1. Introduction Sordile Privacy Statement

This is Sordile's privacy statement. This privacy statement applies to all privacy-sensitive information or personal data that you provide to us, for example when you send us an e-mail. We explain clearly how we store your data, how long it is stored and what the exact purpose of the data processing is. In addition, we provide clear insight into how you can exercise your rights with regard to data processing.

Because we process (or have processed) personal data in various situations, we have opted for an extensive privacy statement. There are often situations in which Sordile needs to collect and process/use your personal data. For example, consider sending invoices. It is important that you know what happens to your personal data and how you can let us know your wishes regarding the handling of your personal data.

Sordile takes your privacy very seriously and will use and process personal information in a secure manner. All articles in this privacy statement are in accordance with the applicable (General Data Protection Regulation AVG) legislation . This European privacy legislation has been applicable in the Netherlands since 25 May 2018.

Do you feel that your personal data is not handled correctly? Do not hesitate to contact us directly!

info@sordile.com l +31 (0)6 2738 7250

Zandweg 77 l 3454 JW l De Meern

Chamber of Commerce No. 76789780

1. Categories of personal data

It is necessary for us to request certain personal data in order to be able to help our customers as best as possible. Personal data is data that can be traced back to a natural person. The personal data that we (generally) request:

• Address;

• Bank details in connection with billing;

• Phone number;

• Company details;

• First name and surname;

• (Personal) e-mail address (note: the AVG also includes certain company e-mail addresses under personal data. For example, the e-mail address klaas.klassen@Sordile.nl).

We only store and use the personal data that is provided directly by you, or of which it is clear that it is provided for processing by Sordile.

1. Basis and purpose for data processing

Under the GDPR legislation, we are obliged to have a lawful basis for the processing of personal data. Article 6 paragraph 1 sub a, sub b and sub c of the GDPR applies to our situation: the processing of personal data is done on the basis of your consent, the public interest of Sordile, because it is necessary for the execution of an agreement between you and Sordile or because it is necessary to comply with legal obligations.

Article 13(1)(c) of the GDPR then requires us to clearly indicate the 'processing purposes' for which the personal data is intended. Below is therefore an overview of various processing purposes.

• There are a number of purposes for which Sordile collects your personal data;

1. Contact

Have you sent an email to info@sordile.com ?  Or have you left information via the contact form, social media, WhatsApp or by telephone? Then this data can be processed by Sordile. The focus here is of course on correct handling, whereby we are never a burden to you (with unsolicited approaches).

The bases for processing in this context: our legitimate interest (we need to be able to communicate with you in order to handle or follow up questions or complaints).

1. Execution of the agreement

When executing our agreement, Sordile needs certain information. Without this data it is not possible for Sordile to properly perform the services and the agreement. Think, for example, of the (email) address, name, telephone number and the address where the product must be delivered.

The bases for processing in this context: execution of the agreement (in case the agreement has been concluded with our customer and to properly perform the agreed services), legal obligations (these are the tax obligations and anti-money laundering regulations) and also our legitimate interest (this concerns the effective performance of services, the representation of our interests, the prevention or intervention in legal proceedings and internal administrative purposes).

1. Sending and storing invoices

Sordile stores data provided in connection with billing. This applies to both sent and received invoices. Most invoices contain personal data, such as the salutation. It is also possible that an invoice is received/sent to a Sordilese e-mail address with a name in it. In addition, in certain cases personal address details may be stated on invoices. Think of situations where someone has a home office. We now have a legal obligation to invoice, to keep invoices received and to keep invoices sent. These invoices are also necessary to be able to file tax returns.

The grounds for processing in this context: execution of the agreement (in case the agreement has been concluded with our customer), legal obligations (these are the tax obligations and anti-money laundering regulations) and also our legitimate interest (this concerns the effective implementation services, representing our interests, preventing or acting in legal proceedings and internal administrative purposes).

1. Quotations

Sordile uses the necessary personal data to prepare and send quotations. These include name (first name and last name) and email address.

We process this data for: our legitimate interest (being able to make an offer and to be able to carry out our business activities in a correct and effective manner).

1. Sending payment reminders

We also store personal data for sending payment reminders. This also includes names, e-mail address, telephone number and address details.

The grounds for processing in this context: legal obligations (these are tax obligations and anti-money laundering regulations) and also our legitimate interest (this concerns the effective performance of services, representing our interests to be paid in full for the agreement become, prevent or act in legal proceedings and internal administrative purposes).

1. social media

Sordile uses social media. Of which      Facebook, Instagram and LinkedIn. Cookies are placed for the use of these social media. For more information about         cookies, you can consult our cookie statement.

1. Storage period

Above we have indicated for which processing purposes we use your personal data. Pursuant to Article 13, paragraph 2, sub a of the GDPR, we must then indicate the storage period of personal data. It is good to realize that all data is in any case retained for the period that work is performed, or the period that it can reasonably be assumed that data is necessary. Each last moment of contact between you and Sordile counts as a new beginning of the retention periods.

Pay attention! It is possible that data entered and processed for one purpose is transferred to another purpose. This starts a new retention period. For example, when data is provided via social media or a contact form and eventually a service is transferred. When the same data is used, the retention period of this data will extend to that of the next purpose.

• Explanation:

1. Contact

The retention period of the data received by a contact request with us differs. A distinction is made in the nature of the contact request. Is it a question for which a single answer is sufficient? Then we usually delete the received data immediately. If the nature of the contact request necessitates the retention of data longer (such as a request for a quote), we will also store it longer. If it appears that storing the data is of no use, we will delete it no more than 1 year after we have received it.

1. Execute agreement

Data provided for the execution of our agreement will be kept for a maximum period of 7 years after the agreement has been completed and the sending or receipt of the (last) payment. This also includes data that is used to ship the products.

1. Sending and storing invoices

By law we are obliged to keep invoices (and other administration). After all, the Tax and Customs Administration should be able to check us. According to the requirements of the tax authorities , we must keep our invoices for at least 7 years. We conform to these requirements in all cases. After this period has expired, we will keep your personal data for a maximum period of 2 years.

1. Quotations

Quotations are deleted after a period of 2 years. The term starts to run from the moment that an offer is refused or becomes a concrete agreement between the parties.

1. Sending payment reminders

If you are no longer a customer of Sordile, we will delete your data within 2 years after the legal term of 7 years has expired.

1. Social media

The retention periods we use for social media depend on the cookies we place and the retention periods used by the cookies themselves. For more information about the retention periods of the cookies that Sordile may place on your device, please see our cookie statement.

1. Recipients of personal data

Sordile shares personal data with third parties: this only happens when this is strictly necessary. In all cases, Sordile, as controller, will comply with the GDPR legislation, specifically Article 28 et seq. AVG.

In order to guarantee the best service from Sordile, we work together with certain external parties. Think of parties that arrange our financial affairs. Below we offer you an overview of external parties that receive personal data from you.

Overview of third parties who receive personal data from you:

• Designers from Sordile

For the correct execution of the agreement as well as the design of the products, it is possible that Sordile shares some personal data with designers on behalf of Sordile. This data is only shared if strictly necessary, the rights and wishes regarding the processing of personal data are taken into account at all times.

• Tax authorities/government authorities

In order to comply with our tax obligation and/or any other statutory regulation, we share the necessary personal data with the tax authorities and other government authorities, if we are legally obliged to do so.

• Delivery

In order to be able to fully perform our service, we share certain data with courier services. These are enabled to deliver the ordered packages. Information that is shared with the courier service is in any case the delivery address and your name.

Cookies

Would you like to know which cookies Sordile places? Please consult our cookie statement.

1. Security

Personal data is only accessible to authorized Sordile employees. This personal data is protected with a password. Where possible, we use two-step verification (or reCaptcha).

The Devices with which your data has been accessed are also locked with a password and/or fingerprint scan and/or facial recognition. This obviously concerns the necessary devices, such as computers, laptops and mobile phones.

Also, your visit to the Sordile website is secured by ''https'' security. This means that your connection to Sordile is private. With this we ensure that your personal data remains safe during website visits.

We use a virus scanner with which the files in which your personal data are processed are periodically checked in order to prevent or timely counteract external influence on the files and data leaks.

We keep physical data in a locked building that only authorized personnel have access to, authorized personnel includes persons designated by Sordile to process the personal data.

For completeness, more information about online security that Sordile uses:

• Locking/securing all devices on which your personal data is stored and processed.

• Sending your data via a secure internet connection. You can see this by the address bar 'https' and the padlock in the address bar.

• Using virus scanners and a periodic check of the files in which the personal data are processed.

• Storing physical data in a locked building that only authorized personnel have access to.

1. Your rights with regard to your personal data

Below we give you an overview of the rights you have with regard to your personal data and our use of it. Although we collect and process personal data in a minimal manner at Sordile, we think it is important to point out the rights you have under the GDPR.

1. Right of access (Article 15 GDPR)

At all times you have the right to request your data, which are recorded and stored at Sordile. This can be done by sending an e-mail or by telephone. you will then receive a clear overview of your data.

1. Right to rectification (Article 16 GDPR)

Is your data (which we have in custody) no longer correct or has it changed? Then you have the right to have this rectified by Sordile.

1. Right to data portability (Article 20 GDPR)

Under the GDPR, you have the right, where reasonable and possible, to request Sordile to transfer data to another party.

1. Right to erasure (Article 17 GDPR)

In certain circumstances you have the right to ask Sordile to destroy data. You can do this by invoking the right to be forgotten. Sordile must destroy your personal data in the following situations:

• Sordile no longer needs your data for purposes for which Sordile collected the data.

• You have expressly given Sordile permission to use data, but you are now withdrawing it. This can be done, for example, via the 'unsubscribe button' for newsletters.

• You object to the processing of data. You have an absolute right to object to direct marketing. Do your interests outweigh Sordile's interests in processing your data? Then you have a relative right of objection. This means that deletion does not have to take place immediately, but only when it has been established that your interest outweighs.

• If Sordile would unlawfully process your data, you immediately have the option to request that the data be deleted. This is possible, for example, when there is no legal basis for the processing of your personal data.

• When Sordile has exceeded a legal retention period, Sordile is obliged to delete your data.

• As a data subject, are you younger than 16 and has Sordile collected your data? then you can ask Sordile to delete the data immediately.

There are exceptions to the right to be forgotten under the GDPR. For more information, see the next page .

1. Right to submit a complaint to the Dutch Data Protection Authority

You always have the right to file a complaint with the Dutch Data Protection Authority if you believe that Sordile has not handled your personal data correctly. You can do that via this link . The Dutch Data Protection Authority will then deal with this complaint further.

1. Right to stop data usage, objection (Article 21 GDPR)

You have the right to object to data use at any time. Certainly in the case of 'direct marketing'.

Do you want to make use of the above rights?

An e-mail to info@sordile.com is in most cases enough to exercise your rights. Do we doubt that you are who you say you are? Then we can ask you to provide a copy of your proof of identity, as prescribed by the central government . In most cases, however, a less drastic method of identity retrieval will suffice.

1. Duties

Sordile processes your personal data, as indicated, on the basis of a legitimate interest. your personal data will never be sold to third parties.

The data that are required to provide are the minimum required personal data that are necessary for the provision of our services and the proper execution of the agreement. If you do not provide us with this mandatory information, Sordile will not be able to (properly) offer the services and will not properly complete the agreement.

If it is necessary to share your data with parties other than the parties mentioned above, your permission will of course be requested first by amending our Privacy Statement. We always announce changes via the Sordile website.

Sordile reserves the right to disclose information when required to do so by law, or when Sordile deems it justified to comply with a legal request or process. Also when it comes to property or protecting Sordile. We try to respect your right to privacy as much as possible.

Do you have any questions about our privacy policy? Please feel free to contact us using the details below.

info@sordile.com l +31 (0)6 2738 7250

Zandweg 77 l 3454 JW l De Meern

Chamber of Commerce No. 76789780

Version 2021