inner garden privacy policy

1. general

Inner Garden Foundation, with registered office at P.O. Box 8520, 3542AD, Utrecht, The Netherlands and registered with the Dutch Chamber of Commerce under number 50237608 (hereinafter Inner Garden), considers the protection of personal privacy to be extremely important. Inner Garden wishes to inform its customers and users as much as possible about its services, while respecting their data and giving them control over what happens to them. Inner Garden wants to manage and use its customer data safely, respectfully and with due diligence in order to provide better service to its customers and to offer the best possible experience. Inner Garden therefore starts from the principle that everyone must have control over their personal data. Below, you will find information about what data Inner Garden collects, why, how long for and how you can control it.

Inner Garden invites its customers to take the time to thoroughly review this Privacy Policy and any other conditions that may apply to its products and services.

2. applicability

This Privacy Policy applies to all visitors (current, former and future) of the Inner Garden website(s).

The European General Data Protection Regulation law of 27 April 2016 ('General Data Protection Regulation'), the law of 8 December 1992 ('Privacy Act'), the law of 13 June 2005 ('Electronic Communications Act') and the accompanying implementing decrees, as well as any future changes hereto, regulate the protection of your personal data.

Inner Garden strives to fulfil its obligations and to respect the rights of the customer whenever Inner Garden processes your personal data. For more information about this, Inner Garden would like to refer you to the website of the Commission for the Protection of Privacy [https://autoriteitpersoonsgegevens.nl/en].

3. processing of personal data and responsibilities

'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The personal data that Inner Garden collects and processes, primarily concerns the data that customers enter themselves via the various pages or forms available on our website(s) and that Inner Garden obtains through your use of our website(s) and/or our products and/or services.

Inner Garden acts as the responsible party for processing the personal data of its customers for the purposes as described in this Privacy Policy. This does not detract from the fact that the customer has a number of obligations in connection with the processing of personal data that allows the customer to use Inner Garden's products and services. In this capacity, the customer must always obtain, where necessary, the legally required Consent Form from Inner Garden for the processing of their personal data.

4. purposes

Inner Garden processes personal data for various purposes, whereby the only data processed is that which is necessary to achieve the intended purpose.

Thus, we use personal data:

• • When we have received consent;
• • In the context of the preparation or performance of our application proces;
• • To comply with the legal or regulatory provisions to which we are subject; and when Inner Garden has a justified interest in this, such as, for example, as the case may be, , fraud prevention, internal administration management or monitoring of appropriate network and information security, in which case we always strive for a balance between that interest and respecting the privacy of the person concerned.
• • Insofar as required, and with permission, Inner Garden collects personal data for the following concrete objectives:

• To process an application for our products and services.
If you visit our website to collect and/or request information about our products and services, or if you apply for membership, for example, then Inner Garden needs your address details. All information that Inner Garden receives about you during this pre-contractual phase will only be used by Inner Garden to provide you with the requested information, in the way that you want. In addition, if you ultimately decide to become a student or member of Inner Garden, Inner Garden will ask you for a number of personal details, such as name, address, telephone number, e-mail address and others, and Inner Garden will also provide certain data to you, such as forum login details.

• To provide the best service and to inform about usage options.
Inner Garden uses personal data for setting up, maintaining and supporting products and services, processing membership applications, and for administrative purposes.

• To provide information about (new) products and services from Inner Garden.
Inner Garden may use personal data to offer (in writing, by telephone or electronically) new products, services or special opportunities that Inner Garden believes may be of interest to you. Of course, you can opt out of this type of message (see further).

• To track performance.
Inner Garden may use personal data profiles to evaluate its products and services. This includes, among other things: requesting feedback on services (for example, via market research), data obtained during answers to visitor questions, fraud detection and quality assurance.

• To comply with legal obligations.
In many cases, Inner Garden is legally obliged to keep certain personal data and/or communicate them to government agencies, for example, in the context of general tax and accounting obligations. In the context of a police or judicial investigation, Inner Garden can be obligated to communicate certain data to the requisite authorities in a confidential manner.

• To keep track of studies, tests and statistics, including for trend analysis.
Inner Garden may use anonymous, aggregated data to, for example, report internally and externally on the use of its services. The data used for this cannot be traced back to a specific individual. The information that Inner Garden derives from these analyses is used to evaluate the current products and services portfolio and Inner Garden's processes, and to adapt them to new developments.

5. security

Inner Garden's volunteers and employees are trained to deal with confidential data correctly. In the case of privacy-sensitive projects, an assessment is also made with regard to security and the protection of personal data. Inner Garden's information security policy, requirements and management standards are modelled on the international ISO 27001 standard. For the security of data, Inner Garden assigns specific roles to its members who monitor compliance with legislation and ethical aspirations. Inner Garden also uses specialised personnel who are responsible for the security of the network, infrastructure and information systems. In addition, Inner Garden uses a variety of technical measures to protect personal data, such as: password protection, hard disk encryption software, firewalls, antivirus software, intrusion and anomaly detection system and access control systems for volunteers and employees.

If a data breach should occur with adverse consequences for personal data, the customer is personally notified under the conditions provided for by law. The number of Inner Garden's volunteers and employees who have access to personal information is limited and they are carefully selected. These volunteers and employees are granted access to personal information insofar as they need this information to perform their duties properly.

The existence and content of the personal communication that takes place via the Inner Garden network (for example: email traffic, forum posts, hosting...) is protected by the provisions for telecommunications secrecy. This means that Inner Garden and its personnel may not have any knowledge of the existence or content of such communication, outside of the exceptions enumerated by the law.

Inner Garden's websites sometimes mention links to third-party sites (social media, organisers of events sponsored by Inner Garden) whose terms of use do not fall within the scope of this Privacy Policy. Please read carefully their policy on the protection of personal data.

6. provision of data to third parties

Inner Garden does not, and never will, sell personal data to third parties nor is data passed on to third parties unless:

• This is necessary for our service provision.
For some aspects of our products and services, we cooperate with third parties or engage sub-contractors. These third parties are always selected very carefully and there is always an agreement between Inner Garden and these third parties in accordance with the applicable legislation. Thus, Inner Garden uses, among others, service providers for domain name registrations, e-mail service providers, SSL certificate providers, providers of cloud connect services, providers of sitebuilder services, providers of online desktop services and providers of online fax services. For more information about our sub-contractors (o.a., Combell, pCloud, Protonmail), you can always contact us via the contact details under point 10.

If you purchase from Inner Garden a (online) product or service from a manufacturer or supplier based outside the European Union, it is possible that additional measures are necessary to ensure the security of personal data, such as a certification under the EU-US Privacy Shield and/or a processor agreement with model clauses drawn up by the European Commission.

When a person refuses to have his details passed on, it is possible that some services can no longer be offered by Inner Garden.

• There is a legal obligation.
For this, Inner Garden refers you to point 4 of this Privacy Policy.

• There is a legitimate interest for Inner Garden.
This only happens providing the interests or fundamental rights and freedoms of the person concerned do not override that interest.

7. rights of the data subjects

You can exercise a number of rights regarding the processing of your personal data with respect to Inner Garden, insofar as you have those rights under the applicable legislation.

You can exercise these rights by using the contact details mentioned under point 10 of this Privacy Policy. Inner Garden will respond to such requests and may or may not comply with such requests in accordance with applicable law and in principle within a period of one (1) month, also in accordance with applicable law.

In order to exercise your rights and to prevent any unauthorised disclosure of your personal data, you must provide us with proof of your identity. We therefore require that you complete and submit the following Form for Amending Personal Data with your request. The request can be sent using the details mentioned under point 10 of this Privacy Policy.

If you consider it necessary, you can also contact, or file a complaint with, the Data Protection Authority (Dutch Data Protection Authority): https://autoriteitpersoonsgegevens.nl/en.

Right of objection
You have the right to object at any time to the processing of your personal data based on the legitimate interest of Inner Garden on grounds relating to your particular situation. If you object, Inner Garden will no longer process such personal data unless Inner Garden demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right of access and transparency
You have the right to access the data (free of charge) that relate to you and to obtain a copy of these personal data. You can also ask us:

• • Whether we process personal data about you;
• • For what purposes we process them;
• • Which categories of personal data we process;
• • With which categories of third parties we share your personal data;
• • What the origin of the processed data is;
• • What your rights are.

Right to rectification and erasure
As a data subject, you are entitled to have incomplete, incorrect, inappropriate or outdated personal data corrected or supplemented. For this purpose, Inner Garden can be contacted from a registered address or your data can be amended via this form (click here) and submitted by email. In order to keep your data up to date, we request that you notify us of any changes.

You also have the right, without undue delay, to have your personal data deleted if and insofar as:

1. the personal data are no longer required for the purposes;
2. there is no longer a legal ground for the processing;
3. you object to the processing, and there are no overriding legitimate grounds for the processing by Inner Garden;
4. the personal data have been unlawfully processed; or
5. the personal data must be erased for compliance with a legal obligation that applies to Inner Garden.

Inner Garden will send you a confirmation message after complying with a request for erasure. In the case of partial erasure, Inner Garden will also explain why the request could not be fully met.

Depending on the nature of the request, it is possible that some services can no longer be offered by Inner Garden. Inner Garden is also not always able to erase all requested data, for example, to comply with legal obligations (e.g. in order to meet accounting and fiscal obligations, Inner Garden is required to retain invoicing data for a maximum of 7 years).

Right to restriction of processing
As a data subject, you also have the right to have Inner Garden restrict the processing of your personal data, if and insofar as one of the following applies:

1. you contest the accuracy of the personal data, in which case the processing is limited during a period enabling Inner Garden to verify their accuracy;
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. Inner Garden no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
4. you have objected to processing, pending the verification whether the legitimate grounds of Inner Garden override those of the data subject.
   In case of restriction of processing, the data may still be stored by Inner Garden.

8. retention periods

Inner Garden stores and processes your personal data for as long as is necessary to achieve the objectives described in point 4.

Websites
All information, whether in the form of text, files or images or any other form, is made available by Inner Garden for information purposes only.

Any interested person may take note of this information, but Inner Garden reserves the right, at the time it considers appropriate, to change the rules and conditions concerning access to the use of the website without prior warning, or to subject the entire website or parts thereof to a restriction.

The access to such private sections of the website can be made dependent on the provision of information by the visitor/user of the website. The visitor/user who provides this information explicitly agrees that this information becomes the property of Inner Garden and that by the mere communication of information to Inner Garden, the latter will be given express permission to use information in accordance with the Privacy Policy.

The provision of access to the private section of Inner Garden's website through the use of usernames and passwords can be changed or refused by Inner Garden at any time without this leading to any compensation.

Cookies
Our website does not use cookies. Bam!

9. contact details

Questions or requests regarding personal data or this Privacy Policy can be addressed at any time to:

Inner Garden Foundation
Attn: Data Protection Officer
P.O. Box 8520, 3542AD, Utrecht
The Netherlands
e-mail: nifo@innergarden.org

10. changes

Inner Garden reserves the right to amend this Privacy Policy. Changes will always be published on this website prior to their coming into force. We recommend that you regularly consult this Privacy Policy so that you are aware of these changes.