Third Party Privacy Notice
MILEWAY B.V., a limited liability company (besloten vennootschap met beperkte aansprakelijkheid), incorporated under the laws of the Netherlands, with its registered office at Parnassusweg 723, (1077 DG) Amsterdam, the Netherlands, registered with the Dutch trade register under number 71555730, together with various other companies within its corporate family, which are the owners and landlords of properties.
In light of the close relationship and cooperation between the owner(s) (listed in Schedule 1 to this Third Party Privacy Notice), Mileway B.V. (as asset manager) and other entities involved in the operation of our business activities such as the property manager and financial/administration services provider in respect of the properties Mileway B.V. is managing, this privacy notice has been drawn up on behalf of both Mileway B.V., the owner(s) and the other parties involved in order to keep this document as concise and clear as possible for you. In the remainder of this privacy notice, these parties are therefore collectively referred to as “Mileway”, “us”, “our” or “we”. Should you want to be informed of the exact identity of all parties that may process your personal data - you can send your request to: email@example.com at any time and we will provide you with this information free of charge.
If you are a tenant of one of our properties, you will (in principal) only have contact with the asset and property managers of the leased premises. If you are unclear of the exact identity of the owner of the leased premises (and/or of the identity of the other parties that may process your personal data in the context of the lease agreement), you can send your request to: firstname.lastname@example.org and we will provide you with this information free of charge. Also, you can find the identity of the owner of your leased premises in the notification of change of landlord (inbeheerbrief).
We collect, store and use personal data in our capacities of landlord, client, customer and supplier of services. Pursuant to the applicable data protection and privacy legislation (including the GDPR), we qualify as the controller with respect to the personal data from you that we collect, hold and/or use (process).
This privacy notice explains how we collect, use and share personal data in the course of our business activities, including:
- what personal data we collect and when and why we use it;
- how we share personal data within Mileway and with our service providers and other third parties;
- explaining more about Direct Marketing;
- transferring personal data globally;
- how we protect and store personal data;
- legal rights available to help manage your privacy; and
- how you can contact us for more support.
We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business, and will place any updates on this webpage, www.mileway.com/tppn. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy notice, we will seek to inform you by notice on our website.
WHAT PERSONAL DATA WE COLLECT AND WHEN AND WHY WE USE IT
In this section you can find out more about
- when we collect personal data
- the types of personal data we collect
- how we use personal data
- the legal basis for using personal data
When we collect information
We collect information about you if you:
- purchase one of our products or services;
- lease one of our assets;
- contact us (including through our website) to enquire about our products, services or assets;
- work for a company that purchases one of our products or services or leases one of our assets;
- work for a company that we purchase products, property, services or leases from.
We may collect the information about you via the former owner or manager of the products, property or services that you use or that the company you work for uses.
Personal data we collect and use
We may receive and process the following information about you:
- full name (including title, first, middle and surname);
- date of birth;
- job title / role;
- contact details: including work or residential address, business or personal email address, work or home telephone number and work or personal mobile number;
- financial details including bank account details or credit reference information; and
- copy of your ID card/passport.
We may also use your personal data to establish, exercise or defend our legal rights.
Legal basis for using your personal data
We will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- we need to use your personal data to perform a contract or take steps to enter into a contract
with you. For example, we need your personal data (your name, date of birth, financial information and a copy of your passport) to provide you and/or your company with our services;
- we need to use your personal data (your contact details and job title/role) for our legitimate interest as a commercial organisation;
- we need to use your personal data (your name, contact details, date of birth and a copy of your passport) to comply with a relevant legal or regulatory obligation that we have; and/or
- we have your consent to using your personal data for a particular activity.
In all cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in Section 5.
If you would like to find out more about the legal basis for which we process personal data, please contact us at email@example.com.
SHARING PERSONAL DATA WITHIN MILEWAY, WITH OUR SERVICE PROVIDERS AND OUR REGULATORS
In this section you can find out more about how we share personal data:
- within Mileway;
- with third parties that help us provide our services; and
- with government organisations and agencies, law enforcement and regulators.
We share your personal data in the manner and for the purposes described below:
- with other companies within our group where such disclosure is necessary to manage our business;
- with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal data we share with them or which they collect on our behalf solely for the purpose of providing the contracted services to us. These include property managers, professional advisers and IT service providers who help manage our IT and back office systems;
- with government organisations and agencies, law enforcement, regulators, which may include the Dutch Data Protection Authority and the Information Commissioner's Office, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- with banks and payment providers to authorize and complete payments; and
- with credit reference agencies and organisations working to prevent fraud.
If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets.
The parties to whom we may disclose your personal data as referred to above may be located in countries outside the European Economic Area (EEA), which countries may offer a lower level of data protection than in the country where you are located. For example, such shall be the case in the following situation: Providing reports of significant incidents to our Shareholders or legal advisors, who may be based in the US.
In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your personal data in accordance with applicable data protection legislation. More specifically, we will implement the following measures: EU Standard Contractual Clauses.
Your personal data and/or person profiles shall not be rented, nor sold to third parties without your prior explicit consent.
EXPLAINING MORE ABOUT DIRECT MARKETING
In this section you can find out more about:
- how we use personal data to keep you up to date with our services; and
- how you can manage your marketing preferences.
How we use personal data to keep you up to date with our services
We may use personal data to let you know about our services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only
send you communications which we believe may be of interest or relevance to you; and
- you can ask us to stop direct marketing at any time you can ask us to stop sending email
marketing, by emailing firstname.lastname@example.org.
We recommend you routinely review the privacy notice and preference settings that are available to you on any social media and other third-party platforms as well as your preferences within your account with us.
HOW WE PROTECT AND STORE YOUR INFORMATION
We have implemented and maintain appropriate technical and organisational security measures,
policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
Measures we take include:
- placing confidentiality requirements on our staff members and service providers;
- destroying or permanently anonymising personal data if it is no longer needed for the
purposes for which it was collected; and
- following strict security procedures in the storage and disclosure of your personal data to
prevent unauthorised access to it.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.
Storing your personal data
We will store your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy notice. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner. In some circumstances we may store your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements, or if we need an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal data:
- to access personal data;
- to rectify / erase personal data;
- to restrict the processing of your personal data;
- to transfer your personal data;
- to object to the processing of personal data;
- to object to how we use your personal data for direct marketing purposes;
- to obtain a copy of personal data safeguards used for transfers outside your jurisdiction; and
- to lodge a complaint with your local supervisory authority.
If you wish to access any of the above mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal data to you we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by emailing email@example.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal data
You have a right to request that we provide you with a copy of your personal data that we hold and you have the right to be informed of; (a) the source of your personal data; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal data may be transferred.
Right to rectify or erase personal data
You have a right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.
You can also request that we erase your personal data in limited circumstances where:
- it is no longer needed for the purposes for which it was collected;
- you have withdrawn your consent (where the data processing was based on consent);
- following a successful right to object (see right to object below);
- it has been processed unlawfully; or
- to comply with a legal obligation to which the Company is subject.
We are not required to comply with your request to erase personal data if the processing of your personal data is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims.
Right to restrict the processing of your personal data
You can ask us to restrict your personal data, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to
establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
- we have your consent;
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your personal data
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal data
You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal data for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
The primary point of contact for all issues arising from this privacy notice is our Data Protection Officer, who can be contacted in the following ways:
Attn. Nicola Burke
1077 DG, Amsterdam The Netherlands
If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.
To contact your data protection supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement), which in the UK is the Information Commissioner's Office and in the Netherlands is the Data Protection Authority (Autoriteit Persoonsgegevens) at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority.
Schedule 1 (Click Here)