Introduction
At Pizzanoemi.nl, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and disclose your information when you use our website to place pizza orders.
Information We Collect
- Personal Information: When you place an order, we collect your name, delivery address, phone number, and email address.
- Payment Information: We collect your payment card details to process your order. We do not store your full card number on our servers.
- Order History: We keep a record of your past orders to provide better customer service and personalize your experience.
- Website Usage Information: We collect information about how you use our website, including your IP address, browser type, and pages visited. We use this information to improve our website and services. 1. counrtycamping.comcounrtycamping.com
How We Use Your Information
- To Process Your Orders: We use your information to process and deliver your pizza orders.
- To Communicate with You: We may contact you about your orders, to provide customer support, or to send you marketing communications if you have opted in.
- To Improve Our Website and Services: We use your information to analyze how our website is used and to improve our services.
Disclosure of Your Information
- Third-Party Service Providers: We may share your information with third-party service providers who help us process payments, deliver orders, and provide other services. These providers are contractually obligated to protect your information.
- Legal Requirements: We may disclose your information if required by law or to protect our legal rights. 1. superfeeds.aisuperfeeds.ai
Your Choices
- Marketing Communications: You can opt out of receiving marketing communications from us at any time.
- Access and Correction: You can request access to and correction of your personal information.
Security
We take reasonable measures to protect your information from unauthorized access, use, and disclosure.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website.
Contact Us
If you have any questions about this Privacy Policy, please contact us at [Your Contact Information].
Cookies
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
Necessary Cookies (all site visitors)
- cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
- PHPSESSID: To identify your unique session on the website.
Necessary Cookies (Additional for Logged in Customers)
- wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
- wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
- wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
5. Who Has Access To Your Data
If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself. If you are a client with a registered account, your personal information can be accessed by:- Our system administrators.
- Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
myPOS and GDPR Compliance (NoemiPizza.nl online and offline payment gatheway)
Our commitment to you and the protection of your data
As of May 25, 2018 the ‘General Data Protection Regulation’ or GDPR is enacted across all Member-states of the European Union and the European Economic Area. GDPR aims to harmonise the different data protection laws across the Member-states, leading to more standardised protections for all European citizens. At myPOS, we welcome this regulatory change because we have always strived to provide our clients with the highest protection of their personal data.
Organisational Readiness at myPOS
The protection of our customers’ personal data is of utmost importance to us. In the last year, we’ve worked tirelessly to ensure all GDPR compliance requirements were met well in advance. We also follow all practices in this area and all issued guidelines of the regulatory bodies in order to adapt our protection measures constantly and adequately.
Data Protection Officer, Privacy Team and GDPR Training
All of our employees have undergone GDPR training, overseen by our on-site Privacy Team, Compliance Department and our outside privacy consultants. Each new employee must participate in a mandatory training session related to privacy regulations and best practices. New training sessions are carried out annually thereafter for all employees. We have appointed our Data Protection Officer (DPO), who also acts as the Privacy Team leader, in accordance with the requirements of GDPR.
Internal policies
The company’s internal policies are updated in accordance with the new GDPR requirements.
The data we collect
The personal data we collect and process is described in detail in our Privacy Policy. We process the personal data on the basis of different grounds, defined by GDPR – legal obligations, for the purposes of concluding and/or executing a legal relationship, legitimate interest and based on clients’ consent.
How we use the collected data
We use, store, and process the personal information to provide, understand, improve, and develop our services, create and maintain a secure environment, pursue our legitimate interests and comply with our legal obligations. For detailed information please check our Privacy Policy.
myPOS clients and their related personal data
All of myPOS clients are legal entities (companies/corporations). The data about the sole traders is personal data under GDPR. The rest of the corporations/companies are not data subjects under the law. However, we are obliged to verify the identity of the business owner/authorised user, who is opening the Account (in case of company or other entity, referred to as “user opening the Account”). We are processing the personal data about this business owner/authorised user. The information regarding the company (with the exception of sole traders), including its risk profile and due diligence checks is not regulated by GDPR.
Why are we taking pictures of an entity’s authorised persons and their ID documents and is it GDPR-compliant?
myPOS Service is designed for business purposes and may be used by individuals or entities. In case you are registering for and/or using myPOS Services on behalf of an entity we will treat you as authorised person and you may be obliged to disclose to us personal data of the legal representatives, the employees, the agents, the beneficial owners or any other third-party related to the entity.
In accordance with our legal obligations under the relevant Anti-money laundering and anti-terrorism financing regulations (or AML/CFT laws), we are obliged to verify our customer’s identity or the identity of the authorised user who is opening the Account.
We are bound by the law to identify and verify the owner of the Account (an authorised person from the company) and since the individuals are not always able to upload the required information on their own, we do it instead. In an online environment, we’ve implemented a video identification chat following the best practices. We do this for our clients’ convenience.
The AML/CFT laws, in broad terms, require financial institutions and other entities that are at risk of being used as a tool to launder money or finance terrorism, to:
- identify their clients, which means that the obliged entity must ask the client to provide his/her personal details.
- verify their identity, which means that the obliged entity must “check” that the personal details of the person are not falsified, forged, stolen or similar.
When the process above is done on a non-face-to-face principle, such as through an app, we must ensure that the verification of the client’s identity must be done with at least two technical measures.
The video-chat functionality and the requirement to take photos of our clients and their ID is at this time the fastest, legal customer-friendly way to provide our services to you.
Data Protection Impact Assessment
We have carried out a detailed review of all our data processing activities, by product and by department. We have analysed the grounds for processing, retention periods, technical and legal safeguards for our client’s rights and freedoms and we have ensured that any data processing activity that we carry out is 100% compliant with the law.
Our retention periods
Please be aware that, as a financial institution, we are required by the Payment Services Directive and money laundering legislation to keep client’s data for a period of 5 years after the termination of the contract/account of our customer.
Correction (rectification) of client’s personal data
Our customers can send us a request to correct inaccurate or incomplete personal information via email to dpo@mypos.com.
Data Access
Our clients have the right to receive a copy of the data we hold for them at any time. The request can be sent via e-mail to dpo@mypos.com.
Data Deletion
We generally retain clients’ personal information for as long as is necessary for the performance of the contract between them and us and to comply with our regulatory obligations. Our customers can request the closure of their myPOS Account and the termination of the contract at any time. However, we are going to keep their data for 5 years after the termination in compliance with the law.
In case the regulatory retention periods have expired, we diligently delete clients’ personal information from our systems. The request for deletion can be sent via e-mail to dpo@mypos.com.
For additional information, please check our Privacy Policy.
Data transfer as our clients’ right
Our clients have the right to receive a copy of their personal data in a structured, commonly used, machine-readable format that supports re-use. They can transfer their personal data from one controller to another and/or have the personal data transmitted directly between controllers without hindrance.
Consent withdraw and restriction of personal data processing
Where our clients have provided their consent to the processing of personal information by us, they may withdraw the consent at any time by changing the Account settings or by sending a communication to us specifying which consent they are withdrawing. Please note that the withdrawal of consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
Data subjects’ rights and legal entities
Please be informed that corporations are not data subjects under GDPR. Business owners who use myPOS services and have business accounts can exercise their rights, but only regarding their personal data (or the personal data of the authorised person). The information regarding their company, including its risk profile and due diligence checks is not regulated by GDPR.
With whom we share personal data
We may share personal data with members of the myPOS Group of companies as we aim to provide the services our clients have requested and in order to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies. We also may share personal information with third party service providers that support us in providing myPOS Service, products and/or Platform with functions at our decision and our behalf. For more details, please see section 3 of our Privacy Policy.
Children and our services
Our services are not designed to individuals under the age of 18, unless we have expressly specified so in our Privacy Policy or other legal document. If we obtain actual knowledge that we have collected Personal Data from an individual under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data.
Reviews of Vendors and Partners
All our current vendors have been reviewed to ensure they meet security and privacy requirements defined by GDPR. To maintain assurance, these reviews will be conducted for all incoming vendors. Where we transfer, store and process personal information outside of the European Economic Area we guarantee that appropriate safeguards are in place to ensure an adequate level of data protection.
Where we deal with entities outside the EEA, we always require our vendors to be either registered under Privacy Shield mechanisms (or similar) or to provide us with a review of their appropriate privacy safeguards.
Encryption and storage of personal data
We take the responsibility to ensure that your personal information is secure, kept in an encrypted from on servers, collocated in Special data centres in Class A jurisdictions in Europe. To prevent unauthorised access or disclosure of information we maintain physical, electronic and procedural safeguards that comply with applicable regulations to guard non-public personal information.
When it comes to the myPOS Account, the security practices are described in our Privacy Policy.
Incident response
Our Incident Response procedures have been designed and tested to ensure potential security events are identified and reported to appropriate personnel for resolution, personnel follow defined protocols for resolving security events, and steps for resolution are documented and reviewed by our Security Team on a regular basis. Additionally we’re working to update these policies and procedures to include breach notification if and when a security incident involves the loss of or unauthorized use of personal identifiable information (PII).
Cookies Compliance
We use “cookies” and other technologies when users visit or use our websites or mobile apps. This usage is based on consent. If our users wish to withdraw their agreement to accept cookies and similar technologies, they can delete the cookies via the browser settings (it is described how to do so in our Cookies Policy). Please find further information on deleting and blocking cookies at http://www.allaboutcookies.org/manage-cookies/clear-cookies-installed.html
Our licenses and registrations
We provide financial services in the entire EU and EEA. myPOS Payments Ltd. is licensed by the FCA as an E-Money Institution, as part of the group, and is offering the merchants accounts and financial services. You can find our registration number in the relevant payment infrastructure supervisory authority, i.e. in the United Kingdom you can find us in the Financial Services Register, at:
https://register.fca.org.uk/ShPo_FirmDetailsPage?id=001b000003tahppAAA