Privacy Statement


Foundation for Market Information Research (SOMI)

Privacy Statement
Version: 2.5

It goes without saying that the Foundation for Market Information Research (SOMI) takes the right to privacy and data protection very seriously and attaches great importance to treating your personal data carefully and confidentially. That is why SOMI is happy to explain in this privacy statement how your personal data is processed when you visit our website, how to contact SOMI or how to use our services, for what purpose, and what rights you have with regard to the processing of your personal data.

This privacy statement may be changed from time to time. The most recent version of the privacy statement can be found on our website. In the event of changes that could significantly affect you, we aim to inform you immediately. 

The most recent version of this privacy statement is dated July 28th, 2021.

About SOMI

The Foundation for Market Information Research (SOMI), located at Mr. G. Groen van Prinstererlaan 88 A, 1181 TR Amstelveen, The Netherlands, is responsible for the processing of personal data as shown in this privacy statement.

Contact details

Mr. G. Groen van Prinstererlaan 88 A,
1181 TR Amstelveen, The Netherlands
+31 85 303 26 86

The data protection officer of the Foundation for Market Information Research (SOMI) can be reached at privacy@somi.nl

To whom does this privacy statement apply?

This privacy statement applies to persons who visit and use the SOMI website, contact SOMI, or register and participate in SOMI promotions. 

This privacy statement also applies to the use of other websites owned by SOMI (such as zoomclaim.org and tiktokclaim.org) and the use of the SOMI App.

How does SOMI process your personal data?

Below you will find an overview of the purposes for which SOMI processes personal data about you. In each case, it is indicated which personal data SOMI uses for that specific purpose and what the legal basis is for being allowed to process that data.

Participate in SOMI's actions 

SOMI is a non-profit organization set up to identify and influence issues of social importance. SOMI investigates digital services and aims for transparency with regard to the use of personal data and the relevant risks. SOMI acts as a voice for groups of consumers.

You can register and participate in collective actions conducted by SOMI on behalf of its participants. You can register via the website. To do this, you provide SOMI with personal data that it needs to register you as a participant. The personal information you provide is your name and email address.

The processing of your personal data for this purpose is necessary for the execution of the agreement between you and SOMI regarding your participation. Without your personal data, SOMI will not be able to create your account and unfortunately, you will not be able to participate. 
Registration and representation

In order to represent you in collective actions, SOMI will ask you by e-mail, after registration, to complete the registration form. SOMI needs this information to submit a claim on your behalf and/or minor(s) whom you can represent in proceedings. The personal data you provide are your name, e-mail address, date of birth, physical address, and possibly your telephone number.

The processing of your personal data for this purpose is therefore necessary for the execution of the agreement between you and SOMI regarding your participation. SOMI cannot represent you without processing this data.
Claim

In order to be able to act and submit a claim on behalf of you and/or the minor(s) you represent in proceedings, SOMI asks for supporting documents that it considers necessary for the claim. Depending on the case, this could be, for example, a confirmation email from an account with the digital service in question, screenshots, agreements, etc. Without these supporting documents, SOMI may not be able to prove the claim and you may not be entitled to compensation. 

In the context of your participation in a claim, we will also request a copy of your ID card. We will always ask you to provide us with only those personal data that are strictly necessary to achieve the purpose, in particular, to verify your identity and to be able to represent you.

The processing of personal data from documentary evidence is necessary for the representation of SOMI's legitimate interest, in order to be able to represent you and to submit a claim on your behalf. 

On the basis of its legitimate interest, SOMI can also process personal data on its own initiative with the aim of investigating possible unlawful acts and the possibilities of filing collective (damage) claims. 
 

Exercising your rights

If you instruct SOMI to request access and/or rectification of your personal data to a third organization on your behalf, we will process this data for you. This data is always processed on the basis of your free, informed and explicit consent. 
 
Before the organization processes your access request, the organization must verify your identity. That is to protect your privacy so that no one else can access your data. In order to be able to identify you correctly with a third-party organization and to the extent it is strictly necessary to verify that the request has actually been made by you, your surname, first name, 
date of birth, e-mail address, IP address and /or another means of identification, such as an assigned customer number, can be shared with this third organization. 
 
If the third organization raised doubts about your identity, it may in certain cases ask for a copy of your ID card. To protect your privacy, when you upload your ID card, we will always ask you to provide us with only those personal data that are strictly necessary to achieve the purpose, in particular to verify your identity and to be able to represent you. Please make your Citizen Service Number (BSN) illegible in this copy and clearly state to whom you are sending the copy for what purpose. You can use the CopyID app from the Dutch government to do this. 

Data leaks

SOMI may process personal data originating from data leaks. This data is processed on the basis of SOMI's legitimate interest, in particular conducting investigations into misuse of personal data, informing our participants, and preventing fraud.
Payments and Compensation

If a judge decides in a procedure that you are entitled to compensation. Then SOMI will ask you for your bank account information. The processing of your personal data for this purpose is therefore necessary for the execution of the agreement between you and SOMI. Unfortunately, SOMI cannot pay the compensation to you without processing your bank account. 

Data about payments to SOMI, invoices, agreements, statements, etc. are kept for a longer period of time as we are legally obliged to do so.
Contact

You can get in touch with SOMI in various ways, via the contact form or the chat function on the website, by e-mail, and by telephone. We only use the information we obtain from you for this contact to answer your question and to be of service to you. 

The processing of your personal data is necessary for the representation of SOMI's legitimate interest. 

Cookies

A cookie is a small text file that is stored on your computer, tablet, or smartphone when you first visit this website.

Functional and analytical cookies are processed on the basis of the legitimate interest of our organization, in particular optimizing our web applications and your user experience. Marketing cookies are processed on the basis of your free consent. 

Read more about it in our cookie statement.
Newsletter

SOMI would like to keep you informed about issues of social importance and updates on the latest actions. You can sign up for the newsletter. SOMI processes your e-mail address for sending newsletters. 

The processing of your e-mail address in the context of digital direct marketing is always based on your free, informed, and explicit consent. You can always unsubscribe from the newsletter by clicking on the unsubscribe button in the newsletter.

Data from persons under the age of 16

Our website and/or service does not intend to collect data about website visitors who are younger than 16 years old. Unless they have parental or guardian permission. However, we cannot check whether a visitor is older than 16. We, therefore, advise parents to be involved in the online activities of their children, in order to prevent data about children from being collected without parental consent.

If you are convinced that we have collected personal information about a minor without permission, please contact us at privacy@somi.nl and we will delete this information.


Automated decision making

The Foundation for Market Information Research (SOMI) does not make decisions based on automated processing on matters that can have (significant) consequences for people. 

This concerns decisions that are taken by computer programs or systems, without involving a person (for example an employee of Foundation for Market Information Research (SOMI)).


How long we keep the personal data

The Foundation for Market Information Research (SOMI) does not store your personal data for longer than is strictly necessary to achieve the purposes for which your data is collected.

SOMI uses the following retention periods for your personal data:
Personal data that you provide to SOMI when registering and registering for a procedure, including supporting documents that you provide to SOMI in that context, will be kept by SOMI for as long as this is necessary for (the preparation of) procedures and actions it has instituted and/or related activities such as settlements. Your personal data will then be deleted within 36 months. 
Under the Dutch General Tax Act, SOMI is obliged to keep financial data for a period of seven years. 
SOMI will keep data that SOMI processes from you if you contact us for as long as necessary to handle your question, request, or complaint. SOMI will then delete this data within one month.
SOMI saves your e-mail address for sending the newsletter as long as you are subscribed to the newsletter and will delete your e-mail address no later than one month after unsubscribing.
Analytical data about your activities on our website is kept for a maximum of 12 months.


Sharing personal data with third parties

SOMI is assisted during proceedings and actions by lawyers and jurists, experts, advisors, and bailiffs with whom SOMI can share (parts of) your personal data when you have registered for a promotion. In that case, your personal data may also be shared with (employees of) courts and the other parties. Such disclosures of your personal data are necessary for the performance of the agreement between you and SOMI regarding your participation in an action/procedure. The processing of personal data by these parties is subject to the privacy statement of the relevant party.

SOMI also uses the services of external companies, subcontractors, and/or suppliers (so-called processors) who perform specific tasks or assignments at SOMI's request and with whom your personal data can be shared. These service providers only process your personal data on behalf of SOMI. A so-called processing agreement applies to the processing by service providers, in which SOMI has ensured that the service provider will only process the personal data on behalf of SOMI. This concerns the following categories of service providers:
External hosting providers, including cloud providers for the storage and management of your data;
Third parties with applications/tools that allow us to better protect our systems against unauthorized access and/or loss of data;
External parties with accounting applications/tools;
Other specific tasks that are outsourced in the context of IT support, such as administration and e-mail marketing.


Where are your personal data processed?

In principle, your personal data will only be processed within the European Economic Area (“EEA”). 

If we use a supplier that is located outside the EEA, we will primarily use suppliers that are located in a safe third country, for which the European Commission has issued an adequacy decision.

When we use a supplier located in another third country, in this case, the United States, we will ensure that the (potential) transfer of your personal data is protected by appropriate safeguards (e.g. Standard Contractual Clauses, Binding Corporate Rules, etc. ) and take the necessary additional technical, legal and organizational safeguards to ensure the same level of security and confidentiality of your data that applies within the EEA.

For more information about international transfer safeguards, please contact us using the contact details provided in this privacy statement.

What are your rights?

Right of access

You have the right to obtain confirmation from SOMI about whether or not your personal data is being processed and, if that is the case, to obtain access to that personal data and additional information about the processing of your personal data. SOMI, therefore, provides you with a copy of your personal data. 
Right to rectification

You have the right to obtain rectification of inaccurate or incomplete personal data. If possible, you can provide additional personal data to complete the collection of personal data.
Right to erasure (Right to be forgotten)

Under certain circumstances, you have the right to submit a request to delete your personal data. SOMI will delete your personal data, for example, if your personal data is no longer necessary for the purposes for which it was collected, if you withdraw consent on which the processing is based and there is no other legal basis for the processing, if you object to the processing and your interests outweigh, or if SOMI is legally obliged to delete your personal data.
Right to restriction

In some cases, you have the right to obtain from SOMI the restriction of the processing of your personal data. This means that SOMI temporarily pauses the processing of your personal data, for example, if you have contested the accuracy of your personal data or have objected to the processing of your personal data. If the request is granted, SOMI will not further process the personal data in question during the term of the restriction, unless this is permitted on the basis of the GDPR.
Right to object

You have the right to object to the processing of personal data based on SOMI's legitimate interests. SOMI will then no longer process the personal data, unless SOMI demonstrates that there are compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or that are related to the institution, exercise, or defense of legal claims.
Objection to direct marketing

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. In that case, SOMI will no longer process your personal data for those purposes.
Data portability

You have the right to receive your personal data that you have provided to SOMI in a structured, commonly used, and machine-readable form and you have the right to forward this data to another controller, where the processing is based on your consent or on an agreement.
Withdraw permission

Where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing before it has been withdrawn.

Exercising your rights

To exercise your rights, we ask you to send a request to privacy@somi.nl.

To ensure that the request for access has been made by you, we may ask you to send a copy of your proof of identity with the request. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number, and Citizen Service Number (BSN) black in this copy. This is to protect your privacy. 

We recommend using the CopyID app from the Dutch government to make a safe copy of your identity card.

We will respond to your request as soon as possible, but within four weeks.

The Foundation for Market Information Research (SOMI) would also like to point out that you have the opportunity to file a complaint with the national supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can do that via this link.

How we protect personal data

The Foundation for Market Information Research (SOMI) takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized changes.

If you have the impression that your data is not properly secured or there are indications of misuse, please contact our data protection officer via privacy@somi.nl.