Privacy Policy
About our privacy policy
Leauf cares greatly about your privacy. We therefore only process data that we need for (the improvement of) our services and handle the information we have collected about you and your use of our services with care. We never make your data available to third parties for commercial purposes. This privacy policy applies to the use of the website and the services accessible through it provided by Leauf. The effective date for the validity of these terms is 30/06/2024. With the publication of a new version, the validity of all previous versions expires. This privacy policy describes what data we collect about you, what this data is used for, and with whom and under what conditions this data may be shared with third parties. We also explain how we store your data, how we protect your data from misuse, and what rights you have regarding the personal data you provide to us. If you have any questions about our privacy policy, you can contact our privacy officer; you will find the contact details at the end of our privacy policy.
About the data processing
Below you can read how we process your data, where we store it, what security techniques we use, and who has access to the data.
Webshop software
Our webshop is developed with software from WordPress. Personal data that you provide to us for our services is shared with this party. WordPress has access to your data to provide us with (technical) support. They will never use your data for any other purpose. Based on the agreement we have with them, WordPress is obligated to take appropriate security measures. WordPress uses cookies to collect technical information regarding your use of the software. No personal data is collected and/or stored.
Web hosting
WordPress
We purchase web hosting and email services from a web hosting partner. The web hosting partner processes personal data on our behalf and does not use your data for its own purposes. However, this party may collect metadata about the use of the services. These are not personal data. The web hosting partner has taken appropriate technical and organizational measures to prevent loss and unauthorized use of your personal data. The web hosting partner is obligated to confidentiality based on the agreement.
Email and mailing lists
We send our newsletters and transactional emails using our webshop software. All confirmation emails you receive from our website and web forms are sent via the servers of WordPress. WordPress will never use your name and email address for its own purposes. At the bottom of every email sent automatically via our website, you will see the ‘unsubscribe’ link. If you click on it, you will no longer receive emails from our website. This may significantly reduce the functionality of our website! Your personal data is securely transmitted, stored, and accessed by WordPress. WordPress uses cookies and other internet technologies to determine whether emails are opened and read. Additionally, WordPress processes information about you as a recipient and the subject line of emails to improve the quality of the service. This data is stored for 30 days. WordPress reserves the right to use your data to further improve the service and, in this context, share information with third parties.
MailChimp
We send our email newsletters using MailChimp. MailChimp will never use your name and email address for its own purposes. At the bottom of every email sent automatically via our website, you will see the ‘unsubscribe’ link. You will then no longer receive our newsletter. Your personal data is securely stored by MailChimp. MailChimp uses cookies and other internet technologies to determine whether emails are opened and read. MailChimp reserves the right to use your data to further improve the service and, in this context, share information with third parties.
Web hosting partner
We use the services of our web hosting partner for our regular business email traffic. This party has taken appropriate technical and organizational measures to prevent misuse, loss, and corruption of your and our data as much as possible. Our web hosting partner has no access to our mailbox, and we handle all our email traffic confidentially.
Payment processors
Pay.nl
For handling (part of) the payments in our webshop, we use the payment service provider Pay.nl. Pay.nl processes your name, address, and residence details and your payment information such as your bank account or credit card number. Pay.nl has taken appropriate technical and organizational measures to protect your personal data. Pay.nl reserves the right to use your data to further improve the service and, in this context, share (anonymized) data with third parties. In the case of a request for deferred payment (credit facility), Pay.nl shares personal data and order data with post-payment service providers. All the above-mentioned safeguards regarding the protection of your personal data also apply to the parts of Pay.nl’s service for which they engage third parties. Pay.nl does not retain your data longer than is permitted by the legal terms.
Mollie
For handling (part of) the payments in our webshop, we use the platform of Mollie. Mollie processes your name, address, and residence details and your payment information such as your bank account or credit card number. Mollie has taken appropriate technical and organizational measures to protect your personal data. Mollie reserves the right to use your data to further improve the service and, in this context, share (anonymized) data with third parties. All the above-mentioned safeguards regarding the protection of your personal data also apply to the parts of Mollie’s service for which they engage third parties. Mollie does not retain your data longer than is permitted by the legal terms.
Ideal
EXAMPLE: For handling (part of) the payments in our webshop, we use the platform of Ideal. Ideal processes your name, address, and residence details and your payment information such as your bank account or credit card number. Ideal has taken appropriate technical and organizational measures to protect your personal data. Ideal reserves the right to use your data to further improve the service and, in this context, share (anonymized) data with third parties. In the case of a request for deferred payment (credit facility), Ideal shares personal data and information regarding your financial position with credit assessors. All the above-mentioned safeguards regarding the protection of your personal data also apply to the parts of the web hosting partner’s service for which they engage third parties. Ideal does not retain your data longer than is permitted by the legal terms.
Billing and accounting
Lightspeed
To keep our administration and accounting, we use the services of Lightspeed. We share your name, address, and residence details and order details. These data are used for the administration of sales invoices. Your personal data is securely transmitted and stored. Lightspeed is obligated to confidentiality and will handle your data confidentially. The web hosting partner does not use your personal data for purposes other than those described above.
External sales channels
WordPress
EXAMPLE: We sell (a part of) our articles through the platform of Bol.com. If you place an order via this platform, Bol.com shares your order and personal data with us. We use this data to handle your order. We handle your data confidentially and have taken appropriate technical and organizational measures to protect your data from loss and unauthorized use.
Purpose of data processing
General purpose of the processing
We use your data exclusively for our services. This means that the purpose of the processing is always directly related to the order you provide. We do not use your data for (targeted) marketing. If you share data with us and we use this data to contact you at a later date – other than at your request – we will ask you for explicit permission. Your data will not be shared with third parties, other than to meet accounting and other administrative obligations. These third parties are all bound to confidentiality based on the agreement between them and us or an oath or legal obligation.
Automatically collected data
Data automatically collected by our website is processed to further improve our services. This data (for example, your IP address, web browser, and operating system) is not personal data.
Cooperation in tax and criminal investigation
In some cases, Leauf may be required by law to share your data in connection with governmental tax or criminal investigation. In such a case, we are forced to share your data, but we will oppose it within the possibilities offered by the law.
Retention periods
We keep your data as long as you are our client. This means that we keep your client profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also consider it a forget request. This also means that we do not retain your data longer than two years from the last contact moment or transaction, unless there is a legal justification for this. Based on applicable administrative obligations, we must retain invoices with your (personal) data, so we will retain this data for as long as the applicable term runs. However, employees no longer have access to your client profile and documents we have produced in response to your order.
Your rights
Under the applicable Dutch and European legislation, you as a data subject have certain rights concerning the personal data processed by or on behalf of us. Below we explain what these rights are and how you can invoke them. In principle, to prevent misuse, we only send copies and transcripts of your data to your already known email address. If you wish to receive the data at another email address or, for example, by post, we will ask you to identify yourself. We keep records of completed requests. In the case of a forget request, we administer anonymized data. You receive all copies and transcripts of data in a machine-readable data format that we use within our systems. You always have the right to file a complaint with the Dutch Data Protection Authority if you suspect that we are using your personal data incorrectly.
Right of access
You always have the right to view the data we process or have processed that relate to your person or are traceable to you. You can submit a request to that effect to our privacy officer. You will receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data with an overview of the processors holding this data, stating the category under which we have stored this data, at the email address known to us.
Right to rectification
You always have the right to have the data we process or have processed that relate to your person or are traceable to you adjusted. You can submit a request to that effect to our privacy officer. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation that the data has been adjusted to the email address known to us.
Right to restrict processing
You always have the right to limit the data we process or have processed that relate to your person or are traceable to you. You can submit a request to that effect to our privacy officer. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the email address known to us that the data will no longer be processed until you lift the restriction.
Right to portability
You always have the right to have the data we process or have processed that relate to your person or are traceable to you performed by another party. You can submit a request to that effect to our privacy officer. You will receive a response to your request within 30 days. If your request is granted, we will send you copies or transcripts of all data about you that we have processed or that have been processed on our behalf by other processors or third parties, to the email address known to us. In all likelihood, we can no longer continue the service in such a case, because the secure linking of data files can then no longer be guaranteed.
Right to object and other rights
In some cases, you have the right to object to the processing of your personal data by or on behalf of Leauf. If you object, we will immediately stop the data processing pending the handling of your objection. If your objection is well-founded, we will make copies and/or transcripts of data that we process or have processed available to you, and then permanently stop the processing. You also have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe that this is the case, please contact our privacy officer.
Cookies
Google Analytics
Cookies from the American company Google are placed via our website as part of the “Analytics” service. We use this service to track and get reports on how visitors use the website. This processor may be obliged to provide access to this data based on applicable laws and regulations. We collect information about your surfing behavior and share this data with Google. Google can interpret this information in conjunction with other datasets and thus track your movements on the internet. Google uses this information to offer, among other things, targeted advertisements (Adwords) and other Google services and products.
Third-party cookies
In the case that third-party software solutions use cookies, this is stated in this privacy statement.
Changes to the privacy policy
We always reserve the right to change our privacy policy. However, you will always find the most recent version on this page. If the new privacy policy has consequences for the way we process data already collected about you, we will notify you by email.
Contact details
Leauf
Tweede Goudsbloemdwarsstraat 26, Amsterdam, The Netherlands
info@leauf.com
T (06) 46091881
Privacy officer contact person:
Gijs Dominicus