We process personal data in the context of our services. We may have received this information from you, for example via our website
websites, e-mail, or telephone.
In addition, we can obtain your personal data in the context of our services via third parties (eg your employer).
With this privacy statement we inform you about how we deal with these personal data.
Personal data to be processed
The personal data we process depends on the exact service and circumstances.
Often this involves the following data:
Name and address details;
Contact details (e-mail addresses, telephone numbers) and name and function of contacts;
Goals of and bases for processing
In a number of cases we process the personal data in order to comply with a legal obligation, but usually we do that
to be able to implement our services. Some data is recorded for practical or efficiency reasons, of which we exist
from (may) go that they are also in your interest, such as:
Communication and information provision;
Being able to provide our services in the most efficient way possible;
The improvement of our products and services;
And so on
The above also means that we use personal data for our own marketing purposes or for advertising materials
to send or receive messages about our services, if we think they may be of interest to you.
It may also happen that we contact you to request feedback on services provided by us or for market or
other research purposes. In some cases it may be that we want personal data for reasons other than those mentioned above
process and that we will ask you explicitly for it. If we have personal data that we may process based on your
If you ever wish to process permission for other or more purposes, we will first ask your permission again.
Finally, we may also use your personal data to protect the rights or property of ourselves and those of our users
protect and, if necessary, comply with legal proceedings.
Provision to third parties
In the context of our services we can make use of the services of third parties, for example if these third parties are specialized
knowledge or resources that we do not have in-house. These can be so-called processors or sub-processors, based on your
exact order will process the personal data. Other third parties who, strictly speaking, are not processors of the
personal data, but having access to it or having access to it, are for example our system administrator, suppliers or hosting parties
from online software, or advisors whose advice we obtain regarding your assignment.
If engaging third parties has the consequence that they have access to the personal data or that they record themselves and / or otherwise
We will agree (in writing) with those third parties that they will comply with all the obligations of the GDPR.
Of course we will only involve third parties from whom we can and may assume that they are reliable parties that are adequate with
to handle personal data and, moreover, to be able to comply with the AVG. This means, among other things, that these third parties have your personal data
may only process for the aforementioned purposes.
Of course, it may also be that we have to provide your personal data to third parties in connection with a legal obligation.
We will in no case provide your personal information to third parties for commercial or charitable purposes.
We will not process your personal data for longer than is useful for the purpose for which it was provided (see the
section 'Goals of and bases for processing'). This means that your personal data will be stored as long as necessary
to reach the goals in question. Certain data must be kept longer (often 7 years), because we have to comply
to statutory custody obligations (for example the fiscal retention obligation).
We have taken appropriate organizational and technical measures to protect the personal data in so far as they
can reasonably be required from us, taking into account the interest to be protected, the state of the art and the costs of
the relevant security measures. We oblige our employees and any third parties who necessarily have access to the
personal data to confidentiality. Furthermore, we ensure that our employees have a correct and complete instruction
received on the handling of personal data and that they are sufficiently familiar with the responsibilities and obligations of the GDPR.
If you appreciate this, we will gladly inform you about how we have designed the protection of personal data.
You have the right to inspect, rectify or delete the personal data we have about you (except of course if this is possible)
breaches legal obligations). You can also object to the processing of your personal data (or a part thereof)
by us or by one of our processors. You also have the right to have the information you provide us transferred to yourself or
directly to another party if you wish.
Incidents with personal data
If there is an incident (a so-called data leak) concerning the personal data concerned, we will propose you, except
important reasons, immediately informed if there is a concrete chance of negative consequences for your privacy
and the realization thereof. We strive to do this within 48 hours after we have discovered this data breach or about it by our
(sub) processors have been informed.
If you have a complaint about the processing of your personal data, we ask you to contact us about this.
If this does not lead to a satisfactory outcome, then there is always the right to file a complaint with the Dutch Data Protection Authority;
the supervisory authority in the area of privacy.
Processing within the EEA
We will only process the personal data within the European Economic Area, unless you discuss this with us
written agreements. Exceptions to this are situations in which we want to map out contact moments via our website.
Think, for example, of visitor numbers and requested web pages.
applicable version and can be found on our website.
If, however, you have questions about how we handle personal data, please let us know.
Gemonde, May 15, 2018