BonoSana cares greatly about your privacy. We exclusively process data that we need for (improving) our services,
and carefully handle all information gathered about you and your usage of our services. Your data is not shared with
BonoSana. The starting date for the validity of these terms and conditions is 28/01/2020, with the publication of a new
collected by us, what this data is used for and with whom and under what conditions this data could be shared with
third parties. We also explain to you how we store your data, how we protect your data against misuse and what rights
you have regarding the personal data you provide us.
About our dataprocessing
Below you can read how we process your data, where we save it, what security techniques we use and to whom the
data is visible.
Our webshop has been developed using MijnWebwinkel a.k.a. MyOnlineStore software. Personal data
gathered with the use of our website and services is shared with MyOnlineStore. MyOnlineStore requires
access to these details to offer (technical) support. They will not use this data for any other purposes.
MyOnlineStore has an obligation, based on the agreement we have with them, to take necessary
gather technical information about the use of the software. No personal data is gathered and/or stored.
MyOnlineStore maintains the right to internally share the gathered data to improve its own services.
E-mail and mailinglists
For our regular business email, we use the email services of My webhost. This party has implemented
fitting technical and organisational measures to prevent misuse, loss or corruption of your data. My
webhost does not have access to our mailbox and we treat our email-traffic confidentially.
For concluding and processing (part of) our payments in our webshop we use the payment provider Mollie.
Mollie processes your name, address and residence information. They also process payment information
such as your bank account number or credit card number. Mollie has implemented fitting technical and
organisational measures to protect your personal data. Mollie retains the right to use your personal
(anonymized) information to further improve their services and, within this context, share it with third
parties. All the aforementioned guarantees in regard to the protection of your personal data are also
applicable to any services by Mollie that uses third parties. Mollie does not store your data any longer than
the instalments permitted by the appropriate legal grounds.
We use WebwinkelKeur to gather reviews. To leave behind a review you are required to fill in your email
address, name and place of residence. WebwinkelKeur shares certain data with us that is required for us to
match your review to your order. Furthermore, WebwinkelKeur publishes your name and place of
residence on their own website. In some instances, WebwinkelKeur can contact you to ask you to clarify,
elaborate or comment on your review. In case of one of our review requests we share your name and email
address with WebwinkelKeur, they use this information with the sole purpose to invite you to leave behind
a review. WebwinkelKeur has implemented fitting technical and organisational measures to protect your
personal data. WebwinkelKeur retains the right to use your personal information to offer their services and
share it with third parties, we have given WebwinkelKeur permission to do so. All of the aforementioned
guarantees in regard to the protection of your personal data are also applicable to any services by
WebwinkelKeur that uses third parties.
Transport and logistics
If you place an order with us it is our responsibility to have your order successfully delivered to you. For the
delivery we use the services of PostNL. For a successful delivery it is important that we share you name,
address and residential details with PostNL. PostNL uses this information with the sole purpose to carry out
the agreement of delivery. In case of PostNL hiring subcontractors, they will share said information with
Accounting and Bookkeeping
External sales channels
Part of our sales are done through the platform of Bol.com. When you place an order at Bol.com, Bol.com
will share your order- and personal information with us. We use this information to further handle and
conclude your order. We go about your data in a confidential manner and have implemented fitting
technical and organisational measures to protect your personal data against loss or unauthorised use.
Purpose of data processing
General purpose of data processing
We use your data with the sole purpose of providing you with our services. This means that the goal of
processing this data stands in direct relation to the assignment or task that you offer us. We do not use this
data for (addressed) marketing purposes. If you share information with us and we use this information to -
not based on a request – contact you at a later time, we will first ask for explicit consent. Your data is not
shared with third parties, with any other purpose than to fulfil accountancy and administrative obligations.
These third parties are all obligated to a duty of confidentiality based on the agreement we have with
them, an oath or legal obligation.
Automatically collected data
Information automatically gathered by our website is processed with the sole purpose of providing you
with and/or to further improve our services. This information (for instance your IP address (anonymised),
web browser and operating system) is not personal information.
Cooperation in tax and criminal investigation
In some cases, we may be obligated by government to a lawful duty of sharing your information with the
purpose of assisting in a fiscal or criminal investigation. In such cases we are forced to comply and assist,
but will, based on lawful possibilities, offer objection.
We store your data for as long as you are a client with us. This means that we maintain and keep your
client profile until you make it known to us that you no longer desire to use our services. Such a message
also functions as a request to be forgotten. We are required to keep invoices with your (personal)
information due to relevant administrative obligations, this information is safely stored for as long as the
relevant term for these obligations has not yet passed. Personnel no longer has access to your client profile
and any documents made because of your assignment or task.
Based on valid Dutch and European law you, as a concerning party, have certain rights when it comes to
personal data that is processed by or on behalf of us. Below you may find an explanation of these rights
and how you, as a concerning party, can invoke these rights. In principle to prevent abuse we only send
invoices and copies of your data to e-mail addresses that you have made known to us. Should you wish to
receive this data on another e-mail address or for instance per mail we will ask you to identify yourself
accordingly. We maintain an administration of concluded requests, in case of a request to be forgotten we
will maintain an administration of anonymised data. You receive all invoices and copies of data in files that
are structured in a machine-readable format Based on data classifications that we use within our system.
At all times you maintain the right to lodge a complaint with Autoriteit Persoonsgegevens if you suspect
that we mistreat or misuse your personal data.
Right of inspection
At all times you maintain the right to view the data we process that has a relation or may be reducible to
your person. You may request such a viewing to our contact in charge of privacy matters. You will receive a
response to your request within 30 days. If your request is approved we will send you, via the e-mail
address known to us, a copy of all data with an added overview of processors managing this data while also
mentioning the categories under which we store this data.
Right to rectification
At all times you maintain the right to have the data we process that has a relation or may be reducible to
your person be adjusted. You may request such an adjustment to our contact in charge of privacy matters.
You will receive a response to your request within 30 days. If your request is approved we will send you, via
the e-mail address known to us, a confirmation that the data has been adjusted.
Right to restriction of processing
At all times you maintain the right to limit the data we process that has a relation or may be reducible to
your person. You may request such limiting to our contact in charge of privacy matters. You will receive a
response to your request within 30 days. If your request is approved we will send you, via the e-mail
address known to us, a confirmation that the processing of your data is limited until you chose to cancel
Right of transferability
At all times you maintain the right to request for the data we process that has a relation or may be
reducible to your person be processed by a third party of choice. You may send in such a request to our
contact in charge of privacy matters. You will receive a response to your request within 30 days. If your
request is approved we will send you, via the e-mail address known to us, your (personal) invoices or copies
of data that we, or third parties on behalf of us, have processed. It is highly likely that in such a case we can
no longer offer our services to you for we can no longer guarantee the previous data safety.
Right of objection and other rights
At all times you maintain the right to object to the processing done by us, or on behalf of us by third
parties, of your personal data. In case of such an objection we will immediately cease all processing of your
data while your objection is being investigated and handled. In case of a justified objection we will return
all invoices and/or copies of personal data that we, or third parties on behalf of us, have processed up until
that point and cease processing thereafter. You also maintain the right to not be subject of automated
decision-making processes or profiling. We process your data in such a way that this right does not apply.
Should you believe that this right does apply then we ask you to reach out to our contact in charge of
we process recently gathered data in regard to your person, then we will notify you of this via e-mail.