Permission for the use of cookies.
To ensure that our website functions properly, we use cookies. In order to obtain your valid consent for the use and storage of cookies in the browser you use to visit our website and to properly document this, we use a cookie consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: Cookiefirst Cookie Consent page referred to as CookieFirst.
When you visit our website, a connection is established to the CookieFirst server in order to provide us with the ability to obtain valid consent from you for the use of certain cookies. CookieFirst then stores a cookie in your browser in order to activate only those cookies for which you have given consent and to properly document this. The processed data is stored until the predefined retention period expires or you request the deletion of the data. Notwithstanding the above, certain mandatory legal retention periods may apply.
CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) of the General Data Protection Regulation (GDPR).
Data Processing Agreement
We have concluded a data processing agreement with CookieFirst. This is an agreement required under data protection law, which guarantees that data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.
Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
Your consent status or withdrawal of consent
Your anonymized IP address
Information about your browser
Information about your device
The date and time you visited our website
The web page URL where you saved or updated your consent preferences
The approximate location of the user who saved their consent preferences
A universally unique identifier (UUID) of the website visitor who clicked on the cookie banner
Stadskasteel Oudaen attaches great importance to the protection of your personal data. In this Privacy policy we want to provide clear and transparent information about how we handle personal data. We do everything in our power to safeguard your privacy and therefore handle personal data with care. Stadskasteel Oudaen complies in all cases with the applicable laws and regulations, including the General Data Protection Regulation (GDPR).
This means that we at least:
Process your personal data in accordance with the purpose for which it was provided; these purposes and types of personal data are described in this Privacy policy;
Limit the processing of your personal data to only those data that are minimally necessary for the purposes for which they are processed;
Ask for your explicit consent if we require it for the processing of your personal data;
Have taken appropriate technical and organizational measures to ensure the security of your personal data;
Do not pass on personal data to other parties unless this is necessary for the execution of the purposes for which they were provided;
Are aware of your rights regarding your personal data, want to inform you of these, and respect them.
As Stadskasteel Oudaen, we are responsible for the processing of your personal data on Oudaen.nl. If, after reading our Privacy policy, or more generally, you have questions about this or wish to contact us, you can do so using the contact details below:
Stadskasteel Oudaen
Oudegracht 99
3511 AE Utrecht
T: 030 231 18 64
E: info@oudaen.nl
FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA
Your personal data is processed by Stadskasteel Oudaen for the following purposes:
To respond to (contact) requests via the website;
Processing reservations;
Sending newsletters;
Sending offers;
Securing our own website;
Complying with legal administrative obligations;
Collecting feedback.
For the above purposes, we may request the following personal data from you:
First name;
Middle name;
Last name;
Address details;
Company name;
Telephone number;
Email address;
IP address.
PROVISION TO THIRD PARTIES
The data you provide to us may be shared with third parties if this is necessary for the execution of the purposes described above.
For example, we use a third party for:
Handling reservations, namely Guestplan, Mice & Bonnie;
Providing a reservation system, namely Guestplan, Mice & Bonnie;
Providing our internal communication via Nostradamus & NMBRS;
Providing our payroll administration via Cobra & NMBRS;
Providing administration via Exact;
Providing financial administration via Index cash register system;
Providing the internet environment for our office;
Providing our (financial) administration;
Providing newsletters via Mailchimp;
Providing the hosting environment on which our website runs, Desktoptowork;
Providing our online marketing via Online-Exposure;
Managing our website via JijOnline;
Providing gift vouchers via Gifty.
We never pass on personal data to other parties with whom we have not concluded a data processing agreement. With these parties (processors) we of course make the necessary agreements to ensure the security of your personal data. Furthermore, we will not provide the data you have provided to other parties unless this is legally required and permitted. An example of this is if the police request (personal) data from us in the context of an investigation. In such a case, we must cooperate and are therefore obliged to provide this data. We may also share personal data with third parties if you give us written consent to do so. We do not provide personal data to parties established outside the EU.
MINORS
We only process personal data of minors (persons under 16 years of age) if written consent has been given by the parent, guardian or legal representative.
RETENTION PERIOD
Stadskasteel Oudaen does not retain personal data longer than necessary for the purpose for which it was provided or as required by law.
SECURITY
We have taken appropriate technical and organizational measures to protect your personal data against unlawful processing; for example, we have taken the following measures:
All persons who may have access to your data on behalf of Stadskasteel Oudaen are bound by confidentiality.
We apply a username and password policy on all our systems;
We regularly test and evaluate our measures;
Our employees have been informed about the importance of protecting personal data.
RIGHTS REGARDING YOUR DATA
You have the right to access, rectify or delete the personal data we have received from you. You may also object to the processing of your personal data (or part thereof) by us or by one of our processors. You also have the right to have the data you provided transferred by us to yourself or directly to another party on your instruction. We may ask you to identify yourself before we can comply with the aforementioned requests.
COMPLAINTS
If you have a complaint about the processing of your personal data, we ask you to contact us directly about this. If we cannot resolve the matter together with you, we of course find this very unfortunate. You always have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), which is the supervisory authority in the field of privacy protection.
Bonnie
Processing of personal data by service providers
For handling incoming telephone calls, we use an external service provider: Hello Pollie B.V. (“Bonnie”). Bonnie provides an AI telephone assistant that automatically answers and processes calls using artificial intelligence.
In this context, Bonnie processes personal data on our behalf and exclusively on the basis of our instructions.
Personal data, purposes and legal grounds
The personal data provided to Bonnie may include call recordings, contact details and other data that you provide to us through our services. The processing is partly based on the necessity for the performance of the agreement that we (will) conclude with you – for example, for the proper handling of your requests. In addition, the processing is based on our legitimate interest in providing and improving our services, such as scheduling appointments, answering questions and recording and analyzing calls for training and quality purposes, such as verifying whether a complaint is justified, and/or.
Retention period
The data is retained only for as long as necessary for the above-mentioned purposes. Call recordings are automatically deleted no later than 1 year after recording, unless there is a valid reason to retain them longer, for example for handling a complaint.
International transfer
Some service providers are established in a country outside the European Economic Area (“EEA”), such as the United Kingdom or the United States. Such a transfer is permitted if the European Commission has determined that the country concerned provides an adequate level of protection. This is done through a so-called adequacy decision. An overview of countries for which such a decision applies can be found via this link to the list of adequacy decisions. If and to the extent that we share personal data with parties outside the EEA for which no adequacy decision applies, we ensure appropriate safeguards. In that case, we use the standard contractual clauses established by the European Commission. You may contact us if you would like more information about the transfer of your personal data outside the EEA.
Your privacy rights
As a data subject, you have various rights under the GDPR. For example, you may request access to the data recorded during a telephone call, have a recording deleted (if no legal or contractual retention ground applies), or object to the recording of calls. You may also request rectification of factual inaccuracies in the processed data or – if applicable – request the transfer of your data. To exercise these rights, you can contact us at 030 231 18 64 or info@oudaen.nl. Finally, you always have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).