Privacy statement Secure Chain - Vertrouwensketen

Privacy statement

Version November 2024

With this privacy statement we would like to update you on the way in which we handle your personal data. We attach a great deal of value to the protection of your personal data. We handle your personal data with the utmost care. In doing so, we adhere to the statutory regulations in place for the protection of personal data, such as the General Data Protection Regulation (hereinafter referred to as: “GDPR”), as well as our policy, which is reflected in this privacy statement.

In this privacy statement, we indicate inter alia why we process your personal data, how we do it, and what your rights are in that process. If you have any questions or if you wish to exercise your rights, please contact us via the contact information included in this statement.

About the Secure Chain

The Secure Chain is a joint initiative of the government and the business community for the secure physical and digital collection of containers in Dutch ports. The Secure Chain is a collaboration project of Deltalinqs, evofenedex, FENEX, Ferm, GroentenFruit Huis, Port of Rotterdam, Portbase, Secure Logistics, TLN, VRC and VRTO.

Portbase B.V. (hereinafter referred to as: “Portbase”) runs the website securechain.eu (hereinafter: the “Website”). In that capacity, Portbase is the controller of the personal data collected through the Website. The privacy statement applies to the processing of personal data collected through the Website.

Which personal data do we process and what do we aim to achieve in doing so?

Personal data is data on the basis of which your identity may be deduced, such as your name and email address. We specifically process the following categories of data regarding persons (“Data Subjects”) for the purposes listed below:

    How do we obtain your personal data?

    We may receive your personal data in various ways. Firstly, we can receive your personal data from you. For example, this is what happens when you contact us through our contact form on the Website or when you sign up for our newsletter.

    Secondly, we collect personal data through cookies (more information about this under “Cookies”). Without cookies, we will not be able to analyse and optimise the use of our Website. Also, some parts of our Website will be inaccessible or less accessible without cookies.

    On what basis do we process your personal data?

    We can process your personal data based on your permission. For example when you give us permission to send you newsletters. You may revoke your permission at all times (but that will not affect already processed information). You can unsubscribe from the newsletter as mentioned in every newsletter or by sending us an email (see our contact information below).

    It is also possible that we have a justified interest in the processing of your personal data, for example with regard to the data we collect through cookies, in order to answer your questions or to stay in contact with you.

    Also, we may process personal data when we are legally required to do so.

    Cookies

    The Website uses cookies. Cookies are simple text files that your browser saves on your computer, tablet or smartphone, which may contain information about general visiting data, such as pages visited, your type of browser, date and time of your visit etc. When you visit the Website, it is necessary for us to collect data in order to properly maintain the connection. We use other data e.g. to optimise the Website.

    As a standard setting, we do not save your IP address. As a result, we are also unable to see your IP address, even if you have enabled that option in your browser. For that reason, we are not able to identify you as a person on the mere basis of your visit to our Website. We will not compare the non-identifiable data to other data available to us to establish your identity.

    We use the following cookies:

    Functional and necessary cookies

    Functional and necessary cookies are required to make our Website function properly. These cookies are used e.g. to make the Website save certain preferences in a more user-friendly way. These cookies do not require your permission.

    Analytical cookies

    Analytical cookies are used to maintain statistics about the use of our Website. We use Google Analytics for that purpose. For more information, please read Google Analytics’ privacy policy. We mainly use Google Analytics to be able to measure the number of visitors on our Website, where they are from and which pages are visited. We use settings to minimise the impact of the use of Google Analytics on your privacy.

    If you do not want Google Analytics to track your visiting behaviour, then you can download a Google Plug-in to prevent this from happening. In that case, this setting applies to all websites you visit, i.e. not only this Website.

    The plug-in can be installed via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

    Access to your personal data and its provision to third parties

    Portbase employees only have access to your personal data when this is necessary for the performance of their work activities. In this way (combined with the security measures described below), our aim is to ensure that personal data are only accessible to persons authorised to do so by virtue of their position. In doing so, we agree that the personal data may only be used for the purposes described in this privacy statement, while at the same time evaluating how we can protect your privacy rights as much as possible. Our employees are screened and are bound by secrecy.

    In principle, we do not share your personal data with third parties. If we do share your personal data with others, we make written agreements with them regarding the processing of your data in order to ensure that it is processed carefully, in accordance with the GDPR and this privacy statement.

    It may be the case that we provide data to third parties, such as the Ministry of Justice, in accordance with a statutory requirement. If we do so, we always evaluate how we can protect your privacy rights in the best way possible.

    In principle, we do not share your personal data outside of the European Economic Area (EEA). If we do pass on your data outside of the EEA, we only do so in accordance with the conditions stipulated in the privacy laws. In such cases, we will do our utmost to ensure that there is an adequate protection level, and we will do our utmost to ensure contractual, technical and organisation safeguards where possible, e.g. through a contract to which the EU’s Standard Contractual Clauses (SCC) apply, as well as any additional measures if regulations require this.

    Your personal data security

    Portbase will take the necessary technical and organisational measures to secure personal data against inter alia illegal access or loss. Please also read our Information Security Statement. This includes the following measures:

    • Employee screening and confidentiality agreements with employees.
    • The Portbase Security Officer will strive for suitable risk management with regard to critical systems.
    • Systems access is personal and is obtained through Multifactor Authentication.
    • All systems actions are logged for the purposes of error analyses and/or the prevention of abuse.
    • Portbase uses secured connections, both on the web and for system connections.
    • Portbase has an information security policy in place that is based on ISO27001 and that includes security requirements and principles to avoid and minimise risks.
    • All suppliers contracted by Portbase for critical components in the digital environment are ISO27001 or ISAE 3402 SOC2-certified.
    • An independent external party audit is performed annually with regard to the set-up and the presence of IT control measures used by Portbase.
    • Portbase is a member of the Haven ISAC, which is used to share information about and encounters with cyberthreats and vulnerabilities in the port community.

    If, despite the security measures, a security incident (data breach) were to occur anyway that would probably affect your privacy in a negative way, we will notify you about the incident as soon as possible. At the same time, we will also notify you about the measures we took to minimise the consequences and to avoid recurrence in the future.

    Should you encounter a security leak and you suspect that your personal data was not secured in the correct manner, we request that you contact us via the contact information below.

    Retention periods

    We retain personal data no longer than is necessary for the purposes for which we process personal data, unless we are authorised to retain your personal data longer in accordance with statutory regulations or on the basis of our outweighing legitimate interest (e.g. an ongoing conflict).

    In principle, the retention periods we use include the following:

    • Newsletter: we retain data of persons who subscribed for our newsletter until the moment they unsubscribe for that newsletter.
    • Contact: if you contacted us, we retain the correspondence and the personal data contained therein in principle until the moment we have followed up on and have handled your message, unless it involves e.g. a complaint.
    • Cookies: see the table above under ‘Cookies’.

    Your rights with regard to the processing of personal data

    You have the following rights with regard to the processing of personal data:

    • You may request information about and inspection of your personal data that we process. That means first and foremost that you may ask which of your personal data has been recorded and for what purposes that personal data is used, as well as the third parties with which it has been shared.
    • You may object to the processing of your personal data, e.g. if it is your opinion that the use of your personal information is not strictly required in the performance of our activities or for the adherence to statutory requirements.
    • You may request that we amend/correct your personal data and/or limit the processing of your personal data.
    • You may request that we remove your personal data from our systems.
    • You may request that we ensure that your personal data is transferred to another party.
    • You may revoke the permission you gave to process your personal data at any time. Please note: in such cases you will not revoke your permission for personal data that was processed at an earlier time based on your permission.

    Requests and other messages with regard to the performance of the aforementioned rights may be submitted in writing through the contact information below. If we deem it necessary, we may ask you additional questions in order to verify your identity. In principle, you will receive a response within one month following your request. We will comply with your request unless we have a compelling and justified interest not to comply with your request outweighing your privacy interests. Also, for technical reasons, we are not or not always and not immediately able to remove all copies of your personal data from our systems and back-up systems. We may also refuse compliance with the aforementioned requests if they are submitted with an unreasonable frequency, if they require unreasonably strenuous efforts or have unreasonably severe technical consequences for our systems, or if they jeopardise the privacy of others.

    If you are dissatisfied with the way in which we handled your request or your complaint, or in another way with regard to the processing of your personal data, you may also submit a complaint regarding the use of your personal data with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). More information about this can be found via this link.

    External links

    Our Website may contain links to other websites. We are not responsible for the practices of other websites that are linked from or to our Website. Our privacy statement does not apply if you use a link to go from our Website to another website. Your behaviour on a third-party website, even if it is linked to our Website, is subject to that third party’s own rules and policies. We are not responsible for the privacy policy or the content of such other websites. We advise you to familiarise yourself with the privacy statements and other relevant information, whether or not legal in nature, on the websites in question. This information may be amended regularly.

    Contact information

    If you wish to exercise your rights or have any questions or complaints about the manner in which we handled your personal data, you can contact us via: campaign@secure-chain.eu.

    Amendment of this privacy statement

    We may amend or update this privacy statement from time to time. Amendments to this privacy statement will enter into force the moment they are published on our Website. For that reason, we advise you to regularly consult this privacy statement in order to familiarise yourself with any possible amendments to this privacy statement. If these amendments affect you significantly, we will notify you thereof, e.g. by way of a newsletter or an email.

    Scroll to Top