Privacy Statement
PROPERTY TECHNOLOGY SOLUTIONS
&
CLUB FORUM
1. Introduction
Property Technology Solutions B.V. (“Club Forum”) (Property
Technology Solutions B.V. and Club Forum are hereinafter
collectively referred to as "Data Controllers") process
personal data you provided if you access our website and
applications, if we provide products or services to you or
the organization through whom you are known to us, if you
visit the shopping centers in which we operate and/or take
part in our marketing events or campaigns. Data Controllers
are strongly committed to protecting the privacy of your
personal data. Data Controllers only use personal data
legitimately and responsibly in line with applicable privacy
laws and regulations. In this Privacy Statement, we describe
who we are, how and for which purposes we process personal
data, how you can exercise your privacy rights, and all
other information that may be relevant to you. We did our
best to provide you with all information in a clear and
readable format. However, if you have any questions about
our use of personal data after reading this Privacy
Statement, you can of course always contact us through the
contact details provided below. We are continually
developing and improving our products and services, which
might result in some changes to the way we are processing
personal data. We will make sure to reflect these changes in
this Privacy Statement. We recommend that you regularly take
notice of this Privacy Statement for any modifications. At
the bottom of this Privacy Statement you can read when this
Privacy Statement has been modified for the last time. We
may use cookies and similar technologies. For more
information on how we use cookies, you may also want to read
our Cookies Statement.
2. Who are we?
Property Technology Solutions B.V. is a company that
provides technology and marketing solutions to real estate
projects under the brand of Club Forum. We are located at
Parnassusweg 819, 1082 LZ Amsterdam, the Nederlands.
For more information, please read paragraph “14. More
information?”.
3. To which personal data does this Privacy Statement
apply?
All personal data that is collected, stored, shared,
transmitted, and/or otherwise used in relation to Data
Controllers’ website(s), applications, (operated) shopping
centers, products and services falls within scope of this
Privacy Statement. This includes, inter alia, personal data
of our investors, candidates, business partners, tenants,
clients to whom Data Controllers provides products and
services, suppliers, visitors, and other individuals (in any
form).
4. What is personal data?
Personal data is any information that relates to an
identified or identifiable living individual. Different
pieces of information, which collected together can lead to
the identification of a particular person, also constitute
personal data. You share such data with us if you are a
client. We provide products or services to you, if you are a
visitor of our shopping centers or have contact with us in
another capacity.
5. Which personal data do we collect from you?
We might collect several of the following categories of
personal data of you or your children/parents when you are
seeking contact or are in contact with Data Controllers:
• Demographic data (name, gender, date of birth, age,
nationality, marital status & dependents)
• Contact details (name, function, address, place of
residence, email address, telephone number)
• Financial data (bank account details, loan
reference number, credit card number)
•Company details (address, trade register number, tax
identification number)
• Account and device details (username and password,
device numbers);
• Marketing preferences (whether you have opted in or
out for direct marketing, brand preferences);
• Interaction details (contact with our client
service or digital and/or written correspondence)
•
(Online) identifiers, surfing data and visitor movement
data
(IP address, cookies, MAC address, browsing behavior on our
websites and applications, shopping behavior and location);
• Participation details (whether you participate in
promotions, loyalty programs, surveys, competitions, or
social and marketing events)
•
Data needed for security and fraud prevention
(official identification, camera recordings)
• Image data (photos, video images)
•
Data needed to comply with anti-bribery and corruption
laws and other regulatory requirements
(such as suspected and actual criminal behavior, criminal
records or proceedings regarding criminal or unlawful
behavior)
6. How do we collect, receive or generate your personal
data?
We might process the categories of personal data mentioned
above either directly from you, from external parties or
through profiling and automated decision-making techniques
in so far as permitted by law.
Personal data directly provided by and about you or your
children/parents.
The following data is collected directly from you:
• personal data which you provide when creating an account,
using our applications, concluding a contract, participating
in promotions, loyalty programs or social and marketing
events and/or other information which you enter or provide;
• your surfing behavior on our website/apps and your buying
behavior when participating in our loyalty programs;
• personal data you provide as a visitor of our shopping
centers (this could also be movement information generated
by Wifi-tracking);
• personal data you, or the organization through whom you
are known, provides to us in the performance of our products
or services; and
• personal data you provide as part of correspondence,
recruitment, feedback, help (Q&A) and dispute settlement.
Profiling techniques / automated decision-making
We might want to approach you in a relevant and personal
way. To enable this, we might analyze personal data to
determine the most relevant target groups, segments,
content, advertisements, information, moments and channels.
We only make use of such profiling or automated decision
techniques based on your explicit consent, whereby we will
inform you about the logic involved and the consequences of
such techniques. At the same time, we take the necessary
measures to safeguard your rights and to make sure that the
techniques do not legally or significantly affect you.
If you prefer to withdraw your consent for to provide you
with personalized marketing, please contact us by using the
contact details set out in paragraph “14. More
information?”.
7. For which purposes do we process your personal
data?
We collect and process your personal data for the following
purposes:
1. execution of an agreement: to enter into and fulfill
agreements with you and other clients, tenants, suppliers or
(business) partners;
2. communication, (direct) marketing and personalization
purposes: to maintain contact, promote and provide
information about products and services or the businesses of
others (marketing);
3. quality and management purposes: to monitor and improve
our products and services;
4. security and safety: for security reasons, accidents,
insurance claims, etc.; and
5. legislation and regulation: to comply with legislation
(e.g. verification requirements) or court orders to which
Data Controllers (together or separately) are subject.
In more detail, we process your personal data for the
following purposes.
Execution of an agreement
We process personal data to prepare, effect, perform and
(possibly) terminate several kinds of agreements, e.g.
membership agreements, activity agreements, loyalty program
subscriptions etc. To that end, we could require demographic
data, contact details, company details and financial
details.
Communication, (direct) marketing and personalization
purposes
• Client relationship management – Your
relationship with Data Controllers is important to us and as
such, we take the utmost care to ensure that your personal
data is accurate and up-to-date. Client relationship
management includes the contact creation and registration of
your account as a client. It also includes facilitating the
sharing of your contact information with Data Controllers to
draft marketing proposals and send invoices to the right
client. To that end, we collect your demographic data,
contact details and company details.
• Client service and support – We want to be able
to assist you as quickly as possible whenever you contact us
for support or want to file a(n) additional request or
complaint. Therefore, we need to process your personal data
in the form of taking notes and registering reports and
telephone conversations that you have with our employees. We
use this information not only to facilitate the resolution
of your query, but also to analyze and improve the quality
of our services. To that end, we collect your demographic
data, contact details, company details, financial details
and your request or complaint.
• Marketing and promotional offerings – If you are
already a client of Club Forum or have indicated that you
want to receive information about Club Forum’s products and
services or the businesses of others, we can include you in
a mailing list through which newsletters, brochures and
other information are sent. In order to send these
(personalized) offerings, we process your demographic data,
contact details and company details.
• Loyalty program participation – We may also
process personal data if you indicated that as a visitor of
our shopping centers, you want to participate in loyalty
programs to receive personalized offerings and provide
feedback through customer satisfaction and/or interest
surveys. To that end, Data Controllers collects your
demographic data, contact details, financial data, account
details and participation details.
Quality and management purposes
We process your personal data to monitor and improve the
quality of our products and services, processes, and
systems, to inform the management and to perform internal
audits. For example, we might use WIFI tracking to monitor
visitor movement and flow and to assess the performance of
certain shopping centers. To that end, collect interaction
details, surfing behavior data and visitor movement data.
Legislation and regulation
We process personal data to verify whether or not Club Forum
can accept an individual as a client or (business) partner,
to counter fraud, to perform audits, to comply with
legislation (e.g. civil, criminal, administrative, tax law)
and (anti money laundering) regulation and to take the
necessary legal action to enforce our rights.
8. On which legal grounds do we process your personal
data?
To be lawful, personal data which is processed for certain
purposes (as identified above) has to be based on a certain
legal basis. Data Controllers process personal data on the
following legal grounds:
(1) The performance of a contract
We process personal data of you or your children/parents,
which is necessary for our performance under an agreement
with you. Without these data, we would not be able to fulfil
our side of the agreement.
(2) Legitimate interests pursued by us
We may use personal data of you or your children/parents for
our legitimate interests, provided that your fundamental
rights and freedoms are not harmed, such as:
• to improve the quality and effectiveness of our services;
• to protect our visitors and stakeholders interests;
• to detect fraud and security incident (e.g. on our
website/app and in our shopping centers);
• to defend ourselves in legal proceedings;
• to comply with the law;
• To establish exercise or protect a right.
(3) A legal requirement
We are legally obliged to process personal data in order to
comply with our legal obligations. In certain cases, we
process your personal data if and when such processing is
permitted by the laws.
(4) Your consent
If the previous legal grounds do not apply, we can only
process personal data of you or your children/parents with
your prior unambiguous explicit consent. Note that you can
always withdraw your given consent. Please keep in mind that
you can only withdraw in case you have given your consent
first and such withdrawal has no retrospective effect.
Data Controllers process personal data it has collected for
the purposes as identified above on the following legal
grounds:
| Purpose | Legal Basis |
| Execution of an agreement: to enter into and fulfill agreements with you and other clients, suppliers or (business) partners. |
(1) The performance of a contract;
(2) Compliance with a legal requirement |
| Communication, (direct) marketing and personalization purposes:: to maintain contact, promote and provide information about products and services or the businesses of others (marketing). |
(1) The performance of a contract;
(3) Legitimate interests pursued by us; (4) Your consent; |
| Quality and management purposes: to monitor and improve our products and services; |
(3) Legitimate interests pursued by us;
(4) Your consent. |
| Security and safety: security reasons, accidents, insurance claims, etc. | 3) Legitimate interests pursued by us; |
| Legislation and regulation: to comply with legislation (e.g. verification requirements) or court orders to which Data Controllers are (together or separately) subject. |
(2) Compliance with a legal requirements
(3) Legitimate interests pursued by us. |
9. To whom do we provide your personal data?
We can provide personal data to third parties in accordance
with this Privacy Statement and in so far as permitted by
law. Personal data you provided could be provided to the
following categories of recipients.
Authorities
We may provide personal data that have been provided by you
to supervisory authorities such as Tax and Customs
Administration, the police and/or other statutory bodies. We
provide personal data provided by you:
• to comply with a statutory obligation, court order or law;
or
• if this is necessary to prevent, trace or prosecute
criminal offence; or
• if this is necessary to enforce our policies, or to
protect the rights and freedoms of others.
Business service companies (data processors)
We make use of business service companies to support us in
executing our business. These organizations act only on our
instructions and are contractually bound by us not to use
the data for their own purposes. This may include Group
companies of Data Controllers, who may process your data for
the purpose of providing you with information and/or
services (such as registration and client support), the
development of new websites, applications, services,
promotions and communication, and to prevent, trace and
examine possible illegal activities, infringements of our
policies, fraud and/or breaches of our data security.
Other
Each external party to which we – with your given consent –
provide your personal data (for example within the context
of a collaboration, mandate or (service) agreement), and/ or
to which other company now or in the future forms part of us
as a result of a restructuring, merger or acquisition.
10. Are your personal data being transferred abroad?
Since some of our service providers / business partners /
consultants / group companies that we receive support from
in the process are abroad and/or the technical
infrastructures used by the said parties are abroad, your
personal data may be transferred abroad to group companies,
affiliates, and subsidiaries of Club Forum and their
technical service providers abroad. We have taken all
necessary measures to ensure that the transfers are safe and
take place within the limits set by law.
To ensure a proper level of protection we make sure your
data is only transferred outside the European Union if, in
so far as appropriate, such transfer is subject to one of
the following appropriate safeguards pursuant to art. 46-2
GDPR:
Adequacy decision
We are allowed to transfer your personal data outside the EU
based on a so-called ‘adequacy decision’. An adequacy
decision is a decision of the European Commission, depending
on the sort of personal data, that decides that the country
in question ensures an adequate level of protection
regarding personal data.
EU-US Privacy Shield and Undertaking
Your personal data is only transferred abroad if the
recipient or data processor guarantees an adequate level of
data protection in line with the US Privacy Shield.
Standard Contract Clauses and Governance
The (lawful) transfer of personal data abroad is made
possible because of appropriate safeguards provided by us
and recipients or data processors. We have implemented such
safeguards through Data Controller’s governance rules and
the EU Standard Contractual Clauses (art. 46-2 sub c GDPR)
to which we agree upon with all parties that process data on
our behalf.
11. How long do we store your personal data?
Your personal information is stored as long as strictly
necessary for the purpose for which the data are processed
or as long as required by law. Hereinafter your personal
data will be destroyed or made anonymous.
12. How can you exercise your privacy rights?
You have the right to request the following from us
regarding your personal data:
• information about whether your personal data has been
processed,
• if your personal data has been processed, information
about such data and processing and access to an overview of
your personal data, or obtain personal data you have
previously provided to us in a structured, commonly used,
and machine-readable format (legal conditions pursuant to
GDPR apply).
• Information about the purpose for the data processing and
whether your personal data was used for this purpose;
• rectification and/or erasure or removal of your personal
data,
• information about the identities of natural or legal
persons whom the data is transferred to,
• if data is transferred, request us to advise the recipient
about correction, erasure and removal of such personal
data,
• restriction of processing concerning your personal
data,
• to object to processing; and
the right not to be subject to automated decision-making, if
it is producing a legal effect that significantly affects
you. However, it will not apply if the processing is
necessary for the performance of a contract, if it is
authorized by the law, or if the processing is based on your
explicit consent.
To invoke any of your rights stated above, please contact us
by using the contact details set out above and in paragraph
“14. More information?” in the way stated under paragraph
“How to lodge a complaint?”.
Please keep in mind that we may ask for additional
information to verify your identity.
Should you no longer want to receive direct marketing
communication, please contact us by using the contact
details set out in paragraph “14. More information?”.
For information on how to object to profiling, please see
the information on profiling techniques below.
13. How to lodge a complaint?
You can lodge a complaint concerning the usage of your
rights mentioned above:
• to our e-mail address via your e-mail address registered
within our systems, or
• to our contact details set out in paragraph “14. More
information?” by personally submitting your complaint with a
signed request.
Furthermore, you could lodge a complaint with the Data
Protection Authority. For example, if you believe that we
have failed to process any personal data in a sufficiently
careful manner, or because you have sent us a request to
access or rectify your personal data and you are not
satisfied with our reply, or in case we did not reply in a
timely manner.
14. More information?
Should you have any questions about the manners in which we
process personal data, and that are not answered by this
privacy statement, in case you wish to exercise any of your
privacy rights or wish to file a complaint, please contact
us with the following contact details:
Property Technology Solutions B.V
Parnassusweg 819, 1082 LZ Amsterdam, the Netherlands
T. +31 20 820 3900
E. privacy@clubforum.eu
15. When was the last modification made to this Privacy
Statement?
This Privacy Statement applies since 01.10.2022. The last
modifications to this Privacy Statement were made on
04.03.2024