CHD Services – PRIVACY POLICY
(Last updated March 2023)
This Privacy Policy describes how we (CHD Group) process your personal data in connection with the services provided under the free-of-charge version of the Service (“CHD Services”).
CHD Group comprises various entities across the world. Where this Privacy Policy mentions “CHD”, “we”, “us” or “our”, we are referring to the relevant company within CHD Group which is responsible for processing your data.
Any capitalised terms used within this Privacy Policy, such as “Customer Dashboard”, “Customer Environment” and “Website”, have the same meaning as per the Terms of Use of the CHD Services unless another definition is provided in this Privacy Policy.
If you have any questions about this Privacy Policy or how we process data (including personal data) in connection with the CHD Services, please contact our Data Protection Officer via email. The email address and other contact information of the CHD Group are as follows:
| Contact Details of CHD Group | |
|---|---|
| Email Address | chd_dpo@mychd.cloud |
| Contact Address | Kabelweg 22, 1014BB, Amsterdam, Netherlands |
| Phone Number | +371 67802812 |
“Personal Data” means any information relating to an identified or identifiable natural person. This excludes anonymised data.
In connection with the CHD Services, we may collect and use the following categories of data, which may be Personal Data.
| Categopry | Description |
|---|---|
| User Data | User data is data needed to create your administrator account and for you to access and use the CHD Services. We receive this data from you e.g., during the account creation process, via the account settings page, or when you give feedback to or contact us regarding the CHD Services. For the free-of-charge version, the data we receive or collect from you is limited to the following: a. Username b. Email address c. Name(s) (which may include first name and/or last name) d. Phone number |
| Employee Data | We may receive the following data about your employee(s) from you via your interactions with and use of the CHD Services, e.g., during the account creation process, via the account settings page, or when you give feedback to or contact us regarding the CHD Services: a. Employee Name(s) (which may include first name and/or last name) |
| Financial and Transaction Data | We may receive the following data from you via your interactions with and use of the CHD Services, via technologies such as the payment terminals that you link with the CHD Services: a. Whether a payment by a retail customer was successful or not b. The monetary value of sales made to your retail customers We do not receive any payment card details or other financial or transaction data than those set out above. |
| Technical and Usage Data | We collect the following data via your interactions with and use of the CHD Services, via automated technologies such as cookies (please see Clause 4 (Cookies) for more information): a. Login data b. Internet Protocol (IP) address c. Browser information (e.g., type and version, uses of any plugins) d. Location and time zone e. Operating system and platform information |
| Marketing and Communications Data | We collect the following data via your interactions with and use of the CHD Services, e.g., during the account creation process and via the account settings page: a. Email address b. Your preference(s) in receiving marketing from us and your communication preference(s) |
We will only use and disclose personal data as permitted under the laws and regulations of the Netherlands, such as the General Data Protection Regulation (also known as the “GDPR”), for the purposes of facilitating the operation of the CHD Services and legitimate business purposes. Please refer to the table below. We do not sell your Personal Data under any circumstances.
Your personal data will only be used for these purposes unless we reasonably consider that we need to use it for another purpose that is compatible with any of the original purposes. If we need to use your personal data for a purpose that is incompatible, we will ask for your consent or notify you via the Customer Dashboard or via email to the email address associated with your account with an explanation of the new relevant legal basis.
| Purpose | Type(s) of Data Involved | Lawful Basis for such Purpose |
|---|---|---|
| a. Registering your administrator account on the Website b. Providing the CHD Services c. Managing our relationship with you (e.g. notifying you of changes to the Terms of Use or Privacy Policy, resolving disputes) |
a. User Data b. Employee Data |
a. Performance of a contract with you b. Necessary to comply with legal obligations |
| a. Understanding, diagnosing, troubleshooting or fixing issues with the Website and/or the CHD Services b. Providing updates and/or improvements to the CHD Services, the Website and/or the underlying software c. Administering and protecting our business and the integrity of the Website a. User Data |
a. User Data b. Employee Data c. Financial and Transaction Data d. Technical and Usage Data |
a. Performance of a contract with you b. Necessary to comply with legal obligations c. Necessary for legitimate interests (i.e., running our business, providing IT and administrative support, ensuring network security and fraud prevention) |
| a. To use data analytics to improve the CHD Services and/or the Website, our other products or services and/or the customer experience | a. Technical and Usage Data | a. Necessary for legitimate interests (i.e., to develop our business and keep our products and services up-to-date) |
| a. Complying with any of our obligations under law or requests from authorities | a. User Data b. Employee Data c. Financial and Transaction Data d. Technical and Usage Data |
a. Necessary to comply with legal obligations |
| a. For marketing, promotion and advertising purposes | a. User Data b. Financial and Transaction Data c. Technical Data d. Marketing and Communications Data |
a. Consent |
| a. To establish, exercise, or defend legal claims | a. User Data b. Employee Data c. Financial and Transaction Data d. Technical Data e. Marketing and Communications Data |
a. Necessary for our legitimate interests (e.g., to protect our business interests) |
We use cookies on the Website to distinguish you from other users of the CHD Services. A cookie is a small file of letters and numbers that we store on your browser or hard drive of your device if you agree. Cookies contain information that is transferred to your device. We may use the following cookies:
| Cookie Type | Cookie Name | Description |
|---|---|---|
| Strictly Necessary Cookies | .AspNet.Consent .AspNetCore.Antiforgery. PTMSCookieName |
Cookies required to access and use the Website and the CHD Services. These include cookies that enable you to log into the Customer Environment of the Website. |
| Analytical or Performance Cookies | N/A – Not in use. | Cookies which enable us to recognise and count the number of visitors to and to see how visitors move around the Website when they are using it. This helps us improve the functionality of our website, e.g. the navigation functions. |
| Functionality Cookies | .AspNetCore.Culture PTMSCookieName |
Cookies which recognise you when you return to the Website and enables us to remember your preferences (e.g., choice of language or region). |
You can disable certain cookies. However, if you disable certain cookies, you may not be able to access or use the full functionality of the Website and the CHD Services.
In order to provide you the CHD Services, we may disclose and/or transfer personal data internationally within the CHD Group and to subcontractors or partners in connection with the purposes in Clause 3. These entities are set out below. Such international transfers may to be countries with data protection laws that are different from the laws of your country, however, we use tools to ensure that such international transfers will be in compliance with the GDPR. For e.g., we will ensure that your personal data will be given adequate protection either via contractual protections and/or technical measures.
We do not allow third parties to use your personal data for their own purposes or monetise your personal data under any circumstances.
| Entities within the CHD Group | Other entities in the CHD Group, which are based in the European Union and provide services which support the CHD Services. Such entities are required to follow the GDPR when processing personal data. |
| Subcontractors or partners | a. Service providers based in the European Union which provide services which support the CHD Services, such as distribution or reselling services, IT and system administration support. If you need technical or other assistance with myCHD.cloud, we and/or our service providers based in the European Union may be required to remotely access your account to provide such assistance, with your prior consent. Any such remote access will be limited to the aforesaid purposes only. b. The data servers are provided by a service provider in Germany. c. Professional advisors such as lawyers, bankers, auditors and insurers based in the European Economic Area, who provide consultancy, banking, legal, accounting and insurance services. |
.
We may also disclose and/or transfer personal data to a third party to whom we may choose to sell, transfer or merge parts of or all of our business and/or assets; or if we choose to acquire or merge with other businesses. The new owners of our business may use your personal data in the same way as set out in this Privacy Policy.
We have implemented security measures to help protect your personal data from accidental loss and unauthorised use. Access to your personal data is limited to employees, agents, contractors and third parties on a need-to-know basis and these parties are subject to confidentiality obligations.
You should implement reasonable security measures to prevent accidental loss and use, including the mandatory measures prescribed in the Terms of Use and:
a. Use a strong and unique password;
b. Never share your password with anyone who does not need to access your account;
c. Implement measures to prevent accidental discovery of your password by unauthorised parties (e.g., do not write your password on a post-it and leave it where others can view it);
d. Limit access to your devices and browsers you use to access your account;
e. Log out once you have finished using the CHD Services, especially if you are on a shared device.
We retain personal data only for as long as reasonably necessary for the purposes in Clause 3 and for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. The retention period is maximum three (3) years following the termination of the Service for any reason but we may retain your personal data for a longer period if deemed necessary in the event of a dispute or potential dispute with you. Notwithstanding the foregoing, when it is no longer reasonably necessary for us to retain your personal data, we will permanently delete it or anonymise it (i.e., it can no longer be associated with you) even if the three (3) years retention period has not expired.
You have certain rights relating to your personal data under certain circumstances. Please refer to the table below. In addition, if you believe that we have violated your privacy, you can file a complaint with the Autoriteit Persoonsgegevens at the following link: https://autoriteitpersoonsgegevens.nl/nl/meldingsformulier-klachten.
If you wish to exercise any of these rights, please contact our Data Protection Officer at chd_dpo@mychd.cloud. You may be required to provide us with information on request to verify your identity and entitlement to exercise these rights.
There is typically no fee payable for your exercise of any of the rights below but please note that we may refuse to comply with your request or a reasonable fee may be charged if your request is unfounded, repetitive or excessive.
We typically respond to all requests within one (1) calendar month, but it may take longer in some circumstances if your requests are numerous or complex. If there is any delay, we will notify you and keep you updated.
| Legal Right | Description |
|---|---|
| Request Access to Personal Data | You can request for a copy of the personal data we hold about you and check that we are lawfully processing the same. |
| Request Correction to Personal Data | You can request for us to correct any incomplete or inaccurate personal data we hold about you. In order to effect your request, we may require you to furnish information to verify the accuracy of the new data you provide to us. |
| Request Erasure of Personal Data | If there is no good reason for us to continue processing your personal data, you can request for the same to be deleted or removed. However, please note that we may not always be able to comply due to legal reasons and you will be notified if any such reasons are applicable. |
| Object to Processing of Personal Data | In relation to the processing of your personal data for direct marketing purposes, you can easily opt out and control your marketing preferences via the account settings on the Customer Dashboard. In every other case, you can object to our processing of your personal data where we are relying on a legitimate interest, and you wish to object to such processing on the grounds that you feel it impacts your fundamental rights and freedoms. We may demonstrate that we have compelling legitimate grounds to process your personal data which overrides your rights and freedoms. If you successful in exercising your right to object to processing of personal data, you can subsequently request for erasure of your personal data, per the above. |
| Request Restriction of Processing of Personal Data | You can request that we suspend processing of your personal data in the following circumstances: a. If you want us to establish the accuracy of the data; b. Where our use of the data is unlawful but you do not want us to erase it; c. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; d. You have objected to our processing of your data but we need to verify whether we have overriding legitimate grounds to continue processing. |
| Request Transfer of Personal Data | You can request for a transfer of your personal data held by us to you or a third party. This only applies to automated information which you provided consent for us to use, or where we used the information to perform our contract with you. We will provide to you or the third party chosen by you the data in a structured, commonly used, machine-readable format. |
| Right to Withdraw Consent | If we rely on consent to process your personal data, you can withdraw consent at any time. Please note that this will not affect the lawfulness of any processing carried out prior to your withdrawal of consent. If you withdraw consent, we may not be able to provide certain products or services to you and we will notify you if this is the case. |
We may make changes to this Privacy Policy at our discretion. You will be notified of the amended Privacy Policy via the Customer Dashboard of the Website or via email to the email address associated with your account. Your continued use of the CHD Services constitutes your acceptance of the Privacy Policy as amended.
Whilst using or interacting with the CHD Services, you may come across links to third-party websites. If you follow any of those links, please note that those websites have their own privacy policies and CHD has no responsibility or liability for those policies. It is your responsibility to check those policies before submitting personal data to any of those websites.