Privacy Statement

Privacy Statement

Version date: 30 June 2024

Preface

We value your right to privacy and will protect your personal data in accordance with applicable privacy and data protection laws, and more specifically with the General Data Protection Regulation (GDPR). This is our privacy statement, in which we will explain how we process your personal data when using this website or when contacting us in another way, and what rights you have related to these processing activities.

We are DIF Management B.V. (DIF), the ‘controller’ under the GDPR for the processing activities as described in this privacy statement. We have our registered office at Schiphol Boulevard 269, Tower D, 10th floor, 1118 BH Schiphol, the Netherlands, are registered with the Netherlands Chamber of Commerce under company number 34312941 and regulated by the Dutch Authority for the Financial Markets (AFM) under number 15001298 (DIF Management B.V.).

1.    Processing of personal data

We process your personal data in the following situations:
•    when you are visiting and using our website www.cvcdif.com.
•    when you are contacting us in another way.
We will explain in each category: which personal data we will process, for which purposes and which legal basis we have to process your personal data.

1.1.    Visiting and using our website

When visiting and using our website, we may process your personal data including: your IP-address and other identifiable information related to visiting our website and contact details that you provide (e.g. when subscribing to our newsletter). We process this personal data so that we can: 
a)    offer our website and its content to the public, including news and company updates;
b)    improve our website and analyse the use of our website; 
c)    send our newsletter.

The legal basis for the processing of personal data related to the visiting and using of our website as described is our legimitate interest (a-b) and consent (c).

1.2.    Other ways of contact

Besides subscribing to our newsletter, there are other ways that you can contact us, for example: 
•    by sending us an e-mail to an e-mail address published on our website;
•    by sending regular mail to an address published on our website.

We will process personal data that you provide us when doing so to receive and respond to your inquiries, complaints, (GDPR) requests or other types of contact. The legal basis for this processing activity is legitimate interest.

2.    With whom do we share your personal data?
When visiting our website or contacting us in another way, we may share your personal data with third parties, such as:
a)    IT/website suppliers like Campaign Monitor;
b)    other members of the DIF Group;
c)    other third parties (in case of your consent).

As for (a), (b) and (c), we will only share your personal data if this is necessary for the purposes as described under Chapter 1.1. (a-c). 

In case we share your personal data with third parties who will process personal data on behalf of us (‘processor’ under the GDPR), we will ensure that your personal data are protected by the relevant data protection laws and this privacy statement by means of a processing agreement that we will conduct with the relevant third party. The same applies to controller-to-controller relationships.

The sharing of your personal data, as outlined in this section and for the purposes described in Chapter 1.1. (a-c), may include transfers to other entities within the DIF Group or to third parties located outside the European Economic Area (EEA). In instances where these countries do not provide an equivalent level of data protection, we commit to implementing safeguards and controls that meet the standards required by the EU Commission to ensure your personal data receives a comparable level of protection.

We may also share your personal data with third parties in other cases, such as:
d)    in case we are obliged by law to share your personal data (including to authorities);
e)    in the event of a sale, purchase or acquisition of business assets;
f)    in the event we are involved in a merger or acquisition. 

As for (e) and (f), we will ensure that any third party involved in such transaction will provide protection for your personal data that meets or exceeds the standards set by us and complies with the applicable data protection laws.

3.    How long do we store your personal data?
In principle, we will not store your personal data longer than is necessary to fulfil the purposes for which we collect those and as described under Chapter 1.

•    Newsletter: we will delete your personal data when you unsubscribe from our newsletter 10 years after the last newsletter has been sent.
•    Handling inquiries, complaints or other types of contact: we will delete your personal data 10 years after we have handled your inquiry, complaint, request or other type of contact. 
•    GDPR requests: we will delete your personal data 10 years after we have handled your request based on the GDPR.

In case we, within the retention periods as mentioned, assess that we would need your personal data for a legitimate interest such as to defend ourselves in a legal proceedings or to comply with a legal obligation, we can decide to store your information for a longer period per our internal policies and procedures.

4.    How do we protect your personal data?

We have implemented the necessary administrative, technical and organisational measures for ensuring an appropriate level of security and to protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed (privacy by default). 

DIF takes privacy and data protection into account when developing new policies, processes or when designing new (IT) systems through which personal data are processed (privacy by design). 

5.    What are your rights and how can your exercise them?
Under the GDPR, you have the following rights related to the processing activities as described in this privacy statement:
•    the right to receive information about and access to your personal data;
•    the right to rectify your personal data;
•    the right to erase your personal data (‘right to be forgotten');
•    the right to restrict the processing of your personal data;
•    the right to object to the processing of your personal data;
•    the right to receive your personal data (‘data portability’);
•    the right to withdraw your consent. 
You can send any privacy related request to our compliance officer: compliance@dif.eu

We may ask you to provide additional information to verify your identity or other information to be able to handle your request. It may be possible that we cannot comply with your request which we will substantiate in our response to you.

For the verification of your identity, we may ask for additional information to verify your identity.

6.    Changes
The most recent update of this privacy statement has been done on 30 June 2024. We can update our privacy statement at any moment and will publish the most updated and applicable version of our privacy statement on our website. We recommend to regularly see if any changes have been made. All changes to our privacy statement are applicable as soon as the privacy statement is published on our website.