Privacy Policy

Last updated: December 2024

Introduction

commonplaces B.V. ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website commonplaces.world or use our catering services. This policy applies to all personal data processing activities conducted by commonplaces in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller

commonplaces B.V. acts as the data controller for the personal information collected through our website and services. Our company is registered in the Netherlands with registration number 91527460 and VAT number NL834705619B01. Our registered address is Dorpsstraat 251, 1315 SH Almere, Netherlands.

Data Collection

The data we collect includes personal information such as your name, email address, phone number, event details, and any other information you voluntarily provide when contacting us or using our services. We may also collect technical information such as your IP address, browser type, device information, and website usage data through cookies and similar technologies. Additionally, we collect information about your catering preferences, dietary requirements, and event specifications to provide our services effectively.

Information You Provide Directly

  • Contact information (name, email, phone number, address)
  • Event details (date, location, guest count, event type)
  • Catering preferences and dietary requirements
  • Payment information (processed securely by third-party payment processors)
  • Communication records and correspondence

Information Collected Automatically

  • Website usage data and analytics
  • IP address and geolocation data
  • Browser and device information
  • Cookies and tracking technologies data

How We Use Your Information

We explain how we use your information to provide and improve our catering services, communicate with you about your events, process bookings and payments, and ensure the best possible experience. The use of your data is always based on legitimate legal grounds as required by GDPR, including contract performance, legitimate interests, and your explicit consent where necessary.

Legal Basis for Processing

  • Contract Performance: Processing necessary to fulfill our catering services contract with you
  • Legitimate Interests: Improving our services, marketing communications, and business operations
  • Consent: Marketing communications and non-essential cookies (where you have provided consent)
  • Legal Obligation: Compliance with tax, accounting, and other legal requirements

Specific Uses

  • Providing catering services and event planning
  • Processing bookings, payments, and invoicing
  • Communicating about your events and our services
  • Improving our website and service quality
  • Sending marketing communications (with your consent)
  • Complying with legal and regulatory requirements

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted service providers who assist us in operating our business, such as payment processors, delivery partners, and technology service providers. These parties are contractually obligated to keep your information confidential and use it only for the purposes we specify.

Third-Party Service Providers

  • Payment processing services
  • Email marketing and communication platforms
  • Website hosting and analytics services
  • Event logistics and delivery partners
  • Professional service providers (legal, accounting)

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Generally, we keep customer information for up to 7 years after the completion of services for accounting and legal purposes. Marketing communications data is retained until you unsubscribe or withdraw consent. Website analytics data is typically retained for 26 months.

Your Rights Under GDPR

As a data subject under GDPR, you have specific rights regarding your personal information. You can exercise these rights by contacting us using the information provided in this policy.

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw previously given consent at any time

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website usage. For detailed information about our cookie practices, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

As we operate primarily within the Netherlands and the European Union, your personal data is generally processed within the EU/EEA. If we need to transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to children under 16 years of age, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following information:

Privacy Contact

Email: privacy@commonplaces.world

Phone: +31 101833753

Address: commonplaces B.V., Dorpsstraat 251, 1315 SH Almere, Netherlands

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your personal data has been processed in violation of applicable data protection laws. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).