We are 5miles B.V. and we operate under the name 5miles (5miles). We respect your privacy and private life, but sometimes we need your personal data. We consider Personal Data to be any information relating to an identified or identifiable person, in conformity with the General Data Protection Regulation (the GDPR).
This policy explains which Personal Data we use and why (the Privacy Policy). Furthermore, you will read how we store, protect and process this Personal Data. Finally, we outline the rights you have when we process your Personal Data and explain how you can exercise these rights.
This Privacy Policy applies to our website https://www.5miles.nl/, including all associated websites and landing pages (the Website) and the services or products we provide at our Online Learning Tool https://app.5miles.nl/ (the Services). We process your Personal Data in accordance with the GDPR and all other relevant legislation and regulations in the field of protection of Personal Data, like the Dutch Telecommunications Act (Telecommunicatiewet) regarding the use of cookies (together: the Relevant Legislation).
Are you under the age of 16
If you are younger than 16 years old, you need permission from your parents or legal guardian to use our Website and Services.
Who is the controller of your Personal Data
We are the controller of your Personal Data within the meaning of the Relevant Legislation. At the end of this Privacy Policy, you can find our contact details.
Details of the processing of Personal Data
We need some of your Personal Data in order for you to use our Website and Services. We are allowed to process your Personal Data, because we comply with the Relevant Legislation. We lawfully process your Personal Data because:
- Processing Personal Data is necessary in order to perform our contract;
- We have legitimate interests to process your Personal Data, where we have considered these are not overridden by your rights;
We make sure that the processing of your Personal Data is adequate, relevant and limited to what is necessary in relation to the purpose for which the Personal Data is processed. In the table below you will read:
- what Personal Data we process;
- the purposes for which we process Personal Data; and
- on what basis we process Personal Data.
Contact Data
(Personal) Data
- First and last name
- Email address
- Company name
- Company team
We use these data to:
- Get in contact with you
- Send your daily challenge invitation email
We process these Data on the basis of:
- A necessity to perform the contract
Payment Data
(Personal) Data
- Payment data of the paying party (e.g. IBAN number, name of account holder)
- Invoices
- An overview of purchases
We use these data to:
- Send invoices
- Update our financial administration
We process these Data on the basis of:
- A necessity to perform the contract
Data of partners and suppliers
(Personal) Data
- Company name
- First and last name
- Address
- Phone number
- Chamber of Commerce number
- Payment data
We use these data to:
- Correspond with you
- Purchase products or services from you
- Update our financial administration
We process these Data on the basis of:
- A necessity to perform the contract
Data for marketing and promotional reasons
(Personal) Data
- First and/or last name
- Email address
- Interests
- An overview of your purchases
We use these data to:
- For featured updates and training material updates
- To send you challenges and reminders
We process these Data on the basis of:
- Legitimate interest
Content data related to the Services
(Personal) Data
- Correspondence or chat messages with you
- Your results and reviews of our challenges and skills assessments
- Technical information regarding your visit(s) to our Website.
We use these data to:
- Provide you with an optimal service, by improving our content and learning materials
- Keep track of challenges
- Enable security features
- Update your employer on your participation and performance.
We process these Data on the basis of:
- Legitimate interest
Legitimate interest as a legal ground for processing
We may only process your Personal Data subject to one of the limited legal grounds specified in the GDPR. For the legal basis of legitimate interest, an assessment was made on behalf of 5miles of the interests of 5miles on one hand and your interests, fundamental rights and freedoms as the data subject on the other. This balancing test assesses whether your interests should override ours.
In assessing your risk, we have paid attention to both the quantity and quality of the Personal Data we process. First of all, we do not process a large amount of Personal Data based on our legitimate interest. In addition, the relevant Personal Data do not concern sensitive data such as identity documents, financial information or medical information. The chance of identity fraud, discrimination or reputational damage in case of a possible data breach is, in our opinion, minimal. The processing of the relevant Personal Data therefore has no, or only a limited, impact on your privacy.
The processing of Content data and data for marketing and promotional reasons is valuable to us, because it (i) allows us to see how our products and Services are being used, (ii) so we can optimize our products and Service for the best user experience.
The conclusion of this assessment is that we may use legitimate interest for the processing of your Content data and Personal Data for marketing and promotional reasons. However, this assessment is subjective. Do you disagree with the processing of your Personal Data based on our legitimate interest? Then you can always object to this. We will then reassess, and possibly discontinue, the processing of your Personal Data.
How do we receive your Personal Data?
Personal Data we receive from you
We receive Personal Data directly from you when you create an account on our Websites, receive or solve the daily challenges, correspond with us via email or chat, login to the 5miles learning tool, solve the daily challenges, Online Learning Tool, review (past) challenges and change your settings. Your account details can be changed or supplemented at any time in the settings section.
Personal Data of third parties you provide to us
It is possible that you provide us with Personal Data of third parties. We would like to remind you that it is your own responsibility to verify if those parties agree with the provision of their Personal Data.
Personal Data from external organizations
Besides the information we receive from you, it is possible that we receive (additional) Personal Data from external organizations (as far as this is permitted by law), like your employer in the case you sign up via your employer.
Are you obliged to share your Personal Data with us?
In some cases, the processing of your Personal Data is necessary. This is relevant, for example, when we have to process your Personal Data in order to oblige to a contract with you or to provide a service to you. Without your Personal Data, we cannot provide our Service to you.
How do we secure your Personal Data?
We do our utmost to protect your Personal Data from being lost, destroyed, abused, altered or spread by unauthorized parties. This way we ensure that only the necessary persons have access to your Personal Data. We ensure this by taking the following security measures:
- Encryption (encoding) digital files containing Personal Data;
- Secure network connections with Transport Layer Security (TLS) technology, or a similar technology;
- Access to the Personal Data is secured with a two-factor authentication (2FA);
- Access to the Personal Data is strictly limited to the employees on a need-to-know basis;
We constantly check our security measures for effectiveness and, if necessary, adjust our process. This way, your Personal Data are always protected and accessible in the event of a (technical or physical) failure.
How long do we store your Personal Data?
We shall not store your Personal Data longer than the period in which we need them for the aforementioned purposes. We delete the Personal Data after we no longer need them for the purpose we process them for. We use the following retention periods:
| Category of Personal | Data Retention Period |
|---|---|
| Contact Data | We will retain your contact information for as long as necessary to provide you with our Services. |
| Payment Data | We will retain your Payment Data for as long as necessary to fulfil our financial and tax obligations. |
| Data of partners and suppliers | We will retain your data for as long as necessary to collaborate, purchase your products and services, or to fulfill our obligations to you. |
| Data for marketing and promotional purposes | We will retain your data for marketing and promotional purposes for as long as you wish to use our Service. |
| Content data | We will retain your Content Data for as long as necessary to provide you with our Services in an integrated and continuous manner. |
With whom do we share your Personal Data?
Processors
We may share your Personal Data with other parties who process Personal Data on our behalf. These are Processors within the meaning of the Relevant Legislation. The Processors will only use your Personal Data in accordance with our instructions and not for their own purposes. We agree with the Processors in a data processing agreement that they will handle your Personal Data with care and they will only have the Personal Data necessary to provide their service(s) to us. This is a list of the (categories of) Processors including the services they perform for us:
| (Categories of) Processors | Function |
|---|---|
| Amazon Web Services | Hosting and storage of our servers and databases |
| Hotjar | Provide tracking for supporting purposes |
| Intercom | Managing support and communications with you |
| Stripe | Handling your credit card payments and charges |
| Sparkpost and Microsoft | Sending you emails |
| Typeform | Creating feedback surveys and skill assessments |
Transfer
We shall only process your Personal Data within the European Economic Area (EEA). We will only process your Personal Data outside the EEA if that country offers an appropriate level of protection for your Personal Data. For the transfer of Personal Data we use, where appropriate, standard contractual clauses (SCC) approved by the European Commission. We shall never transfer your Personal Data to countries or parties other than those mentioned above without your consent.
Cookies
A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.
We use cookies to improve the user experience on our Website. Moreover, cookies ensure that the Website works faster, that you can visit our Website safely and that we can track and solve errors on our Website.
You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Website. However, please note that without cookies, our Website may not function as well as it should. For more information you can read our cookie statement.
Links
Our Website may contain links to other websites. We are not responsible for the content or the privacy protection on these websites. Therefore, we advise you to always read the Privacy Policy of those websites.
Modifications to the Privacy Polic
We may modify this Privacy Policy. If we substantially modify the Privacy Policy, we shall place a notification on our Website together with the new Privacy Policy. We shall notify registered users in case of a substantial modification. If you are not a registered user, we advise you to consult the Website and this Privacy Policy regularly.
Your rights
You have the following rights:
- Right of Access: You can request access to your Personal Data;
- Right to Rectification: You can request us to correct, limit or delete your Personal Data. In the event of fraud, non-payment or other wrongful acts, we can store some of your Personal Data in a register or on a blacklist;
- Right to Data Portability: You can request a copy of your Personal Data. We can provide this copy to third parties at your request, so you do not have to do so yourself;
- Right of Objection: You can object to the processing of your Personal Data;
- Right to Object: You can file a complaint at the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you are of the opinion that we wrongfully process your data;
- Right to withdraw Consent: You can always withdraw your permission to process your Personal Data. From the moment of your withdrawal, we cannot process your Personal Data anymore.
Contact
In the event that you wish to exercise these rights, or in the event of other questions or remarks regarding our Privacy Policy, you can contact us via the following contact details.
5miles B.V.
Email address: info@5miles.nl
Address: Joop Geesinkweg 901, 1114 AB Amsterdam-Duivendrecht, the Netherlands
Chamber of Commerce number: 63716542
Dates
Last updated: 7th March 2023
Effective date: 1st April 2023