PRIVACY STATEMENT FOR CUSTOMERS AND WEBSITE VISITORS
Duux Holding B.V., Duux B.V. and all related companies ("Duux") processes personal data of (potential) customers and other individuals. Duux is engaged in the development, design, production and sale of various air treatment products and the management and further development of, and provision of service for, these products.
As a company, Duux highly values privacy. It therefore processes personal data only in accordance with applicable privacy legislation, including the General Data Protection Regulation ("GDPR"). In this statement, Duux provides you with information about how it processes your personal data and the options available to you in that regard.
Our contact details
Duux is the data controller of the processing operations it performs using your personal data. If you have any questions about this statement or Duux's handling of your personal data, please ask them using the contact information listed below. You may also submit requests that pertain to your individual rights regarding your personal data via the email address mentioned. You can read more about this later in this statement.
5406 TE Uden
Type of personal data and purposes of processing
Duux receives your personal data because you disclose them or because you use Duux's products or services. The data may have been disclosed, for example, through an online contact form, through a user app, by email, by post or in (phone) conversations. The disclosure of personal data through use of the products may include personal data that we receive when your device makes contact with the Internet or because the device automatically issues a technical notification, e.g. in the event of a crash. Additionally, personal data of visitors to the website are automatically collected and processed during your visit to our website.
Duux may process the following personal data, among others:
- technical data, including the brand of the device the app is installed on, model, operating system, IP address, device name and account ID;
- name and address data, including first and last name, address details and town/city;
- contact data, including phone number and email address;
- financial data, including your account number, the account name and other data in connection with payments;
- other personal data that are actively provided by you, e.g. by creating a profile on the website or in the app or by providing data in correspondence or conversation
Duux may process this and other personal data for the following purposes:
- establishing and maintaining contact;
- answering questions asked by you or providing information requested by you;
- processing orders and delivering products;
- providing services associated with its products, including offering a user app;
- maintaining and further developing existing products and services, including the platform and user app, and for the development of new products or services;
- analysing the use of its website and other communication channels;
- keeping proper records and internal management, including financial records such as invoicing and collecting payments;
- meeting and fulfilling legal obligations, such as providing mandatory information to customers;
- monitoring and securing its online environments and services;
- handling any complaints you may have and resolving disputes;
- Maintaining client network and conducting relationship management;
- marketing, sales and communication activities, such as online marketing and advertising or sending out a newsletter or advertising flyer.
Legal basis for processing
The processing operations for the aforementioned purposes each have at least one legal basis. These legal bases are:
The free, explicit, unambiguous consent granted by you for processing data for one or more specific purposes (e.g. through an opt-in system for permission to use your personal data for sending you a digital newsletter). If Duux processes personal data based on the consent you have granted, you have the right to withdraw this consent at any time (in the case of the email service, by unsubscribing). If processing is done solely on the basis of the consent you have granted, then after you withdraw your consent, no further data may be processed. The withdrawal of consent does not affect the legitimacy of processing based on the consent before its withdrawal.
Providing you, at your request, with a quote or cost estimate for products you are interested in before the purchase agreement is formally concluded.
Performance of an agreement
Processing personal data in this case is necessary for the performance of the agreement, e.g. processing your address data to deliver a product or processing your contact data to send you a confirmation.
Processing personal data is necessary to comply with statutory obligations incumbent on Duux as a data controller (e.g. retaining payment data to audit our records).
Balance of interests
When the processing is necessary for the protection of the legitimate interests of Duux or a third party (e.g. to preserve communication about a product or the settlement of a complaint or a return of goods or to be able to conduct a marketing or sales campaign).
Consequences of not providing personal data
Duux will inform you when it is necessary to provide certain personal data to be processed by Duux pursuant to:
- a statutory or contractual obligation and/or;
- because this is a necessary condition for entering into an agreement.
In that case, you will also be informed of the consequences of your possible refusal to provide these personal data. Often this will mean that Duux cannot enter into an agreement with you, must terminate its agreement with you and/or cannot (fully or correctly) perform its agreement with you. Additional personal data may be requested at any stage in the performance of the agreement between Duux and you. This will include an explanation of the consequence of not providing these personal data.
Duux will not retain your personal data longer than is necessary for the purpose for which Duux collected and recorded them. In doing so, Duux will always need to comply with any applicable statutory retention obligation. Where there are multiple grounds or reasons why Duux retains personal data from you, the longest retention period will always be used.
Through the web portal, a customer can access a management environment where things can be set up and changed independently. Duux retains your personal data and your order history in your account. The data in your account are retained by Duux for as long as you are an active customer. In addition, you can request the deletion of your data in your account at any time.
If you make general information requests and/or ask questions, Duux will retain your personal data for two years.
If you have indicated that Duux may inform you about developments, (new) products or services and other information of interest, Duux will keep your personal data until you unsubscribe, after which your data will be removed within four weeks.
If you place an order with Duux, Duux will store your personal data for 7 years according to the statutory retention period.
Additional information on disclosure and processing
Your personal data may be disclosed to other recipients, provided there is a legitimate reason that fits the purpose for which you provided the personal data and there is a basis for such disclosure.
Performance of the agreement
Thus, Duux may provide your personal data to third parties when necessary or desirable to properly perform and fulfil the purchase order you have given. For example, Duux may share data with third parties to process the order or settle the payment obligation. Examples could include the mail or package delivery company or a collection agency.
Statutory obligations or requirements
Duux shares your personal data when it believes it is necessary to comply with applicable laws, regulations, legal procedures or requests by public authorities. For example, an investigative service may make a request to obtain data or Duux may have to proactively report certain matters to the authorities to comply with a legal duty.
Other necessary purposes
With your consent, Duux may or may not provide your personal data to third parties at your request. This applies only to cases where it is clear that your consent relates to specific personal data and third parties.
When a party qualifies as a processor within the meaning of the GDPR, Duux will enter into a processor agreement with that party. Based on the GDPR, third parties to which Duux provides your data are themselves responsible for the processing and protection of these data.
Duux seeks to limit the transfer of personal data to third countries or international organizations to an absolute minimum. When this involves one of the external parties with which Duux works, the agreement Duux enters into with them will require appropriate safeguards, mostly necessitating the use of EU model contracts, insofar as there is no adequacy decision for the third country in question.
Protection of personal data
Duux has implemented appropriate technical and organisational measures to prevent the loss of personal data or unlawful processing such as misuse, unwanted disclosure to the public and unauthorised access. On the one hand, these are preventive measures: measures that prevent a threat or breach from resulting in the loss of personal data or unlawful processing. On the other hand, Duux has taken measures to facilitate detection and suppression: measures that, when loss of personal data or unlawful processing does occur unexpectedly, detect the incident as quickly as possible and minimise its consequences. Duux has also implemented recovery measures and corrective measures in case unexpected loss of personal data or unlawful processing does occur.
Under privacy legislation, you have several individual rights that you can invoke. These are the right to inspect/copy, the right to rectification/correction, the right to have personal data erased (the "right to be forgotten"), the right to restrict the processing related to you, the right to object and the right to portability of your personal data. These are not absolute rights. This means that Duux does not have to comply in all cases when one of these rights is invoked. Duux will get back to you within one month of receiving a request from you invoking one of the aforementioned rights. In doing so, Duux will indicate, for example, whether the request has been granted or whether the one-month review and response period should be extended. The exercise of the right(s) by you is in principle free of charge. You may exercise your rights by submitting a request using the contact information provided in this statement.
Dutch Data Protection Authority
Should you, despite Duux's careful approach to the processing and protection of personal data, have a complaint about this, you have the right under privacy legislation to file a complaint with the Dutch Data Protection Authority. See their website for information about this: www.autoriteitpersoonsgegevens.nl.
Amendments to the privacy statement
This privacy statement was created on 21 June 2023 and is subject to change. The amended privacy statement will be posted on this website. The fact that it has been amended will be clearly communicated.
In addition to the preceding privacy statement, the cookie statement below applies. A cookie is a small text file that is stored in the browser of your computer, tablet or smartphone when you first visit this website.
Duux uses functional, analytical and tracking cookies.
You are free to disable cookies through your browser. However, please note that this may cause our website to stop working optimally.