Your cart

Privacy policy

Team Gullit is strongly committed to the protection of personal data of individuals. This Privacy Notice describes in which way Team Gullit processes your personal data as a data controller and your privacy and data protection rights. This Privacy Policy is managed by Simulator Corporate B.V., a private limited liability company organized under the laws of the Netherlands, having its registered office at Keesomstraat 10E, 1821BS Alkmaar, the Netherlands, registered with the Netherlands Chamber of Commerce under number 59790970, and all its affiliated companies globally (hereinafter referred to as: “Team Gullit”, “we”, “us”, “our”).

We strongly recommend you to familiarize yourself with this Privacy Notice, together with any other notices, policies and/or statements we may provide to you in order to be fully aware on how we process your personal data and your privacy and data protection rights. This Privacy Notice supplements any other notices, policies and/or statements and will not overrule them.

This Privacy Notice is not applicable to the provision of goods and/or services of third parties, for which these third parties are responsible for themselves. For information about how these third parties process your personal data, we kindly refer you to the privacy notices and/or other information provided by these third parties.

I

We process various personal data of individuals based on specific legal grounds for processing and for different purposes. For the purpose of this Privacy Notice, the term personal data refers to any information relating to an identified or identifiable natural person as defined in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”). Below you will find an overview of the personal data that we process per category of individuals and the purposes and legal grounds for processing.

  • Business Contacts Categories of individuals: business prospects, contact persons of (former) business contacts, clients of business contacts and partners or vendors of business contacts. Categories of personal data: first and last name, gender, business contact details (e.g. telephone number, email, address, title, employer and website), signature and communication data. Purpose: approaching, contacting maintaining prospects, maintaining contact with (former) business contacts, providing services to business contacts, receive services from business contacts, (financial) administrative purposes, handling any requests, complaints and disputes, determining, exercising and defending our right and complying with legal obligations. Legal basis:

  • contractual obligation. We process personal data of prospects and contact persons of business contacts in order to provide services to or receive services from business contacts.

  • legitimate interest. Our legitimate interest is to adequately provide services to or receive services from business prospects in general and to handle any requests, complaints and disputes.

  • legal obligation. We process personal data in order to comply with legal obligations, such as compliance with (financial) administrative and retention obligations.

  • (Marketing) activities Categories of individuals: website visitors, persons and participants of Team Gullit activities, e.g. meetings, (online) events and (online) learning sessions. Categories of personal data: first and last name, gender, location, telephone number, email, address, social media information, title, employer, data about presence (location, time of arrival and departure), information about the visit and communication data. Purpose: communication, marketing, analysis of website visitors, maintenance, administration and security of our website, marketing and business development, investigation, analysis and statistics, internal control and business operations, handling any requests, complaints and disputes, determining, exercising and defending our rights, complying with legal obligations. Legal basis:

  • consent. We process your personal data only with your (explicit) consent for marketing and activities related purposes, such as subscription to our newsletters.

  • legitimate interest. Our legitimate interest is to offer and optimize the usage of our website and the operation of our events.

  • legal obligation. We process personal data in order to comply with legal obligations, such as compliance with retention obligations.

For more information about the cookies we place on our website, please see our Cookie Policy.

  • Office visitors Categories of individuals: office visitors. Categories of personal data: first and last name, gender, telephone number, email, address, title, employer, data about presence (location, time of arrival and departure), information about the visit, physical appearance and communication data. Purpose: offering and optimizing office facilities, security and protection of our office, employees and data, access registration, control and management, network management and security, access badges procedure and complying with legal obligations. Legal basis:

  • legitimate interest. Our legitimate interest is to protect and secure our office, network infrastructure, staff members, property and data.

  • legal obligation. We process personal data in order to comply with legal obligations, such as compliance with security and retention obligations.

  • Other persons who get in touch with us Categories of individuals: persons that get in touch with us.

Categories of personal data: first and last name, telephone number, email address, title, employer and communication data. Purpose: approaching and maintaining contact, handling any requests, complaints and disputes, determining, exercising and defending our rights and complying with legal obligations. Legal basis:

  • legitimate interest. Our legitimate interest is to maintain any contact or handle any requests, complaints and disputes.

  • legal obligation. We process personal data in order to comply with legal obligations, such as compliance with retention obligations.

Children We do not intent to process any personal data of children under the age of sixteen (16). In the event a parent or guardian becomes aware that his/her child has provided us their personal data without the consent of its parent or guardian, the parent or guardian should contact us via privacy@OneBrand.com. We will delete such personal data without undue delay and in accordance with the timelines as stated under the sections “04 What are your rights?” and “07 Additional information for individuals in the United States of America”. Automated decision-making We do not engage in any automated decision-making processes or conduct any profiling activities in relation to your personal data processed by us

II

We retain your personal data for as long as the existence of a legal basis as described in this Privacy Notice or as otherwise required by the applicable law. The length of retention may vary depending upon certain factors. We may retain your personal data for a longer period of time due to retention obligations, legal compliance requirements, the need to resolve inquiries or complaints or for the purpose of freedom of expression and/or information. The following categories have a limited retention period:

  • Office visitors (CCTV) – we retain your personal data for a maximum period of four (4) weeks. However, in the event the CCTV captured a particular incident, we may keep your personal data for a longer period of time.

We have an internal retention policy in order to safeguard the retention periods of the personal data processed by us. Subsequent to the retention period, we will either erase or de-identify your personal data, or in the event that is not possible, securely isolate by archiving your personal data to prevent any further use until deletion becomes possible.

III

We may share your personal data with the following (third) parties:

  • Team Gullit affiliated companies – we may share your personal data internally with other affiliated entities for e.g. administrative purposes or in order to provide the services to our clients.

  • Business Contacts – we may share your personal data with business contacts of Team Gullit in order to provide, run and manage our internal organization, such as information technology providers and cloud service providers, or for the purpose of partnership and/or sponsorship agreements.

  • Auditors, insurer and professional advisors – we may share your personal data with our external auditor(s) to the extent necessary for audit(s), our insurer in the case of any claim(s) and professional advisors such as law firms in order to establish, exercise or defend our legal right and/or gain advice.

  • Law enforcement or governmental and regulatory institutions – we may share your personal data with the law enforcement or governmental and regulatory institutions in accordance with the applicable laws and regulations, such as courts, police, law enforcement agencies, tax-, customs- and excise duty offices and audit regulators.

Processors The following external parties are engaged when you share your personal data via our website:

  • Google LCC (Google Analytics) Purpose: website analytics Location of processing: worldwide data centers located

  • Hotjar Limited Purpose: website analytics Location of processing: Ireland

  • Name company: Microsoft Purpose: hosting services Location of processing: the Netherlands

  • Shopify International Limited Purpose: online purchases Location of processing: USA

We will only share your personal data with (third) parties when we are legally permitted to do so. We put contractual arrangements and security mechanisms in place for appropriate protection of your personal data and in order to comply with privacy and data protection laws and regulations and confidentiality and security standards and practices. International transfers We may transfer your personal data outside the European Economic Area, or outside any other applicable jurisdiction, provided that such transfer will only be conducted in the event the European Commission has assessed and declared the data protection laws and regulations of such country as adequate, or by means of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and/or the standard contractual clauses adopted by the European Commission, including the performance of transfer impact assessments where required.

 

IV

You have the right to exercise the following individual rights in respect to the personal data we process of you:

  • Right to withdraw your consent – you have the right to withdraw your consent in the event we asked for your (explicit) consent for a certain processing activity of your personal data. The withdrawal of your consent does not impact the legitimacy of the processing of your personal data prior to the withdrawal of your consent. The consequence of exercising this right is that we no longer will process your personal data for the purpose that you have provided consent for. It may be however possible that we process your personal data for another purpose, such as in order to comply with a minimum retention period, whereby you will be informed accordingly.

  • Right of access – you have the right to obtain insight on whether or not we process personal data of you, and where that is the case, access to the personal data that is processed by us and information related to how we process your personal data, including insight in the appropriate safeguards taken in the event of transfer of your personal data outside the European Economic Area.

  • The right to rectification – you have the right to rectify i.e. change or supplement your personal data processed by us in the event your personal data: is factually incorrect; or is incomplete or not related to the purpose it was collected; or is in any other way used in a manner that is in conflict with the applicable law.

  • Right of erasure – under certain conditions, you have the right to obtain the erasure of your personal data we process of you. These conditions are: we no longer need your personal data relation to the purpose for which they were processed; or we processed your personal data based on your (explicit) consent, however you withdrew the consent; or you successfully objected the processing of your personal data by us; we processed your personal data unlawful; or we are obligated to erase your personal data in order to comply with a legal obligation; or personal data of an individual younger than sixteen (16) years old is collected through an app or website.

  • Right to restriction of processing – you have the right to restrict processing of your personal data by us, whereby this right may be invoked in the following situations: you contest the accuracy of your personal data processed by us, whereby during the period in which we assess your contest we will not process your personal data; or we process your personal data unlawfully and you request the restriction of use instead of erasure; or we may no longer process your personal data, however you do not want us to erase your personal data due to establishment, exercise or defence of legal claims; or you objected against the processing of personal data by us, whereby during the period in which we assess your objection we will not process your personal data.

  • Right to data portability – you have the right to receive your personal data in a structured, commonly used and machine-readable format, whereby you have the choice to receive this directly from us or send it to a third party.

  • Right to object – you have the right to object the processing of your personal data by us subject to certain conditions. Any objections related to the personal data processed by us of you for direct marketing purposes, will always comply to an objection condition.

How to exercise your rights? All individual rights can be exercised by means of sending an email to info@teamgullit.com or a letter to Team Gullit, attn. Legal Department, Keesomstraat 10E, 1821BS Alkmaar, the Netherlands. We request you to include the following information when exercising your individual right: full first and last name and a description of your request.

Upon the submission of a request wherein you exercise your individual right, you will first receive an acknowledgement of receipt from us. Subsequently, we might request additional information in order to identify you and/or respond properly to any individual right exercised. We will handle all individual right exercised without undue delay and in any event within one (1) month of receipt of the request. However, it might be possible that we need more time given the complexity of the individual right exercised. In that event we will inform you, as soon as possible and at least within one (1) month after receipt of your request, that we need up to a maximum of two (2) months of additional time, which results in a response from us within a maximum period of three (3) months after receipt of your request.

Complaint Lastly, you also have the right to lodge a complaint with the relevant supervisory authority in your country of residence, place of employment or any other jurisdiction in which an alleged infringement of data protection law(s) has occurred within the European Union. The Autoriteit Persoonsgegevens is the supervisory authority in the Netherlands. For further information, please refer to the website of Autoriteit Persoonsgegevens.

V

We take all reasonable measures to ensure that your personal data is properly secured by means of using appropriate technical and organizational measures in order to safeguard the confidentiality, integrity and availability of your personal data and to protect your personal data against any unauthorized or unlawful use, alteration, access, disclosure, accidental or wrongful destruction and/or loss. We adhere to internationally recognized security standards whereby certain parts of our business is independently certified with the requirements of ISO/IEC 27001:2013. Moreover, we have established policies, procedures and training programs in order to protect the confidentiality, integrity and availability of your personal data within our organization.

VI

This ’07 Additional information for individuals in the United States of America’ section applies solely with respect to California, Colorado, Connecticut, Utah and Virginia residents. This section should be read together with and explicitly deviates from and/or supplements the other sections in the Privacy Notice. In case of any conflict between this section and the other sections in the Privacy Notice, this section will prevail for California, Colorado, Connecticut, Utah and Virginia residents.

What information do we collect? For the purpose of this section, the term personal data refers to the terms personal data and personal information as defined in the applicable U.S. state consumer privacy law of California, Colorado, Connecticut, Utah and Virginia (“U.S. privacy laws”). Below you will find an overview of the categories of personal data that we may process of you. We do not process any sensitive personal data as outlined in the U.S. privacy laws. For a more detailed overview, please see section “01 What information do we collect” in the Privacy Notice.

  • Identifiers.

  • Customer records information.

  • Characteristics of certain protected classifications.

  • Geolocation data.

  • Financial information.

  • Internet or other electronic network activity information.

What are the sources of collection? Your personal data will be collected from the following sources:

  • prospects;

  • (former) business contacts;

  • publicly available sources, such as social media and the internet;

  • our website;

  • information provided by you;

  • governmental organizations.

Do we sell and/or share your information? We do not sell, which includes disclosing or making available personal information to a third party, any of your personal data in exchange for monetary or other valuable consideration or share, which includes disclosing or making available personal information to a third party, for cross-context behavioral advertising as defined in the U.S. privacy laws.

What are your rights? Individuals reside in California, Colorado, Connecticut, Utah and Virginia have in accordance with and depending on the specific the U.S. privacy laws the following rights regarding your personal data processed by us in the prior twelve (12) months:

  • Right to know – you have the right to request disclosure and receive a copy of: the categories and/or personal data that we have collected about you; the categories of sources related to the personal data we have collected about you; the purpose for which we use your personal data; the categories of third parties with whom we disclose your personal data; and the categories of personal data that we sell or disclose to third parties. You can invoke this right up to twice (2) a year, free of charge.

  • Right to delete – subject to certain exceptions, you have the right to request us to delete your personal data we collected from you, including the third parties to whom we send your personal data.

  • Right to correct – you have the right to request us to correct inaccurate personal data that we have about you.

  • Right to limit – you have the right to request us to only use and/or disclose your sensitive personal data only to what is necessary and proportionate in order to achieve the purpose required.

  • Right to appeal – you have the right to appeal in the event of denial of your above-listed rights.

Individuals may also exercise its individual right by the assistance of an authorized agent.

Exercising any of your individual privacy rights will not result in any discriminatory adverse treatment towards you.

How to exercise your rights? All individual rights can be exercised by means of sending an email to info@teamgullit.com or a letter to Team Gullit, attn. Legal Department, Keesomstraat 10E, 1821BS Alkmaar, the Netherlands. We request you to include the following information when exercising your individual right: full first and last name, a description of your request, and if applicable, proof of authorization in the event of any request send by an authorized agent.

Upon the submission of a request wherein you exercise your individual right, you will first receive an acknowledgement of receipt from us within ten (10) business days. Subsequently, we might request additional information in order to identify you and/or respond properly to any individual right exercised. We will handle all individual right exercised under the California Privacy Rights Act without undue delay and in any event within forty-five (45) calendar days of receipt of the request. However, it might be possible that we need more time given the complexity of the individual right exercised. In that event we will inform you, as soon as possible and at least within forty-five (45) calendar days after receipt of your request, that we need up to a maximum of forty-five (45) calendar days of additional time, which results in a response from us within a maximum period of ninety (90) calendar days after receipt of your request. In deviation of the aforementioned sentences, requests made related to the right to limit or the right to know of sensitive personal data will be handled without undue delay and in any event within fifteen (15) business days of receipt of the request.