Privacy statement Yource B.V.

29 March 2019

We understand that your privacy and the protection thereof is of great importance. To you as well as to us. This Privacy Statement is applicable to visitors and users of our websites, the customer contacts of our company and our employees regarding all offered products and services of Yource and its affiliated companies and brands. We respect your privacy and will hereby inform you about the details that we collect and process.

We work in accordance with the European Standardised Information Sheet of 9 March 2017 concerning consumer protection, marketing and data protection. For more information click here.



What do we do?


Personal data is processed via our website and/or e-mail and/or via telephone. We consider the careful handling of personal data of the utmost importance.

We abide by the requirements of the Dutch Privacy Law in processing personal data. Among other things, this entails that:

  • We clearly specify for which purposes we process personal data. We do this through this Privacy Statement;
  • We limit our collection of personal data to the personal data we require for legitimate purposes only;
  • We will first ask you once for your explicit permission to process your personal data in cases that require your permission;
  • We take appropriate security measures to protect your personal data and we demand the same of parties that process personal data on our behalf
  • We, in our role of person responsible, only process personal data for the purpose designated by the client/customer.

In this privacy statement we explain what personal data we collect and use and with which purpose. We recommend you to carefully read through this Privacy Statement.

Person responsible


The person responsible for the processing of the personal data is Yource B.V.

What are my privacy rights??


You have the following privacy rights:

  • the right to view your personal data;
  • the right to amend your personal data;
  • the right to have your personal data deleted;;
  • the right to request a data export of your personal data (that you have provided us with);
  • the right to ask for correction or complementation of your personal data (motivated);
  • the right to object to the processing of your personal data (motivated)

Contact


For questions, a complaint or requests as named above or a suggestion about this Privacy Statement or about your personal data, you can at all times contact us via the details below. We will gladly discuss this with you. Based on the privacy legislation you also have the right to file a complaint with the Authority for Personal Data or the national regulator about the incorrect processing of your personal data. For more information you can contact the Authority for Personal Data.
Yource B.V.
PO Box 3650, 1001 AL Amsterdam
privacy@yource.com
Privacy officer: Mr. E.L. Heenk


Response time


Yource shall respond to or decide on any request within 4 weeks.

Use of our services and purposes


In order to be able to use our services, it is necessary for you to provide us with personal data. We will then process this personal data for the following purposes:

Claiming compensation or refund from an airline, tour operator or retailer, if necessary through legal proceedings or taking other legal measures to obtain a position in evidence, communication via WhatsApp, including the exchange of documents, invoices, statements.

Under 16


We explicitly wish to not process any personal data of minors under the age of 16 years without the explicit permission of the parents or legal guardian/representative. Should we detect this or any form of misuse, we will delete all personal data immediately or contact you to again obtain the permission of a parent, legal guardian or legal representative.

Which details does Yource B.V. have or does Yource B.V. obtain?


In order to offer our services we process personal data. The term personal data refers to information with which a person can be identified.

We process the following personal data for the purposes mentioned in this privacy statement:


  • E-mail address;
  • Name and address details;
  • Telephone number (mobile);
  • Gender;
  • Country of birth;
  • Date of birth.

In some cases, we also process or obtain the following personal data (sometimes unsolicited or unintended). For instance, in case this is required by the Other party, such as the airline, tour operator or reseller and/or to execute legal acts and possible legal proceedings:


  • Copy of European ID card or passport;
  • Marital status;
  • Baggage tag;
  • Travel route;
  • Dietary requirements that are noted on the travel agreement or booking confirmation
  • Information that can be deducted from the dietary requirements, such as religion, lifestyle or profession

Forms and newsletter


Our website contains forms that can be utilised to make use of our services. We will store the data that you provide us with through these forms as long as necessary or reasonable for the complete response to and handling of our service.
We also offer a newsletter with which we inform those interested about our services and activities. Every newsletter contains a link which you can use to unsubscribe from the newsletter. Your email address will only be added to the list of subscribers if you explicitly give us permission to do so.

Retention periods


Your personal data will be stored for as long as is required for us to be able to offer our services. The data will then be deleted, unless a legal retention obligation is in place. The tax legislation requires us to retain a financial administration of 7 years. The invoices that we draft, the payments that you transfer and that we transfer, the checking of our administration by an accountant or administrative office; all this financial data, including the contact details and the financial details of our clients, must be retained for a period of 7 years. In case you use your legal right to cancel the given assignment within 14 days, we will delete your personal data in full.

Copy of identity


Regarding a copy of your identity document or passport, we strongly recommend you to use a copy, app or scan that allows you to leave out your citizen service number. We recommend you do this to prevent identity fraud and for the benefit of your privacy protection.


Privacy after assignment


In case you have provided us with an assignment, we delete all privacy-sensitive data such as a copy of your identity document permanently after the settling or closing of your claim, in compliance with our Terms and Conditions. We are required by law to retain the invoice with the payment and client data for 7 years. This also applies in the case of a possible financial transaction via a bank or another payment facility. We retain information regarding the assignment for 2 years in relation to possible claims.


Application process


We collect and process data of applicants directly or by using forms and/or attached CVs/via third parties/e-mail for the purpose of the application process.

Your personal data will be deleted 4 weeks after the end of the application process at the latest in case you unfortunately did not get the job. In case we have your permission to retain your data for a longer period of time, for example, because suitable positions might open up in the future, this period will be 1 year.

Will my data be passed on to third parties?


We only use third parties to carry out our services and activities in case this is necessary. In case these third parties have access to your data, we always take the appropriate measures to ensure that your data is adequately protected and is only used for the intended purposes.

In carrying out our services and activities, we use the following third parties with whom we will possibly share your personal data:

  • Hosting parties;
  • Legal partners

The transfer of personal data to countries outside of the European Union will only take place to those countries that offer a suitable protection level for the processing for your personal data in compliance with the relevant legislation, such as for example the US/EU Privacy Shield.

Does Yource B.V. ensure that my data is protected?


Yource B.V. has taken the appropriate technical and organisational measures to protect the provided personal data against unauthorized use.

These measures are amongst others, but not limited to:

  • Yource B.V. ensures that her network connections are secured (SSL);
  • Staff and third parties are obligated to maintain confidentiality, except in the case that legal acts are performed publicly;
  • Access to personal data is limited to certain authorised persons;
  • Staff is trained with regards to privacy;
  • Strict password policy;
  • For more information about our security, you can contact us via the details under Contact.

    Can this privacy statement be amended?


    We reserve the right to amend this privacy statement. We recommend that you consult this privacy statement regularly to be made aware of the amendments. In case of a significant amendment, we will inform you of this. For example the selling or transfer of a website or our entire company, in which case a new Privacy policy would be created.

    Protection


    Our websites are protected with the SSL-protocol (https). The transmission and syncing of data takes place on strongly secured network connections. We use professional, paid for and always updated antivirus programs and anti-hacking programmes. For the communication and the consultation or processing of files we use an encrypted VPN connection. The back up storage of data takes place 24/7 via an encrypted connection via private rented servers in Europe. You can upload files via your personal login page on our website. The access to these files is encrypted and secured at the highest level, in which you are assigned a personal HASH. All network connections with the webserver are protected with strong encryption. An encrypted data connection between users and the application prevents the possible misuse of the authentication data of users and the compromising of confidentiality and integrity of the data processed by the application during the transport. The system must have an A level on https://www.ssllabs.com/ssltest/analyze.html.. Yource has this A level. Passwords (of administrators/Yource) are never saved in readable form in the system and/or in the database. Instead, a “one-way-hash” of the password including salt is recorded to perform the authentication. By saving a hashed version of a password, the impact of possible data theft is greatly limited.

    Does this statement also apply to websites I am directed to via the Yource B.V. website?


    This privacy statement does not apply to websites from third parties that are connected to this website through links. We cannot guarantee that these third parties handle your personal data in a reliable and safe way. We recommend that you read the privacy and cookie statements of these websites prior to using these websites. You can find possible hyperlinks of third parties and/or Social Media links on our website. We are not responsible or liable for the content these refer to, nor the Privacy policy of these third parties. This also means that these third parties can install cookies to keep track of or monitor your visiting and click behaviour on the website. We do not intentionally advertise for third parties on our website.

    Does Yource B.V. use Cookies?


    For all information regarding the use of Cookies, click here.