We process your personal data for the following purposes:
We are allowed to process your personal data because:
Legitimate interests of Rebel may include:
When we ask for personal data, our basic principle is that we do not ask for more personal data than is necessary for the purposes described above. Providing us with personal data is a necessary condition for concluding an agreement with us. If you do not wish to provide any personal data, you will not be able to use our services.
Your data is usually processed within the European Union (EU). In some cases, personal data is processed outside of the EU. Some of our suppliers, group entities, and cooperation partners are also located outside of the EU or provide these services outside of the EU. The regulations in these countries do not always offer the same protection of personal data as the European regulations. To ensure that your personal data is still safe, we take measures by concluding agreements on the security of personal data just as we do within the EU. We refer to this as the “EU model contract”.
We do not retain your personal data for longer than is necessary under applicable laws and regulations.
We have taken appropriate technical and organizational measures to protect personal data against loss or any unlawful form of processing. Various measures have been taken in this context, including data encryption, encrypted communication, and treatment of the data as confidential information. People who have access to your data on our behalf are subject to a duty of confidentiality.
We require the same technical and organizational measures from the parties who process data on our behalf and have laid down this in processing agreements.
The law gives you various rights. Those rights are as follows.
Right to access
You have the right to access the personal data we process.
Right to rectify and erase
You have the right to have your data rectified or even erased if it is no longer accurate or its processing is no longer justified.
Right to object
The right to object means that, based on your specific situation, you can object to certain processing of your personal data.
Right to limit
Under certain circumstances, you also have the right to restrict the processing of your data. In short, this means that we temporarily “freeze” the processing of your data. You can invoke this right in four situations:
Right to data portability
This means that in certain cases you have the right to ask us to transfer the personal data you have provided to us to yourself and another service provider.
Withdrawal of consent
If we process your data on the basis of your consent, you have the right to withdraw your consent at any time. In that case, we will immediately stop processing your data.
Withdrawal of consent does not have retroactive effect. All processing operations that have already taken place therefore remain lawful.
Exercising your rights
You can exercise your rights free of charge, except in the case of abuse. You can exercise your rights by contacting us using the contact information below.
We will do our utmost to answer your questions and requests within one month. If our response takes longer, we will inform you of this within a month. It may take as long as three months to respond in the event of complex requests or the number of requests we receive.
We may ask for further proof of your identity for questions or requests. We do this in order to prevent personal data from being passed on to the wrong people or to prevent incorrect changes being made to personal data.
Individual assessment of each request
Please note that the rights set out above are not absolute rights. There may be circumstances in which we may not be able to meet a request, such as if your data has been or is being processed pursuant to a legal obligation.
We will always assess each request on its own merits. If we are unable or unwilling to meet a particular request, we will of course notify you of this (stating the reasons). If you disagree, you can take the matter to court.
However, the right to object to the use of data for direct or indirect marketing purposes is absolute. We always enable you to unsubscribe from our commercial communications.
We have not appointed a Data Protection Officer (DPO).
If you have a complaint about our processing of personal data, please let us know as soon as possible. We will do our utmost to resolve your complaint. If you are unable to find a solution with us, you can file a complaint with the regulator. The Data Protection Authority monitors compliance with privacy legislation. The contact details of the Data Protection Authority are available on the website www.autoriteitpersoonsgegevens.nl.
Of course, you are always free to ask us questions about the processing of your personal data. You can contact us using the contact information below.
We register data as part of our online services. We do this, for example, if you use the website to ask questions or make comments. To do this, you may have to provide certain personal data about yourself or decide to provide it on your own initiative. In such cases, your data will only be processed for the purpose of establishing your identity as an applicant or person making an enquiry. Your data will not be disclosed to any third parties unless we are obliged to do so by law, by court order, or because you have consented to this.
General visitor data is kept (in anonymized form) on our website www.rebelgroup.com. This visitor data cannot be traced back to individuals. This includes, for example, the most frequently visited pages, surfing behavior, time of visit, browser used, visitor’s geographical region, and the search engines used. We use this information to optimize the layout of the website. We may also use this information to post more specific information on the website. This enables us to further optimize our service.