We attach importance to your privacy and that is why we handle your personal data carefully. For this, we take both visible and invisible measures. In this privacy statement (the ‘Statement’), which consists of all frequently asked questions and answers as included on our site, we provide information on how we handle your data when you use our products, services, or websites.
If you have any questions about this, you can always email us at the general contact address of our company. Please include the word ‘GDPR’ in the subject of the email message for the quick handling of your question or request.
From the time of publication on our site, changes to the use of Data may occur due to changes in laws, regulations, or changes to our services and products that directly affect the use of your Data.
This Statement dates from June 2020. The terms in this Statement with a capital letter have the meaning as defined herein. We may update this Statement by posting a new version on our website.
This Statement applies to the following persons:
Are you self-employed or do you have a one-man business, vof or partnership? Then you will be seen as a natural person and it is also about Data that directly or indirectly tell something about you.
Responsible for your data is MenaVPN Holding BV, trading under the name MenaVPN . This Statement applies to all products and services of the company or brands of MenaVPN.
We have a data protection officer in our company. At MenaVPN we have a Data Officer (the ‘Officer’). You can contact the Officer at [email protected].
At MenaVPN, the Officer oversees the application and compliance with the General Data Protection Regulation (“GDPR”). This Statement states that, in certain specific cases, you may contact the Officer with questions about the use of your Data.
This Statement is about the use of your personal data (the ‘Data’). What exactly is Data? Data in this Statement is a data that relates to you or that says something about you as a natural person. The most famous Data are name, (e-mail) address, age, and date of birth. Data such as your bank account number, phone number, and Social Security Number (BSN) are also Data.
Even if you visit our websites, we may collect data, such as the IP address of your computer. We record data about your visit to our sites, for example which pages you visited or when you logged in. With this we make the site work better and give you a personal experience. We also use this information for marketing activities.
For certain types of services, we place advertisements to which a relationship can respond itself. It may also be that we approach relationships personally via telephone, email or at the office. At that time, or upon written confirmation, a relationship may be informed in writing that his personal information may be processed. This Privacy Statement, or a link to the file in which it is included, is provided. We also process Data you provide to us through contact forms or external downloads to request information about our products or services.
Some Data are so sensitive that the law places strict requirements on its use. This is the so-called ‘Special Data’. The law provides the following enumeration of Special Data: Data proving racial or ethnic origin, political views, religious or philosophical beliefs, or union membership, genetic data, biometric data for the purpose of unique identification of a person, or data about health, or data relating to someone’s sexual behavior or sexual orientation. We may only process Special Data if this is permitted or must be done on the basis of a law or with your explicit consent.
Yes. We also use Data that we have not received from you, for example when your partner, roommate, or family member provides it. This may also include data from other sources, such as the Chamber of Commerce, the Land Registry Office, or the Basic Registration Persons (‘BRP’). Think further, for example, of:
We only store and use your Data for carefully defined purposes. In most cases, we receive Data from you because you purchase or wish to purchase one or more products or services from us. Anyone who receives and uses Data from you must have a reason (a so-called ‘basis for processing’). We use Data for one or more of the following reasons:
In order to conclude and to be able to meet an agreement with you, we use your Data. We conclude an agreement with you to use our services or when you wish to purchase our products. In order to provide those services, to be able to complete your request or to offer and deliver the right product in the right way, we must use Data.
We also process Data because we have to do so by law. There are many rules and regulations that relate to our company. For example, we need to take measures to combat fraud, tax evasion, terrorist financing and money laundering. This includes identifying you and demonstrating that we know who you are. Therefore, we keep a copy of your identity document or perform searches in third-party databases for the purpose of compliance with your Data.
Data is also used because we maintain central customer administration, carry out marketing activities, want to prevent and combat fraud, or the data use for risk management. This includes requests from (legal) persons who no longer wish to be contacted with information or offers of our services or products. We may also use Data if we have such a legitimate interest in it ourselves. However, our interest in using Data must outweigh your right to privacy.
We have a central relationship administration within our group of companies. Our customer service team uses this administration to see which products you have with us so that we can help you correctly and quickly. The Data we use within our administration includes your name, date of birth, address details, other contact details, information about the product or products you have with us, payment information and marketing information.
For our services to relationships it is necessary to collect personal information about individuals. Among other things, we have an interest in using Data for:
training of employees and improving the level of service;
protection of your and our property and data and those of others;
protect our own financial position and protect the interests of other customers;
implementation of efficient administration, for example, centralization of systems and the use of service providers
carrying out statistical and scientific research.
We may also share your information within the group of companies to which belongs to affirm B.V.
In addition to all subsidiaries of the shareholder of MenaVPN Holding BV. also includes the organizations of the direct shareholders and shareholdings of the holding company (the ‘Group’). Within the Group, we share Data for internal administrative purposes or to improve the service provided to you. Even if the law or regulator says we need to share data, we will do so.
So usually MenaVPN uses your data because:
this is necessary for the context of the agreement we have or wish to enter into with you;
the law says that we must use your data;
there is a legitimate interest of MenaVPN, the Group or a third party.
In these cases, we do not ask for your consent. And the law allows this.
Sometimes we may have to ask for your permission separately to use Data. If you have given permission in such a case, you can also revoke it. You do not have this right when we use your Data on the basis of other possible bases.
We use Data to make our business work as best as possible for you, including six different purposes: Management of customer relations
We may ask you what you think of our products and services and share this information with certain employees to improve our offer. We may also use notes made as a result of conversations we have with you online, by phone, or personally to adapt products and services to your situation. We also use Data to assess and accept customers, enter into and execute the agreement with customers, and execute payment transactions.
Internal and external reports
We process Data for our business activities and to help our management make better decisions about our activities and services. We also process data in the context of a series of legal obligations and requirements (such as anti-money laundering legislation and tax legislation) and for performing analyses for assessment, statistical and scientific purposes.
Perform analyses with regard to the personal data in order to better respond to the personal situation of the customer.
Commercial activities to establish and/or continue and/or expand the relationship with customers.
We process data for statistical analysis, to better assess risks, and to properly determine the prices of our products and services. We also store data in order to have the correct information in the event of a complaint or dispute.
Social responsibility and legal obligations
Compliance with legal obligations, for example the obligation to report data to the Dutch Tax Administration.
For marketing activities, we use your Data:
to better respond to your personal situation with our services. You can think of offering additional products or services that suit you;
for analysis of personal data in order to improve the range of products and services and to tailor better to the wishes of our (potential) customers.
We use these analyses to create groups (profiles) of customers with the same properties or behavior;
to keep you informed via our site, a letter or e-mail;
to give you a more personal experience on our websites and via the chat function on
them or to offer other advertisements on websites that suit your interests;
some marketing activities require your consent. This permission is always requested from you in advance. If you have previously given permission and want to undo it, you can do so easily by clicking on a link at the bottom of the received e-mail.
We like to stay informed about the number of website visitors. The identity of the visitors is not important. However, certain information is kept anonymized: the number of visitors, which part of the site (most) is visited, the time of the visits, the country from which the site is visited and general information about the software the visitor uses.
When you visit our sites, a small file can be placed on your computer’s hard drive. These so-called cookies make our website (s) more useful by storing information about your preferences. This will make it easier for you to log in and use the website(s) in the future. Cookies do not personally identify an internet user, but a user’s computer is identified.
Most web browsers accept cookies automatically, but if you wish, you can set your browser to prevent cookies from being automatically accepted. Open the ‘help’ section of your browser, which explains the different options for handling cookies. If you disable cookies, you may not be able to access all functions on our websites.
Our websites may provide cookies for these purposes:
analysis; we like to optimize the website by following the users on the website, thereby improving the user experience;
saving your previously completed forms — saving time when filling out new forms;
showing our ads when you visit other websites.
We can use a number of social media online:
Our website may have buttons (so-called widgets) for sharing social media hosted by a third party called “Addthis.” These buttons can allow your IP-address to be collected, which pages you visit, and can also set a cookie on your computer to enable the correct functionality. Your interaction with these features is governed by the company that provides them. For more information about this, please visit the web page of the respective company.
We track the pages you visit through Google Analytics. We collect aggregated data to monitor how our website functions and how we can improve your online experience.
We use the Facebook Custom Audience Tool from time to time to track your behavior on Facebook when you use it. Facebook links your email address to a unique number, which is used to show you the best appropriate ads. As a result, we are better able to offer you an optimal service.
We may also use Data for purposes other than those for which we originally received it. However, the new purpose must match the purpose for which you initially provided Data to us.
The law does not specify exactly when such a ‘compatible use of data’ is involved, but it does provide a basis for the question of whether the reuse of Data is permitted.
In any case, we look at the following points of reference:
Is there a clear link to the purpose for which you previously provided Data?
How did we obtain Data from you before?
What kind of Data is it?
What are the consequences for you if we use Data in any other way?
What can we do to protect Data in the best possible way when reused?
If we do not need your Data for a process or activity, we will delete it. And we can bundle data at a certain level of abstraction (aggregate), pseudonymize or anonymize.
Is Data required by law or necessary to perform a service or agreement properly? And do you not want to provide the Data for that? Then we cannot provide you with a service or product or enter into an agreement with you. If during the duration of a service or product, we need additional data, and you do not provide it, we may suspend or terminate our work, product, or service, with or for you.
We cannot remove mandatory data from our systems because we:
need your data for the execution of the agreement you have with us;
are obliged to keep them under the law;
have a legitimate interest.
We can record when you have contact with us. In order to improve the quality of service, training, coaching and assessment of employees, we record part of the telephone conversations. When talking about your products or services, we may also keep these recordings as a record of our agreements. We also record the content of chats.
We handle such commitments carefully. They are subject to the same rules as other personal data. We sometimes also use chats. We can decide to record these chats. As with telephone calls, this can serve to comply with legal obligations to provide evidence, to prevent fraud, and to improve the quality of chats.
We do not disclose Data to (legal) persons outside our own group of companies and its shareholder. Profiling is used to us in risk management, customer acceptance, for administration purposes, for (direct) marketing purposes and security.
The sum of characteristics we observe when discussing or entering into (planned) transactions can be converted into a profile. This profile may be applied to identify activities that meet those characteristics.
The law defines ‘profiling’ as follows: ‘Any form of automated processing of Data which uses Data to evaluate certain personal aspects of a natural person, in particular with the intention to analyze or predict professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation’.
Profiling techniques can be used to recognize relationships that meet a particular profile. In this way, we can determine which actions need to be taken to provide the best service to the customers that meet these characteristics.
In some cases, you may indicate that you do not want us to use your data for profiling purposes. We don’t always have to agree with you. In certain cases, we may apply profiling, for example in the context of fraud prevention, risk management or investigation into unusual transactions. This is done within the legal framework.
Our applications are secured by means of technical and organizational measures to protect the personal information of relationships as best as possible against loss or unintended use. We store all your information securely, both during shipment and after we have received data. This protects your data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. However, we cannot guarantee that we can unintentionally exclude any risk of misuse of your personal data by others. Keep your own credentials in a safe place and contact us immediately if you find unauthorized use of your password or any other breach of security.
We further secure Data in several ways:
We spend a lot of time and attention to the security of our systems and the Data stored therein. We constantly monitor the security of our data traffic. If something goes wrong, we immediately take action. Data leaks we solve and register. We are obligated by the law. We also report them to the supervisor and to you, if necessary.
Because of regulators
The Dutch Data Protection Authority (‘AP’) checks whether we comply with the GDPR.
The Authority for Consumers & Markets (‘ACM’) oversees our direct marketing via email and the call-me-not register.
The Nederlandsche Bank (‘DNB’) and the Authority for Financial Markets (‘AFM’) generally supervise the offer of financial products or services.
With our confidentiality statement
All of our employees have signed a confidentiality statement. We handle data that you entrust to us with care. Only authorized personnel may access and process your data. We also train our people to handle your data safely. Examples of security measures you may have had to deal with are:
securing our online services;
the two-step authentication;
any control questions when you call us;
our demands on the way of sending confidential documents.
In some cases, we engage our third-party service providers who receive personal information from relationships. Think of external suppliers for office automation, storage, email, and telephony services. These third parties may contractually use the personal information only for that reason, they must keep it confidential and they are not allowed to use or transmit personal information independently.
Data may also be processed outside Europe. For example, when an IT vendor has a server abroad. Additional rules apply for processing Data outside Europe.
In some cases, we record Data from individuals other than our relationships, such as administrators, beneficiaries, and people who have provided security for a transaction. Our group companies may share Data with each other.
All our group companies are located in Europe. If your data is processed by service providers outside Europe — for example in the context of an outsourcing agreement — we conclude a separate agreement with those parties that meets the European standards for this purpose.
The starting point is that we retain Data in any case for as long as it is necessary to achieve the purpose for which we were given it. There may also be other reasons why we retain Data. How long we retain Data depends on the following criteria:
the GDPR has no concrete retention periods for personal data. Other laws may contain minimum retention periods. So, we have to keep that data for so long.
We may, for example, become involved in a lawsuit or other proceedings. In the Netherlands or abroad. In such a case, we may store data in an archive until a possible claim is barred and we can no longer be involved in any proceeding.
Permission given by You may be revoked at any time. You have the right to information, inspection, rectification, oblivion and limitation of the processing:
You have the right to request what Data Processing takes place and what happens to your Data and why.
You have the right to request an overview of all Data we process about you.
If your Data is incorrect, you can ask us to correct your Data.
In some cases, you may also ask us to delete your data. This may mean that we are unable to perform our services (more or completely). Erase cannot be done in all cases. Unsubscribe from newsletters and mailings can always be done by clicking the unsubscribe button in each post. See more about this in the other frequently asked questions of this Statement.
You may also ask us to temporarily limit the use of your Data. This can be done in the following cases:
o you think that your data is incorrect;
o we use your Data wrongly;
o We want to destroy your Data, but you still need it (for example, after the
You have the right to object to the use or processing of Data if it is used or processed on the basis of legitimate interest.
You have the right to data portability. Data portability is the right to the portability of Data. It means that data subjects have the right to receive and (re) use the Data that an organization holds from them. It concerns Data:
o that have been deliberately and actively provided by you as a relationship; or
o data provided for which consent has been given; or
o data collected for the execution of a contract.
We have no obligation to transfer Data to a third party. However, at your request, we will transfer to you the Data you have provided to us and which we store automatically for the execution of an agreement. This only applies if we process your Data on the basis of consent or the agreement, we have concluded with you.
If you have any questions about this Statement or to exercise a customer right, you may send a written request to:
MenaVPN Holding BV. under the name of MenaVPN, 3029AK, Rotterdam, or you can send an e-mail to: [email protected]. In connection with identification and verification, we ask you to provide a copy of ID if you have not done so before.
We strive to respond to your request as soon as possible. Sometimes it can take up to a month (if permitted by law). If we need more time to handle your request, we’ll let you know how much extra time we need and the reason for the delay.
In certain cases, we may reject your request. If permitted by law, we will inform you of the reason for rejection.