PRIVACY POLICY OF THE ONLINE STORE WWW.KILJANO.NL

The data controller on the website www.kiljano.nl, hereinafter referred to as the online service, is the company Kiljano.nl, located at Mendelssohnstaat 68, 5144GH Waalwijk, registered in the Trade Register under KvK number 94019525 and VAT number NL005605594B10, email: info@kiljano.nl.

Respecting your rights as data subjects (persons whose data is processed) and complying with the applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, the Data Protection Act of 10 May 2018 (Journal of Laws 2018, item 1000, hereinafter referred to as the Act) and other applicable provisions on the protection of personal data, we are committed to ensuring the security and confidentiality of the personal data you provide. All employees are trained in personal data processing, and our company, as the data controller, has implemented appropriate security measures and technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and data protection policies in accordance with the GDPR, which ensure compliance with the law and the reliability of data processing processes, as well as the enforceability of all rights to which you are entitled as data subjects. Additionally, if necessary, we cooperate with the supervisory authority in the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Any inquiries, requests, complaints regarding the processing of personal data by our company (the data controller), hereinafter referred to as Requests, should be directed to the following email address: info@kiljano.nl or in writing to the address of the data controller: Kiljano.nl, Mendelssohnstaat 68, 5144GH Waalwijk. The content of the Request should clearly indicate: a) the data of the person or persons to whom the Request pertains, b) the event that is the reason for the Request, c) present your demands and the legal basis for these demands, d) indicate the desired manner of resolving the matter.

In our online store, we collect the following personal data: a) first and last name – when placing an Order, you will be asked to provide your first and last name so that we can fulfill the Order and contact you, b) home address – this is necessary for the delivery of the Product ordered by you, c) phone number – sometimes we call you to confirm the Order or in case of unexpected events (such as the unavailability of the Product), proposing the most beneficial solution, d) email address – we send you an Order confirmation via email and contact you if necessary regarding the Order. If you have subscribed to our newsletter, we will also send you commercial information once or twice a month, e) VAT number – we collect this from entrepreneurs and individuals who request an invoice and have a VAT number, f) IP address of the device – information resulting from the general principles of internet connections, such as IP addresses (and other information contained in system logs), is used by the online store administrator for technical purposes. IP addresses may also be used for statistical purposes, in particular to collect general demographic information (e.g., about the region from which the connection originates).

Providing the data mentioned in the preceding point is necessary in the following cases:

• when making a purchase in our online store using the order form available on the website (Order without logging in/registering an Account),
• to register you in the buyers' database, which is voluntary; in this case, we store the data provided by you in our database to facilitate your future purchases in our online store,
• to provide the newsletter service – if you want to be informed about interesting events and commercial offers, you can subscribe to our newsletter; joining the subscription is voluntary, and you can unsubscribe at any time.

Our online store uses cookies technology to adapt its operation to your individual needs. You may agree to have the data and information entered by you stored, making it possible to use them during future visits to our online store without the need to re-enter them. Owners of other websites will not have access to this data and information. If you do not agree to personalize the online store, we recommend disabling cookies in your web browser options.

Each of you as a user of our online store has the option to choose whether and to what extent you want to use our services and provide information and data about yourself within the scope specified in this privacy policy.

Your personal data is processed by our company as the data controller to fulfill sales agreements and any additional services provided to you (i.e., the data subjects) and offered in the online store. In accordance with the principle of data minimization, we process only those categories of personal data that are necessary to achieve the purposes mentioned in the preceding sentence.

We process personal data for the time necessary to achieve the purposes mentioned in the preceding point. Personal data may be processed for a longer period than indicated in the preceding sentence, if such an authorization or obligation imposed on the data controller results from specific legal provisions or if the service we provide is of a continuous nature (e.g., newsletter subscription).

The source of the personal data processed by the data controller is the data subjects.

Your personal data is not transferred to a third country within the meaning of the GDPR.

We do not share any personal data with third parties without the explicit consent of the data subject. Personal data may be shared without the consent of the data subject only with public law entities, i.e., authorities and administrations (e.g., tax authorities, law enforcement agencies, and other entities authorized by generally applicable legal provisions).

Personal data may be entrusted to entities processing such data on behalf of our company as the data controller. In this case, as the data controller, we enter into a data processing agreement with the processor. The processor processes the entrusted personal data only for the needs, to the extent, and for the purposes specified in the data processing agreement. Without entrusting your personal data for processing, we would not be able to conduct our activities within the online store or deliver the ordered Products to you. As the data controller, we entrust personal data to entities: a) providing hosting services for the website on which our online store operates, b) providing postal, courier, and transport services for the delivery of ordered Products, c) providing other services to us as the data controller that are necessary for the daily operation of the online store.

Personal data is not subject to profiling by the data controller.

According to the GDPR, each person whose personal data we process as the data controller has the right to: a) be informed about the processing of personal data, as mentioned in art. 12 of the GDPR – the data controller is obliged to provide you as data subjects with the information specified in the GDPR (among others, about its data, contact details of the Data Protection Officer, purposes and legal bases for processing personal data, recipients or categories of recipients of personal data, if any, or the period for which the data will be processed or the criteria for determining that period); this obligation must be fulfilled at the time of data collection (e.g., when placing an order in the online store), and if the data is not obtained from the data subject but from another source, within a reasonable time, depending on the circumstances; the data controller may refrain from providing this information if the data subject already has it, b) access their personal data, as mentioned in art. 15 of the GDPR – by providing us with personal data, you have the right to view and access them; this does not mean, however, that you have the right to access all documents containing your data, as they may contain confidential information; you have the right to know what data we have about you and for what purpose we process it, and you have the right to obtain a copy of your personal data, with the first copy provided free of charge, and for each subsequent copy, we charge an administrative fee corresponding to the cost of making the copy, in accordance with the GDPR, c) correction, supplementation, updating, rectification of personal data, as mentioned in art. 16 of the GDPR – if your personal data has changed, please inform us as the data controller about this fact so that the data we hold is accurate and up-to-date; even if there has been no change in personal data, but for any reason, this data is incorrect or has been incorrectly recorded (e.g., due to a typographical error), please inform us to correct or rectify such data, d) deletion of data (right to be forgotten), as mentioned in art. 17 of the GDPR – in other words, you have the right to request the "deletion" of the data held by us as the data controller and the right to request us as the data controller to inform other controllers to whom we have disclosed your data about the necessity of deleting such data. You can request the deletion of your personal data primarily when:

• the purposes for which the personal data were collected have been achieved, e.g., we have fully executed the sales agreement with you,
• the basis for processing your personal data was solely consent, which has been subsequently withdrawn, and there are no other legal grounds for further processing your personal data, e.g., if you unsubscribe from the newsletter and no longer use our company's offer in any other way,
• you have objected under art. 21 of the GDPR and believe that we have no overriding legitimate grounds for further processing your personal data,
• your personal data was unlawfully processed, i.e., for purposes contrary to the law or without any basis for the processing of personal data – please note that in such a case, you must have a basis for your request,
• the need to delete your personal data arises from legal provisions,
• the personal data concerns a minor and was collected in connection with the provision of information society services, e) restriction of processing, as mentioned in art. 18 of the GDPR – you can request our company to restrict the processing of your personal data (which would mean that our company would primarily only store this data until the matter is clarified) if:
• you question the accuracy of your personal data, or
• you believe that we are processing your data without a legal basis, but at the same time, you do not want us to delete these personal data (i.e., you do not exercise the right mentioned in the previous letter), or
• you have objected as mentioned in letter f) of this point, or
• your personal data is necessary to establish, exercise, or defend legal claims, e.g., in court, f) data portability, as mentioned in art. 20 of the GDPR – you have the right to obtain your data in a format that allows it to be read on a computer and the right to transfer this data in that format to another controller; this right applies only if the basis for processing your data was consent (e.g., for newsletter subscription) or if the data was processed automatically, g) object to the processing of personal data, as mentioned in art. 21 of the GDPR – you have the right to object if you do not agree with the processing of your personal data by us, which we have processed so far for legitimate purposes in accordance with the law; in particular, you have the right to object to the processing of your personal data for direct marketing purposes (e.g., newsletter subscription), h) not be subject to profiling, as mentioned in art. 22 in conjunction with art. 4 point 4 of the GDPR – in our online store, you will not be subject to automated decision-making or profiling within the meaning of the GDPR unless you give your consent for this; moreover, we will always inform you about profiling if it is to take place, i) file a complaint with the supervisory authority (the Dutch Data Protection Authority), as mentioned in art. 77 of the GDPR – if you believe that we are processing your personal data unlawfully or in any way infringing the rights resulting from generally applicable legal provisions on personal data protection.

With regard to the right to delete data (right to be forgotten), we emphasize that according to the GDPR, you do not have the right to exercise this right if: a) the processing of your personal data is necessary to exercise the right to freedom of expression and information, e.g., if you have posted your data on a blog, in comments, etc., b) the processing of personal data is necessary for our compliance with legal obligations resulting from the law – we cannot delete your data for the period necessary to fulfill obligations (e.g., tax obligations) imposed on us by legal provisions, c) the processing of your data is necessary for the establishment, exercise, or defense of legal claims.

If you want to exercise your rights as mentioned in the preceding point, please use the appropriate tabs in the online store that allow you to delete your account and data collected in our online store, or please send an email to: info@kiljano.nl.

Every identified case of a security breach is documented, and in the event of one of the situations specified in the GDPR or the Act, the data subjects and, if applicable, the Dutch Data Protection Authority are informed about such a breach of personal data protection regulations. All words written in capital letters have the meaning given to them in the Terms and Conditions of our online store unless otherwise stated in this privacy policy.

In matters not regulated by this privacy policy, the relevant provisions of generally applicable law apply. In the event of a conflict between the provisions of this privacy policy and the above-mentioned provisions, these provisions take precedence.