Within the framework of our services, we process personal data. We may have received this data from you, for example via our website, e-mail, telephone or app. In addition, we may obtain your personal data through third parties as part of our services. With this privacy statement we inform you about how we handle these personal data.
Processing of personal data and purposes
If we process Personal Data, this is done in accordance with the requirements of the General Data Protection Ordinance (AVG) and the related laws and regulations.
Which personal data we process depends on the exact service and circumstances. In most cases, the following data is involved:
- Name and address data;
- Function of contact persons;
- Date and place of birth;
- Contact details (e-mail addresses, telephone numbers) and name and function of contact persons;
- Citizen service number (only if necessary!);
- Passport photo (only if strictly necessary! e.g. for personnel file);
- Bank account number;
- Information about your activities on our website, IP address, internet browser and device type.
Purposes and principles of processing
In a number of cases we process personal data in order to comply with a legal obligation, but most of the time we do so in order to be able to provide our services. Some data is recorded for practical or efficiency reasons, which we (may) assume are also in your interest.
- Communication and information;
- Being able to provide our services as efficiently as possible;
- The improvement of our services;
- Invoicing and collection
- In concrete terms, the above also means that we use personal data for marketing purposes or to send you advertising materials or messages about our services, if we think they may be of interest to you.
We may also contact you to ask for feedback on services provided by us or for market or other research purposes.
In some cases we may want to process personal data for reasons other than the above and we will ask your explicit consent to do so. If we ever wish to process personal data that we are permitted to process on the basis of your consent for other or more purposes, we will first ask you for your consent to do so again.
Finally, we may also use your personal data to protect the rights or property of ourselves and of our users and, if necessary, to comply with legal proceedings.
Provision to third parties
As part of our services, we may make use of the services of third parties, for example if these third parties have specialist knowledge or resources that we do not have in-house. These may be so-called processors or sub-processors, who will process the personal data on the basis of your exact order. Other third parties who are not, strictly speaking, process personal data but who have or may have access to it are, for example, our system administrator, suppliers or hosting parties of online software, or consultants whose advice we obtain regarding your order. If the use of third parties results in
If they have access to the personal data or that they record and/or otherwise process themselves, we will agree (in writing) with those third parties that they will comply with all the obligations of the AVG. Naturally, we will only engage third parties from whom we can and may assume that they are reliable parties who handle personal data adequately and who can and will comply with the AVG.
This means, among other things, that these third parties may only process your personal data for the aforementioned purposes.
Of course, it may also be the case that we have to provide your personal data to third parties in connection with a legal obligation.
Under no circumstances will we provide your personal data to third parties for commercial or charitable purposes without your explicit consent.
We will not process your personal data for longer than is useful for the purpose for which it was provided (see the paragraph ‘Purposes and principles of processing’). This means that your personal data will be kept as long as necessary to achieve the purposes in question. Certain data must be kept for a longer period of time (usually 7 years), because we have to comply with legal retention obligations (e.g. the tax retention obligation) or in connection with regulations from our professional association.
We have taken appropriate organisational and technical measures for the protection of personal data to the extent that these can reasonably be required of us, taking into account the interest to be protected, the state of the art and the cost of the relevant security measures.
We undertake to maintain the confidentiality of our employees and any third parties who necessarily have access to personal data. Furthermore, we ensure that our employees have received correct and complete instructions on how to handle personal data and that they are sufficiently familiar with the AVG’s responsibilities and obligations. If you would appreciate this, we will be happy to inform you further about how we have implemented the protection of personal data.
You have the right to inspect, rectify or remove the personal data we hold about you (except of course if this conflicts with any legal obligations). Furthermore, you can object to the processing of your personal data (or a part thereof) by us or by one of our processors. You also have the right to
to have us transfer the information you provide to yourself or directly to another party if you so wish.
Incidents with personal data
If there is an incident (a so-called data breach) concerning the personal data in question, we will inform you without delay, barring serious reasons, if there is a concrete chance of negative consequences for your privacy and the realisation thereof. We strive to do this within 48 hours after we have discovered this data breach or have been informed about it by our (sub)processors.
If you have a complaint about the processing of your personal data, please contact us. If this does not lead to a satisfactory outcome, you always have the right to lodge a complaint with the Personal Data Authority; the supervisory authority in the field of privacy.
Processing within the EEA
We will only process personal data within the European Economic Area, unless you agree otherwise with us in writing. Exceptions to this are situations in which we want to map out contact moments via our website and/or social media pages (such as Facebook and Instagram). Think, for example, of the number of visitors and requested web pages. Your data will be stored by third parties outside the EU when using Google Analytics, Instagram or Facebook.
These parties are ‘EU-US Privacy Shield’-certified, so they have to comply with the European privacy regulations. Incidentally, this concerns only a limited number of sensitive personal data, in particular your IP address.