Privacy Statement

Portbase collects and processes the following personal data for the purposes set out below: For services to corporate clients and from suppliers, Portbase processes the following personal data from the contact person at the client or supplier:
– Name
– Email address
– Telephone number
– Username
– (Preferred) language
– In the case of a sole proprietor or self-employed person: bank account details
– Feedback from customer satisfaction surveys, to the extent that they can be traced to a particular customer.

When creating and/or logging into a client or supplier account via IAMconnected, Portbase processes the following personal data: 
– Name
– Email address
– Telephone number
– Username
– (Preferred) language

Portbase processes the following personal data of the authorised signatory of the customer’s or supplier’s account:
– Name
– Role
– Email address
– Telephone number
– Date of birth
– Details on their identity document (for identification purposes only).

Of visitors to the Websites:
– Cookies and, when permission has been granted, the IP address. More information about cookies can be found in this Privacy Statement under 3. Cookies and in our Cookie Statement;
– Preferred settings. 

If you use the contact forms on the Websites or subscribe to the newsletter:
– First and/or last name
– Email address
– Telephone number
– Any personal data that you yourself include in the message to Portbase
– If a signing authority is requested, that person’s name, position and email address are requested.

All such personal data is hereinafter referred to as: ‘personal data’.

Portbase receives the personal data because:
– It is provided to Portbase by you.
– An account has been created by yourself or on behalf of the organisation you work for and Portbase receives your personal data from the main administrator of that account.

Portbase does not receive personal data from other parties or third parties. However, Portbase may request information from public sources, for example from the Chamber of Commerce trade register. Without personal data, Portbase cannot provide services.

– Maintaining client contact and selling and making services available.
– Being able to purchase services or products from suppliers.
– Being able to send newsletters to clients and other interested parties.
– Being able to organise marketing activities, such as events for customers and relations.
– Being able to respond to messages you leave using the contact form on websites and the provision of support by the Service Desk.
– Conducting customer satisfaction surveys.
– Creating administrator and/or user account(s) for your organisation and providing access to your account.
– Enabling the main administrator to provide users with access to various services to be purchased as customers, such as informing the customer, when requested, about the use of the services by a user that you have provided access to as a customer (including the email address used, time, nature and duration of use).
– Verifying and establishing a user’s identity when creating an account and when logging into the account.
– Managing accounts so that Portbase can provide services to users.
– Identifying and verifying the person authorised to sign.
– Enabling a customer’s sign-in process.
– Logging and monitoring the use of services, including the Port Community System (PCS) and IAMconnected.

Portbase processes the personal data on the basis of the following legitimate processing basis:

– The performance of the agreement with you as the data subject, such as Portbase’s General Terms of Delivery and/or the IAMconnected Participant Terms and Conditions.
– The justified interest of Portbase to offer services to clients and thus process personal data of the authorised signatory and the main administrator. On the same basis, Portbase also processes personal data for organising events and sends Portbase side satisfaction surveys.
– On the basis of consent, Portbase sends newsletters.
– If Portbase is legally obliged to do so, for example because a regulatory body requests it.

Portbase’s websites use cookies to ensure that the websites work optimally and to tailor the experience and any marketing content to visitors’ preferences. The cookies remember the visitor’s browser settings and data entered in forms, and measure how visitors navigate the websites. When visiting the Portbase website for the first time, you can choose to accept or reject the cookies. And for each type of cookie, you can indicate which one you want to accept. If you reject the cookies, only strictly necessary and analytical cookies will be installed.
For more information on the use of cookies, please refer to the Cookie Statement on our Websites. Portbase reserves the right to amend this Cookie Statement. Amendments to this Cookie Statement will come into force the moment they are published on the Website(s). Portbase recommends consulting this Cookie Statement regularly to ensure you are always aware of the content of the applicable Cookie Statement. If these changes are of great importance to data subjects, Portbase will always inform you as such.

Do you have any questions about this Cookie Statement? If so, please contact Portbase’s Customer Service department at customerservice@portbase.com.

A number of Portbase employees have access to personal data. These are only employees who, by virtue of their position, need access to personal data to carry out their work. In this way and in combination with the information security measures mentioned below, Portbase ensures that the personal data can only be accessed by authorised persons. The personal data may only be used for the purposes specified in this Privacy Statement.

In principle, Portbase does not share personal data with third parties. Portbase only shares personal data with service providers in IAMconnected; if you log in to an external service provider via IAMconnected because you want to use their services.

In addition, Portbase’s software suppliers have access to its systems. Portbase has made agreements with these data processors to ensure sufficient guarantees are in place for the careful processing of personal data, in accordance with the GDPR and this Privacy Statement. Personal data is mostly stored within the European Union. Only data collected via cookies on Websites is processed in the United States.

In that case and other possible cases where Portbase shares personal data with organisations in countries outside the European Economic Area (EEA), it takes the necessary measures required by the GDPR to protect this data, such as the necessary contractual, technical and organisational safeguards.

If necessary, Portbase will still specifically ask your permission. Nevertheless, foreign authorities may require access to this personal data or it may not be easy for you to approach a judge in that country. You may withdraw your consent at any time. For the use of cookies, this can be done on the Portbase website via ‘Privacy Settings’. Your preference will be adjusted right away. This has no consequence for personal data that has already been processed.
 

The Websites may contain references to other websites, for example via a hyperlink, banner or button. This does not automatically mean that Portbase is associated with these other websites or those third parties. A different privacy statement may apply to the use of those third-party websites. This Privacy Statement only relates to personal data obtained by Portbase. Portbase does not accept any responsibility or liability for (the operation and/or content of) third-party websites.

Portbase will not retain the personal data for longer than is necessary for the purpose of the data processing, unless Portbase is legally obliged to keep the personal data longer or Portbase has a legitimate interest in doing so that outweighs the privacy interest, for example in the case of an ongoing dispute.

Portbase retains most personal data for up to seven (7) years after the end of the business relationship as a client. Personal data of main administrators and/or users in IAMconnected are deleted within three (3) months after the end of the account, e.g. after a period of inactivity or exit from the organisation to which your account is linked.

Identity document data or any copy thereof will be deleted within two (2) months after the identification required for registration of the account in IAMconnected.
 

Data subjects can exercise various legal rights in relation to the processing of personal data. Portbase’s interpretation of the exercise of these rights is set out below.

Inspection, amendment, deletion & data portability

Via Postbase’s Customer Service department,(customerservice@portbase.com) you can, as a data subject: 

– Make a written request to inspect, amend and delete personal data.
– Request or invoke the right to data portability. This is the right to transfer data, either to yourself or to another organisation providing the same services.
– Consent to data processing may be revoked at any time. However, this withdrawal has no consequence for the lawfulness of the processing of personal data before you withdrew your consent, and this only applies to the processing for which you have given consent. As a data subject,

Portbase hereby requests justification of your request as well as identification. Within the statutory period of one (1) month, Portbase will comply with the request or inform you as a data subject of the status of the request or appeal.

Portbase may deny the request if:

– It has a compelling legitimate interest not to delete the personal data that outweighs the privacy interest, or;
– Such requests are made unreasonably often, require unreasonable technical efforts or have unreasonable technical consequences for systems or compromise the privacy of others.

If, as a data subject, you are dissatisfied with the way Portbase has dealt with your request or in any other way with Portbase’s processing of your personal data, please file a complaint about the use of the personal data with the Data Protection Authority.

Portbase takes appropriate technical and organisational measures to secure personal data against loss etc. Please refer to our Statement on Information Security. This includes the following measures:

– Screening of employees and confidentiality is agreed with employees.
– Portbase’s Security Officer is committed to appropriate risk management around critical systems.
– Access to systems is personal and granted on the basis of Multi Factor Authentication.
– All actions in systems are logged for the purpose of error analysis and/or abuse prevention.
– The PCS is regularly backed up at an alternative location. – Portbase works with secure connections both via the web and for system links.
– Portbase applies an information security policy based on ISO27001, which includes security requirements and principles to prevent and limit risks.
– Suppliers contracted by Portbase for critical components in the digital landscape are ISO27001 or ISAE 3402 SOC2 certified.
– An annual audit is conducted by an independent external party on the design and existence of the IT control measures implemented by Portbase.
– Portbase is a member of the Haven ISAC, sharing information and experiences on cyber threats and vulnerabilities in the port community.

Amendments

Portbase reserves the right to amend this Privacy Statement. Amendments to this Privacy Statement will come into force the moment they are published on the websites.

Portbase recommends consulting this Privacy Statement regularly to ensure you are always aware of the contents of the current Privacy Statement. If these changes are of great importance to you as a data subject, Portbase will always inform you as such.

For questions about this Privacy Statement, please contact Portbase’s Customer Service department at customerservice@portbase.com.