Stay up to date, leave your mail address
In this privacy statement, the Cobraspen Groep outlines how it handles personal data supplied by customers, clients, website visitors, suppliers and other concerned parties. As the parent company, Cobraspen Groep B.V. is the controller in the sense of the provisions of the General Data Protection Regulation (Algemene Verordening Gegevensbescherming, AVG).
This privacy statement may be updated from time to time. The most recent version will be published on this page and on the website https://www.cobraspen.nl.
The following websites and the associated companies are part of the Cobraspen Groep:
This privacy statement is also applicable to the website that you are currently visiting.
Beachhouse Hotel is part of the Cobraspen Groep holding, through the subsidiary Beachhouse Hotel B.V. This privacy statement is therefore also applicable to all concerned parties linked to Beachhouse Hotel.
Controller contact information
Cobraspen Groep B.V., Elswoutslaan 20, 2051 AE OVERVEEN +31 (023) 526 49 49 https://www.cobraspen.nl
Mr J. Deumens is the IT Specialist and Data Protection Officer for the Cobraspen Groep B.V. If you have any questions or requests, please contact him by sending an email to firstname.lastname@example.org.
Personal data that we process
Personal data is understood to be all data offering information about an identified or identifiable natural person. Cobraspen Groep B.V. and its subsidiaries process your personal data because you use our services and/or you have supplied us with this information. For example, in the process of renting property (a residence, office space, event location or hotel room).
We process the following personal data:
- First and last name
- Address information
- Email address
- Company name
- Telephone number (mobile, direct and/or office)
- Chamber of Commerce information
- Bank account details
- Company website
- Position and department
- Date of birth
- Days at work
- Dietary requirements/allergies/illnesses and physical conditions (pregnancy, disability, overstress).
If you stay as a guest at one of the Cobraspen Groep hotels, we also collect the following additional data:
- Passport number
- Credit card number + expiry date.
Objectives and fundamentals
In accordance with privacy legislation, we are required to state the purposes for which we use your data and the legal grounds for us to do so. Your data is necessary to enable us to prepare and execute contractual agreements between you and Cobraspen Groep B.V. or one of the group’s subsidiary companies. Such an agreement cannot be realised without this information. This applies to:
- Renting an office space
- Selling or letting property
- Renting a hotel room or apartment
- Hiring an event location
- The use of other catering facilities (restaurant)
- Using internet services offered by our internet service provider during an event.
We can also use your personal data if there is a justified interest for us to do so. First and foremost, this interest concerns being able to offer all of our (potential) customers, clients, suppliers and other concerned parties the best and most personal service possible. Marketing activities are also a justified interest. Your privacy is always of the highest priority. The following activities are specific examples of cases of justified interest:
- Reviews & customer satisfaction research
- A visit to (one of) the Cobraspen Groep website(s)*
- Newsletter and email
- Personalised advice
- Social media
- Security, Wi-Fi & cameras.
And finally, we are sometimes legally obliged to process your data, e.g. for financial purposes. In some cases, you will have given us permission to use your data, such as when you subscribe to the newsletter. We keep meticulous records and you can unsubscribe at any time.
We will not store or use your data for longer than is strictly required. All of your data is subsequently deleted or anonymised for use in internal analyses or reports. It is impossible to trace such anonymised data back to individuals.
What does this mean in practice? We apply certain retention periods, after which we delete your data. Specifically:
- We delete inactive customer accounts after 7 years. After this period, we only use your data anonymously for internal reports.
- The Tax Office requires us to retain our administration with your invoice, payment and ordering information for 7 years. After this period, we only use this data anonymously for internal reports. It is important that you also retain copies of invoices from your agreements.
- If you have subscribed to the newsletter or given permission for us to send you personalised messages, we retain this permission in order to prove that you indicated your desire to receive these messages in a certain period. If you decide that you no longer wish to receive the newsletter or personalised messages, we also retain the withdrawal of your permission.
- We retain emails and contact requests for a maximum of 2 years, unless you request that they are deleted at an earlier time.
- We store CCTV recordings made of our buildings for a maximum of 4 weeks, unless we detect suspicious activity requiring further investigation or if the recordings need to be stored for longer in connection with an incident.
- The above stipulations do not alter the fact that we are at liberty to store data for a longer period of time in the case that this data is required for handling potential (legal) disputes.
Sharing personal data with third parties
We only share your data with third parties if this is strictly necessary for the services we offer. Such third parties are: suppliers, payment partners, IT service providers and parties that collect our reviews. Parties such as data management platforms, media and advertisement agencies and research agencies become involved when we want to offer you personalised advice or display targeted advertisements, e.g. tailored to your interest in certain products/services. In cases of suspicious circumstances, we are obliged to share customer data with the relevant authorities.
The parties that we grant access to your data are only permitted to use this information in order to supply you with a service on behalf of Cobraspen Groep B.V. or one or more of its subsidiaries, unless they are individually responsible for obtaining and protecting your data. Some cookie developers have access to the information collected by cookies on our website. More information on this subject is available in our cookie statement and in the privacy policies of these parties. We will never sell your data to third parties
Viewing, amending or deleting data
You have the right to view your personal data and to request that we amend or delete this data. We will take the necessary action if the associated legal requirements are satisfied and no exceptions apply upon which grounds we are required to store the data. You also have the right to retract your permission for the data to be processed and (in certain circumstances) to object to your personal data being processed by the Cobraspen Groep. You also have the right to temporarily restrict the processing of your data and to data transferability. This means that you can submit a request to us for us to send you all personal data we have stored about you in a computer file, insofar as this is within the constraints of the available technology and does not violate the privacy of others.
If you would like to view your data, to have us amend or delete data, transfer your personal data, withdraw permission for the use of your data or lodge an objection against the processing of your personal data, please send an email to email@example.com.
In order to ensure that the request was submitted by you, we may ask you to submit proof of your identity. We will respond to your request as soon as possible, in any case within one month. In the case of a highly complicated request, we may extend this period by two months (if so, we will inform you of this within one month).
If you have a complaint regarding compliance with this privacy statement or regarding a violation of your legal rights, please contact the Cobraspen Groep Data Protection Officer (Mr J. Deumens) by sending an email to firstname.lastname@example.org.
You can also submit a complaint to the national supervisory body, the Dutch Data Protection Authority. Complaints can be submitted using this page (in Dutch):
Personal data security
The Cobraspen Groep will always do its utmost to protect your data and takes appropriate technical, physical and organisational measures to avoid misuse or loss of data, as well as unauthorised access, unwanted publication or unlawful adjustments. These measures include the IT Security Policy, staff training and using secure connections and storage.
If you are concerned that your data is not sufficiently protected or have indications that your data is being misused, please contact us by sending an email to email@example.com.
Overveen, November 2018