When an organization processes personal data, the General Data Protection Regulation (GDPR) applies. The GDPR states that personal data is all information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to this person. Information about organizations is therefore not personal data according to the GDPR, but data of the employees or contacts are. Processing personal data is any action that an organization can perform with personal data. This is a very broad term, from collection to disposal. Manufy processes personal data and handles it in a responsible manner, so that all processing operations meet the requirements of the GDPR.
All company data we have is from public sources. We have purchased this data from various platforms, which are DDMA approved, high quality databases. They are continuously updated by various sources such as Commercial Register of the Chamber of Commerce, Municipal Population Distribution Facility, Central Insolvency Register for receiverships and bankruptcies, Central Statistics Office, Market Reports, News and press releases, Publishers, Branch Organizations, Internet and deep web (Big Data).
If the company data in our databases also includes business e-mail addresses that can be traced back to a person, then we will verify whether these business e-mail addresses are also on the manufacturer's website or another open online source. If a business e-mail address can be traced back to a person, this is personal data and processing thereof must take place in accordance with the GDPR. We base this processing of personal data on Manufy's legitimate interest. More specifically, this processing means approaching manufacturers and including the data in our database. We strive to allow manufacturers to benefit from Manufy in a way that contributes to the practice of the profession and their business. Both Manufy and the manufacturers benefit from the fact that manufacturers are included in our database. Manufy aims to connect buyers, manufacturers and freelancers that are located within the EU in an efficient, transparent and - most importantly - sustainable way. We therefore strive for a database that is as complete as possible. Manufacturers are easier to find by Manufy and this can result in more business. Additionally, because it concerns professional (business) personal data that can usually be found easily online, there is a fair balance between the interests involved when we approach manufacturers at the e-mail address that can be traced back to the person.
When we have an e-mail address in our database and a buyer, brand or freelancer wants to contact the manufacturer for the first time via that e-mail address from our database, the manufacturer will receive an e-mail from Manufy that someone wants contact. At that moment the manufacturer can verify the account and possibly change the e-mail address where he or she wants to be contacted by Manufy. The manufacturer can of course also indicate not to be included in our database and we will delete the account.
For brands/contacts of brands and freelancers:
As a user of Manufy, you can unsubscribe from emails of Manufy via a link below each email. Your data will still exist with us. You can unsubscribe from the mailings via an opt-out in every email you receive. If you want to have your data completely removed from our database, this is of course possible without giving reasons. You should then send an email to firstname.lastname@example.org with the request for removal.
We strive to ensure that all information in Manufy is correct. If you notice that the information on your account is not correct (anymore), you can easily adjust it in your account.
We will not keep your personal information longer than we need it for the purposes we described earlier. We keep our database as up-to-date as possible and if we notice that certain information is no longer correct, we will delete / adjust it.
The GDPR requires us to take appropriate technical and organizational measures to properly protect the personal data we process. We therefore do everything we can to protect your personal data against loss, destruction, use, modification or distribution of your personal data by unauthorized persons. This means that those who have nothing to do with your data cannot access it. We do this through the following measures:
When a data breach occurs, we will act according to our data breach procedure. This procedure has been carefully drawn up and is in line with the GDPR. A data breach occurs when a breach of security occurs that accidentally or unlawfully leads to the destruction, loss, alteration or unauthorized disclosure or access of personal data. If a data breach occurs, we will handle it carefully. This means, among other things, that if it concerns a data breach which has to be reported, that we will report it to the Dutch Data Protection Authority within 72 hours. We will also inform the data subject to whom the leaked data relates.