Personal data is a key component of the activities performed by albelli. Personal data is a valuable asset that needs to be managed and guarded properly to preserve the trust of our customers and employees and to comply with the applicable laws and regulations.
albelli wants to be a trusted party when it comes to handling data, so our successful business can continue to grow and provide a great working environment. albelli’s strategy is focused on being a trusted partner for our customers while at the same time reducing the risks which come into play for all parties involved.
When we do not handle personal data with proper care, albelli can be exposed to supervisory authority scrutiny, financial losses (including potential fines) and damage to our business and brand reputation. Fines for non-compliance with the GDPR can go up to EUR 20 million or 4% of the worldwide annual turnover. For more information on the GDPR and the definition of personal data, please see chapters 4 and 5 of this policy.
2. Purpose of this policy
The purpose of this Policy is to describe how albelli handles and protects personal data, in order to comply with applicable laws and regulations.
3. Scope of this policy
All handling of personal data by albelli B.V. and its affiliate companies, albumprinter Holding B.V., albumprinter Services B.V., albumprinter Productions B.V., albumprinter.com B.V., albelli GmbH, albumprinter Norway AS, fotoknudsen AS and Resnap B.V. relating to its brands albelli, fotoknudsen, bonusprint, onskefoto and resnap, is within scope of this Policy. This includes data of customer business contacts*, consumers, contractors, employees and vendor business contacts (in any form) that is collected, stored, shared, transmitted, and/or otherwise used in our business.
*Business contacts are the natural persons working at the company or representing the company.
4. What is personal data?
Some data is privacy sensitive and may be labelled as ‘personal data’. Personal data is any information relating to an identified or identifiable natural person (the ‘data subject’).
The data subject doesn’t need to be a directly identified individual by means of name, but as soon as an individual can be singled out from a group, be individualized and identified at some point, the data is personal data. All data that relates to an identified or identifiable individual is to be regarded as personal data. For instance, purely transactional data may not in itself be directly identifiable data, but it will become personal data when it is related to an identified or identifiable individual, for example because it is linked to a name, an e-mail address or a telephone number.
The GDPR has a special regime for special categories of data. Special categories data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health or medical data, data concerning a person’s sex life or sexual orientation or data relating to criminal offences.
The processing, so the collection or use of sensitive personal data, is prohibited, unless an exception to the general prohibition is applicable. The collection and use of such data shall therefore be avoided as much as possible. Also, avoid collecting and using data of sensitive groups, such as children/minors, disabled and elderly people, unless we clearly are allowed to process such data.
The following are examples of data that are generally considered to be personal data:
– First name and/or first initial and last name
– E-mail address
– Telephone number
– Date or place of birth
– Payment or transactional data
5. What principles apply to the processing of personal data at albelli?
The following core data protection principles apply to all processing activities with regard to personal data within albelli.
5.1 Legitimacy, fairness and transparency
albelli only processes personal data for a fair, clear and legitimate purpose. This means that processing of personal data is always based on a legal basis as provided by the GDPR, such as for example the consent of the data subject, when it is necessary for the entering into or performance of a contract with the data subject or when we are obliged by law to process personal data*.
Furthermore, we are open and transparent about the processing of personal data towards the data subject, society and the data protection authorities. We provide the required information regarding our processing activities through different channels, including through our privacy statement on our website and our personnel handbook for employees.
Finally, we respect the rights of the data subject and facilitate requests where this is required and feasible.
*See Article 6 GDPR for all legal grounds.
5.2 Purpose limitation
albelli only collects personal data for clearly defined and explicitly described purposes. If we intend to further process the personal data for a different purpose than for which it was originally collected, we will assess whether this new goal is compatible with the original goal. We will take the link between the purposes, the context in which the personal data was collected, the nature of the data and the possible consequences into account in this assessment. Additional measures to protect the personal data will be taken where necessary.
5.3 Data minimisation
albelli only collects and processes those categories of personal data that are necessary for the defined purpose(s). Systems are configured to allow only for processing the minimal collection of data (privacy by default).
5.4 Data accuracy
albelli ensures the personal data are collected and used are accurate and up to date, by regularly reviewing our databases and making it easy for data subjects to request rectification of their incorrect personal data.
5.5 Storage limitation
albelli retains personal data only for as long as necessary for reaching the defined purposes or for as long as is allowed by law. We have determined and implemented maximum retention periods for all personal data we have. After the retention period has passed, personal data will either be deleted or properly anonymized.
5.6 Integrity and confidentiality
albelli ensures the personal data that is entrusted to us is stored securely and confidentially. Access to personal data is only provided to those people and/or organisations that need access to the data and are allowed to access and further process it.
albelli is accountable for all use of personal data. We take the necessary technical and organizational measures to ensure compliance with the above principles. We document and demonstrate the effectiveness of these measures.
6. Policy owner and contact information
This policy is owned by the Data Protection Committee. If you have any questions about the way we process your personal data, please read this Privacy Statement first. For additional questions or complaints, please see our FAQ or contact our Customer Care department.
This Policy is reviewed and updated periodically, so make sure to take notice of this document on a regular basis.