the access of data subject s to information regarding their data processing.

  • Right to rectification – Regardless of the grounds for the processing, the data subjects have the right to request NOVENTIQ NORTHERN EUROPE to rectify or complete their data, as the case may be, on the basis of an additional statement.

  • Right to restrict the processing – The data subjects can request NOVENTIQ NORTHERN EUROPE to restrict the processing of the personal data concerning them.

  • Right to erasure (“right to be forgotten”) – The data subjects have the right to request and obtain the erasure of personal data in some cases;

  • Right to data portability – The data subjects have the right to request NOVENTIQ NORTHERN EUROPE to provide a copy of their personal data to the data subject or a Third Party in some cases.

  • Right to oppose the processing/ Right to oppose the processing in direct marketing purposes: NOVENTIQ NORTHERN EUROPE shall not make decisions about data subjects based solely on automated processing.

  • Rights Related to Automated Decision-Making and Profiling: You can object to automated decision-making, including profiling, when it significantly affects you.

7. DISCLOSURE OF PERSONAL DATA. ASSIGNEES. TRANSFER TO THIRD-PARTY COUNTRIES

TYPE AND PURPOSES OF PERSONAL DATA DISCLOSURES

Personal data shall only be disclosed if the party that receives it is personally liable for the data it has received or only if the party that receives them will use it in accordance with the instructions obtained from the party that discloses it. Personal data can be disclosed for allowed purposes, mentioned in NOVENTIQ NORTHERN EUROPE’s records, in view of the performance of NOVENTIQ NORTHERN EUROPE’s activity, for observing legal obligations or if there is consent from the data subject.

PROCESSORS/DATA IMPORTERS

In situations in which the processing will be performed by another natural person or legal entity in the name of NOVENTIQ NORTHERN EUROPE, they will be a processor/data importer in the sense of the applicable law and must offer enough guarantees for the application of adequate technical and organizational measures for personal data protection, which it will process in the name of NOVENTIQ NORTHERN EUROPE and by observing the rights of the data subjects.

TRANSFER OF DATA TO A THIRD-PARTY COUNTRY

There is a transfer to another country when the personal data is transmitted, visualized or accessed by persons who are in another country. If the personal data collected and stored by NOVENTIQ NORTHERN EUROPE is transferred to a person situated in a different country than the one where NOVENTIQ NORTHERN EUROPE has its registered office, the person who received the data must guarantee a personal data protection level equivalent to the level ensured by NOVENTIQ NORTHERN EUROPE.

8. CONTACT POINTS

For any inquiries on this Policy or other personal data processing matters, contact our Data Protection Officer 

info.nl@Softline-group.com, or

Softline Solutions Netherlands B.V. 

Coltbaan 33 

3439 NG Nieuwegein

 

9. COMPLIANCE

The Data Protection Officer, Patrick Mesman (Director of People & Culture) is owner of this Policy. NOVENTIQ NORTHERN EUROPE is committed to ensuring that this Policy is observed by all employees, contractors, consultants, including all personnel affiliated with third parties who may have access to any NOVENTIQ NORTHERN EUROPE resources. Compliance with this Policy is verified by various means, including reports from available business tools, internal and external audits, self-assessment, and/or feedback to the policy owner(s). NOVENTIQ NORTHERN EUROPE monitors its compliance with this Policy on an ongoing basis. Any exceptions to this Policy requires the written approval of the Data Protection Officer. Failure to comply with this Policy, including attempts to circumvent it may result in disciplinary actions, including termination, as allowed by local laws. Violations of regulations designed to protect Personal Data may result in administrative sanctions, penalties, claims for compensation or injunctive relief, and/or other civil or criminal prosecution and remedies.

1st March, 2024.

Softline Group Northern Europe

Dutch office

Softline Solutions Netherlands B.V.

Coltbaan 33
3439 NG Nieuwegein
Phone    +31 30 55 00 300
Email    info.nl@softline-group.com

Contact

Belgian office

Softline Solutions N.V.

Brusselstraat 51
2018 Antwerpen
Phone    +32 2 897 4695
Email    info.be@softline-group.com

Contact

UK office

Softline Solutions Ltd.

26/28 Hammersmith Grove
London W6 7HA
Phone    +44 20 3821 1294 
Email    info.uk@softline-group.com

Contact

Softline Group NE is now Noventiq NE

Since 1st of March 2024, Softline Group Northern Europe is renamed to Noventiq Northern Europe