HestiaPi processes personal data on a daily basis. Hereby HestiaPi adheres to the applicable privacy laws and regulations. HestiaPi respects the privacy of the persons from who it receives information and handles that information in strict confidence. In this privacy statement, we explain what personal data HestiaPi processes and for what purposes.
HestiaPi is the controller for the processing and storage of the personal data. Any personal data from customers and vendors are processed by HestiaPi. If you have any questions about the contents of the privacy statement, you can contact the HestiaPi legal department at legal@HestiaPi.com.
HestiaPi processes different types of personal data for different purposes. The personal data and purposes involved are explained below.
Implementation of purchase and manufacturing agreements
For processing and delivering your order, we need your name, e-mail address, delivery address, payment details and your telephone number. We pass along these data to third parties, e.g. to delivery services. We do so only if it is necessary for the implementation of the purchase agreement or any other agreement to which you are a party.
Delivery of our products
In order to deliver our products, we need your name, e-mail address, payment details and your telephone number. These data allow us to process your request, contact you, provide our services and keep you informed of the process. If it is necessary for delivering the products, we disclose your personal data to third parties.
When you register on our website, we ask for your name and e-mail address in order to create an account for you. We also use this information, including your avatar, to enable you to communicate with other users of the website. When you send an order to us we need the data mentioned above.
Once you have provided us with your personal data in setting up your account, you will have access to that information so you can update, modify or delete it.
You can create an online profile on our website. Your profile can include (but is not necessarily limited to) your name, an image, username and short biography, if you choose to share that information with us. You can also choose to receive information from us about our services.
The information of your profile is by default public and will be visible in our online community. You can opt to keep your name private on your profile page. By accessing your personal profile, you can change your preferences.
HestiaPi can be found on several social media, such as Facebook. We collect your personal data when you use functions on these websites and/or apps, such as a Facebook like or when you log in via Facebook. If you use such a function, we are able to obtain your personal data via our social media.
We do not currently collect financial information, as that information is collected and stored by our third party payment processor. However, we may from time to time request and receive some of your financial information from our payment processor for the purposes of completing transactions you have initiated through the services, protecting against or identify possible fraudulent transactions, and otherwise as needed to manage our business. In those cases we will use best practices to protect your financial information.
Business Development and Customer Identification
For acquiring new assignments, we collect commercially interesting information about companies, such as the position of a company within the market, the possible interest or further interest of the company in our products and the persons within the company who we wish to contact or have contacted. We collect the contact details of those persons, information about their visits to trade fairs, memos based on discussions and telephone conversations and visit reports. We collect similar information of suppliers and potential suppliers. This information is carefully organised and stored in a database that is accessible only by authorised employees. We do so on the basis of our justified business interest.
Within the organization of HestiaPi, we can pass on personal data. We do not share your personal details with companies, organisations and individuals outside HestiaPi, except in one of the following circumstances.
Implementation of an agreement
Issuing your personal data to third-party organisations is permitted if this is necessary to fulfil our contractual obligations with respect to you. This involves processing and delivering your order. If it is necessary for the delivery of the products ordered by you or the services requested, we use a third party for the finalisation of payments. We also pass on your data to the deliverer as far as necessary so that the order can be delivered to you.
With your permission
We can transfer your data to other parties if you grant us permission to do so. That permission applies only when it is clear what you are granting your permission for and what the consequences are.
For external processing
For legal reasons
We share personal data if we believe that disclosure of the data is necessary in order to comply with applicable legislation, statutory procedures or requests from government bodies.
When we receive legal process from non-governmental third parties seeking records or information about a HestiaPi user we may provide notice to that user. Such notice may include a copy of the legal process. HestiaPi may also provide the user with enough time to appear and object to the legal process in court, if appropriate.
Our policy is to provide notice to users about law enforcement and other governmental requests for user information prior to complying with that request, unless prohibited by law. HestiaPi may delay notice in cases involving the threat of death, bodily harm, or the exploitation of children. It is also our policy to provide notice to users about grand jury subpoenas seeking user information. If you are a representative of law enforcement or a government and object to a user receiving notice of a specific request, please provide legal justification when serving your request. Once the basis for non-disclosure has expired, we will provide notice to the user. All requests for access to user data can be submitted to service@HestiaPi.com.
For administrative reasons
We can pass along your personal data to promote the legitimate interests of HestiaPi for internal administrative purposes. This involves the internal management within HestiaPi by virtue of recital 48 of the GDPR.
In the event of a sale
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.
We do not retain your personal data for longer than necessary, unless we have a statutory obligation to retain your personal data for a longer period. Our basic principle is that we retain your personal data only for as long as that is necessary in order to deliver our products and/or services to you. We will subsequently remove your personal data in so far as possible. If, for instance, you have provided your e-mail address so that we can keep you informed of our services, we will retain your data for that purpose. We will also retain your personal data as long as your account and/or profile is active. If you no longer want us to use your information to provide you services, you may close your account and/or profile.
HestiaPi also processes personal data of employees, in the context of the employment contract and on a statutory basis. For information about processing the personal data of employees, reference is made to the staff manual.
HestiaPi collects and processes data of applicants by means of personal contacts, by post, by e-mail and/or telephone conversations. The information we collect includes the name, gender, contact details, motivation letters, training level and working history of the applicant. These data are relevant for following the selection procedure and will be removed no later than four weeks after the completion of the procedure. If you grant permission, HestiaPi can store your personal data for a longer period in its administrative records, so that you can be contacted again if necessary in the future.
Transfer of personal data outside the EU
HestiaPi may transfer your personal data from the Netherlands to a foreign country, and vendors established there. Countries within the European Economic Area (EEA) have a personal data protection level that is similar to the Netherlands. We may transfer your personal data with due observance of the general requirements of privacy legislation. We can do so, for instance, within our group for the benefit of efficient operations.
We will transfer your personal data outside the EEA only if an appropriate level of protection exists. For this purpose, HestiaPi uses model contracts approved by the European Commission. We will transfer your personal data mainly to branches in our group for the benefit of our internal operations. We have, for example, branches and production entities in the United States of America.
HestiaPi is responsible for the optimal performance of its website. To ensure that the website functions properly, HestiaPi uses technology that involves processing personal data, such as cookies.
A cookie is a small text file that is stored on the visitor’s device (electronic appliance) when the site is first visited. Cookies are intended to collect information about a person, the website or statistics. Some cookies are also intended to improve user experiences of the website.
Types of cookies
We make a distinction between functional and non-functional cookies. Functional cookies are always used. These are necessary for the efficient operation of the website and process personal data only for the purpose for which these data are completed. For instance, the basket stores personal data for the processing and delivery of your order. Non-functional cookies process personal data outside your field of vision. That is why we always ask for your permission before using these cookies.
Non-functional cookies include analytics cookies. These cookies are not necessary for the functioning of the website. Analytics cookies show us which parts of the website need improving and, for instance, allow us to measure the popularity of certain pages. Non-functional cookies have a great variety of purposes, but they mainly enable us to improve our service provision. We can, for example, measure how often our website is visited and discover what information visitors are looking for. Analytics cookies are also necessary to help customers through the helpdesk.
We use the following non-functional cookies:
We use analytics cookies to collect statistics about the use of the website by visitors. By measuring website use, the site can be improved to benefit visitors.
The data stored include the following:
- the IP address;
- technical characteristics, such as the browser you are using;
- the page from which you accessed the webshop.
These are cookies that are used to identify an internet user on a website. By using tracking cookies, we record the internet pages you visit. The information about your website visits allows us to derive your preferences and interests. We can use this information to make personal offers and improve our website.
We use advertising cookies to show personalised advertisements and to measure the effectiveness of an advertising campaign. The advertising cookies are necessary to actually show the advertisements.
Blocking and removing cookies
If you do not want our website to store cookies on your computer, you can indicate this in the cookie notice that appears when you first visit our website.
If you have previously accepted our cookies, this notice will no longer appear and you will have to remove the cookies yourself in your browser settings (if desired).
When your personal data are processed using cookies, you can exercise the rights summarised in paragraph 6.
You have a number of statutory rights with respect to us: access, corrections or additions, data deletion, limitation of processing, transfer of digital data and the right of objection. We explain these rights below. We also explain how you can exercise these rights with respect to HestiaPi.
Right of access
Upon your request, we will inform you in writing whether we are processing your personal data. When making your request, you must identify yourself by means of a copy of your driving licence or identity document. In our response, we will explain which of your personal data we have processed or are still processing. We will also explain the purposes for which the data have been or are still being processed, the parties with which the data are being shared, the period for which these data are expected to be stored, and which other rights you can exercise.
Corrections or additions
If you have received details about the processing of your personal data, you can request us to correct inaccuracies or to make additions to incomplete information. We will motivate our response. If we make corrections, you will receive a supplementary statement from us. That statement will also be sent to any recipients of your incorrect or incomplete data.
Delete personal data
You can request us to delete your personal data from our systems in one or more of the following cases:
– the personal data are no longer necessary for the purposes for which we have processed them;
– you withdraw your permission for processing or further processing and no other basis for processing exists;
– you lodge a motivated objection, and there are no urgent reasons for not respecting your objection;
– the personal data have been wrongfully processed by us;
– we have to delete your personal data on the basis of a statutory obligation of which we had no knowledge before you informed us thereof.
Limitation of processing
If you have noticed an inaccuracy or incompleteness in your personal data, you can request us to limit the processing for as long as we are dealing with your request. You may also request us to limit the processing of your data if you believe that we are wrongfully processing your data or if we no longer need them, or if you have lodged and objection against the processing or the further processing of the data. After the receipt of your limitation request, we will continue to process the data only with your permission or if there are compelling reasons for doing so (such as legal proceedings).
Transfer of digital data
If you have provided us with personal data and we have processed your data with your permission or in the context of implementing an agreement with you, you will be entitled to request a copy of these data from us. In such cases, you can also request that your data be transferred directly to another service provider.
You may lodge an objection at all times against the processing of personal data relating to you. That applies particularly to profiles and accounts that we have created on the basis of your personal data. We will cease processing your data following the receipt of your objection, unless we can put forward justifiable reasons that outweigh your interests, rights and liberties.
If we process your personal data for direct marketing purposes, you may object at any time and we will cease processing immediately.
If you wish to exercise one or more of the rights summarised above, you can contact us at legal@HestiaPi.com. HestiaPi will decide on your request within four weeks, unless we inform you within that period that we need a bit more time.
If your personal data are processed on the basis of your permission, you will be entitled to withdraw that permission. Any withdrawal of your permission will not prejudice previous processing on the basis of that permission.
If you have a complaint about the use of your personal data, please contact the HestiaPi legal department at legal@HestiaPi.com.
If you have any questions, please e-mail us at: service@HestiaPi.com.
This privacy statement is in accordance with the EU General Data Protection Regulation. We reserve the right to update this privacy statement periodically. The latest version will be published on this page.