Privacy Policy

This privacy and cookie policy clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) we collect, use and process as a part of our online offer and the websites, functions and contents connected (hereinafter jointly referred to as the “online offer”). With regard to the terms used, e.g. “processing” or “responsible person”, we refer to the definitions in the General Data Protection Regulation 2016/679 (GDPR).

Who we are

We are Cente.io (“we”, “our”, “us”) of  Veembroederhof 53, Amsterdam, 

Netherlands, 1019 HD. If you have any questions about your personal information, or how we use it, you can contact us via email at nori@cente.io. 


We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.

The Supervisory Authority

The Dutch Data Protection Authority (Dutch DPA) is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the Dutch DPA (https://autoriteitpersoonsgegevens.nl/en). We would, however, appreciate the chance to deal with your concerns before you approach the Dutch DPA so please contact us in the first instance. 

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

What data do we process?

  • Inventory data (e.g., names, addresses).
  • Contact details (e.g., e-mail, telephone numbers).
  • Content data (e.g., text input, content).
  • Contract data (e.g., object of contract, duration, customer category).
  • Payment data (e.g., bank details, payment history).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).

What are the categories of data subjects?

Customers, interested parties, visitors and users of the online offer, business partners. Visitors and users of the online offer. In the following, we refer to the data subjects collectively as “users”.

What are the purposes for processing?

  • Provision of the online offer, its contents and functions.
  • Provision of contractual services, service and customer care.
  • Answering contact enquiries and communication with users.
  • Marketing, advertising and market research.
  • Security measures.


Contacting Us

When contacting us, the data is processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) GDPR. The data you submit may be stored in our customer relationship management system (“CRM system”) or comparable inquiry organisation.


We delete the inquiries if they are no longer necessary. We review the necessity every two years; we store inquiries from customers who have a customer account permanently and refer to the information on the customer account for deletion. Furthermore, the legal archiving obligations apply.


Collection Of Access Data And Log Files

We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.


Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.


Online Presences In Social Media

We maintain online presences on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.


Unless otherwise stated in our data protection policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

What are the relevant legal bases for processing your data?

In accordance with Art. 13 GDPR the following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies: 

Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. (Art. 6 Para. 1 lit. a and Art. 7 GDPR)

Contract – This is where we process your information to fulfil a contractual arrangement we have made with you. (Art. 6 Para. 1 lit. b GDPR)

Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. (Art. 6 Para. 1 lit. b GDPR)

Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. (Art. 6 Para. 1 lit. f GDPR). Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.

Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. (Art. 6 Para. 1 lit. b GDPR)

Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights. (Art. 6 para. 1 lit. d GDPR)

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. 


Right to information: You can request information from us as to whether and to what extent we process your data.


Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.


Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.


Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or

you have objected to the processing of the data.


Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.


Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.


Right of complaint: If you are of the opinion that we violate German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the Dutch DPA, the data protection regulator in the Netherlands, their contact details can be found on their website (https://autoriteitpersoonsgegevens.nl/en).

When do we disclose your Personal Data?

We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support this website and our services. This will only be done on the basis of a legal authorisation (e.g. if a transfer of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR).


Also, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).

If we commission third parties to process data on the basis of a so-called “processing agreement”, this is done on the basis of Art. 28 GDPR.


In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.


We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

International transfers

Our main operations are based in the Netherlands and your personal information is generally processed, stored and used within the Netherlands and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the EEA.

Where we need to transfer your data outside the Netherlands or EEA we will use one of the following safeguards as set out in (Art. 44 ff. GDPR) :

  • The use of European Commission approved standard contractual clauses in contracts for the transfer of personal data to third countries.
  • Transfers to a non-EEA country with privacy laws that give the same protection as the EEA.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR.  If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

How do we protect your Personal Data?

We protect your data using state of the art technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.

In more detail to access our database the user must be authorised, is challenged through a two-way authentication system and use an encrypted VPN. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.

The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our servers in the Netherlands . In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.

To exercise any of your rights, or if you have any questions or complaints about our use of your Personal Data and this policy, please contact us using our contact form.

Economic Analyses and Market Research

In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing and market research. 


 The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.


If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.


Integration Of Services And Contents Of Third Parties

We use within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or services offered by third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). 


This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.


The following presentation provides an overview of third-party providers and their content, along with links to their data protection policies, which contain further information on the processing of data and, in part already mentioned here.


Our online presence is provided on a so called Content Delivery Network and supported by our In-house serves in the locations already mentioned above or on cloud service providers. Our providers are Duda, Amazon AWS, WordPress, Ecwid


We use social plugins of the social network LinkedIn, which is operated by LinkedIn Inc, Sunnyvale (HQ), CA, United States, 1000 W Maude Ave (“LinkedIn”). When you call up a page that contains such a plugin, your browser establishes a direct connection to the LinkedIn servers. The plugin transmits log data to the LinkedIn server in the USA. This log data may contain your IP address, the address of the visited websites that also contain LinkedIn functions, type and settings of the browser, date and time of the request, your usage of LinkedIn as well as cookies.


Communication by mail, e-mail or telephone

We use means of distance communication, such as post, telephone or e-mail, for business and marketing purposes. We process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.


The processing is based on Art. 6 para. 1 lit a, Art. 7 GDPR, Art. 6 para. 1 lit f GDPR in connection with legal requirements for advertising communications. Contact shall only be established with the consent of the contact partners or within the scope of the statutory permissions and the processed data shall be deleted as soon as they are not required and otherwise with objection/ revocation or discontinuation of the basis for authorisation or statutory archiving obligations.

What are Cookies?

Cookies are small text files sent to your device by the Site. Cookies are uploaded onto your device, thus allowing the Site to recognise you and store certain information concerning you, in order to permit or improve the service offered. A cookie will usually contain the name of the website from which the cookie has come from, the “lifetime” of the cookie (i.e. how long the cookie will remain on your device), and a value, which is usually a randomly generated unique number.


As regards the lifetime of cookies, two types of cookies may be used, “session cookies” and “persistent cookies”. Session cookies are automatically deleted at the end of your browsing session. Persistent cookies remain longer on your device, for the duration of each specific cookie, and will remain valid until its set expiry date (unless deleted by the user before the expiry date).


Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website. Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked to the information stored in and obtained from cookies.


We also use other types of tracking technologies, such as flash cookies, server logs, web beacons or pixel gifs in connection with our Website and services. These technologies are similar to cookies in that they are stored on your device and can be used to maintain information about your activities and preferences.


What types of cookies does the Site use and what are they for?

We may use different types of cookies. We may use what we call “required” cookies to enable core site functionalities. These cookies do not collect personal information for marketing purposes and can not be disabled.


Functional cookies provide more advanced functions, such as remembering your preferences such as language and country, analysing Site usage to measure and improve performance. Also these cookies do not collect information that can identify users. 


Advertising cookies may be finally used to keep record of certain behaviours or preferences expressed by you, so as to present content that is more relevant to your interests, in compliance with the applicable data protection and privacy laws and upon collection of your express consent if required by law. 


In any case, our cookies do not run programs on users’ device nor upload viruses on it, and do not allow any kind of control over the device.


Cookies commonly used on this Site are listed in the table below. From time to time, we may also use additional cookies and tracking technologies not listed in this table. You may obtain an updated list of all cookies and tracking technologies used on this Site at the time of your visit upon request by contacting us.


Cookie (Google Analytics): _gid; _ga;


When you visit the Site, you may receive cookies from third party websites or domains. We do not control the placing of these cookies and you should check the relevant third party’s website for more information about these cookies. The relevant third party is responsible for providing you with information regarding the cookies they place and obtaining your consent before placing cookies on your device.


How can you control cookies?

Your cookie preferences

By clicking the “cookie preferences” button on the Site’s Cookie Banner, you may choose whether the Site will use “Functional” cookies and/or “Advertising” cookies, as described above.


The “cookie preferences” function available on the Site’s Cookie Banner will inform you of which functionalities are available to you or not depending on the types of cookies you choose to authorize the Site to use.


Browser settings

If you wish to withdraw your consent to our use of cookies on this Site, or if you wish to delete or control the placing of cookies on your computer, you can also change your browser settings to block cookies or to alert you when cookies are being sent to your device. There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings at: Internet ExplorerChromeFirefoxSafari


If you disable the cookies that the Site uses, this may impact your experience while on the Site.


You can also delete cookies already stored on your computer. Again, doing this may have a negative impact on the usability of many websites.


If you disable the cookies that the Site uses, this may impact your experience while on the Site.

You can also delete cookies already stored on your computer. Again, doing this may have a negative impact on the usability of many websites.

Changes 

This Data Protection Policy and our commitment to protecting the privacy of your personal data can result in changes to this Data Protection Policy. Please regularly review this Data Protection Policy to keep up to date with any changes.

Queries and Complaints 

Any comments or queries on this policy should be directed to us using the following contact details.

Veembroederhof 53, Amsterdam,

Netherlands, 1019 HD

Cente.io

nori@cente.io


If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the Dutch DPA.