Who are we and what do we do?
We are the Plastic Soup Foundation (a foundation incorporated under Dutch law), also trading under the name Beat the Microbead (hereafter Beat the Microbead, we, us and our).
We have developed the App called Beat the Microbead (hereinafter, the App) in order to disclose the problem of plastic microbeads in products and to let you reduce your use of products containing microbeads (our Services). Our website www.beatthemicrobead.org (the Website) and App offer more information about us and our Services.
Beat the Microbead and your Personal Data
Beat the Microbead cares about your privacy and protecting your “Personal Data” – i.e. all information by which a person can be directly or indirectly identified. We process Personal Data in line with the General Data Protection Regulation (GDPR)[1] and other relevant legislation regarding the protection of Personal Data (collectively referred to as Relevant Legislation).
This Privacy Policy explains what kind of Personal Data we process via our Website, App, and Services. It also explains the purposes for which Personal Data is used, how it is protected, and the duration of its storage.
Are you younger than eighteen years old?
If you are younger than eighteen years old, you are not allowed to use our Website, App, and Services without the permission of your parents or legal guardian.
Our role as Data Controller
We process Personal Data in the context of our Services. We determine the purposes and means of these processing activities. This means we act as Data Controller within the meaning of the Relevant Legislation.
What Personal Data do we process and for what purposes do we use them?
Depending on the relationship we have with a person, we process various Personal Data for different purposes. Below is a breakdown of what Personal Data we process when you use our App (Users), visit our Website (Visitors) and make use of our Services, and/or when natural persons / (contact persons of) legal entities donate to and/or sponsor us (Sponsor).
Users
Visitors
Instagram: Privacy Settings & Information Facebook: Data Policy Twitter: Privacy Policy
Sponsors
How long do we store the Personal Data?
It is our policy to store and process only those Personal Data that are essential to provide you with the best possible service. We will not process or store any Personal Data that we do not need. We store Personal Data for as long as we need it for the above purposes. In this regard, we apply at least the following retention periods:
- Personal data in our records for the tax authorities | This data is stored for seven (7) years, unless we are legally obliged to retain the data for a longer period;
- Other Personal Data | We store other Personal Data, including Personal Data of Visitors, only for as long as it is necessary for the purposes. These Personal Data will be deleted as soon as it is no longer necessary for the purposes for which we processed it unless we are legally obliged to retain the Personal Data for longer.
We may also process all aforementioned Personal Data when we have a good faith belief it is necessary to detect, prevent, and address fraud and other illegal activity. Personal Data that we process to prevent fraud (or users who have committed fraud), we store for five (5) years after the last login of User.
Personal Data we process of Users and Visitors may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
Do we share your Personal Data with others?
We use third parties (Data Processors) for e.g. e-mail management, data storage, app development, content management systems (CMS), and communications. We only provide such Personal Data to third-party service providers which are necessary for them to execute the services they provide to us. Our use of Processors is always in accordance with the Relevant Legislation. We have established contractual agreements with all our Data Processors in Data Processor Agreements in which – in line with this Privacy Policy – is defined what these parties may do with your Personal Data, how they must secure it, and when it must be deleted.
Apart from the above, we will not share your Personal Data with third parties, unless we are legally obliged to do so.
Export of data outside the European Union (EU)
We process the Personal Data in principle in the Netherlands. We may transfer Personal Data to parties outside the EU if one of our Data Processors is established outside the EU. The Personal Data will only be transferred to countries and/or parties that provide an adequate level of protection in accordance with the European standards. The transfer of data outside the EU will always take place in accordance with the Relevant Legislation (Chapter 5 of the GDPR).
How do we protect Personal Data?
We make every effort to protect the Personal Data we process from unauthorized and unlawful access, change, disclosure, use, or destruction. We take, among other things, the following technical and organizational measures to protect the Personal Data:
- applying encrypted transmission to limit access to the systems on which the Personal Data are stored;
- limited access to the (Personal) Data for authorized employees on a need-to-know basis;
- encryption through passwords;
- network connection with Secure Socket Layer (SSL) technology;
- applying two-factor authentication internally for accessing the (Personal) Data;
- split of application and database servers.
Cookies
We use cookies on the Website. A cookie is a simple small text file that can be stored on your computer, when you visit the Website. This text file identifies your browser and/or computer. When you revisit our Website, the cookie ensures, for instance, that our Website recognizes your browser or computer.
We use the following types of cookies:
- Functional cookies: Functional cookies are essential to the operation of our Website. They allow you to navigate through our Website and to use the functions incorporated in it.
- Analytical or statistical cookies: Analytical cookies are used to check the quality and effectiveness of the Website. For instance, we can see how many users visit the Website and which pages are visited. We use this information to improve our Website and Services.
- Tracking cookies: Tracking cookies follow the click and surf behavior of our visitors. By means of these cookies we can see whether and when you look at your profile and whether you click through to our Website. We may use these cookies to show you ads based on your interests.
If you do not want cookies to be sent to your device, you can change this in the settings of your device. Please note that some of the functions or services of our Website may not operate, or not so well, without cookies.
Third-party websites
Our Website contains (hyper)links to websites of partners, suppliers, advertisers, sponsors, licensors, or other third parties. We have no control over the contents or links that appear on these websites and we are not responsible for the practices of websites linked to or from our Website. In addition, these websites and their contents and links can change constantly. These websites may have their own privacy policies, user terms, and client policy. Browsing and interaction on any other website, including websites linked to or from our Website, are subject to the terms and policy of that website.
Amendments to this Privacy Policy
We aim to constantly improve our Website, App, and Services. This means, our Privacy Policy could be amended from time to time. If this Privacy Policy is amended significantly, then a notification is placed on our Website along with the updated Privacy Policy.
Your rights and our contact details
As laid down in the Relevant Legislation, you have the right to:
- request us to correct or update Personal Data;
- request Personal Data to be deleted from our database;
- request a copy of the Personal Data that we have processed. A copy of this may also be submitted to another data controller at your request;
- withdraw consent for the processing of data. This does not affect the validity of processing executed before the time that consent was withdrawn;
- lodge an objection to us processing data;
- submit a complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), if the data subject thinks we process data unlawfully.
We are committed to responding to such requests within five (5) working days after receipt. To exercise the rights mentioned above, but also in the event of inquiries, comments, or concerns about the manner in which we deal with Personal Data, please contact us through the contact data below.
Contact Data
Stichting Plastic Soup Foundation
Sumatrakade 1537
1019 RS Amsterdam
The Netherlands
E-mail address: gdpr@plasticsoupfoundation.org
Ch. Of Comm: 52072894
VAT: NL 8502 888 85 B01
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=en