Mirage Retail Group B.V. Privacy Statement
Mirage Retail Group BV, with its registered office and principal place of business at Van Der Madeweg 13, 1114 AM in Amsterdam (“Mirage Retail” or “we”) is responsible for the processing of personal data. We respect your privacy and therefore find it extremely important that your personal data is processed carefully and correctly. When processing your personal data, Mirage Retail complies with current privacy laws and regulations, including the General Data Protection Regulation (“GDPR”) and resulting laws and regulations.
In this privacy statement, we describe how we handle your personal data. We recommend that you read this privacy statement carefully.
Use of Personal Data
If we collect personal data from you, we will not use this personal data for any purpose other than for which it was collected, unless you have explicitly given your permission for this beforehand.
How do we collect your data?
We record data that you provide to us voluntarily, for example when you communicate with us by email or in another way, when you meet up with someone from Mirage Retail in person, when you request information from us, when you send information to us or when you apply for a job with us.
Your data can be supplemented with information from other public sources, such as search engines, sector-specific newsletters and social media. Due to the nature of our activities and operations, your data may be provided to us by professional parties (while maintaining confidentiality).
What information do we collect?
What data we collect depends on the relationship between you and Mirage Retail. In general, we record your name, postal address, e-mail address, job title, telephone number, company name and corporate structure.
Your CV, employment history, nationality (including a copy of your ID), references, due diligence results and information about your financial position in relation to deals/investments may also be recorded.
How do we use this data?
We use your data to contact you, to assess potential transactions, to record our investments, to meet legal obligations and for recruitment and communication purposes.
In accordance with the GDPR, our legal basis for collecting and recording your data is that we need to do so to carry out our activities and to communicate efficiently.
What legal basis justifies the processing?
Mirage Retail requires a legal basis for processing your personal data. We process your personal data in accordance with one or more of the following legal bases:
Execution of the agreement – We use your personal data to take the necessary steps for entering into and executing the agreement that we have entered into with you.
A legitimate interest of Mirage Retail, unless the interests of the data subject or third party outweigh our legitimate interest.
Permission granted by you – We have the right to use your personal data for certain marketing purposes subject to your prior permission. You can withdraw this permission at any time.
Legal obligation – In certain cases, there is a legal obligation to process personal data. For example, providing data to enable implementation of tax legislation or collecting identity data in compliance with the Dutch Money Laundering and Terrorist Financing (Prevention) Act.
How do we secure your personal data?
We have taken appropriate and sufficient technical and organisational measures to protect your data against loss and unauthorised access by third parties.
We ask the same from our service providers and we record this in a contract.
How long do we retain your personal data for?
We never store your personal data for longer than is strictly necessary for the purpose for which we collected the personal data, for the execution that we have agreed with you under an agreement or to comply with the statutory retention periods or those in the event of a dispute arising with another party.
If the retention period has expired, we will destroy the collected data in an appropriate manner.
Forwarding of personal data to third parties within or outside the EEA
We may engage third parties such as contractors/suppliers who, in their capacity as processors, will process the personal data collected by us on our behalf. In such cases, we remain responsible for the processing of this personal data and we conclude processing agreements with these third parties. It is also possible that the responsibility for handling the personal data shifts to a third party, in which case that third party will be jointly responsible. Agreements are entered into with those sharing responsibility.
It may be necessary for us to forward your personal data to third parties outside the European Economic Area (EEA). In this case, we will only pass on your data to countries outside the EEA if the European Commission has decided that the relevant country guarantees an adequate level of protection.
What are your rights?
You enjoy a variety of rights aimed at keeping control over your personal data. We do of course respect these rights, which are described below. You can invoke your rights by sending an e-mail to firstname.lastname@example.org. We will respond to your request within 4 weeks. Before we can honour your request, we are obliged to check your identity.
Right of inspection
You have the right to receive copies of the personal data that we process about you, to be notified of the purpose of processing and what retention periods we apply. You can submit a request for review at any time.
Right to be forgotten
You have the right to withdraw the permission you previously granted for the processing of personal data at any time or you can object to the use of your personal data. In case of withdrawal of your permission, we will stop processing your personal data immediately after receiving your request.
Right to rectification and addition
It is important that the personal data we process about you is correct and current. To guarantee this, you have the right to request us to supplement, correct or delete your personal data at any time. In that case, we are obliged to take all reasonable measures to rectify or supplement your personal data.
Right to data portability
You have the right to transfer the personal data we have collected from you to another party. You can request this personal data from us, after which you are free to transfer this data to third parties.
Right to restriction of processing
If the data that we process about you is possibly incorrect, if the processing is unlawful, if the data is no longer needed or if you object to the use of your personal data, you have the right to restrict the processing of your personal data.
Right to object
You have the right to object to the processing of your personal data in the case of direct marketing. In that case, we will immediately stop processing your personal data for that purpose. You also have the right to object to the processing justified by us on the basis of a ‘legitimate interest’. In that case, we must demonstrate that the legitimate grounds we put forward for our processing outweigh your rights and freedoms.
Right to file a complaint with the Dutch Data Protection Authority
We are committed to ensuring your privacy at all times. If despite our efforts you have a complaint about the way in which we aim to ensure your privacy, you can first contact Mirage Retail at email@example.com. If that does not produce the desired result, you can contact the Dutch Data Protection Authority (“AP”). The AP contact details can be found on their website: https://www.autoriteitpersoonsgegevens.nl/en
Suspected data breach
If you suspect a data breach, we ask you to contact us directly at firstname.lastname@example.org. We will investigate the data breach and, if necessary, immediately report the breach to the AP.
We reserve the right to adjust or change this privacy statement at any time. We therefore advise you to regularly consult this privacy statement.
This privacy statement has been valid since 25 May 2018 and was last amended on 10 July 2020.