Atkins International B.V. ("Atkins" or hereinafter “ we”, “us”) processes various personal data of you for a range of purposes. This means Atkins is a so-called “Data Controller” within the meaning of the General Data Protection Regulation (hereinafter referred to as “the GDPR”) that came into force on 25 May 2018.
Who are we? / identity and contact details of the Data Controller
Atkins International B.V. Chamber of Commerce number: 0814 64 53, Address: Dokter van Wiechenweg 2 Postcode: 8025 BZ Zwolle (Overijssel) Country: the Netherlands Telephone number: (+31) 038 – 455 58 60 (can be reached by telephone between 9:00 hrs – 17:00 hrs) Email: firstname.lastname@example.org
Why this Privacy Statement?
Atkins attaches great value to your privacy as a customer or website visitor. Atkins wishes to handle all your personal data it receives and processes with the utmost care. In this privacy statement, we explain in more detail:
A: Exactly which personal data of you Atkins processes
B: For precisely which specifically predefined purposes or goals, Atkins processes your personal data. We will also mention for each separate purpose:
*On the basis of precisely which legitimate principles we process your personal data. The GDPR has a number of principles on the basis of which we may process your personal data. We base our processing on the following principles from article 6 of the GDPR:
- you have given us prior consent to process your personal data (for the processing of sensitive personal data, you have given us prior explicit consent); - processing is necessary for the implementation of an agreement concluded with you; - processing is necessary for compliance with a legal obligation that applies to us; - legitimate interests of Atkins to be able to process your personal data. These include: marketing, advertising, security, IT management, research and analysis into our own products or services. * Exactly how long we retain your personal data (no longer than necessary)
C: With which third parties we share your personal data;
D: In what ways we analyse your website visit;
E: What security measures we take to protect your personal data as well as possible from breaches from outside;
F: What rights you have as a so-called “data subject” within the meaning of the GDPR that you can exercise against us as the Data Controller.
Ad A) Which personal data of you do we process?
Atkins/we process personal data of you because you have provided us with this personal data in the context of: (1) the purchase of a product via our web shop, (2) during a visit to other parts of our website, and/or (3) by subscribing to our Newsletter and/or (4) to create a complete “My Atkins” account via our website.
Personal data is understood to mean: all data directly or indirectly related to you as a natural person/ an individual. Examples of personal data are: date of birth, name, address, telephone number(s), email details and the like.
We do not process all conceivable personal data of you. Precisely which type of personal data we will (and want to) process, depends on which services and functionalities you, the purchaser or website visitor, choose to use. In part B of this privacy statement, we will explain this more specifically and for each individual purpose.
Our website has several options and choice moments built in with regard to the available functionalities and (support) services. Therefore, you always decide which functionalities and services you want to use and which personal data you want to share with us and which you do not.
If we ask you to share more sensitive personal data with us (in order to be able to provide certain support services and functionalities to you as effectively and personally as possible), we will always request your explicit consent in advance. This is to make sure you agree that we process this personal data for purposes clearly communicate to you in advance. If a certain processing purpose is not entirely clear to you, we advise you to contact us in advance (see our contact details under the heading "Who are we?").
For all choices made, consent given and personal data provided to us applies that you can always undo or change them in the same manner or just as easily at a later time.
Atkins does not intend to process personal data from website visitors or buyers who have not yet reached the age of 16. We strongly advise parents or their legal representatives to always supervise all their online activities, including (possible) visits to our website, use of the services or functionalities provided there, or the purchase of our products.
Atkins collects only that personal data which is strictly necessary for the performance of the service or functionality in question.
Ad B) For which specific and predefined purposes and goals do we process your personal data?
As mentioned before, we process your personal data for a variety of purposes. Here, a distinction can be made between purposes described in more general terms and the extremely specific purposes directly related to our website. Below you will find an overview of the more generally worded purposes, followed by more specific purposes that are directly linked to our website.
To provide customer service, including service related to the purchase of products via our web shop;
To provide personalised offers/more targeted advertising;
For the (further) development and improvement of our current and future products;
To analyse and link cookies from our website to customer data known to us. We do this to tailor the content of our communication as much as possible to your personal preferences.
B1 Processing orders through our web shop
During the ordering process in our web shop on our website, your first name, last name, address (place, postcode, street and house number) email address, telephone number and payment details are collected. The objective is to properly fulfil our obligations as seller on the basis of the purchasing agreement concluded with you, but also to be able to send the products purchased by you. These data is only collected when you fill it in and is only used for this purpose.
Your consent + performance of the agreement + compliance with legal obligations + our legitimate interest
The personal data mentioned in B1 will be retained for 7 years. This is a statutory retention period for tax purposes. After this period, the data will be permanently deleted.
B2 Contact form
The moment you contact us via the contact form on the website, we register your first name, last name, email address and telephone number (not required). This personal data is only collected when you fill in the contact form and is used to enable us to respond personally to your contact request.
Your consent + our legitimate interest
The collected personal data mentioned in B2 will be retained for two months after the last contact, so that we can follow up on your messages. After two months, we assume that we have met your information needs and that this personal data is no longer needed. Of course you are always free to send us a new message, for which exactly the same applies as before.
B3 Questions to the dietician
The moment you contact us via the form ‘questions to the dietician’, we collect your first name, last name, and email address. This data is only collected when you fill in the contact form and is used by our dietician to respond personally to your contact request. We will see to it that the dietician only uses your data for this purpose and not for other purposes, and that the dietician treats your data confidentially.
Your consent + our legitimate interest
The collected personal data mentioned in B2 will be retained for two months after the last contact, so that we can follow up on your messages. After two months we assume that we have met your information needs. To safeguard your privacy, your personal data will be permanently deleted at that time. You can always send a new message. If you want to continue discussing your progress with the dietician, it is advisable that you keep the data discussed with the dietician and/or the email exchanges or save them digitally. The dietician does not keep a file on you or any other person.
B4 Calculating BMI (having it calculated)
On our website it is possible to have your so-called Body Mass Index (BMI) calculated by us (only if you have created a 'My Atkins' account, see B5 below). Prior to this, you will be asked to give us your consent to store, save and edit your body height and your body weight. Because these are so-called sensitive personal data within the meaning of the GDPR, we require your explicit prior consent in order to be able to calculate, store and keep track of the BMI values for you. You will be asked for that required consent via the website, so we can be certain that we may process this data in the context of your BMI.
We need this personal data to calculate your BMI and keep track of its progress for you. We store this information so you can track your progress and improvement in your own "My Atkins" account. Your body height, body weight and the calculated BMI (and any improvements) are only used for your BMI, and we will not process these in any other way or share them with others.
Your explicit consent + our legitimate interest
We will retain the data mentioned in B4 for as long as you keep your "My Atkins" account. Once this account is deleted in one of the ways described in B5 below, all of your personal data will also be permanently deleted.
B5 Creating a “My Atkins” Account and keeping track of your Steps
It is possible to create a "My Atkins" account on our website. This allows you, among other things, to keep track of your progress in the various Atkins phases, your BMI, and the like. To achieve this, the following personal data is collected from you: first name, last name, email address, gender. This personal data is only collected at the moment you give us your consent, while creating a "My Atkins" account.
In addition, when you create the "My Atkins" account, we ask you to specify your body weight and body height. This is only to enable us to offer you the facility of calculating your BMI, as mentioned in B4, and/or clarifying your progress in the different phases of the Atkins diet for you. These two personal details are not used or processed for other purposes. Since these facilities form a standard part of the "My Atkins" account, we are required to ask you for your body weight and body height immediately when you create the account. At that moment, we will also inform you that we only process this data for the purposes described above.
Your (explicit) consent + our legitimate interest
The personal data mentioned in B5 will be permanently deleted when you delete your account or if you have not logged in for more than one (1) year. You can easily delete your account in two steps by: (1) clicking on the unsubscribe link in your "My Atkins" account and then (2) following the instructions there and sending the email.
B6 Newsletter In order to send our digital newsletter, we register your first name, last name and email address. Your first and last name are collected so the newsletter can be addressed to you personally. If you do not wish to disclose your first and last name, you may leave these fields blank. Your email address is used to send the newsletter to you. For all this personal data applies that it is only collected at the moment you yourself fill in this data.
It is possible to unsubscribe from the newsletter by scrolling to the bottom of one of the digital newsletters received and clicking on 'Unsubscribe from this newsletter'. If you do not open the newsletter for longer than six months, your personal data will be automatically and permanently removed from our system, and from that moment on you will no longer receive any newsletters.
Your explicit consent + our legitimate interest
The collected personal data will be retained until you unsubscribe from the newsletter. Thereafter, this personal data is permanently deleted.
B7 Atkins Forum
On our website, you can to use - or to participate in our Atkins Forum. This forum is an online platform for you to share your Atkins experiences with our dietician and with all other forum members.
Before you use the forum as a participant, we will point out on our website that participation in the forum means that: (1) you expressly give us your consent in advance to share all data you enter with - and to pass it on to - the dietician and to all other forum participants. We do this because chances are you will place (more) sensitive personal data about your health on the forum and (2) you realise and agree that everything you share or post on the forum also becomes public and may also be read by non-registered website visitors.
Your explicit consent + our legitimate interest
The collected personal data will be retained until you delete your "My Atkins" account, or at least if it is more than one (1) year ago that you last logged in to your account (see B5 above). The functionality of the Forum is directly linked to your personal "My Atkins" account. In connection with this, your personal data will also be stored if you do not actually use the Forum, but do keep your "My Atkins" account (for other purposes).
Ad C) With which third parties do we share your personal data?
Atkins shares your personal data with third parties in the situations described below and for the associated reasons:
If we are legally obliged or authorised to provide your personal data to a third party;
With parties that support Atkins in our services. These parties can act as a so-called ‘processor’ within the meaning of the GDPR. For example, parties that support us to handle purchases through our web shop and to maintain and improve our website (including email software, web-analytical software, support in marketing and advertising). But also parties like our accountant, legal or other adviser(s), to whom we may be required to provide your personal data (e.g. for recording purchases through the web shop or providing legal assistance in case of a complaint or dispute).
If we provide your data to a third party, we use a (processing) agreement to ensure that your personal data may not be used for other purposes and that the third party will delete your data as soon as it is no longer needed for their processing activity.
If we send your personal data to a recipient abroad, this is usually only to a recipient in a country that, in the opinion of the European Commission, offers an adequate level of protection. If your data is sent to a country that does not provide an adequate level of protection, Atkins will ensure that the legally required safeguards are provided.
We combine your personal data from different sources (such as data from your "My Atkins" account and your purchases in our web shop). The aim is to offer you the best online experience. By combining your data, we can display personalised offers and personalised content that match your interests and purchase history. In this way, we can make better and more targeted offers. When collecting and combining your data, we use so-called cookies. If you want to know more about these cookies and the different cookies we use for our website and web shop, we recommend you read our cookie statement.
Ad E) What security measures do we take to protect your personal data as well as possible from breaches from outside?
Atkins takes appropriate security measures to counter and prevent abuse, loss, unauthorised access or undesired disclosure as much as possible. We have taken both technical and organisational measures to protect your personal data. For example, we use a firewall, our software is updated, we restrict access to your data to authorised employees, and we only share data with third parties via a secure connection.
Ad F) What rights do you have as a so-called “data subject” within the meaning of the GDPR that you can exercise with us as a Data Controller?
As a so-called "data subject" within the meaning of the GDPR, you have the right to know which of your personal data we record and with which parties we have shared this (the right to information about the processing). You may contact us with regard to this (see our contact details at the beginning of this privacy statement). We will make every effort to respond within the statutory period. We can and may leave excessive requests untreated.
In addition to the aforementioned right to information, you as a “data subject” have the following rights:
the right to access your personal data;
the right to withdraw your consent (in the event that our processing is based on the consent you have or have not explicitly given);
the right to file a complaint with the Data Protection Authority about us or processing carried out by us;
the right to have your personal data rectified and/or corrected;
the right to removal of your personal data, including the so-called “right to be forgotten”;
the right to limitation regarding the processing of your personal data (or the temporary suspension of our processing);
the right to object to our processing of your personal data;
the absolute right to object to direct marketing;
the right to transfer your personal data (data portability);
the right not to be subjected to an automated decision-making process.
Atkins fully cooperates with judicial or other government agencies in tracking down persons who use our services for illegal activities. We reserve the right to disclose information about persons we believe or suspect are acting in violation of our content guidelines and also to notify those institutions of any activities for which we have reasonable grounds for assuming that they are illegal or impermissible.
Our website is always under development and the laws and regulations concerning privacy may change. Partly for these reasons, our Privacy Statement is subject to change and we reserve the right to change this Privacy Statement.