PROPERTY TECHNOLOGY SOLUTIONS
2. Who are we?
Property Technology Solutions B.V. is a company that provides technology and marketing solutions to real estate projects under the brand of Club Forum. We are located at Parnassusweg 819, 1082 LZ Amsterdam, the Nederlands.
For more information, please read paragraph “14. More information?”.
3. To which personal data does this Privacy Statement apply?
All personal data that is collected, stored, shared, transmitted, and/or otherwise used in relation to Data Controllers’ website(s), applications, (operated) shopping centers, products and services falls within scope of this Privacy Statement. This includes, inter alia, personal data of our investors, candidates, business partners, tenants, clients to whom Data Controllers provides products and services, suppliers, visitors, and other individuals (in any form).
4. What is personal data?
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. You share such data with us if you are a client. We provide products or services to you, if you are a visitor of our shopping centers or have contact with us in another capacity.
5. Which personal data do we collect from you?
We might collect several of the following categories of personal data of you or your children/parents when you are seeking contact or are in contact with Data Controllers:
• Demographic data (name, gender, date of birth, age, nationality, marital status & dependents)
• Contact details (name, function, address, place of residence, email address, telephone number)
• Financial data (bank account details, loan reference number, credit card number)
•Company details (address, trade register number, tax identification number)
• Account and device details (username and password, device numbers);
• Marketing preferences (whether you have opted in or out for direct marketing, brand preferences);
• Interaction details (contact with our client service or digital and/or written correspondence)
• (Online) identifiers, surfing data and visitor movement data (IP address, cookies, MAC address, browsing behavior on our websites and applications, shopping behavior and location);
• Participation details (whether you participate in promotions, loyalty programs, surveys, competitions, or social and marketing events)
• Data needed for security and fraud prevention (official identification, camera recordings)
• Image data (photos, video images)
• Data needed to comply with anti-bribery and corruption laws and other regulatory requirements (such as suspected and actual criminal behavior, criminal records or proceedings regarding criminal or unlawful behavior)
6. How do we collect, receive or generate your personal data?
We might process the categories of personal data mentioned above either directly from you, from external parties or through profiling and automated decision-making techniques in so far as permitted by law.
Personal data directly provided by and about you or your children/parents.
The following data is collected directly from you:
• personal data which you provide when creating an account, using our applications, concluding a contract, participating in promotions, loyalty programs or social and marketing events and/or other information which you enter or provide;
• your surfing behavior on our website/apps and your buying behavior when participating in our loyalty programs;
• personal data you provide as a visitor of our shopping centers (this could also be movement information generated by Wifi-tracking);
• personal data you, or the organization through whom you are known, provides to us in the performance of our products or services; and
• personal data you provide as part of correspondence, recruitment, feedback, help (Q&A) and dispute settlement.
Profiling techniques / automated decision-making
We might want to approach you in a relevant and personal way. To enable this, we might analyze personal data to determine the most relevant target groups, segments, content, advertisements, information, moments and channels. We only make use of such profiling or automated decision techniques based on your explicit consent, whereby we will inform you about the logic involved and the consequences of such techniques. At the same time, we take the necessary measures to safeguard your rights and to make sure that the techniques do not legally or significantly affect you.
If you prefer to withdraw your consent for to provide you with personalized marketing, please contact us by using the contact details set out in paragraph “14. More information?”.
7. For which purposes do we process your personal data?
We collect and process your personal data for the following purposes:
1. execution of an agreement: to enter into and fulfill agreements with you and other clients, tenants, suppliers or (business) partners;
2. communication, (direct) marketing and personalization purposes: to maintain contact, promote and provide information about products and services or the businesses of others (marketing);
3. quality and management purposes: to monitor and improve our products and services;
4. security and safety: for security reasons, accidents, insurance claims, etc.; and
5. legislation and regulation: to comply with legislation (e.g. verification requirements) or court orders to which Data Controllers (together or separately) are subject.
In more detail, we process your personal data for the following purposes.
Execution of an agreement
We process personal data to prepare, effect, perform and (possibly) terminate several kinds of agreements, e.g. membership agreements, activity agreements, loyalty program subscriptions etc. To that end, we could require demographic data, contact details, company details and financial details.
Communication, (direct) marketing and personalization purposes
• Client relationship management – Your relationship with Data Controllers is important to us and as such, we take the utmost care to ensure that your personal data is accurate and up-to-date. Client relationship management includes the contact creation and registration of your account as a client. It also includes facilitating the sharing of your contact information with Data Controllers to draft marketing proposals and send invoices to the right client. To that end, we collect your demographic data, contact details and company details.
• Client service and support – We want to be able to assist you as quickly as possible whenever you contact us for support or want to file a(n) additional request or complaint. Therefore, we need to process your personal data in the form of taking notes and registering reports and telephone conversations that you have with our employees. We use this information not only to facilitate the resolution of your query, but also to analyze and improve the quality of our services. To that end, we collect your demographic data, contact details, company details, financial details and your request or complaint.
• Marketing and promotional offerings – If you are already a client of Club Forum or have indicated that you want to receive information about Club Forum’s products and services or the businesses of others, we can include you in a mailing list through which newsletters, brochures and other information are sent. In order to send these (personalized) offerings, we process your demographic data, contact details and company details.
• Loyalty program participation – We may also process personal data if you indicated that as a visitor of our shopping centers, you want to participate in loyalty programs to receive personalized offerings and provide feedback through customer satisfaction and/or interest surveys. To that end, Data Controllers collects your demographic data, contact details, financial data, account details and participation details.
Quality and management purposes
We process your personal data to monitor and improve the quality of our products and services, processes, and systems, to inform the management and to perform internal audits. For example, we might use WIFI tracking to monitor visitor movement and flow and to assess the performance of certain shopping centers. To that end, collect interaction details, surfing behavior data and visitor movement data.
Legislation and regulation
We process personal data to verify whether or not Club Forum can accept an individual as a client or (business) partner, to counter fraud, to perform audits, to comply with legislation (e.g. civil, criminal, administrative, tax law) and (anti money laundering) regulation and to take the necessary legal action to enforce our rights.
8. On which legal grounds do we process your personal data?
To be lawful, personal data which is processed for certain purposes (as identified above) has to be based on a certain legal basis. Data Controllers process personal data on the following legal grounds:
(1) The performance of a contract
We process personal data of you or your children/parents, which is necessary for our performance under an agreement with you. Without these data, we would not be able to fulfil our side of the agreement.
(2) Legitimate interests pursued by us
We may use personal data of you or your children/parents for our legitimate interests, provided that your fundamental rights and freedoms are not harmed, such as:
• to improve the quality and effectiveness of our services;
• to protect our visitors and stakeholders interests;
• to detect fraud and security incident (e.g. on our website/app and in our shopping centers);
• to defend ourselves in legal proceedings;
• to comply with the law;
• To establish exercise or protect a right.
(3) A legal requirement
We are legally obliged to process personal data in order to comply with our legal obligations. In certain cases, we process your personal data if and when such processing is permitted by the laws.
(4) Your consent
If the previous legal grounds do not apply, we can only process personal data of you or your children/parents with your prior unambiguous explicit consent. Note that you can always withdraw your given consent. Please keep in mind that you can only withdraw in case you have given your consent first and such withdrawal has no retrospective effect.
Data Controllers process personal data it has collected for the purposes as identified above on the following legal grounds:
|Execution of an agreement: to enter into and fulfill agreements with you and other clients, suppliers or (business) partners.
(1) The performance of a contract;
(2) Compliance with a legal requirement
|Communication, (direct) marketing and personalization purposes:: to maintain contact, promote and provide information about products and services or the businesses of others (marketing).
(1) The performance of a contract;
(3) Legitimate interests pursued by us;
(4) Your consent;
|Quality and management purposes: to monitor and improve our products and services;
(3) Legitimate interests pursued by us;
(4) Your consent.
|Security and safety: security reasons, accidents, insurance claims, etc.
|3) Legitimate interests pursued by us;
|Legislation and regulation: to comply with legislation (e.g. verification requirements) or court orders to which Data Controllers are (together or separately) subject.
(2) Compliance with a legal requirements
(3) Legitimate interests pursued by us.
9. To whom do we provide your personal data?
We can provide personal data to third parties in accordance with this Privacy Statement and in so far as permitted by law. Personal data you provided could be provided to the following categories of recipients.
We may provide personal data that have been provided by you to supervisory authorities such as Tax and Customs Administration, the police and/or other statutory bodies. We provide personal data provided by you:
• to comply with a statutory obligation, court order or law; or
• if this is necessary to prevent, trace or prosecute criminal offence; or
• if this is necessary to enforce our policies, or to protect the rights and freedoms of others.
Business service companies (data processors)
We make use of business service companies to support us in executing our business. These organizations act only on our instructions and are contractually bound by us not to use the data for their own purposes. This may include Group companies of Data Controllers, who may process your data for the purpose of providing you with information and/or services (such as registration and client support), the development of new websites, applications, services, promotions and communication, and to prevent, trace and examine possible illegal activities, infringements of our policies, fraud and/or breaches of our data security.
Each external party to which we – with your given consent – provide your personal data (for example within the context of a collaboration, mandate or (service) agreement), and/ or to which other company now or in the future forms part of us as a result of a restructuring, merger or acquisition.
10. Are your personal data being transferred abroad?
Since some of our service providers / business partners / consultants / group companies that we receive support from in the process are abroad and/or the technical infrastructures used by the said parties are abroad, your personal data may be transferred abroad to group companies, affiliates, and subsidiaries of Club Forum and their technical service providers abroad. We have taken all necessary measures to ensure that the transfers are safe and take place within the limits set by law.
To ensure a proper level of protection we make sure your data is only transferred outside the European Union if, in so far as appropriate, such transfer is subject to one of the following appropriate safeguards pursuant to art. 46-2 GDPR:
We are allowed to transfer your personal data outside the EU based on a so-called ‘adequacy decision’. An adequacy decision is a decision of the European Commission, depending on the sort of personal data, that decides that the country in question ensures an adequate level of protection regarding personal data.
EU-US Privacy Shield and Undertaking
Your personal data is only transferred abroad if the recipient or data processor guarantees an adequate level of data protection in line with the US Privacy Shield.
Standard Contract Clauses and Governance
The (lawful) transfer of personal data abroad is made possible because of appropriate safeguards provided by us and recipients or data processors. We have implemented such safeguards through Data Controller’s governance rules and the EU Standard Contractual Clauses (art. 46-2 sub c GDPR) to which we agree upon with all parties that process data on our behalf.
11. How long do we store your personal data?
Your personal information is stored as long as strictly necessary for the purpose for which the data are processed or as long as required by law. Hereinafter your personal data will be destroyed or made anonymous.
12. How can you exercise your privacy rights?
You have the right to request the following from us regarding your personal data:
• information about whether your personal data has been processed,
• if your personal data has been processed, information about such data and processing and access to an overview of your personal data, or obtain personal data you have previously provided to us in a structured, commonly used, and machine-readable format (legal conditions pursuant to GDPR apply).
• Information about the purpose for the data processing and whether your personal data was used for this purpose;
• rectification and/or erasure or removal of your personal data,
• information about the identities of natural or legal persons whom the data is transferred to,
• if data is transferred, request us to advise the recipient about correction, erasure and removal of such personal data,
• restriction of processing concerning your personal data,
• to object to processing; and
the right not to be subject to automated decision-making, if it is producing a legal effect that significantly affects you. However, it will not apply if the processing is necessary for the performance of a contract, if it is authorized by the law, or if the processing is based on your explicit consent.
To invoke any of your rights stated above, please contact us by using the contact details set out above and in paragraph “14. More information?” in the way stated under paragraph “How to lodge a complaint?”.
Please keep in mind that we may ask for additional information to verify your identity.
Should you no longer want to receive direct marketing communication, please contact us by using the contact details set out in paragraph “14. More information?”.
For information on how to object to profiling, please see the information on profiling techniques below.
13. How to lodge a complaint?
You can lodge a complaint concerning the usage of your rights mentioned above:
• to our e-mail address via your e-mail address registered within our systems, or
• to our contact details set out in paragraph “14. More information?” by personally submitting your complaint with a signed request.
Furthermore, you could lodge a complaint with the Data Protection Authority. For example, if you believe that we have failed to process any personal data in a sufficiently careful manner, or because you have sent us a request to access or rectify your personal data and you are not satisfied with our reply, or in case we did not reply in a timely manner.
14. More information?
Should you have any questions about the manners in which we process personal data, and that are not answered by this privacy statement, in case you wish to exercise any of your privacy rights or wish to file a complaint, please contact us with the following contact details:
Property Technology Solutions B.V
Parnassusweg 819, 1082 LZ Amsterdam, the Netherlands
T. +31 20 820 3900
15. When was the last modification made to this Privacy Statement?
This Privacy Statement applies since 01.10.2022. The last modifications to this Privacy Statement were made on 04.03.2024