Privacy Statement Brocacef Groep N.V.

Brocacef Groep N.V. and its subsidiaries, hereinafter referred to as Brocacef, process personal data. The most important divisions of Brocacef Groep N.V. are:

• Brocacef B.V.

• Brocacef Centrale Diensten B.V.

• Brocacef Facilitair Bedrijf B.V.

• Brocacef Ziekenhuisfarmacie B.V.

• Brocacef Healthcare Logistics B.V.

• Brocacef Healthcare Services B.V.

• Brocacef Maatmedicatie B.V.

• Brocacef Supplies & Services B.V.

Separate privacy statements apply to the different divisions of the Brocacef that fall under the BENU brand, which can be found at the following places:

• BENU Apotheken BV
• BENU Direct BV
• Retail E-commerce B.V.

We strive within the confines of the law to use your personal data carefully and securely. In this Privacy Statement we describe who we are, how and for what purposes we process your personal data, how you can protect your privacy rights and what else may be of importance to you.

If you still have questions about our use of your personal data after reading the Privacy Statement, please feel free to contact us. You can read how you can do this further on in this statement.

Lastly, we would also like to inform you that our services are evolving and consequently so is our Privacy Statement. We therefore recommend that you regularly check whether there are any amendments, so that you know exactly where you stand. You can read at the bottom of this page when this Privacy Statement was last amended.

Who are we?

Brocacef is located at Straatweg 2, 3604 BB in Maarssen, the Netherlands. The aforementioned divisions of Brocacef Groep N.V. are the ‘Controller’ within the definition of the law for the processing of personal data as set out in this Privacy Statement.

What personal data does Brocacef collect from you?

Brocacef collects different categories of personal data:

• Personal details (e.g. name, address, place of residence, email address, telephone number)

• Account information (e.g., username and password)

• Purchase details (e.g. date of purchase of a particular product)

• Marketing preferences (e.g. whether you have signed up or unsubscribed to email offers)

• Interaction details (e.g. your contact with customer services or any digital and/or written correspondence)
  
  We receive the personal data as described above directly from you as well as via third parties insofar as this is in accordance with the law. We trust that you will be informed by these third parties.

Personal data that you have provided directly to us:

• Personal data that you provide when you create an account and/or other information that you submit and disclose via our website.

• Personal data that you provide when purchasing a product or service

• Personal data that you provide resulting from your surfing behaviour on our website

• Information that you provide in the context of (among other things) correspondence, feedback, assistance (Q&A), dispute resolution, etc.

Personal data about others that you provide directly to us

It may be the case that you share personal data about other people with us. For example, the address or contact details of others. Please note that it is your own responsibility to verify that these individuals approve the disclosure of their personal data to Brocacef.

Personal data we receive from third parties

Amongst other things, we may receive supplementary personal data, such as from services provided by third parties, insofar as this is in accordance with the law, e.g. because you have given your consent.

Which purposes does Brocacef process your personal data for?

Brocacef collects and processes personal data in order to be able to carry out the agreement(s), administration, communication, marketing (personalised or non-personalised) and, for example, for fraud investigations and to comply with any legal obligations.
For quality and management purposes, Brocacef uses anonymous data as much as possible and therefore not personal data. The various purposes, as outlined above, are described in more detail below.

Within the framework of an agreement

For the preparation, conclusion, realisation and possible termination of the agreement(s) between you and Brocacef.

Administration 

For the realisation and audit of the administration of Brocacef in the broadest sense

Communication, marketing and customisation purposes

For the provision of customer services, for making (potentially personalised) offers, and/or for providing and exchanging information about the activities of Brocacef. 

Quality and management purposes

In order to examine and improve the quality of services, processes and systems, to provide information to management and internal audits.

Laws and regulation

For identification purposes, tocombat fraud, manage internal controls and operational safety as well as to comply with laws and regulations.

On which legal grounds does Brocacef base the processing of your personal data?
The law contains a restrictive list of covenants justifying the processing of your personal data. Brocacef makes use of four of these legal grounds. Our processing of your personal data takes place in order to fulfil an agreement, on the basis of a legal obligation and/or on the basis of a legitimate interest of Brocacef or your consent.

Fulfilment of the agreement

We use your personal data to fulfil the agreement you have with us.

Consent

In some cases, we may process your personal data with your consent, for example to send you a newsletter. You can, of course, withdraw your consent at any time. You can find out how to do this under the heading 'Can I withdraw my consent at a later date?

Legitimate interest

We also use your personal data for the legitimate interests of Brocacef. Under the following heading, you can read more about these interests, such as those relating to our business operations. 

What is the legitimate interest of Brocacef with respect to the processing of your personal data?

The processing of personal data is crucial to maintain a good relationship between Brocacef and its clients, or for the fair business interests of Brocacef itself. For example, to inform our clients about new products, services and activities, or to represent the interests of Brocacef in possible legal proceedings.

Who does Brocacef provide your personal data to?

Brocacef may provide your personal data to third parties in accordance with this Privacy Statement and the law. Brocacef will not disclose your personal data to third parties for any eventual marketing purposes without your explicit consent.

Your personal data may be received by the categories listed below:

Group companies

We may share personal data with our group companies to jointly provide content and products and/or services (such as registration and customer support), to help develop products, websites, applications, services, tools and communications, and to prevent, detect and investigate potentially illegal activities, violations of our policies, fraud and/or data security breaches.

Authorities

For example, supervisory bodies, tax authorities, police and other legal bodies. We may share your personal data:

• in order to comply with legal obligations or a court order or

• when such action is necessary for the prevention, detection or prosecution of criminal offences (such as fraud, deception or prosecution), or

• if it is necessary to enforce our policies or to protect the rights and freedoms of others.

Business Service Providers

For example, a mail order company commissioned by Brocacef to deliver the product you have purchased, or an organisation commissioned by Brocacef to provide customer services.

Miscellaneous

Any third party from whom we have received your consent to disclose your personal data (e.g. within the context of a collaboration), and/or of which Brocacef is part of now, or in the future, as a result of a reorganisation, merger or takeover.

Is your personal data processed outside the EU?

No. Your personal data will only be processed within the borders of the European Union. All European countries must comply with the same statutory regulations, which aim to ensure a consistent level of data protection at a European level where processing personal data is concerned.

How long will your personal data be stored?

Your personal data will be deleted/anonymised when it is no longer needed for the purposes described above. In addition, Brocacef will under no circumstances keep your personal data longer than what is legally permitted.

How can you manage your own personal data?

You have the right to access, correct and/or delete the data that Brocacef collects about you. You can also exercise the following rights with Brocacef: the right to restrict the processing of your personal data, the right to transfer your personal data and the right to lodge an objection. You can find out below where and how you can exercise these rights.

If you wish to access the complete processing of your personal data and/or to correct or delete data (insofar as this is legally permissible) that you are unable to amend yourself, you can get in touch with your contact person at the respective division of Brocacef.

In order to exercise your right to restrict the processing of your personal data, the transferability of your personal data or to lodge an objection, then you can also submit your request to your contact person. Please note that Brocacef may request additional information to verify your identity.

Can you withdraw your consent at a later date?                                   

If you have given permission for the processing of certain personal data, you can always withdraw your consent. Please note that the withdrawal of your consent does not have a retroactive effect and that the withdrawal of consent is only possible if you have granted that consent first.

You can inform us of the withdrawal of consent via your contact person at the applicable Brocacef division.

Are you dissatisfied with the way Brocacef handles your information? We appreciate it if you first contact your contact person at Brocacef to discuss this. Brocacef takes any complaints seriously and documents every complaint in writing. Are you unable to find a solution with your contact person? Then you can make use of our complaints procedure. You also have the right to submit a complaint to our Data Protection Officer, who can be reached via dpo@brocacef.nl. Are you unable to resolve the matter with Brocacef? Then you can submit your complaint to the Dutch Data Protection Authority via thewww.autoriteitpersoonsgegevens.nl website.

Are you under obligation to provide personal data to us and what if you do not wish to provide personal data?

In some cases, Brocacef will require you to provide personal data. For example, to be able to enter into an agreement with you or to provide a service. You do not have to provide any personal data in the information fields that are not marked with an asterisk (*).

Should the provision of your personal data be essential for us, we will draw your attention to this by indicating this with an asterisk (*). If you choose not to provide the requested personal data, we will not be able to enter into the relevant agreement or provide the relevant service(s). If you fill in the information fields that are not marked with an asterisk (*), you thereby give Brocacef your consent to process your personal data.

How does Brocacef make use of profiling?

We are keen to approach you in a personal and relevant way. To achieve this, we link, combine and analyse personal data in order to determine the most relevant target groups and segments, content, advertisements, information, times and channels and to limit any commercial contact pressure. In doing so, we also make use of external sources. No specific (sensitive) personal data is processed in the profiles.

When was this Privacy Statement last amended?

This Privacy Statement was last amended on and is in effect per 14-01-2021.