Privacy policy

PRIVACY STATEMENT

Pluto Netherlands (mybuckethat.nl) respects the privacy of visitors to its website, in particular the rights of visitors with respect to automated processing of personal data. Because of full transparency with our customers, we have therefore formulated and implemented a policy regarding this processing itself, its purpose as well as the possibilities for data subjects to best exercise their the rights.

For any additional information on the protection of personal data, please visit the website of the Personal Data Authority:https://autoriteitpersoonsgegevens.nl/nl.

Until you accept the use of cookies and other tracking systems on the website, we do not place non-anonymous analytical cookies and/or tracking cookies on your computer, cell phone or tablet.

By continuing to visit this website, you accept the following terms of use.

The current version of the privacy policy available on the website is the only version that applies as long as you visit the website, until a new version replaces the current version.

Article 1 - Legal Notice.

1. Website (hereinafter also "The Website"): mybuckethat.com
2. Controller of the processing of personal data (hereinafter also referred to as "The Controller"): Pluto Netherlands, located at Poelestraat 35-4c, 9711PJGroningen, Chamber of Commerce number:

Article 2 - Access to the website.

Access to the website and use is strictly personal. You shall not use this website and the data and information provided thereon for commercial, political or advertising purposes, or for any commercial offers and in particular not for unsolicited electronic offers.

Article 3 - Website content

All trademarks, images, texts, comments, illustrations, (animated) pictures, video images, sounds, as well as all technical applications that may be used to operate the website and more generally all components used on this site are protected by intellectual property rights by law. Any reproduction, repetition, use or adaptation, in any way, of all or only a part of it, including the technical applications, without the prior written consent of the person in charge, is strictly prohibited. If the Administrator does not take immediate action against any infringement, this cannot be construed as tacit consent or waiver of legal action.

Article 4 - Management of the Website

For the proper management of the website, the administrator may at any time:

• suspend, interrupt or restrict access to all or part of the website to a certain category of visitors
• remove any information that may interfere with the functioning of the Web site or is contrary to national or international law or contrary to Internet etiquette
• have the website temporarily unavailable in order to perform updates

Article 5 - Responsibilities

The Administrator shall in no event be responsible for any failure, malfunction, difficulty or interruption in the functioning of the Website, resulting in the inability to access the Website or any of its functionalities. The manner in which you connect to the Website is your own responsibility. You are responsible for taking all appropriate measures to protect your equipment and your data from, among other things, virus attacks on the Internet. Furthermore, you are responsible for the websites and data you access on the Internet.

The Administrator shall not be liable for any legal action taken against you

• because of the use of the website or services accessible via the Internet
• because of the violation of the terms of this privacy policy

The administrator will not be responsible for any damages incurred by yourself, or by third parties or your equipment as a result of your connection to or use of the website. You will refrain from taking any action against the administrator as a result.

If the administrator becomes involved in a dispute as a result of your use of this website, he shall be entitled to recover from you all damages he has suffered and will suffer as a result.

Article 6 - Collection of data

Your data are collected by Pluto Netherlands. Personal data are defined as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements characterizing physical, physiological, genetic, psychological, economic, cultural or social identity.

The personal data collected on the website are mainly used by the administrator for maintaining relations with you and, if applicable, for processing your orders.

Article 7 - Your rights regarding your data.

Pursuant to Article 13 paragraph 2 sub b AVG, any person has the right to access and rectify or erase his personal data or restrict the processing concerning him, as well as the right to object to the processing and the right to data portability. You can exercise these rights by contacting us at info@mybuckethat.nl.

Any such request must be accompanied by a copy of a valid identity document, on which you have affixed your signature and stating the address at which you can be contacted. Within 1 month of the request submitted, you will receive a response to your request. Depending on the complexity of the requests and the number of the requests, this period may be extended by 2 months if necessary.

Article 8 - Processing of personal data

In case of violation of any laws or regulations, of which the visitor is suspected and for which the authorities require personal data collected by the administrator, they will be provided to them following an express and reasoned request from those authorities, after which such personal data shall then no longer be subject to the protection of the provisions of this privacy statement.

If certain information is necessary to access certain functionalities of the website, the manager will indicate the mandatory nature of this information at the time of requesting the data.

Article 9 - Commercial offers

You may receive commercial offers from the Administrator. If you do not wish to receive them (anymore), please send a mail to the following address: info@mybuckethat.nl.

Your data may be used by partners of the manager for commercial purposes. If you do not want this, please send a mail to the following address: info@mybuckethat.nl.

Should you come across any personal data during your visit to the website, you must refrain from collecting them or from any other unauthorized use as well as from any act constituting an invasion of the privacy of that person(s). The administrator is in no case responsible in the above situations.

Article 10 - Data retention period

The data collected by the administrator of website will be used and kept for the duration determined by law.

Article 11 - Cookies

1. A cookie is a small text file that is placed on the hard drive of your computer when you visit our website. A cookie contains data so that you can be recognized as a visitor each time you visit our website. When you visit our website, a banner will appear informing you about the use of cookies. With further use of our website, you accept their use. Your consent is valid for a period of thirteen months.
2. We use the following types of cookies on our website:

- Functional cookies: such as session and login cookies for tracking session and login information.

- Anonymized Analytical cookies: to gain insight into visits to our website based on information about visitor numbers, popular pages and topics. This allows us to better tailor communications and information to the needs of visitors to our website. We cannot see who visits our websites or from which PC the visit takes place.

- Non-anonymous Analytical cookies: to gain insight into visits to our website based on information about visitor numbers, popular pages and topics. This allows us to better tailor communication and information provision to the needs of visitors to our website.

- Tracking cookies: such as advertising cookies that are intended to show relevant advertisements. Personal interests can be derived from information about visited websites. This allows organizations to show their website visitors targeted advertisements, for example. Tracking cookies make it possible to create profiles of people and treat them differently. Tracking cookies typically process personal data.

1. More specifically, we use the following cookies:

- Google Analytics anonymized (analytical cookies)

- Google Analytics (analytical cookie)

- Adobe (analytical cookie)

- Facebook (tracking cookie)

- Google Adwords (tracking cookie)

1. When you visit our website, cookies originating from the controller and/or third parties may be installed on your equipment.
2. For more information on the use, management and deletion of cookies for each operating type, we invite you to consult the following link:https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/internet-telefoon-tv-en-post/cookies#faq

Article 12 - Images and products offered

No rights can be derived from the images belonging to the products offered on the website.

Article 13 - Applicable law

These conditions are governed by Dutch law. The court in the administrator's place of business has exclusive jurisdiction in any disputes concerning these terms and conditions, except where a statutory exception applies.

Article 14 - Contact

For questions, product information or information about the website itself, please contact: Privacy Department, info@mybuckethat.nl.

PROTOCOL MANDATORY DATA BREACH NOTIFICATION

Considerations:

• Pluto Nederland attaches importance to good security of its (electronic) systems in which personal data are stored and processed
• it can nevertheless never be completely prevented that a data breach will occur
• Pluto Nederland is obliged under the General Data Protection Regulation (AVG) to report (serious) data breaches to the Authority for Personal Data and to the parties involved.
• Pluto Nederland wishes to comply with its legal obligations
• Pluto Nederland has therefore formulated a policy to act as adequately as possible in case of a data breach.

1 - Definition of data breach

A data breach occurs when there is a security breach that accidentally or unlawfully leads to the destruction, loss, alteration, unauthorized disclosure of or unauthorized access to transmitted, stored or otherwise processed data.

2 - Internal responsible data breach notification

1. Pluto Nederland has appointed internal data breach controllers who are responsible for reporting a data breach.
2. This responsible person is the Privacy Department, with as 1st point of contact: Luc Spanjer, phone number; email address: lucspanjer@hotmail.com and if not reachable Ingo van Hezel, phone number; email address: ingo-van-hezel@hotmail.com , hereinafter referred to as: 'internal responsible person'.

3 - Internal notification upon discovery of a data breach

1. The person who discovers a data breach at Pluto Nederland will report this immediately to the internal responsible party.
2. If possible, the person who discovered the data breach will simultaneously ensure that the leaked data is immediately remotely deleted or made inaccessible.

4 - Investigation by the internal responsible party

The internal responsible party shall investigate, among other things:

• whether personal data has been lost or could be used unlawfully
• who or which departments within the organization are involved in the data breach
• whether a processor is involved in the incident

5 - Fighting the data breach

The internal responsible party stops the data breach if it is still possible and further takes the necessary measures to combat the data breach as best as possible.

6 - Determining the consequences of a data breach

The internal responsible party examines the possible consequences of the data breach based on the nature and extent of the data that has been leaked and determines what the adverse effects of the data subjects may be.

7 - Cooperation in providing information about the data breach

The discoverer/notifier of the data leak offers all cooperation to the internal responsible by providing answers (in writing) to the following questions as quickly and as well as possible:

• what happened? (description of the incident)
• was it accidental or caused by malicious intent (think hacked data)?
• when did it happen? (date and time)
• when was it discovered?
• what kind of data (records) were leaked?
• was the data encrypted, and if so how?
• could the data be remotely deleted or made inaccessible, and if so, was that done?
• what are the possible consequences for data subjects?
• which group(s) of persons is/are affected by this (for example: students, patients, premium members)
• how many persons are (approximately) affected by this?
• were data of persons in other EU countries also affected by the data breach?
• could technical and/or organizational measures have already been taken in response to the incident?

8 - Availability of personnel after discovery of data breach

The person in charge of the department from which the data breach occurred as well as the person who discovered the data breach and everyone who is in a position to take organizational and/or technical measures to limit the consequences of the data breach on the basis of their position or knowledge, will keep themselves available for the first 24 hours after discovery of the data breach for consultation with the internal responsible person or any experts designated by him and, if necessary, to carry out the work assigned as a result of the data breach.

9 - Decision on the data breach notification

1. The internal responsible party will decide as soon as possible but in any event within 60 hours of the discovery of the data leak - whether or not in consultation with the responsible party of the department from which the data leak was discovered and/or any experts designated by him - whether the data leak must be reported to the Personal Data Authority and/or the data subjects.
2. In principle, a data breach is always reported to the Personal Data Authority, unless it is unlikely that the data breach poses a risk to the rights and freedoms of those involved.
3. Reporting the data breach is accompanied by answering the questions as described in section 7.
4. A data breach that has been reported to the Personal Data Authority is also reported to the data subjects if it poses a high risk to the rights and freedoms of natural persons, unless appropriate measures have since been taken that have averted the high risk.

10 - Notification of data breaches to the Personal Data Authority and/or data subjects.

1. If necessary, the internal responsible party will take care of the notification to the Personal Data Authority and/or the data subject(s).
2. Notification shall be made as soon as possible after discovery and at the latest within 72 hours after discovery of the data breach.
3. Any employee other than the internal responsible person is not allowed to report the (possible) data breach to the Personal Data Authority and/or the data subject(s) themselves.
4. If an employee disagrees with the decision of the internal responsible person regarding whether or not to report the data breach to the Personal Data Authority and/or the data subject(s), he may communicate his grievances to the management.
5. If requested, an employee shall provide all cooperation to the responsible party in order to be able to inform the affected persons about the data breach in accordance with Article 34 AVG.

11 - Consequences of reporting data breaches

1. If the data breach has negative consequences for data subjects, the internal responsible party will make every effort to limit these consequences as much as possible.
2. Depending on the nature and scope of the data breach for data subjects, the internal responsible party determines

• How the data subjects will be informed (including in any case announcements regarding the types of personal data affected, the possible consequences, the measures Pluto Nederland will take and how the data subjects themselves can prevent or limit the damage).
• which aftercare will be provided to those involved
• which actions are necessary in the interest of the organization.

1. If a data breach has occurred - regardless of whether it was reported or not - adequate technical and/or organizational measures will be taken as soon as possible to prevent future similar data breaches.

12 - Maintaining a register of data breaches

The internal responsible party keeps a register of all data breaches, in which all data surrounding the data breach is recorded, such as:

• a description of the incident
• date and time of the data breach
• date and time of discovery of the data leak?
• description of the type of personal data leaked
• description of the category or categories of data subjects affected
• description of the approximate number of data subjects
• whether data of persons in other EU countries were also leaked
• whether the incident has been reported to the Personal Data Authority and, if so, date and time of notification
• whether the incident was reported to the data subjects and, if so, the date and time of the report
• how those involved were informed
• the consequences of the data breach, if possible including date and time
• what technical and/or organizational measures have been taken after the data breach, including date and time.

This data breach notification protocol was drawn up on April 16, 2021.

COOKIE DECLARATION

1. Use of cookies

www.mybuckethat.nl makes use of cookies. A cookie is a simple small file sent with pages of this website and/or Flash applications and stored by your browser on the hard drive of your computer, cell phone, smart watch or tablet. The information stored therein can be sent back to our servers on your next visit.

The use of cookies is very important for the proper functioning of our website, but cookies whose effect you do not immediately see are also very important. Thanks to the (anonymous) input of visitors, we can improve the use of the website and make it more user-friendly.

1. Permission to use cookies

The use of certain cookies requires your permission, which we do by means of a so-called cookie banner.

1. Types of cookies and their purposes.

We use the following types of cookies:

- Functional cookies: these allow us to make the website function better and make it more user-friendly for visitors. For example: we store your login details or what you have put in your shopping basket.

- Anonymous analytical cookies: these ensure that each time you visit a website an anonymous cookie is generated. These cookies know whether you have visited the site before or not. Only on the first visit, a cookie is generated; on subsequent visits, the already existing cookie is used. This cookie is for statistical purposes only. Thus, the following data can be collected with it:

• the number of unique visitors
• how often users visit the site
• Which pages users view
• how long users view a certain page
• at which page visitors leave the site

- Analytical cookies: these ensure that each time you visit a website a cookie is generated. These cookies know whether you have visited the site before or not. Only on the first visit, a cookie is generated; on subsequent visits, the already existing cookie is used. This cookie is for statistical purposes only. It allows the following data to be collected, such as:

• which pages you have viewed
• how long youstayed on a particular page
• at which page you left the site

- Own tracking cookies: These allow us to know that you have visited other websites from our network in addition to ours. The resulting profile is not linked to your name, address, e-mail address and the like, but only serves to tailor advertisements to your profile so that they are as relevant to you as possible. For these cookies we ask your permission. Without your permission, these cookies will not be placed.

- Tracking cookies from others: These keep track of the pages you visit on the Internet in order to build up your personal profile. This profile is not linked to your name, address, e-mail address, etc. as known to us, but only serves to tailor advertisements to your profile so that they are as relevant to you as possible. For these cookies we ask your permission. Without your permission, these cookies will not be placed.

- Social media related cookies: they record which articles and pages you share via their social media sharing buttons. They can also contain tracking cookies that follow your surfing behavior on the web.

- Site improvement cookies/optimization cookies: they allow us to test different versions of a web page to see which page is visited best.

1. Your rights regarding your data

You have the right to access, rectify, limit and delete personal data. In addition, you have the right to object to processing of personal data and the right to data portability. You can exercise these rights by sending us an email at info@mybuckethat.nl. To prevent misuse we may ask you to provide adequate identification. When it comes to access to personal data linked to a cookie, we ask you to send a copy of the cookie in question. You can find this in the settings of your browser.

1. Blocking and deleting cookies

You can easily block and delete cookies yourself at any time via your Internet browser. You can also set your Internet browser to notify you when a cookie is placed. You can also indicate that certain cookies may not be placed. Check the help function of your browser for this option. If you delete cookies in your browser, this may affect the enjoyment of this website.

Some tracking cookies are set by third parties who, among other things, display advertisements to you via our website. You can delete these cookies centrally viayouronlinechoices.com

Please be aware that if you do not want cookies, we can no longer guarantee that our Website will work completely properly. Some functions of the site may be lost or you may not be able to visit the website at all. In addition, refusing cookies does not mean that you will no longer see any advertisements. The ads are just not tailored to your interests and may be repeated more often.

How you can adjust your settings varies from one browser to another. If necessary, consult your browser's help function, or click on one of the links below to go directly to your browser's manual.

• Firefox:https://support.mozilla.org/nl/kb/cookies-verwijderen-gegevens-wissen-websites-opgeslagen
• Google Chrome:https://support.google.com/chrome/answer/95647?co=GENIE.Platform=Desktop&hl=nl
• Internet Explorer:https://support.microsoft.com/nl-nl/kb/278835
• Safari on smart phone:https://support.apple.com/nl-nl/HT201265
• Safari on Mac:https://support.apple.com/nl-be/guide/safari/sfri11471/mac

1. New developments and unforeseen cookies

The texts of our website may be modified at any time due to ongoing developments. This also applies to our cookie statement. Therefore, please review this statement regularly to be aware of any changes.

Blog articles may make use of content that is hosted on other sites and made accessible on www.mybuckethat.nl by means of certain codes (embedded content). Think for example of YouTube videos. These codes often make use of cookies. However, we have no control over what these third parties do with their cookies.

It is also possible that through our websites cookies are placed by others, of which we are not always aware. Have you come across unforeseen cookies on our website that you cannot find in our overview? Please let us know at info@mybuckethat.nl. You can also contact the third party directly and ask what cookies they place, the reason for this, the lifespan of the cookie and in what way they have guaranteed your privacy.

7. Concluding Remarks

We will need to update these statements from time to time, for example when we update our website or change the rules around cookies. You can check this webpage for the latest version. Should you have any further questions and/or comments please contact info@mybuckethat.nl.

April 16, 2021