Privacy Statement

Worthumb.com

About our privacy statement

Worthumb.com (“us”, “we”, or “our”) operates the https://worthumb.com website (the “Service”).
Worthumb.com cares a lot about your privacy. This is why we only process your data when it is necessary to fulfill or improve our service. We also process the data that we have collected about you or about your use of our services diligently. We never make your data available to third parties for commercial purposes.
This privacy statement applies to the use of our website and the services that are available through our website. This privacy statement applies from the 4th of February 2019, when published every older version is rendered null and void. This privacy statement describes which data is collected by us about you, to which end these data are being used and under which circumstances these data are to be shared with third parties. We will also explain to you how we store your data and protect it against misuse and which rights you have with regards to the data that you have provided to us.
If you have any questions about our privacy statement you can get in touch with our contact person for privacy-affairs whose contact-details are listed at the end of this privacy statement.

About the data-processing

Here you can read about the way we process your data, where we store it, which security-measures we apply and which parties have insight in what data.

Personal Data

On our website you may find a number of webforms in which we ask you to fill in some personal data, this data may include your (company-)name, first name, last name, address, email-address, web-address, and (cell-) phone number. We only use these data for the purpose you designated when providing us with your data.

Transactional emails

When you place an order in our web-store you may receive a number of email-messages concerning the status of your order. Our logistical partner(s) (Beijing Yanwen Express) may receive your email-address to keep you updated about the progress of the delivery of your order.

Order tracking (Third-Party Data)

A worthumb.com order contains hyperlink(s) to websites of logistics providers & global tracking websites that we do not control and are operated and controlled by third parties (‘Third-Party Websites’). Our Privacy Policy does not apply to these Third-Party Websites and we make no representations regarding the policies or business practices of any such Third-Party Websites.

Client management and billing

Our client data are stored in the CRM of our webstore-software and are only used for administrative purposes.

E-mail

We use the servers of our hosting partner for all email-traffic. This email-traffic is confidential and cannot be accessed by our hosting partner.

Webhosting and database

Worthumb.com makes use of the services provided by a hosting partner. This is a trusted party that is located within the European Union. All data that you provide us with via our website are stored (whether or not temporary) on their servers. Our hosting partner has applied the necessary security-measures and our hosting partner or its employees are prohibited from accessing these data or passing them on to other parties unless they are required to do so by law. Our hosting partner, the data processor, creates back-ups periodically from the stored data, the same measures and conditions are taken and met with regard to the back-ups as to the original data. Our hosting partner is also responsible for the technical maintenance of the servers.
We take your privacy and data security very seriously. Worthumb.com is GDPR compliant & our servers are secured with SSL certificate and are PCI DSS (Payment Card Industry Data Security Standard) compliant.

Purpose of the data processing

General purpose of the data processing

We use your data exclusively for the purpose of providing our services. This means that the purpose of the processing of the data is always directly connected to the order that you have provided us with. We do not use your data for (targeted) marketing. If you choose to share your data with us and we use your data to – other than upon your request – contact you at a later time, we will ask your explicit permission beforehand.
Your data is being shared with the following parties:

CloudFlare: To make and keep our website easily available we make use of the services of CloudFlare. All data that is passed from and to our servers is being passed through the servers of CloudFlare. CloudFlare may only process these data to optimize and to keep our server available. CloudFlare has taken the necessary security measures to prevent unlawful processing of your data.

Google Analytics & Tag Manager: Via our website cookies are being placed from the American company Google, as part of their “Analytics”-service. We utilize this service to keep track of how our customers use our website. This processor may be obliged, because of applicable laws, to grant access to these data. We collect data about your internet surfing and share this with Google. Google can interpret this data in combination with other datasets and follow your behavior across multiple websites. Google uses this information to offer you targeted advertisements (Adwords) and other Google-services and products.
You can opt-out of having made your activity on the Service available to Google Analytics by
installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms Webpage: https://policies.google.com/privacy?hl=en

For maintaining records we make use of the service of our tax adviser. We share your name, address, and details with regard to your order. These data are used to keep record of our sales. Your personal data are being sent via a secured connection. Our tax adviser has taken the necessary technical precautions to protect your data against loss or unauthorized access. Our tax adviser is obligated to maintain your data confidentiality and will treat your data as such. Our tax adviser will not use your personal data to any other end than as described above.
Stripe: For handling payments our web-store makes use of the services of Stripe. Stripe is provided with your data when you place an order on our website and choose to pay using Stripe. Stripe processes your personal data and payment-info. The following data includes: name, e-mail, client-id, order information, where relevant credit card info, location, and your bank-account number. Stripe has taken the necessary measures, technically as well as organizational, to protect your personal data. Stripe reserves the right to use your data to improve their services and to share anonymized data with third parties. Every mentioned safeguard with regard to the protection of your personal data is also applicable to the parts of Stripe’s service where they rely on other third parties. Stripe does not store your data longer then permitted based on applicable laws. The processing of your data by Stripe is governed by the American Privacy-Shield initiative.

WebwinkelKeur: We collect reviews via the platform of WebwinkelKeur. If you choose to leave a review via WebwinkelKeur you are required to provide a name and e-mail address. WebwinkelKeur will share this information with us which allows us to link your review with the corresponding order. WebwinkelKeur also publishes your name on their own website. In some cases WebwinkelKeur may contact you directly to ask you to provide some explanation about your review. When we invite you to give a review we will also share your name and email address with WebwinkelKeur. They will only process these data with the purpose of inviting you to leave a review. WebwinkelKeur has taken the necessary measures, both technically as organisatory, to keep your personal data safe. WebwinkelKeur reserves the right to make use of third parties; we have granted WebwinkelKeur the right to do so. Every mentioned safeguard with regard to the protection of your personal data is also applicable to the parts of WebwinkelKeur’s service where they rely on other third parties.

Automatically collected data

Data that are automatically gathered by our website are processed with the purpose of improving our service and your user-experience. These data (for instance your IP-address, web browser and operating system) are not classified as personal data.

WP Cerber Security & Antispam

We use the service “Cerber Security & Antispam”. The plug-in protects websites against brute force attacks, blocks harmful requests from IPs or subnets when a defined retry limit is exceeded. This makes brute-force attacks or distributed brute-force attacks of botnets impossible. Furthermore, it is possible to restrict, block, or allow access with a Black IP Access List and a White IP Access List.
According to the provider no data is collected or processed in this context – neither through the services nor through the software offered.
For more information on the collection and use of data by WP Cerber Security & Antispam, see Cerber’s Privacy Policy: https://wpcerber.com/privacy-policy/

Security Monitoring & Auditing

We use the “WP Security Audit Log plug-in” as a security monitoring and auditing plug-in to create a log of data about the ways that our web site is used by those who have login access to it. This information is collected and retained by the web site administrator for, as the name might suggest, security and auditing purposes.

Once activated, the plug-in logs a time-stamped record of when a logged-in user takes the following actions: Logs in and out, page visits, actions taken & order actions.

The time-stamped record includes the following information: The user’s login name, user’s actual name as entered when their account was set up, user’s role, IP address from which the user accessed the site & time and date of each action detailed above while the user was logged in.

The data captured by the WP Security Audit Log plug-in is stored by the web site administrator for a period of 6 months solely for security and auditing purposes.

Information captured by WP Security Audit Log is accessed only by the administrators of the web site and is stored on the web site’s database. Information captured by the WP Security Audit Log is not shared with third parties except in the case of law enforcement requests.

Cooperation in the case of a fiscal audit or criminal investigation

Where appropriate Worthumb.com may be legally compelled to share your personal data with regards to a criminal investigation or fiscal audit. In such a case we are forced to share your data, however we will resist sharing your data as much as legally allowed.

Data retention

We keep your data as long as you have an account with us. This means that we will retain your customer-profile until you indicate that you no longer wish to use our services or if you manually delete your account. If you choose to contact us with such a request we will treat this as a request to be forgotten. We will however retain any data about your purchase(s) to be able to answer any questions you may have about warranties or other complaints about the product. We may also be legally required to keep your order-information in the context of accounting for taxation.

Your rights

Under current Dutch and European law you have certain rights as a data-subject with regard to your personal data which is processed by us or on our behalf. Below we will explain these rights, what they are and how you can invoke them.
In principle we only send copies or transcripts of your data to your known email-address. If you wish to receive your personal data on a different email-address, we will ask you to identify yourself. We keep an account of all processed requests with regard to personal data, in the case of a request to erasure of personal data we will administer only anonymized data. If applicable, all copies and transcripts of data will be sent to you in the machine-readable format that we use within our systems.
At all times you have the right to file a complaint with the Autoriteit Persoonsgegevens (the Dutch supervisory authority) if you suspect that we don’t use your personal data in a correct way.

Right to erasure

For more on your right to erasure, please see “Data Retention”.

Right of access

At all times you have the right to access your personal data that we process or is processed on our behalf. You can file a request for access with our contact person for privacy. Within thirty days you will receive a reply with regard to your request. If your request is accepted we will send, to the known email-address, a copy of all data with a list of all processors that process your data including a mention of the category under which your data is stored.

Right to rectification

At all times you have the right to edit your personal data that we process or is processed on our behalf. You can file a request for rectification with our contact person for privacy. Within thirty days you will receive a reply with regard to your request. If your request is accepted we will send, to the known email-address, confirmation of the amended data.

Right to restriction the processing of data

At all times you have the right to restrict the processing of your personal data. You can file a request for restriction with our contact person for privacy. Within thirty days you will receive a reply with regard to your request. If your request is accepted we will send, to the known email-address, confirmation that we will no longer process the data that you have restricted until you lift these restrictions by e-mailing us or contacting our contact person for privacy.

Right to data portability

At all times you have the right to choose a different party for the processing of your personal data. You can file a request to port your data with our contact person for privacy. Within thirty days you will receive a reply with regard to your request. If your request is accepted we will send, to the known email-address, confirmation that we will no longer process the data that you have requested to be processed by a different party, as well as a copy of all your personal data. We do note that it is highly likely that Worthumb.com will in such a case no longer be able to continue its services because a secure link of the databases can no longer be guaranteed.

Right to objection and other rights

If applicable you have the right to object to processing of your personal data by or on behalf of Worthumb.com. If you object we will immediately stop processing your data during the time that your complaint is under review. If your objection is accepted we will make any copies of your data available to you and cease to process your data.
Moreover you have the right to not be subjected to automated decision-making or profiling. Worthumb.com does not process your data in such a way that this right is applicable. If you believe that this is the case please contact or contact person for privacy-issues.

Cookies

We use functional and analytical cookies. These cookies are necessary for the proper functioning of our website. For instance they make sure that the correct data is shown quickly, every time you visit our website. We do not need your consent to place these functional cookies. Analytical cookies are used to analyse how many times our website is visited. As long as these cookies do not have a large impact on your privacy your consent is also not needed.
The following websites place cookies via our website because of the following reasons:

Google AdWords (tracking Cookies)

Measures how you use our website and how you found us. We use this knowledge to improve our AdWords campaigns.

Facebook (social media Cookies)

This enables you to like our Facebook page, this button works by means of a snippet of code from Facebook.
Usually cookies can be managed, edited and deleted via your browser. You can find more information on enabling and disabling cookies by using the “Help”-function of your browser.

We use the Facebook Pixels from Facebook Inc ( Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.

These marketing Cookies allow user behavior to be tracked so that we can communicate as relevant as possible on the basis of your online surfing, search and buying habits. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected with Facebook pixel is anonymous to us and we do not see the personal data of individual users. For more information please check Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/

Art. 6 paragraph 1 sentence 1 letter f GDPR gives the legal basis for the use of this service. You can always object to the collection of your data. You can also object to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads

Facebook is certified under the Privacy Shield Agreement and European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Facebook stores data as long as they need it to offer products and services. Data associated with your own Facebook account will be kept until you delete your account, unless Facebook no longer needs this information. Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation

Facebook Page and Page Insights

Facebook provides us with anonymized statistics and insights for our Facebook page, which help us to understand the types of actions that people take on our Facebook Page. Article 6 paragraph 1 letter f GDPR is the legal basis for this process. We will not be able to assign the information obtained via Page Insights to a specific Facebook profile.

Details about the processing of personal data for creating Page Insights and our agreement with Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data
https://www.facebook.com/policies/cookies/

Affiliate Program cookies

This enables us to check if you purchased through one of our affiliate program links.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to this statement

We reserve the right to change this privacy statement at any time. On this page you will always find the most recent version. If the new privacy statement has consequences for the way in which we process your gathered personal data we will inform you of these changes per email.

Business operations

We may also share your personal data with third parties we have contracted with to support Worthumb.com’s business operations including delivery, fulfillment, payment processing, email deployment and data processing.

Contact details

Worthumb.com
Post address:
Herengracht 449A
1017 BR Amsterdam
Telephone number:
020-8452591
E-mail:
privacyofficer@worthumb.com

Privacy Statement version 1.6 Date: 29-12-2020