1. GENERAL INTRODUCTION AND WARNINGS

The website Maastrichter.com (hereinafter “Maastrichter”) respects the privacy of its users (hereinafter “Users”).

Maastrichter deals with the personal data transmitted to it in accordance with the legislation in force, and in particular the law of 8 December 1992 on the protection of privacy and its executive decrees.

Accessing to the website www.maastrichter.com, www.maastrichter.nl and www.maastrichter.eu (hereinafter “the Website”) implies full and unconditional acceptance by the user of this Privacy Policy (hereinafter “Policy”), as well as its Terms of Use (hereinafter the “ToU”).

The User acknowledges having read the information below and authorizes Maastrichter to process, in accordance with what is specified below, the personal data he/she communicates on/to the Website within the framework of the service proposed by Maastrichter (hereinafter the “Service”).

By providing information to user, Maastrichter may be required to amend and adapt the Policy in order to comply with any new applicable legislation and/or regulations (such as the adoption of the new European regulation in dealing with the personal data – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data – of 14 April 2016, and applicable as from 25 May 2018), the recommendations, the guidelines, recommendations and good practice of the European Data Protection Board and the decisions of courts and tribunals in this field. Maastrichter shall inform Users in such an event.

The Policy is valid for all the hosted pages on the Website and for the data saved on this Website. It is not valid for the pages hosted by third parties that Maastrichter may redirect to and where the privacy policies may differ (for example ticket links on events and promotions pages). Maastrichter cannot be held responsible for any data processed on these Websites or by them.

Sometimes it may be necessary to provide personal data in order to access to certain parts of the Website (for example subscribing the newsletter). If such personal data is not provided to Maastrichter, access may be denied.

  1. RESPONSIBLE FOR PROCESSING

2.1 Access to the Website shall in principle be possible without having to provide personal data, such as, for example, surname, first name, postal address, e-mail address, etc.

2.2 However, as part of the Service, the User may be required to transmit certain personal data. In such case, the person in charge of processing these data is:

Deniz Gurhan

Jonkheer Ruysstraat 87

6221VS, Maastricht

The Netherlands

2.3 Any question or request concerning the processing of these data may be addressed to the following address: info@maastrichter.nl

  1. COLLECTED INFORMATION

3.1. DATA TRANSMITTED TO MAASTRICHTER BY ACTIVE INTERVENTION OF USERS

By browsing the Website, filling out forms or newsletters on the Website, through the mobile application or social networks linked to Maastrichter, the User allows Maastrichter to register and maintain, for the purposes mentioned in point 4, the following information:

– identification data, such as surname and first name, gender, e-mail address, date of birth and contact information;

– communications between Users and Maastrichter;

– the additional information requested by Maastrichter from the User in order to identify or prevent him/her from breaching any of the provisions of the Policy; and

– any other information voluntarily transmitted to Maastrichter by the User for a determined purpose in the Policy, in the ToU, on/to the Website or on any other communication tool used by Maastrichter.

3.2. DATA AUTOMATICALLY TRANSMITTED TO MAASTRICHTER WHEN CONSULTING THE WEBSITE

3.2.1. “COOKIES”

In order to facilitate browsing the Website and optimize technical management, the Website may use “cookies”. A “cookie” is a small file containing information saved by a website on the computer or an application on the user’s smartphone. This “cookie” can be retrieved during a subsequent visit to the same application or website. The “cookie” cannot be read by another website than the one that created it. The Website uses “cookies” for the purposes of proper administration of the Website, in particular to save the User’s browsing preferences, or to obtain information on the visited pages and the dates and times of visit.

Most “cookies” only work for a session or a single visit. It is also possible for the User to set up his browser to be informed during each creation of “cookie” or to prevent their saving, individually or not. However, disabling cookies may prevent access to certain parts of the Website or making access more difficult. Subject to the prior consent of the User, the Website may also allow the use of third-party cookies, including the following:

– Facebook, Twitter, Instagram

Maastrichter uses the social modules of social network providers Facebook, Twitter and Instagram on its Website. These social modules establish a direct connection to the server of the social network via the User’s browser. The social network provider on which the User has clicked receives information that the User has visited the Website. If the User is registered and identified on the relevant social network, the provider can correlate the profile of the User with the visited Website. The network provider can then establish future interactions. If the User is not registered with the social network, the provider can save the IP address of the User. In order to avoid transferring these data to the social network provider, the User must not click on the button corresponding to the social network.

– Google analytics

The Website also uses Google analytics. This service, offered by Google, analyses the activity of the Website. For these purposes, Google collects information related to web traffic and the number of visitors. This tool allows Maastrichter to measure the performance of the Website in terms of browsing and to consolidate activity reports and other services.

3.2.2. REGISTERED INFORMATION ON VISITED SERVERS

When the User accesses the Website, the visited servers automatically save certain data, such as the type of domain with which the User connects to the Internet, the IP address assigned to the User (when logged in), the date and time of access to the Website and other traffic data, location data or other communication data, viewed pages, type of browser used, platform and / or system, the search engine as well as the keywords used to retrieve the Website, etc.

However, no personal data allowing to identify the User is collected through this collection of data. This information is kept for statistical purposes and improvement purposes only.

  1. PURPOSES OF PROCESSING

4.1. GENERAL PURPOSES

The Website collects, saves and processes the personal data of its Users in particular for the following purposes:

– to analyse, adapt and improve the content of the Website;

– to carry out internal statistical surveys and market surveys and to deploy various statistical systems and studies;

– to allow the User to receive messages and manage their account from different devices (computer, tablet, smartphone, etc.);

– to detect and/or prevent fraud or similar activities of an illegal nature;

– to facilitate the provision and use of the Website and improve the Services offered by Maastrichter as well as the experience of the Users;

– to respond to requests for information;

– for any marketing and promotions actions offered by Maastrichter to Subscribers to the Newsletter;

– to inform them about the evolutions of the Website and its functionalities; and

– for any other purpose for which the User has expressly consented.

4.2. COMMUNICATION TO THIRD PARTIES

Maastrichter considers personal data as confidential information. It shall not communicate them to third parties under conditions other than those specified in the Policy or under the conditions in which it is required by law.

Maastrichter may transmit to third parties the personal information of its Users insofar as this information is necessary for the execution of a contract with its Users (for example, a restaurant so that it can make a reservation made via the Website or a prize won by a User via the Website). In such a case, such third parties shall not communicate this information to other third parties, except in one of the following two cases:

(i) disclosure by these third parties of such information to their suppliers or subcontractors to the extent necessary for the performance of the contract, and

(ii) where such third parties are obliged by the regulations in force to disclose certain information or documents to the competent authorities regarding the anti-money-laundering, as well as to any competent public authority in general.

The disclosure of such information to the aforementioned persons shall in all circumstances be limited to what is strictly necessary or required by the applicable regulations.

In order to propose new products to its Users that may be of interest to them, Maastrichter may also disclose the personal information of its Users to third parties, insofar as the Users have explicitly consented to it.

4.3. TRANSFER TO A COUNTRY OUTSIDE OF THE EUROPEAN ECONOMIC AREA

Maastrichter does not transfer data to a country which is not a member of the European Economic Area unless it provides an adequate level of protection within the meaning of the law of 8 December 1992 on the protection of privacy, or within the limits permitted by the same law, for example by ensuring the protection of data by appropriate contractual provisions.

4.4. DIRECT MARKETING5

Personal data will not be used for direct marketing purposes for products or services other than those to which the User has already subscribed, unless the User has explicitly consented thereto by ticking the boxes provided for this purpose (“opt-in”).

When the User has given his consent for the use of such information for direct marketing purposes, the User retains the right to oppose such use at any time, upon request and free of charge. To do so, the user must unsubscribe with the corresponding link by ticking the box of the Website. The User shall in all cases be responsible for verifying the data provided and shall inform Maastrichter of any amendments to the data.

  1. SECURITY

Maastrichter has taken the adequate measures to ensure that the servers hosting the processed personal data prevent, to the extent possible:

– the processing, access or unauthorized modification of this data;

– the inadequate use or disclosure of such data; and

– the unlawful destruction or accidental loss of such data.

The users undertake not to commit any acts which may be contrary to the present privacy policy or the law. Offenses against the confidentiality, integrity and availability of computer systems and saved data, processed or transmitted by such systems, or the attempt to commit any of these offenses, are punishable by three months to five years’ imprisonment and by a fine of twenty-six euros to two hundred thousand euros or by one of these penalties only.

  1. CONSERVATION PERIOD

Maastrichter will normally store the personal data of its Users for the duration necessary for the accomplishment of the pursued purposes (see point 4). Maastrichter may also continue to maintain personal data concerning the unsubscribed User, including any correspondence or request for assistance addressed to Maastrichter, in order to be able to answer any questions or complaints that may be addressed to it.

  1. RIGHTS OF THE CONCERNED PERSON

The User may at any time request access, correction or, if necessary, deletion to / from his/her personal data, with the exception of those which Maastrichter would have a legal obligation to keep, by sending a written request accompanied by a copy of his identity card or passport to the data controller:

– at the following postal address: Jonkheer Ruysstraat 87, 6221VS, Maastricht, The Netherlands

– to the following email address: info@maastrichter.nl

Maastrichter will then take the necessary measures to satisfy this request as soon as possible.

  1. NOTE CONCERNING MINORS

Persons under the age of 18 and persons who do not have full legal capacity are not permitted to transmit their personal data to Maastrichter.

  1. APPLICABLE LAW AND COMPETENT JURISDICTION

9.1 The Policy shall be governed by the Dutch law to the fullest extent permitted by the applicable rules of private international law.

9.2 In the event of a dispute concerning the validity, application, interpretation or enforcement of the Policy, the courts of the judicial district of Maastricht (Netherlands) shall have exclusive jurisdiction, to the fullest extent permitted by the rules of private international law.

9.3 Before undertaking any legal dispute resolution, the Customer undertakes to resolve the dispute by amicable means by contacting Maastrichter directly, if necessary, by mediation, before resorting to arbitration, litigation, or any other means of dispute resolution.