We at Rebel believe in treating the personal data we process with the utmost care. We respect your privacy and ensure that your personal data is treated confidentially and in accordance with current privacy legislation. Our aim is to safeguard the privacy of our clients, visitors, and staff as effectively as possible. This privacy policy explains how we guarantee that personal data is processed correctly at our organization.

What do we process your personal data for?

We process your personal data for the following purposes:

1. To perform the agreements concluded with you
2. To conduct our administration and other internal management activities
3. To inform you about new Rebel services
4. To handle information requests
5. To conduct satisfaction surveys and marketing activities
6. To improve Rebel’s website and services
7. To send digital newsletters
8. To meet our legal obligations, such as the administration and retention requirements
9. To correctly handle complaints.

On what basis are we permitted to process this personal data?

We are allowed to process your personal data because:

• you have given your consent for us to do so
• this is necessary to perform the agreement concluded with you
• this is necessary to comply with legal obligations, or
• this is necessary to the legitimate interests of Rebel or a third party.

Legitimate interests of Rebel may include:

• The security of Rebel’s buildings and property
• The security and availability of the network infrastructure to third parties. For example, making the guest Wi-Fi available
• Fraud prevention Monitoring the logging of IT systems such as internet traffic
• Quality and training purposes.

You can object to your data being processed on the grounds of a legitimate interest by invoking your right to object. More information about the right to object is given further on in this privacy policy.

Who receives your personal data?

We work with a number of external service providers. They include MailChimp, a tool we use to manage the e-mail addresses of our newsletter subscribers. And Magnet.me, a social media platform where we post vacancies that potential applicants can respond to with their personal data. All these parties are subject to the same requirements and principles as those set out in this privacy policy.

Is it necessary to provide us with personal data?

When we ask for personal data, our basic principle is that we do not ask for more personal data than is necessary for the purposes described above. Providing us with personal data is a necessary condition for concluding an agreement with us. If you do not wish to provide any personal data, you will not be able to use our services.

Do we pass on data to other countries?

Your data is usually processed within the European Union (EU). In some cases, personal data is processed outside of the EU. Some of our suppliers, group entities, and cooperation partners are also located outside of the EU or provide these services outside of the EU. The regulations in these countries do not always offer the same protection of personal data as the European regulations. To ensure that your personal data is still safe, we take measures by concluding agreements on the security of personal data just as we do within the EU. We refer to this as the “EU model contract”.

Do we use automated decision-making and profiling?

No, we do not use automated decision-making and profiling.

How long will my personal data be kept for?

We do not retain your personal data for longer than is necessary under applicable laws and regulations.

How do we secure your personal data?

We have taken appropriate technical and organizational measures to protect personal data against loss or any unlawful form of processing. Various measures have been taken in this context, including data encryption, encrypted communication, and treatment of the data as confidential information. People who have access to your data on our behalf are subject to a duty of confidentiality.

We require the same technical and organizational measures from the parties who process data on our behalf and have laid down this in processing agreements.

What are your rights with regard to the personal data we process?

The law gives you various rights. Those rights are as follows.

Right to access
You have the right to access the personal data we process.

Right to rectify and erase
You have the right to have your data rectified or even erased if it is no longer accurate or its processing is no longer justified.

Right to object
The right to object means that, based on your specific situation, you can object to certain processing of your personal data.

Right to limit
Under certain circumstances, you also have the right to restrict the processing of your data. In short, this means that we temporarily “freeze” the processing of your data. You can invoke this right in four situations:

• Pending the assessment of a request for rectification
• If data should have been erased but you do not want this to be done
• If we no longer need the data, but you need it to prepare for a court case
• Pending the assessment of an objection.

Right to data portability
This means that in certain cases you have the right to ask us to transfer the personal data you have provided to us to yourself and another service provider.

Withdrawal of consent
If we process your data on the basis of your consent, you have the right to withdraw your consent at any time. In that case, we will immediately stop processing your data.

Withdrawal of consent does not have retroactive effect. All processing operations that have already taken place therefore remain lawful.

Exercising your rights
You can exercise your rights free of charge, except in the case of abuse. You can exercise your rights by contacting us using the contact information below.

Deadlines
We will do our utmost to answer your questions and requests within one month. If our response takes longer, we will inform you of this within a month. It may take as long as three months to respond in the event of complex requests or the number of requests we receive.

Identification
We may ask for further proof of your identity for questions or requests. We do this in order to prevent personal data from being passed on to the wrong people or to prevent incorrect changes being made to personal data.

Individual assessment of each request
Please note that the rights set out above are not absolute rights. There may be circumstances in which we may not be able to meet a request, such as if your data has been or is being processed pursuant to a legal obligation.

We will always assess each request on its own merits. If we are unable or unwilling to meet a particular request, we will of course notify you of this (stating the reasons). If you disagree, you can take the matter to court.

However, the right to object to the use of data for direct or indirect marketing purposes is absolute. We always enable you to unsubscribe from our commercial communications.

Do we have a Data Protection Officer?

We have not appointed a Data Protection Officer (DPO).

Do you have a complaint about the processing of your personal data?

If you have a complaint about our processing of personal data, please let us know as soon as possible. We will do our utmost to resolve your complaint. If you are unable to find a solution with us, you can file a complaint with the regulator. The Data Protection Authority monitors compliance with privacy legislation. The contact details of the Data Protection Authority are available on the website www.autoriteitpersoonsgegevens.nl.

Amendment of the privacy policy

We reserve the right to amend this privacy policy. The amendments will be published on Rebel’s website. We therefore advise you to regularly check this privacy policy for updates.

Do you have any questions?

Of course, you are always free to ask us questions about the processing of your personal data. You can contact us using the contact information below.

How can you contact us?

If you have any questions about this privacy policy or our processing of your personal data, please contact the secretary of our headquarters via info@rebelgroup.com or +31 10 275 59 95.

Additional privacy policy regarding our website

We register data as part of our online services. We do this, for example, if you use the website to ask questions or make comments. To do this, you may have to provide certain personal data about yourself or decide to provide it on your own initiative. In such cases, your data will only be processed for the purpose of establishing your identity as an applicant or person making an enquiry. Your data will not be disclosed to any third parties unless we are obliged to do so by law, by court order, or because you have consented to this.

Visit details
General visitor data is kept (in anonymized form) on our website www.rebelgroup.com. This visitor data cannot be traced back to individuals. This includes, for example, the most frequently visited pages, surfing behavior, time of visit, browser used, visitor’s geographical region, and the search engines used. We use this information to optimize the layout of the website. We may also use this information to post more specific information on the website. This enables us to further optimize our service.

Cookies
Some parts of our website may contain cookies. Cookies are small pieces of information (files) that a website leaves on your computer. The website instructs the web browser that you use to view the websites (e.g. Internet Explorer) to store these cookies on your computer. Cookies are not used to obtain or store personal information. You can use your browser settings to choose to accept all cookies, to be informed when a cookie is placed, or to disable all cookies. See your browser help file for more information on this subject.

Please note: The American company Google places a cookie via our website as part of its “Analytics” service. We use this service to find out how visitors use our website. Google may pass on this information to third parties if it is legally obliged to do so or if these third parties process the data on Google’s behalf. We have no influence over this. The information collected by Google is anonymized as much as possible. Your IP address is not passed on under any circumstances. The information is transferred to Google and stored by Google on servers in the United States.

Rebelgroup.com and other websites

On our website you will find a number of hyperlinks to other websites. We cannot be held responsible for how these parties handle your data. Please read the privacy policy, if any, of the website you are visiting.