Privacy Policy
This Privacy Policy explains how Vendon (“Vendon”, “we”, “us”, “our”) processes information about individuals, including personal data, in relation to the use of the vendon.net website, software system and mobile app (“System”) for the service of remote management, control and analytics for vending and coffee machines (“Services”).
By accessing or using this website or any of our Services, you agree to the terms set out in this Privacy Policy, Cookie Policy and other terms and policies posted on our website. If you do not agree to this Privacy Policy, you must leave this website and discontinue all use of any of our Services.
This Privacy Policy governs the processing of Personal Data of:
- representatives of clients that have purchased our hardware and use the Vendon System and Services (“Client”);
- representatives of our business partners that distribute Vendon hardware and Services (“Distributor”);
- persons who communicate with us and visitors of the vendon.net website;
- processing of Personal Data by Vendon on behalf of Clients and Distributors.
Vendon shall process Personal Data in accordance with the applicable data protection laws and in respect of Data Subjects within the European Economic Area (“EEA”). Vendon shall comply with the requirements of European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
The terms “Personal Data”, “Data Subject”, “Controller”, “Processor” and “Supervisory Authority” as used in this
Privacy Policy shall have the same meanings as given in the GDPR.
Vendon acts as a Controller in respect of the personal data of representatives of our Clients and Distributors, persons who communicate with us and visitors of the Vendon website. Contact details of the Controller are given below in Section 11.
When Vendon processes Personal Data that has been transferred to Vendon by the Clients or Distributors via the System, by using the Services or otherwise, Vendon acts as the Processor.
This section concerns Clients and Distributors of Vendon and processing of Personal Data that they submit to Vendon by using the System and the Services. The Client and Distributor are the Controllers in respect of data they provide to Vendon via the System.
If your Vendon account was created by our Client or Distributor, you should consult the privacy policy of the respective Client or Distributor. And in such case, any inquiry that you as a Data Subject may have should be addressed to and resolved by the Client or Distributor.
For the avoidance of doubt, this Privacy Policy contains data processing terms that govern data processing carried out by Vendon on behalf of Clients and Distributors and therefore it constitutes a binding data processing agreement.
Details of processing
Categories of Data Subjects. Vendon on behalf of the Client and Distributor processes Personal Data of their employees, representatives and other persons related to the respective Client and Distributor that are registered in the System under the Client’s and Distributor’s account or whose data are otherwise entered in the System.
Type of Personal Data. Vendon processes Personal Data that include name, last name, telephone number, e-mail address, password for the System account, language, working hours, position and other information that relate to Data Subjects shared with Vendon by the Clients and Distributors.
Nature and purpose of processing. Vendon processes Personal Data on behalf of the Client and Distributor in accordance with their instructions, and only stores and accesses the data for the purpose of providing the Client with the Services or otherwise executing our obligations under contract concluded with the Client or the Distributor.
Duration of processing. Vendon will process the aforementioned data for as long as Vendon has existing contractual relationship with the respective Client or Distributor. After termination of contractual relationship, we may continue to store some Personal Data, but limited to the minimum amount necessary for us to comply with our legal obligations.
Rights and obligations of Controller and Processor
By accepting the terms of this Privacy Policy and by using the System or the Services, the Client and Distributor instructs Vendon to process Personal Data entered into the System or otherwise transferred to Vendon by the Client and Distributor.
The Client and Distributor confirms that the data transferred to Vendon has been acquired on a lawful basis and that Data Subjects have been informed about the fact that their Personal Data may be provided to Vendon and other third parties engaged by Vendon for the provision of the Services and maintaining the System.
Vendon shall not be liable for any claims or complaints from Data Subjects regarding any action taken by Vendon as a result of acting in accordance with instructions received from the Client and the Distributor.
Vendon will always process all Personal Data on behalf of the Client or Distributor following their instructions and in compliance with the applicable data protection laws and regulations including requirements of GDPR where applicable.
Sub-processors
The Client and Distributor hereby authorizes Vendon to engage sub-processors, including sub-processors that are located outside EEA, for the purpose of administering and providing the Services, maintaining the System or otherwise executing the contractual relationship between Vendon and the Client or Distributor.
Vendon uses sub-processors that provide us services such as hosting and server co-location, communication delivery, product delivery, customer support, legal and financial advisors, among others.
Vendon ensures that it only uses sub-processors that comply with the same data protection obligations as set out in this Privacy Policy and guarantees that they have implemented appropriate technical and organizational measures and otherwise comply with the requirements of GDPR where applicable. If such sub-processor fails to fulfil its data protection obligations, Vendon shall remain liable towards the Client or the Distributor.
Assistance to the Controller
Taking into account the nature of the processing, Vendon will assist the Client and Distributor with the provision of technical or organizational measures, insofar as possible, for the fulfilment of the Controller’s obligations in relation to:
- Any requests from the Data Subjects in respect of access to or the rectification, erasure, restriction, portability, and objection to the processing of their Personal Data that Vendon processes on behalf of the Client or Distributor. In the event that a Data Subject sends such a request directly to Vendon, Vendon will promptly forward such request to the respective Client or Distributor; and
- The investigation of Personal Data breaches and the notification to the Supervisory Authority and Data Subjects regarding such breaches; and
- Where appropriate, the preparation of data protection impact assessments and, if necessary, carrying out consultations with any Supervisory Authority.
Security
When processing Personal Data on behalf of the Clients and Distributors Vendon always applies the implemented security measures as described below in Section 8 of this Privacy Policy.
Return and deletion of data
Unless otherwise required by applicable law, Vendon has no obligation to store the Client’s and Distributor’s data after termination of the contractual relationship and deletion of the Client’s and Distributor’s account and all accounts associated with it.
At the choice of the Client and Distributor, Vendon will delete or return all the Personal Data to the Client and Distributor after the end of the contractual relationship relating to processing and shall delete existing copies, unless applicable law requires Vendon to store such Personal Data.
Data Processing Audit
Upon the Client’s or Distributor’s written request, Vendon shall provide sufficient information to demonstrate compliance with obligations laid down in this Privacy Policy and applicable laws and regulations. This information shall be provided to the extent that such information is within Vendon’s control and Vendon is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.
If information provided upon the Client’s or Distributor’s request in its reasonable judgement is not sufficient to confirm Vendon’s compliance, then Vendon agrees to allow for and contribute to data processing audit.
Such audits are allowed to be carried out by independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Client or Distributor and Vendon.
The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided at exclusively the cost and expense of the Client or Distributor, and we reserve the right to charge the Client or Distributor for any additional work or other costs incurred by us in connection with the Client using such rights. The rights to request the audit may be used once every 2 years.
The auditor will have to sign a confidentiality agreement, which includes the obligation not to disclose business information in its audit report, and the final report will also have to be provided to Vendon.
During the ordinary course of business Vendon collects information from potential and existing Clients and Distributors, website visitors and other persons that communicate with us. Some of this information constitutes Personal Data and in respect of such data Vendon is the Controller.
Information provided to Vendon
Our existing and potential Clients and Distributors provide us with the following information of their representatives: name, surname, e-mail address, phone number, country, company name. This information is necessary for Vendon to able to conclude contracts with Clients and Distributors and to create their accounts in the System.
When you communicate with us using contact information provided on our website, you provide us with your e-mail address, and/or phone number, and any other information that you share with us. This information is necessary for Vendon to be able to communicate with you and respond to your inquiries.
Information we collect automatically
Upon visiting the Vendon website we automatically collect and process the following information that may contain your Personal Data: your device and browser, pages you access, device identifiers, operating system you are using, your location, mobile network information, standard web log data, and other information collected from cookies and similar technology we use on our website. Learn more about how we use cookies on our website by reading our Cookie Policy.
In the context of business relationship, Vendon processes the collected information in order to:
- negotiate, conclude and execute contracts with Clients and Distributors;
- provide the Services and ensure proper functioning of the System;
- communicate with Clients and Distributors about our Services, products, common projects and other matters;
- communicate with potential clients, partners and other persons interested in our Services and products;
- analyze and measure the use of our webpage and the Services so that we could make improvements;
- inform about our products and Services;
- protect legal interests of Vendon, our Clients, Distributors and other persons and for legal reasons such as, e.g. enforcing our contracts, complying with any applicable law and assisting law enforcement authorities.
Vendon only collects and processes your Personal Data where we have lawful basis and such basis vary depending on the respective category of data and the purposes for processing it.
Unless indicated otherwise, Vendon processes the collected Personal Data on the basis of legitimate interests and legal obligations. When you provide us with Personal Data that was not explicitly required by us, we process it on the basis of your consent.
Legitimate interests as basis for data processing include our interests in conducting business, managing and delivering the Services and products to existing Clients, informing potential clients about our Services and products, promoting and developing our Services and products, managing the relationships with Clients and Distributors, complying with any applicable law, ensuring information, system, network and cyber security.
In general, Vendon retains Personal Data until the purpose, for which the data has been collected, has been fulfilled. For example, we keep the Personal Data of Clients and Distributors for as long as the contractual relationship between us exists.
After the Client or Distributor terminates relationship with us by deleting Vendon account or otherwise terminating the contract with Vendon, we may continue to store certain information as reasonably necessary to comply with our legal obligations, to resolve disputes, if any, to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests.
For Vendon to be able to provide you with our Service, we work with third parties that provide us with different services we need in ordinary course of our business. Therefore, we share your Personal Data with such third-party service providers.
The categories of recipients of Personal Data include, hosting and server co-location service providers, communication and content delivery services providers, data and cyber security service providers, billing and payment processing service providers, web analytics, CRM and customer support software providers, courier delivery services, marketing service providers, IT service providers, legal and financial advisors, among others (“Third-Party Service Providers”).
Third-Party Service Providers only receive strict minimum amount of Personal Data as necessary for them to provide us with requested service. Vendon shares Personal Data only with such Third-Party Service Providers that are able to demonstrate that they have implemented appropriate measures to ensure that Personal Data is processed in compliance with GDPR and other applicable laws and regulations.
In certain situations, we might have a legal obligation to share your information with public authorities or other third parties.
Vendon may share your information with third parties when it is in our legitimate interest, e.g. in case of any merger, sale of assets, transfer of undertaking, or otherwise restructuring the provision of the Service.
Personal Data processed by Vendon may be transferred to Third-Party Service Providers and other recipients that are located outside of EEA. Vendon confirms that the data are transferred only to such Third-Party Service Providers and other recipients/sub-processors outside the EEA that are located in a territory that has been acknowledged by the European Commission as ensuring adequate level of protection or otherwise are able to provide appropriate safeguards, and always provided that enforceable rights and effective legal remedies are available for Data Subjects.
Individuals located in EEA, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to your Personal Data, to seek to update, delete or correct this data, to restrict or object to processing of your data, as well as right to portability of your Personal Data. You can use these rights by getting in touch with Vendon using the contact information provided below in this Privacy Policy.
Furthermore, if you believe that Vendon has unlawfully processed your Personal Data, you have the right to submit a complaint to Vendon by using the contact information provided below, or you may submit complaint to a respective data protection Supervisory Authority in your country.
If you are an individual whose Personal Data has been provided to Vendon by our Client or Distributor (e.g. you are an employee of our Client), please contact the Client or Distributor to exercise your rights.
Considering the potential risks and the nature of processing, Vendon has implemented reasonable and appropriate organizational, technical, and administrative measures in accordance with applicable data protection laws and regulations in order to protect the Personal Data.
Unfortunately, no data transmission or storage system is guaranteed to be 100% secure, therefore we cannot guarantee absolute security of information. Therefore, we encourage our Clients, Distributors and all users of the System to take care of the Personal Data processed via the System and set strong passwords for Vendon System account, limit access to devices and browser by signing out after the end of session, and as possible avoid providing Vendon with any sensitive information, disclosure of which could cause substantial harm to Data Subject.
All of Vendon’s authorized personnel involved in the processing of Personal Data have committed themselves to confidentiality obligations and shall not access or otherwise process Personal Data without authorization and if it’s not necessary for the purposes such data was obtained in the first place.
In the event a Personal Data breach occurs, we will notify Data Subjects in compliance with the obligations set out in applicable laws and will provide reasonable assistance regarding the investigation of Personal Data breaches and the notification to the Supervisory Authorities.
Vendon may occasionally amend this Privacy Policy for example when we introduce new services or new features. The amendments to this Privacy Policy enter into force and are applied from the moment they have been uploaded to our website.
Therefore, we encourage you to check Vendon website from time to time. By continuing to use our Services or the System, or otherwise providing Personal Data to us, after the amendments to this policy have been implemented, you agree to the updated terms of Privacy Policy.
This Privacy Policy shall be governed by the laws of Latvia, and any action or proceeding related with this Privacy Policy (including those arising from non-contractual disputes or claims) will be brought in the courts of Latvia.
In case you have any questions about this Privacy Policy and our data processing practices, or if you would like to exercise any of your rights as a Data Subject regarding your Personal Data, please contact us by email vendon@vendon.net, or by using the contact details below:
SIA “Vendon”
Attn: Data Protection Officer
Address: Ojāra Vācieša iela 6B,
Rīga, LV-1004,
Latvia
