Home Notice on personal data processing

Notice on personal data processing

of customers of the former Tradus service

1. Introduction & Contacts

1.1. This Notice describes how the personal data related to your past use of the Tradus service (“your personal data”) will be processed after this service is closed on 30 June 2021. Here we also provide you with explanations about your rights with respect to your personal data and contact details should you have any data protection queries.

1.2. Contacts. If you have any questions about the processing of your personal data in the context of the Tradus service, you can reach us by email: [email protected]

 

2. Who is the data controller after 30 June 2021?

2.1. Even after 30 June 2021, some of your personal data will need to be retained on file for the reasons mentioned in part 4 of this Notice. Up until the point of its liquidation, Tradus B.V.  will remain the data controller of this personal data. After liquidation, your personal data will be housed with Tradus B.V.’s shareholder OLX Global B.V., which will take over as data controller for your personal data. OLX Global B.V. will retain your personal data in its archive thereafter in the same manner and for these same purposes outlined in part 4 of this Notice.

2.2. To sum up:

2.2.1. Until its liquidation ends, Tradus B.V. will remain the data controller of the Personal Data of Tradus’ former customers. Per 1 July 2021 Tradus B.V. is located at Gustav Mahlerplein 5, 1082 MS Amsterdam, in The Netherlands.

2.2.2. After liquidation of Tradus B.V. the data controller of your personal data will become OLX Global B.V. OLX Global B.V. is located at Gustav Mahlerplein 5, 1082 MS Amsterdam, in The Netherlands.

2.3. Tradus B.V. and OLX Global B.V., as relevant, are hereinafter referred to as “Data Controller/we”.

 

3. What personal data do we process?

3.1. We will retain only the personal data (described below) that are necessary for the purposes set out in Point 4. All other existing customer personal data unnecessary for these purposes will be erased from our database.

3.2. If you were a user of the Tradus service, we retain the following categories of your personal data in our archive after 30 June 2021:

3.2.1. your email address;

3.2.2. your postal address;

3.2.3. your VAT number and bank account number;

3.2.4. your cell phone number if your cell phone number was used for the purpose of Tradus service access and/or billing;

3.2.5. information about your transaction history, including payments, refunds and payment methods;

3.2.6. any history of our correspondence with you;

3.2.7. records indicating the times and dates you viewed content on the Tradus platform; and

3.2.8. any account change requests (i.e. password reset, data subject rights requests).

We collected this personal data from you during your usage of the Tradus service and your interactions with our customer care.

3.3. If you only set up a Tradus service account but you were not a paying customer your personal data will be erased after 1 October 2021.

3.4. If you set up a Tradus service account as a paying customer we will only keep the categories of personal data as mentioned in 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5 after 1 October 2021.

 

4. For what purposes do we process this personal data?

4.1. We are required to retain the personal data referred to in Point 3.2 for the following reasons:

4.1.1. to comply with legal obligations resulting from financial and tax regulations, and

4.1.2. for the purpose of establishment, exercise, or defense of legal claims.

4.2. The legal authorization for the data processing described above is on the basis of the legitimate interests pursued by the data controller, as described in Article 6 (f) of the EU General Data Protection Regulation (“GDPR”).

4.3. The data processing described above does not involve any automated individual decision-making or profiling, as described in Article 22 of the GDPR.

 

5. Who are the recipients of personal data?

5.1. Generally, we will process your personal data in an archiving mode in our systems and solely for the purposes stated in this Notice.

5.2. However, we might need to disclose your personal data to the following categories of recipients:

5.2.1. trusted service providers retained by us, acting at our instruction, including hosting services providers, support and security services providers, payment and reconciliation services providers;

5.2.2. financial and tax institutions, as well as governmental bodies, courts or bodies of similar nature, as may be required by applicable law.

5.3. Our archive is stored within the European Economic Area (EEA).

If it is necessary to transfer personal data outside the EEA for any of the purposes described above, we will take all legally required steps consistent with applicable European data protection legislation to ensure that the personal data is adequately protected in each such third jurisdiction that does not have the same level of protection as the EEA, in particular by relying on EU model clause agreements, as appropriate.

 

6. What are your data subject rights?

6.1. You have the following rights with respect to your personal data processed by the Data Controller:

6.1.1. Access: You have the right to access your personal data. Note that you can find all information about your data processing, including details about the purposes, categories of data, recipients and other information related to processing of your personal data in this Notice.

6.1.2. Rectification: You can ask us to have inaccurate personal data amended.

6.1.3. Erasure: You can ask us to erase personal data. Note we keep only personal data that are necessary for us to comply with financial and tax regulations and for the establishment, exercise or defense of legal claims. All other data were erased by us as mentioned in Point 3 above. Consequently, we have valid legal grounds for processing of personal data referred to in this Notice (as envisaged by Article 17 paragraph 3 of the GDPR) and on that basis we will not be in a position to erase such personal data.

6.1.4. Objection to processing: You can object to processing of your personal data based on the legitimate interest of the Data Controller. Note we keep only personal data that are necessary for us to comply with financial and tax regulations and for the establishment, exercise or defense of legal claims. All other data were erased by us as mentioned in paragraph 3 above. Consequently, we have valid legal grounds for processing of personal data referred to in this Notice (as envisaged by Article 21 paragraph 1 of the GDPR) and on that basis we will not be in a position erase such personal data.

6.1.5. Portability: You can ask us to receive the personal data that you provided to us, in machine-readable format, to enable you to easily port it to a third party.

6.1.6. Restriction: We may be required to have your data restricted for processing in certain circumstances as defined in Article 18 of the GDPR.

6.2. Exercise of your rights. You can exercise your rights and lodge requests to the Data Controller using this e-mail addresses, as appropriate: [email protected]

Please note that we ask you to contact us from the email address that was registered at the Tradus service so that we can authenticate your identity and ensure that you are authorized to gain access to this personal data via this mechanism. To protect the users of the Tradus service, we might ask you to provide information about the payment method that was used to pay for Tradus, your cell phone number if your cell phone number was used for the purpose of Tradus service access and/or billing, and/or some additional information about you to confirm your identity. Should none of the above authentication information be available, we may not be able to connect you with personal data in our database.

6.3. Complaints: You can raise a complaint about processing of personal data by the Data Controller with the data protection authority in your jurisdiction. If you find it difficult to contact the data protection authority, we will help you get in touch with them.

 

7. How long do we store data?

7.1. Data Retention Principles: We keep your personal data no longer than necessary for the purposes for which we are permitted and/or required to do so, including compliance with legal obligations resulting from tax and financial laws as well as establishment, exercise or defense of legal claims. We will retain the data in our archive for up to 10 years.

 

8. Security

8.1. Maintaining the security and integrity of your personal data is a high priority and we endeavor to maintain appropriate technical and organizational measures to secure the integrity of information, using accepted technological standards to prevent unauthorized access to or disclosure of your personal data and to protect them from misuse, loss, alteration or destruction. In particular, personal data will be stored in an archiving mode with restricted access to data to selected people who have a business need to access it.
8.2. Where appropriate we will segregate information so that we may make use of it in a manner that avoids unnecessary identification, in the interest of protecting your privacy and enhancing security practices.

 

9. Final provision

9.1. The Tradus Privacy Policy that governed the processing of personal data by Tradus B.V. before 30 June 2021 can be provided on request.