Privacy policy
Updated on December 18th, 2023.
Cityfans’ privacy statement
Introduction
We understand the importance of handling your personal data with care when we, Digital Travel House B.V., trading under the name Cityfans, (Cityfans or we) process it while providing our services including the provision of Cityfans platform. In this privacy statement, we will set out in general terms how we process your personal data. In this context, personal data mean any data that directly or indirectly identifies a natural person. Should it be necessary to inform you specifically of any issues, we will do so with reference to this privacy statement.
Controller
We are responsible for the processing activities described in this privacy statement. Indeed, for these activities, we determine the purposes and means of processing. We always process personal data in accordance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR).
Categories of people
We process the personal data of the following categories of individuals:
- Customers - persons who are (potential) customers and persons employed by (potential) customers.
- Suppliers - persons from whom we purchase products or services and persons employed by (potential) suppliers.
- Website visitors - individuals who visit the website Cityfans
- Applicants - individuals who are looking for a job or individuals who actually apply for a job at Cityfans.
- Employees – individuals who work or have worked at Cityfans.
- Third parties - persons whose personal data appears in our files; other persons with whom we have contact.
Minors
In general, we do not provide our services to persons under 18 years of age and do not knowingly process personal data of these minors. If we become aware that we have (inadvertently) processed the personal data of minors, we will take appropriate measures, such as requesting permission from parents or guardians or deleting the data immediately.
Categories of personal data
Customers
From customers we process - as far as reasonably necessary - the following data:
- Contact details: name, e-mail address, telephone number, country of residence.
- Invoicing data: data for the purpose of creating invoices, withhold tax, calculating and recording, collecting and making payments and refunds and collecting claims.
- Other data: data whose processing is required by applicable laws or regulations or data that customers provide us with on their own initiative, such as the field of business and expertise.
Suppliers
From suppliers we process - as far as reasonably necessary - the following data:
- Contact details: name, address, e-mail address, signatures, telephone number, chamber of commerce number, VAT number, bank account number, unique identification number (case number) and nationality.
- Order data: data about our suppliers' services such as order data, data for the purpose of calculating and recording fees, income and/or expenses, collecting and making payments and collecting claims.
- Other data: (in some cases) certificate of good conduct and identity card data, data whose processing is required by applicable laws or regulations or data that suppliers provide us with on their own initiative.
Website visitors and customers
From website visitors we process - as far as reasonably necessary - the following data:
- Communication data: data from the equipment used to visit the website, such as the IP address and the software used.
- Technical data: data for the purpose of identifying and communicating with website visitors or data recorded to keep track of our website visitor statistics.
Applicants
From job applicants we process - as far as reasonably necessary - the following data:
- Contact details: name, address, e-mail address, job title, title, telephone number, nationality, date of birth, place of birth and gender.
- Background information: CV/Resume, academic and professional qualifications and history (including courses, internships, experience and previous employment), education, (in some cases) certificate of good conduct and application date.
- Other data: data that we collect from a public source, data whose processing is required by applicable laws or regulations or data that applicants provide us with on their own initiative.
Employees
From employees we process - as far as reasonably necessary - the following data:
- Contact details: name, address, e-mail address, job title, title, signature, telephone number, nationality, date of birth, place of birth and gender, photo, copy passport, emergency contact details and unique identification number.
- Background information: CV/Resume, academic and professional qualifications and history (including courses, internships, experience and previous employment), education, (in some cases) certificate of good conduct and hiring date.
- Payroll (and fiscal) data: salary related information, payslips, bank account number including a copy of a bank card, social security number and wage tax form.
- Other data: data that we collect from a public source, data whose processing is required by applicable laws or regulations or data that employees provide us with on their own initiative.
Third parties
From third parties, we process - as far as reasonably necessary - the following data:
- Contact details: name, address, gender, e-mail address, job title, title, telephone number, Chamber of Commerce number, VAT number, bank account number, unique identification number, and nationality.
- Other data: data that we receive from customers or third parties or collect from a public source, data whose processing is required by applicable laws or regulations, or data that third parties provide to us on their own initiative.
Obtaining personal data
We may obtain your personal data in three ways.
- From you or your employer
We use data that you or your employer actively provide to us, for example, when you contact us to obtain information about our services.
- Automatically obtained
We obtain some information about you in an automated way. For example, when you visit our website, we automatically obtain information about you via cookies.
- Third-party sources
We also obtain information about you from third parties. For example, we may request information about you or your company from public sources, such as the Chamber of Commerce Trade Register, or through social media platforms such as LinkedIn.
Lawful basis and purposes
There are six possible lawful bases to process your personal data.
- Performance of a contract. If it is necessary for the performance of a contract with you, we may process your personal data for this purpose.
- Legal obligation. If it is necessary to comply with a legal obligation, we may process your personal data for this purpose.
- Legitimate interest. If it is necessary to process personal data about you for our or other legitimate interests, and those interests outweigh your interests or fundamental rights, we may process your personal data.
- Vital interest. If it is necessary to process personal data about you to protect your vital interest, we may process your personal data.
- Public interest. If it is necessary to process personal data about you for the performance of a task carried out in the public interest, we may process you personal data.
- Consent. In principle, if the aforementioned bases do not apply, we may only process your data if you have given us your consent.
Of the six possible lawful bases, we generally process your personal data on four bases (i.e. performance of a contract, legal obligation, legitimate interest and consent).
Customer - If you are a customer of ours, we may process your personal data for the following purposes:
Purpose | Basis |
Performance of a contract to provide services. | Performance of a contract
|
Calculating and recording income and /or expenses, collecting and / or making payments. | Performance of a contract |
Legitimate interest
| |
Improving our products and services | Legitimate interest
|
Enforcing our rights and risk management. | Legitimate interest
|
Complying with our legal and regulatory obligations. | Legal obligation |
Supplier - If you are a supplier to us, we may process your personal data for the following purposes:
Purpose | Basis |
Making orders or purchasing services. | Performance of a contract |
Legitimate interest
| |
Calculating and recording income and/or expenses, collecting and / or making payments. | Performance of a contract |
Legitimate interest
| |
Maintaining contacts. | Legitimate interest
|
Enforcing our rights and risk management. | Legitimate interest
|
Complying with our legal and regulatory obligations. | Legal obligation |
Website visitor and customer - If you are a website visitor and or costumer we may process your personal data for the following purposes:
Purpose | Basis |
Keeping our website functioning. | Legitimate interest
|
Marketing activities such as sending newsletters and invitations to events. | Consent
|
Offering relevant information. | Legitimate interest |
Consent
| |
Complying with our legal and regulatory obligations. | Legal obligation |
Applicant - If you are an applicant for employment, we may process your personal data for the following purposes:
Purpose | Basis |
Assessing applicant's suitability for available position or open application. | Performance of a contract |
Legitimate interest
| |
Retaining application documentation for longer than 4 weeks and verifying references. | Consent
|
Complying with our legal and regulatory obligations. | Legal obligation |
Employee - If you are an applicant for employment, we may process your personal data for the following purposes:
Purpose | Basis |
Fulfilling our obligations as employer | Performance of a contract |
Legal obligation | |
Legitimate interest
| |
Enforcing our rights and risk management. | Legitimate interest
|
Complying with our legal and regulatory obligations. | Legal obligation |
Third party - If you are a third party, we may process your personal data for the following purposes:
Purpose | Basis |
Allowing access to our office. | Legitimate interest |
Marketing activities such as sending newsletters and invitations to events. | Consent
|
Offering relevant information. | Legitimate interest |
Consent
| |
Organising events. | Consent |
Legitimate interest
| |
Enforcing our rights and risk management. | Legitimate interest
|
Complying with our legal and regulatory obligations. | Legal obligation |
Sharing of personal data
We will only share your personal data with trusted third parties if they need this personal data to provide their services. We will ensure that your data is only used in a manner similar to, or for a purpose similar to, the purpose for which it was collected, and only in accordance with this privacy statement and any legal obligations.
We may share your personal data with the following parties:
- Persons working for us, either directly or indirectly, and involved in the processing.
- Suppliers and Persons working for any of our suppliers (incl. subcontractors or service providers) involved in the processing, such as hosting and payment providers. with our suppliers we share strictly necessary information such as email address, date of experience, number of customers per order etc.
- Persons working for the customer who has engaged our services.
- Persons working for competent authorities, if required by law, such as supervisory authorities, enforcement agencies and courts.
Security
We use various appropriate technical and organisational measures to ensure data security, including protection against a breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, such data. In doing so, we take into account the state of the art, implementation costs, the nature, scope, context and purposes of the processing, as well as the risks the processing poses to you. The persons working for us are, of course, bound by confidentiality and must comply with our instructions aimed at protecting your personal data.
Cookies on our website
Cookies are small text files placed on your computer, laptop, tablet, smartphone or other internet-enabled device. These cookies can be stored and read through your web browser. After a cookie is placed, your device can be recognised as long as you use the same web browser and as long as the cookie is not deleted. This makes it possible, for example, to click back to the previously visited web page. Cookies can also be used to analyse browsing behaviour. Besides cookies, similar techniques may also be used, such as web beacons (also called "tags"), HTML5 Local Storage and Local Shared Objects (LSOs, also called "flash cookies"), and embedded scripts (also called "Javascripts").
We have a cookie banner on our website informing you about our cookies and allowing you to select your cookies preferences.
Necessary cookies
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Functional cookies
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Analytical cookies
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance
Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Transfer to countries outside the EEA
We may transfer your personal data to parties processing your personal data outside the European Economic Area (EEA). Transfer of your personal data to a country outside the EEA can be legitimised primarily on the basis of a so-called adequacy decision. This is a decision in which the European Commission declares that, for example, a certain country provides a comparable level of data protection to the GDPR.
If and to the extent we share personal data with parties in countries outside the EEA to which no adequacy decision applies, we will only transfer your personal data if the recipient provides appropriate safeguards and you have enforceable rights and effective remedies.
Storage of personal data
In principle, we do not store your personal data for longer than necessary to fulfill the purposes described in this privacy statement.
However, we may need to keep your personal data for longer because it is necessary to comply with a legal obligation. For example, we need to keep certain personal data for a period of at least 7 years after the end of a fiscal year.
Privacy Rights
In certain cases, you have the right to view and change the personal data that we have collected from you. You have, in certain cases, also the right to object to the processing of your personal data and you can also ask us to limit the processing of your personal data, delete your data, or transfer your data to another party. In order to exercise any of your privacy rights as to personal data controlled by us, please send a request to us and indicate that it concerns a personal data request.
Exercising the above privacy rights is in principle free of charge and can be done by e-mail, post or telephone using the contact details provided below. We will provide you with information on the action taken on your request without undue delay and, in principle, within one month of receiving the request. If the exercise of a privacy right is clearly unfounded or excessive, in particular due to its repetitive nature, we will charge you a reasonable fee or refuse to comply with the request. We may also ask you for certain additional information to help us confirm your identity before complying with such a request.
Right to make a complaint
You have the right to make a complaint with a supervisory authority at any time. We refer you to this webpage for an overview of the supervisory authorities and their contact details. In the Netherlands, this is the Personal Data Authority. We prefer to deal with your complaint ourselves first before referring you to the supervisory authority. Therefore, please contact us, in particular if you have a complaint about the way we handle your personal data, so that we can try to resolve the issue.
Contact details
Customer service: [email protected]
Company name and address:
Cityfans
Digital Travel House BV
Slijperweg 12a
1032 KV
Amsterdam
The Netherlands
Other
If we refer to websites, whether or not via hyperlinks from other parties, we are not responsible for the content of those websites or the services of those parties, or how they process your personal data.
Please note that we may make changes to this privacy notice from time to time. Where appropriate, we will notify you of such updates. The current version is always available here on our website https://cityfans.com.