Privacy Statement
In this Privacy Statement, Portbase specifies the manners in which it collects personal data of its customers, users of its services, users of IAMconnected and visitors to its websites: www.portbase.com, keepingthingsmoving.portbase.com, aanvragen.portbase.com, go.portbase.com, developer.portbase.com, support.portbase.com, werkenbij.portbase.com and www.iamconnected.eu (hereinafter: ‘Websites‘) and how it processes said data. When processing personal data, Portbase adheres to applicable data protection regulations, in particular the General Data Protection Regulation (known in Dutch as Algemene Verordening Gegevensbescherming (AVG), hereinafter: ‘GDPR‘). Portbase’s starting point in this respect is that it will only process items of personal data that are necessary for the provision of services and the improvement of its services to its customers.
1. Personal data & purpose limitation
Portbase gathers and processes the following items of personal data for the purposes stated below:
To allow for the provision of services to business customers and suppliers, Portbase processes the following items of personal data of the contact person at the customer or supplier:
- Name
- Function
- E-mail address
- Phone number
- In the case of sole proprietorship or self-employment without employees: bank account details
- (Preferred) language
- Feedback from customer satisfaction surveys, to the extent to which this can be traced back to a specific customer
When creating and/or logging in to an account of the customer or supplier via IAMconnected, Portbase processes the following personal data:
- Name
- E-mail address
- Phone number
- User name
- (Preferred) language
Portbase processes the following personal data of the authorised signatory of the account of the customer or supplier:
- Name
- Function
- E-mail address
- Phone number
- Date of birth
- Personal details as specified on their ID (solely for identification purposes).
Of visitors to the Websites:
- Cookies and, if you have consented to this, your IP address. More information about cookies can be found in this Privacy Statement under 3. Cookies and in our Cookie Statement;
- Preferred settings.
When using the contact forms on the Websites or subscribing to the newsletter:
- First and/or last name
- E-mail address
- Phone number
- Any personal data that you yourself include in the message to Portbase
- If an authorised signatory is requested, that person’s name, position and e-mail address will be requested.
All these items of personal data will hereinafter be referred to as: ‘Personal Data‘.
Portbase receives your Personal Data because:
- You provide this to Portbase yourself, or;
- An account has been created by yourself or on behalf of the organisation you work for and Portbase receives your Personal Data from the main administrator of that account.
Portbase does not receive your Personal Data from other parties or third parties. However, Portbase may request information from public sources such as the trade register of the Chamber of Commerce. Portbase is not able to provide any services to you without your Personal Data.
The purpose of the processing of Personal Data by Portbase is:
- Maintaining customer contacts, selling services and making them available.
- Purchasing services or products from suppliers.
- Sending newsletters to customers and other interested parties.
- Organising marketing activities, such as events for customers and business relations.
- Responding to any messages that you submit via the contact form on Websites and offering support through the Service Desk.
- Conducting customer satisfaction surveys.
- Creating administrator and/or user account(s) for you/your organisation and providing you with access to your account.
- Enabling your primary administrator to provide users with access to various services that you have purchased as a customer, such as informing the customer, if requested, about the use of the services by a user whom you, as a customer, have granted access to (including the e-mail address used and the time, nature and duration of the use).
- Verifying and establishing a user’s identity when creating an account and then logging into the account.
- Managing the accounts, so that Portbase is able to provide services to the users.
- Identifying and verifying the authorised signatory.
- Facilitating a customer’s sign-up process.
- Logging and monitoring of the use of services, including the Port Community System (PCS) and IAMconnected.
2. Processing Ground
Portbase processes the Personal Data on the basis of the following valid processing grounds:
- The execution of the agreement with you (the data subject), such as the General Terms and Conditions of Delivery and/or the Participant Terms and Conditions of IAMconnected.
- Portbase’s legitimate interest in offering services to customers and thus processing Personal Data of the authorised signatory and the main administrator.
On the same basis, Portbase also processes your Personal Data for organising events and sending customer satisfaction surveys. - Based on your permission, Portbase sends you newsletters.
- If Portbase is legally obliged to do so, e.g., at the request of a supervisory authority.
3. Cookies
The Websites of Portbase use cookies to ensure that the Websites work optimally and to tailor the experience and any marketing content to the preferences of visitors. The cookies remember the settings of the visitor’s browser and the data entered in the forms and record the manner in which visitors navigate through the Websites.
On your first visit to the Portbase website, you can choose to accept or decline cookies. You can indicate per type of cookie which one you want to accept. If you refuse cookies, only strictly necessary and analytical cookies will be placed.
For more information about the use of cookies, please refer to the Cookie Statement on our Websites.
4. Access to Personal Data and sharing with third parties
A number of Portbase employees have access to your Personal Data. These are only the employees who, by virtue of their position, need said access to your Personal Data in order to perform their duties. Combined with the data security measures outlined below, this is how Portbase ensures that this Personal Data is only accessible to authorised parties. The Personal Data may only be used for the purposes outlined in this Privacy Statement.
In principle, Portbase does not share your Personal Data with third parties. Portbase only shares your Personal Data with service providers in IAMconnected if you log in to an external service provider via IAMconnected because you wish to make use of their services.
In addition, Portbase’s software suppliers have access to its systems. Portbase has made agreements with these processing parties, ensuring sufficient guarantees are in place for the careful processing of your Personal Data in accordance with the GDPR and this Privacy Statement.
Your Personal Data is predominantly stored within the European Union. Only the data collected through cookies on Websites is processed in the United States.
In this case as well as in any other possible situations in which Portbase shares Personal Data with organisations in countries outside the European Economic Area (EEA), Portbase will implement the required measures set by the GDPR to safeguard this data, such as the necessary contractual, technical and organisational safeguards.
If necessary, Portbase will specifically request your permission for this. However, it may be the case that foreign authorities require access to this Personal Data or that you cannot easily turn to a court in that country. In those situations, you can withdraw your consent at any time. Regarding the use of cookies, this can be done on the Portbase website via ‘Privacy settings‘. Your preference will next be immediately adjusted. This has no consequences for the processing of Personal Data that has already taken place.
5. Third-Party Websites
The Websites may contain references to other websites, for example via a hyperlink, banner or button. This does not automatically mean that Portbase is affiliated with these other websites or those third parties. It may be the case that a different privacy statement is applicable to the use of those third-party websites. This Privacy Statement only relates to Personal Data obtained by Portbase. Portbase does not accept any responsibility or liability for (the operation and/or content of) the websites of third parties.
6. Retention period(s)
Portbase does not store the Personal Data longer than necessary for the purpose of data processing. An exception to this is if Portbase is legally obliged to retain the Personal Data for a longer period of time or if Portbase has a legitimate interest in doing so that outweighs your privacy interest, for example in the event of an ongoing dispute.
Portbase retains most Personal Data for a maximum of seven (7) years after the termination of the business relationship with you as a customer.
The Personal Data of main administrators and/or users in IAMconnected will be deleted two (2) years after the termination of the account, for example after a period of inactivity or when you leave the organisation to which your account is linked.
The data related to your proof of identity or any copy thereof will be deleted within two (2) months after the identification required for the registration of your account in IAMconnected.
7. Rights of parties concerned
As a data subject, you can exercise various legal rights with regard to the processing of your Personal Data. Portbase’s interpretation of the manner in which these rights are exercised is outlined below.
Access, change, delete & data portability
Through Portbase’s Customer Service department (customerservice@portbase.com), as a data subject you can:
- Make a written request to access, change and delete your Personal Data.
- Request or invoke the right to data portability. This is the right to transfer data, to yourself or to another organisation that provides the same services.
- Withdraw your consent to the data processing at any time. Please note though that this withdrawal does not affect the lawfulness of any processing of your personal data that occurred prior to said withdrawal of your consent and that this only applies to the processing to which you have given consent.
Portbase asks that you, as a data subject, motivate your request in this respect and that you identify yourself. Within the statutory period of one (1) month, Portbase will comply with your request or inform you, as the data subject, of the status of your request or appeal.
Portbase may refuse your request if:
- It has a compelling legitimate interest to not delete the Personal Data which outweighs your privacy interest, or;
- Such requests are made unreasonably frequently, require unreasonably high technical effort, have an unreasonably high technical impact on systems or compromise the privacy of others.
Are you, the data subject, not satisfied with the way in which Portbase has handled your request or are you in any other way dissatisfied with the processing of your Personal Data by Portbase? Then you can register a complaint about the use of your Personal Data with the Dutch Data Protection Authority.
8. Information Security
Portbase takes appropriate technical and organisational measures to protect the Personal Data against loss, etc. Also see our Information Security Statement. Measures include but are not limited to:
- Screening of employees and confidentiality agreements with employees.
- Within Portbase, the Security Officer works towards appropriate risk management around critical systems.
- Access to systems is personal and takes place on the basis of Multi Factor Authentication.
- All actions in systems are logged for error analysis and/or the prevention of misuse.
- Backups of the PCS are regularly made at an alternative location.
- Portbase uses secure connections, both via the web and for system interfaces.
- Portbase adheres to a data security policy based on ISO27001, which includes security requirements and basic requirements to avoid and limit risks.
- Suppliers contracted by Portbase for critical components in the digital landscape are ISO27001 or ISAE 3402 SOC2 certified.
- Each year, an independent external party audits the design and existence of the IT control measures used by Portbase.
- Portbase is a member of the Port ISAC, where information and experiences about cyber threats and vulnerabilities in the port community are shared.
9. Amendments
Portbase reserves the right to amend this Privacy Statement. Changes to this Privacy Statement take effect upon publication on the Websites.
Portbase recommends that you consult this Privacy Statement regularly so that you are always up-to-date with the content of the applicable Privacy Statement. Portbase will always inform you of any changes that are of major importance to you as a data subject.
Do you have any questions about this Privacy Statement? Please contact the Customer Service department of Portbase via customerservice@portbase.com.