en
  • nl

Privacy statement

It goes without saying that privacy is very important for us. We respect the privacy of all visitors and everyone who comes into contact with Planzelf and actively protect that privacy. Personal data is processed through Planzelf in accordance with the requirements and obligations imposed by the General Data Protection Regulation, (EU) 2016/679 (“GDPR”). In this privacy statement we explain how we handle personal data.

What Planzelf is and who makes it

Planzelf is the online appointment system (the service) which is developed and offered by n·nine. Service providers are the clients of n·nine; these are, for example, businesses, institutions, associations or organisations that want to offer appointments, such as a University, a hairdresser, or a mortgage adviser. Consumers are the customers of those service providers. Using Planzelf, consumers can make their own appointments with affiliated service providers, and/or service providers can invite consumers to make an appointment with them.

n·nine contact details

n·nine VOF
Sonny Rollinsstraat 286
3543GR Utrecht
Netherlands

Telephone: +31 (0)88-PLANZELF
Website: www.nnine.nl
Chamber of Commerce number: 52489299

Who is responsible for processing

Who is responsible for the processing operations depends on the situation. If you use Planzelf as a service provider or register to use Planzelf, n·nine will be the Controller for this personal data. If you make an appointment as a consumer using Planzelf, or if you use (the management module of) Planzelf as a user (e.g. an employee of the service provider), the service provider (n·nine’s client) will be the Controller, and n·nine will be the Processor.

Personal data we process

n·nine processes your personal data because you use our services and/or you personally provide this data to us. In addition, we can also process your personal data because we have been instructed to do so by the service provider, for example when they invite you to make an appointment.

If you use Planzelf as a service provider or register to use Planzelf, the following personal data of the (contacts of the) service provider is processed:

  • Login details (user name and password, only if the service provider does not use Single Sign On);
  • Name of the service provider;
  • Address details of the service provider;
  • First and last names of one or more contacts;
  • Email addresses of one or more contacts;
  • Telephone numbers of one or more contacts;
  • IP address;
  • Other personal data that you actively provide, for example by creating a profile, in correspondence, and over the telephone.

If you use (the management module of) Planzelf as a user (e.g. an employee of the service provider), the following personal data is processed:

  • Login details (user name and password);
  • First and last names;
  • Email address;
  • IP address;
  • Other personal data that you actively provide, for example by creating a profile, in correspondence, and over the telephone.

If you make an appointment as a consumer using Planzelf, or if you are invited by the service provider to make an appointment, the following personal data is processed:

  • First and last name;
  • Email address;
  • Telephone number;
  • IP address;
  • Other personal data that you actively provide, for example by creating a profile, in correspondence, and over the telephone.

Consumers may also be obliged to provide login details if the service provider opts for this. In that case we also process login details on behalf of consumers (user name and password).

Some service providers may request additional information to be better prepared for the appointment. This personal data is not obligatory and we only process it if you actively provide it to us.

Special and/or sensitive personal data we process

Planzelf does not have the intention to process special personal data as referred to in the GDPR. We therefore request you not to provide Planzelf with special personal data. If you are convinced that we have nevertheless processed personal data, please contact us via info@planzelf.nl and we will remove this information.

Planzelf does not intend to process data of persons under the age of 16 either, unless they have been granted consent by their parents or guardian. However, we are unable to check whether a user or visitor is aged 16 or over. We therefore recommend that parents are involved in the online activities of their children, to prevent data regarding children from being processed without parental consent. If you are convinced that we have processed data regarding a minor without that consent, please contact us via info@planzelf.nl and we will remove this information.

For which purpose and on what ground we process personal data

We only process personal data insofar as this is necessary for the provision of our services. We specifically process the personal data for the following purposes.

If you use Planzelf as a service provider or register to use Planzelf, the personal data will be processed:

  • For being able to identify, authenticate and authorise the visitor or user;
  • For creating an account;
  • For being able to provide support;
  • For being able to send information on (amendments to) Planzelf;
  • For being able to send invoices and to process payments;
  • For security, checking and prevention of misuse and improper use, and the prevention of inconsistencies and inaccuracies in the processed personal data;
  • For compliance with statutory obligations.

If you use (the management module of) Planzelf as a user (e.g. an employee of the service provider), the personal data will be processed:

  • For being able to identify, authenticate and authorise the visitor or user;
  • For (possibly) being able to offer appointments to consumers;
  • For being able to read out the availability of the employee;
  • For being able to enter appointments in the employee’s diary;
  • For security, checking and prevention of misuse and improper use, and the prevention of inconsistencies and inaccuracies in the processed personal data;
  • For compliance with statutory obligations;
  • Because we were instructed to do so by the service provider (the Controller).

If you make an appointment as a consumer using Planzelf, or if you are invited by the service provider to make an appointment, the personal data will be processed:

  • For being able to identify, authenticate and authorise the visitor or user;
  • For being able to make an appointment;
  • For being able to invite you to make an appointment;
  • For entering the appointment in the diary of the (employee of the) service provider;
  • For sending a reminder for the appointment via email or text message;
  • For being able to change and/or cancel the appointment;
  • For security, checking and prevention of misuse and improper use, and the prevention of inconsistencies and inaccuracies in the processed personal data;
  • For compliance with statutory obligations;
  • Because we were instructed to do so by the service provider (the Controller).

Automated decision-making

In some cases, n·nine takes an automated decision based on personal data. If a client (a service provider) does not pay an invoice in good time, we will automatically send this client some reminders. If payment is still not forthcoming, we will automatically block the services this client purchases from us. If this does not have any results either, we will engage a collection agency before automatically terminating services.

How long we retain personal data

n·nine does not retain your personal data longer than is strictly necessary for realising the purposes for which your data is collected. If personal data is not necessary anymore for realising the purposes for which your data was collected and there are no statutory obligations to retain the personal data, that personal data will in any case be finally removed after three months or, in the event of correspondence by email, after 180 days after the moment the data was deleted by us. This applies, because, for example, Google retains backups that are removed after 180 days.

Sharing personal data with third parties

n·nine shares your personal data with various third parties if this is necessary for the performance of our services, or if this is necessary for the performance of the agreement with the service provider, or for compliance with any statutory obligation. These third parties may be located outside the EU or the EEA. We conclude a processing agreement with third parties that process your data on our behalf to ensure a similar level of protection and confidentiality of your data. n·nine remains responsible for these processing operations. If we provide your personal data to other third parties, we will only do so with your explicit consent.

Below you will find an overview of third parties we share personal data with:

Third party name: TransIP
Jurisdiction: Netherlands
Purpose of processing: We use TransIP for hosting Planzelf, including the Planzelf applications and websites.
Third party name: Antagonist
Jurisdiction: Netherlands
Purpose of processing: We use Antagonist for hosting the nnine.nl website.
Third party name: Rollbar
Jurisdiction: United States
Purpose of processing: We use Rollbar to be able to analyse any errors found in Planzelf, so we can remedy these as quickly as possible. In principle, no personal data is sent to this party, but just to make sure, we have concluded a processing agreement.
Additional measures: Rollbar is EU – U.S. Privacy Shield certified.
Third party name: Moneybird
Jurisdiction: Netherlands
Purpose of processing: Using Moneybird we process contact details such as the first and last name, the address, the email address, and the telephone number of some of our clients and/or their contacts to be able to send invoices and for our financial records.
Third party name: Finovion
Jurisdiction: Netherlands
Purpose of processing: Finovion helps us with our financial records and administration and for this reason processes personal data of our clients.
Third party name: Google LLC
Jurisdiction: United States
Purpose of processing: We use the Google Suite for inter alia email and storage.
Additional measures: Google LLC is EU – U.S. Privacy Shield certified.

Cookies, or similar techniques, that we use

Cookies are small text files that are automatically placed on your computer, mobile phone, tablet or other device when you visit our website. There are several types of cookies, depending on the purpose. We use functional cookies and session cookies, that ensure a proper functioning of our websites. We always place these types of cookies. If we place other types of cookies (e.g. tracking cookies), we will always inform you in advance and we will also inform you on how to disable these cookies.

Google reCAPTCHA

On our website we use the reCAPTCHA service provided by Google Inc. (Google). We use this service to verify that a sign-up or a message sent through a form on this site has been sent by a person and not by so-called ‘spam bots’. In order for the reCAPTCHA service to work, it requires sending the IP address and possibly other data of a visitor. Google will process the contents of a message that is sent for this purpose. In countries that are member states of the European Union and states that are party to the agreement on the European Economic Area, the IP address is truncated and as such anonymized. A full IP address is only transmitted to a Google server in the United States in exceptional cases and will then be truncated there.

Google will use this information on behalf of the owner of this site to evaluate your use of this service. The IP address will not be merged with any other data from Google. This data collection is subject to the data protection regulations of Google (Google Inc.).

For more information about Google’s privacy policy, please visit: https://www.google.com/intl/en/policies/privacy/. If you sign up for an account or if you send a message through this website, you will be using Google reCAPTCHA. By using the reCAPTCHA service, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Access to, amendment or removal of data

You have the right to access, correct or remove your personal data. In addition, you have the right to withdraw any consent to the processing operations or object to the processing of your personal data by n·nine, and you have the right to data portability. This means that you can submit a request to us to send the personal data we have of you to you or to another organisation, named by you, in a computer file.

You can send a request for access, correction, removal, data portability of your personal data or your request for withdrawal of your consent or objection to the processing of your personal data to info@planzelf.nl.

To make sure that the request for access was made by you, we ask you to send a copy of your proof of ID along with your request. Black out your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number, and Citizen Service Number (Dutch BSN) in this copy for the protection of your privacy. We will respond as soon as possible, but within four weeks, to your request.

n·nine also wants to point out to you that you have the option of lodging a complaint with the national supervisory authority, the Dutch Data Protection Authority. You can do so through the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons

How we protect personal data

n·nine is committed to the protection of your data and takes appropriate measures to prevent misuse, loss, unauthorised access, unwanted disclosure, and unauthorised alteration. If you feel that your data is not adequately protected or if there are indications of misuse, please contact us via privacy@planzelf.nl.

Amendments to the privacy statement

We may amend this privacy statement from time to time. This is why we recommend that you occasionally consult this privacy statement to check whether any amendments have been made. In case of major alterations, we will inform you through our website.

This privacy statement was last amended on 21 Dec 2018.