Privacy Policy

Privacy Policy – Vendordesk

We are pleased that you are interested in Vendordesk. Protecting your personal data is very important to us. The use of the Vendordesk website is generally possible without providing personal data. However, if a data subject wishes to use certain services offered via our website, the processing of personal data may become necessary. Where such processing has no other legal basis, we will first obtain the data subject’s consent.

The processing of personal data – such as a name, address, email address or telephone number – is always carried out in accordance with the General Data Protection Regulation (GDPR) and the applicable national data protection laws. With this Privacy Policy we inform the public about the type, scope and purpose of the personal data that we collect, use and process. We also explain the rights data subjects have in relation to their personal data.

As controller, we have implemented appropriate technical and organisational measures to provide the most complete protection of personal data processed via this website. Nevertheless, Internet-based data transmission can have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

This Privacy Policy is based on the terms used in the GDPR. Our aim is that it is easy to read and understand for the general public, as well as for our customers and business partners. In this Privacy Policy, we use, among others, the following terms:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures.

g) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

Controller for the purposes of the GDPR and other applicable data protection laws is:

Marello B.V., trading as Vendordesk

Philitelaan 57

5617 AK Eindhoven

The Netherlands

Phone: +31 40 304 6 354

Email: info@marello.com

Website: https://www.vendordesk.eu

3. Cookies

The Vendordesk website uses cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID, a unique identifier that allows websites and servers to recognise the specific browser of the user. This enables visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers.

Through the use of cookies, Vendordesk can provide users of this website with more user-friendly services that would not be possible without cookies. Cookies enable us, for example, to optimise information and offers on our website with the user in mind.

Data subjects may prevent the setting of cookies through our website at any time by adjusting the settings of their Internet browser, and may permanently refuse the use of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. If cookies are deactivated, not all functions of our website may be fully available.

4. Collection of general data and information

When the Vendordesk website is accessed, a series of general data and information is collected and stored in server log files. This may include:

  1. the browser types and versions used,
  2. the operating system used,
  3. the website from which our site is accessed (referrer),
  4. the sub-pages accessed on our website,
  5. the date and time of access,
  6. the IP address,
  7. the Internet service provider of the accessing system, and
  8. other similar data and information that may be used in the event of attacks on our IT systems.

Vendordesk does not use this general data and information to draw conclusions about the data subject. This information is needed to:

  • correctly deliver the content of our website,
  • optimise our website,
  • ensure the long-term stability and security of our IT systems, and
  • provide law enforcement authorities with information necessary for prosecution in the event of a cyber-attack.

Anonymous data in the server log files is evaluated statistically in order to increase data protection and data security and to ensure an optimal level of protection. Log file data is stored separately from other personal data provided by data subjects.

5. Registration on our website

Visitors have the option to register on the Vendordesk website by providing personal data. Which personal data is transmitted is determined by the relevant registration form. The personal data entered is collected and stored solely for internal use and for our own purposes. We may transfer this data to one or more processors (e.g. service providers) that will use the data exclusively for purposes attributable to us.

When registering, the IP address assigned by the Internet service provider (ISP), as well as the date and time of registration, are also stored. This is necessary to prevent misuse of our services and, where required, to investigate criminal offences.

Registered users can change their personal data at any time or request that it be deleted. Upon request, we provide each data subject with information about which personal data of that person is stored. We will also correct or erase personal data on request, provided that no statutory storage obligations apply.

6. Subscription to our newsletters

On the Vendordesk website, users may subscribe to our newsletter. Which personal data is transmitted when ordering the newsletter is determined by the input form.

We regularly inform customers and business partners via newsletter about our offers and news. The newsletter may only be received if the data subject has a valid email address and has registered for the newsletter.

When registering for the newsletter, we store the IP address of the computer system used at the time of registration, as well as the date and time of registration. This data helps us to trace possible misuse of an email address at a later date and serves as legal protection for us as the controller.

Personal data collected as part of a newsletter subscription will only be used to send the newsletter and related service messages (e.g. changes to the newsletter service). No personal data collected by the newsletter service will be transferred to third parties.

You can unsubscribe from the newsletter at any time and withdraw your consent to future processing. A corresponding unsubscribe link is included in each newsletter. You can also unsubscribe directly on our website or by contacting us.

7. Newsletter tracking

Our newsletters may contain so-called tracking pixels. A tracking pixel is a small graphic embedded in HTML emails that enables statistical analysis of the success of online marketing campaigns. Based on the tracking pixel, we can see whether and when an email was opened and which links in the email were clicked.

Personal data collected via tracking pixels is processed to optimise newsletter delivery and to align the content of future newsletters with the interests of data subjects. These personal data will not be passed on to third parties.

You may withdraw your consent to newsletter tracking at any time. If you unsubscribe from the newsletter, we will treat this as a revocation of consent for tracking.

8. Contact via the website

The Vendordesk website contains information that allows quick electronic contact and direct communication with us (e.g. via email address or contact form).

If a data subject contacts us by email or via a contact form, the personal data transmitted by the data subject is automatically stored. This data is stored for the purpose of processing the request or contacting the data subject. It will not be transferred to third parties unless this is necessary for handling the request.

9. Leadinfo

We use the lead generation service of Leadinfo B.V., Rotterdam, The Netherlands. Leadinfo recognises visits of companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses.

Leadinfo also places two first-party cookies that provide insight into how our visitors use our website. The tool processes domains from form entries (e.g. “leadinfo.com”) in order to link IP addresses to companies and improve its services.

For additional information, please visit www.leadinfo.com. On the following page you will find an opt-out option: www.leadinfo.com/en/opt-out. After opting out, your data will no longer be used by Leadinfo.

10. Routine erasure and blocking of personal data

We process and store personal data only for the period necessary to achieve the purpose of storage or as required by the European or national legislator in laws or regulations to which we are subject.

If the storage purpose no longer applies or if a statutory storage period expires, the personal data will be blocked or erased in accordance with legal requirements.

11. Rights of the data subject

Data subjects have the following rights under the GDPR:

a) Right to confirmation

You have the right to obtain confirmation as to whether personal data concerning you is being processed.

b) Right of access

You have the right to obtain information about the personal data we store about you and a copy of this data, as well as additional information as required by Article 15 GDPR (such as purposes of processing, categories of data, recipients, storage periods, rights, etc.).

c) Right to rectification

You have the right to request the immediate rectification of inaccurate personal data concerning you and the completion of incomplete data.

d) Right to erasure (“right to be forgotten”)

You have the right to request the erasure of personal data concerning you where one of the grounds in Article 17 GDPR applies, unless an exception applies (e.g. statutory retention obligations).

e) Right to restriction of processing

You have the right to request restriction of processing under the conditions of Article 18 GDPR, for example if the accuracy of the personal data is contested or the processing is unlawful but you oppose erasure.

f) Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller, where the processing is based on consent or a contract and is carried out by automated means.

g) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.

h) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply in accordance with Article 22 GDPR. We currently do not use automated decision-making or profiling that produces such effects.

i) Right to withdraw consent

Where processing is based on your consent, you have the right to withdraw that consent at any time with effect for the future.

To exercise any of these rights, you may contact us using the details provided above.

12. Google Analytics (with IP anonymisation)

This website uses Google Analytics (with IP anonymisation), a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Web analytics involves the collection, gathering and analysis of data about the behaviour of visitors to websites. Among other things, Google Analytics collects data about the website from which a person came (referrer), which sub-pages are visited and how often and for what duration a sub-page is viewed.

We use the “_anonymizeIp” function. This means that your IP address is shortened by Google within Member States of the European Union or other contracting states to the Agreement on the European Economic Area before transmission to the USA.

Google Analytics uses cookies that are stored on your device and enable an analysis of the use of our website. Information generated by the cookie (including the shortened IP address) is transmitted to and stored by Google on servers in the USA. Google uses this information on our behalf to evaluate the use of the website, to compile reports on website activity and to provide us with other services relating to website and Internet use.

You can prevent the storage of cookies by adjusting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

Further information on data protection at Google and the terms of use for Google Analytics can be found in Google’s Privacy Policy and the Google Analytics Terms of Service.

13. Google Ads (formerly Google AdWords)

We use Google Ads, an online advertising service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you reach our website via a Google ad, Google places a conversion cookie on your device. This cookie is used to track whether a user who clicked on one of our ads subsequently performs certain actions on our website (e.g. completing a contact form).

The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. We learn the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not obtain information that can identify you personally.

You can prevent cookies from being set by adjusting your browser software accordingly or by deactivating personalised advertising in your Google account at https://www.google.com/settings/ads.

Further information on data protection at Google can be found in Google’s Privacy Policy.

14. Legal basis for processing

Unless otherwise stated in this Privacy Policy, the following legal bases apply:

  • Art. 6(1)(a) GDPR – processing based on consent;
  • Art. 6(1)(b) GDPR – processing necessary for the performance of a contract or in order to take steps prior to entering into a contract;
  • Art. 6(1)(c) GDPR – processing necessary for compliance with a legal obligation;
  • Art. 6(1)(d) GDPR – processing necessary to protect vital interests of the data subject or another natural person;
  • Art. 6(1)(f) GDPR – processing necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Where processing is based on legitimate interests, our legitimate interest is the secure and efficient operation of our business and our website, and the provision of our services in favour of our customers, employees and shareholders.

15. Storage periods

The period for which personal data is stored is determined by the relevant statutory retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer required for contract performance or contract initiation.

16. Provision of personal data

In some cases, the provision of personal data is required by law (e.g. tax regulations) or may be necessary for the conclusion of a contract. In other cases, the provision of personal data may be voluntary. If you do not provide the required data, a contract may not be concluded or fulfilled.

Before providing personal data, you can contact us to clarify whether the provision of personal data is required by law or contract, is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the possible consequences of failure to provide such data would be.

17. Automated decision-making

As a responsible company, we do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Scroll to Top