Privacy statement

Privacy Nexus is a product of Privacy Company

Privacy statement Privacy Company B.V.

(Version 23-08-2018)

Summary

We are Privacy Company from The Hague, Netherlands. We can be reached via info@privacycompany.eu. You can call us via+31 (0)70-8209690, but you can also send mail to Privacy Company B.V., PO Box 95315, 2509 CH The Hague.

We collect the personal data you provide us with yourself, when you call us or contact us by mail. In addition, we collect very limited personal data about you when you visit our website. We describe this in our separate cookie statement.

We use your personal data, as a customer, as a visitor to our website, or as an applicant, only for the following purposes:

  • for the (technical) maintenance and improvement of our website
  • to be able to contact you by telephone, post, or e-mail about our own services and to be able to send you updates for our tools
  • to manage our customer base, and
  • for regular business operations (such as sending invoices or inviting you for an introductory meeting as a potential future colleague)

We do not process any special categories of personal data. We do not collect any information about you from other organisations. We don't do profiling either.

We process most of the data on basis of the need to enter into or execute an agreement with you, or the need to protect our legitimate interests. And if you apply to us, we will of course also ask your permission before we contact any of the references you named.

We do not retain the data for longer than is necessary. We do not provide the data to third parties in any way, unless we are legally obliged to do so. For example, if the Tax and Customs Administration requests inspection of our accounting records. We have engaged several other organisations to carry out tasks for us, but these are processors. They therefore only process personal data on our behalf and under our supervision, for the purposes we have defined and under strict confidentiality.

If we process your personal data, you have the right to access, modify and delete your personal data. In addition, you have the right to object and data portability.

Below, in the extensive version of this privacy statement, we give more explanation of what personal data we collect, how we do it, for what purposes and on basis of what principles. Do you have any questions about this statement or about your privacy rights? Call or mail us!

Introduction

We are Privacy Company from The Hague. We also have offices in Germany and Croatia. With this privacy statement we would like to inform you about which data we collect, how we do it (directly or indirectly), why we do it (for which purposes), on basis of which principles, and how we further deal with your data.

What data do we collect

We collect the personal data you provide us with yourself when you call us or contact us by email or post.

These are:
Your email address, or your name and phone number. Are you a business customer? Then we will not only collect your name and e-mail address as a contact person, but also the name, address and CoC number of the organisation you work for, payment details, and any correspondence.

We also collect very limited personal data when you visit our website. These are: the pseudonymized IP address which connects your device to the internet, the unique identifier of an analytical cookie (from our own server), the URL-referrer (last visited page), the specific pages you visit on our website, and the time of day.

We do not collect or obtain any special personal data. We also do not collect any information about you from third parties.

Use of the data

We use the data collected for 5 specific purposes. Those purposes are:

  1. The (technical) maintenance and improvement of our website
  2. You can contact us by phone, post or e-mail about our own services and to send us updates for our tools.
  3. Managing our customer base
  4. The regular business operations

Below, we explain which data we can process for each purpose. We therefore do not use any personal data to create profiles. We do not use online behavioural advertising. If we do wish to place targeted advertisements in the future, based on interests derived, for example, from your surfing behaviour or social media profile, we will first ask you for permission to do so.

Maintain and improve website

We use the information about your visit to our website to show you the website, to analyse which web pages are visited most frequently, and how you came to our site (via which other websites or via our newsletter). This information allows us to analyze and improve our website in a privacy-friendly way. We do not post or read tracking cookies via our website. Please read our separate cookie statement for more information on how we carry out the analysis.

Contact us by phone or e-mail about our own services and to be able to send you updates for our tools

If you give us your contact details, we will only use them to contact you. This is possible if you contact us by e-mail or telephone.

If you purchase one of our tools, such as Privacy Nexus or e-learning, we may also use your email address to inform you about important updates by email and to advise you on how to get the most out of the software. If you do not or no longer wish to receive these e-mails, please send a message to support@privacynexus.io or unsubscribe via the unsubscribe button at the bottom of each service e-mail.

Managing our customer base

We process contact details (company name, contact person name, e-mail address, company address, Chamber of Commerce number of the company) of our (potential) customers in order to track and analyse the sales of our products and services.

The regular business operations

We process contact, payment, and communication data of (former) customers for our regular business operations. We send invoices, keep accounts, and store correspondence with (former) customers on our e-mail server and in online work folders.

Do you want to come and work for us? Then we may use your contact details and CV to invite you for an introductory meeting as a potential future colleague. We describe how we handle the data of our (former) employees in a separate internal privacy policy.

Lawfulness of processing

Organisations may only process personal data if they have a basis for doing so. The General Data Protection Regulation lists six possible lawful bases. We use four of these bases for our various processing operations:

  • Permission: to give a software demonstration and to be able to contact you if you ask us.
  • Contractual agreements: when you, as a customer, purchase products and/or services from us or want to do so, and we necessarily must process your personal data to be able to do so. We also use this basis to provide you with the necessary information about updates if you are a user of Privacy Nexus.
  • Legal obligation: if we receive a legitimate claim to provide data to a competent authority. We are also legally obliged to keep personal data in our financial records for a long time, in accordance with tax legislation.
  • Legitimate interest: if you have been a customer in the past, we will retain your contact details two years after the last contact moment to be able to contact you in the future for possible follow-up projects.

Recipients and (no) transfer

We do not provide any personal data to third parties, unless we are legally obliged to do so. We do, however, make use of the services of a number of specialist suppliers in the field of ICT. We have concluded processing agreements with these organisations. Processors may only process personal data on our behalf and under our supervision, only for purposes we determine and under strict confidentiality. We actively monitor compliance with the security obligations of our processors. Our processors come from the European Union, or have a relevant branch in the EU, which means that they must comply with the GDPR. We therefore do not pass on any personal data to countries where your personal data is less well protected. If we work with self-employed providers, temporary employees, or partners who are not processors because they are under our direct authority, and it is necessary to exchange personal data, we enter into a confidentiality agreement.

Storage period of the data

We do not store personal data for longer than is necessary for the purpose for which we obtained it. We base this assessment on the type of personal data, the product or service for which we have obtained the data, and what you, as the data subject, can reasonably expect as a retention period. Because we believe it is important to be transparent, we provide several examples of this type of retention period below.

For the personal data that are processed when providing e-learning, we use a retention period that is equal to the license. For example, if you take a 1-year license and decide not to renew it, the participant lists and user accounts will be deleted after this year. When you apply to us, we only keep your data during the current procedure, with a maximum of 1 month thereafter. If we wish to retain your data for a longer period, for example for future vacancies, we will ask your permission.

Data security

We have enabled encryption on the traffic to our website. This makes the data traffic between you and our web server unreadable, so that outsiders have no access to it. Of course, we also make sure that we secure your data in an appropriate way in all our systems. We do this with all kinds of technical measures, including physical security of access to our office, but also with organisational measures. For example, with access control, we ensure that only authorized accounts, such as administrators, can access the participant accounts. In addition, new employees receive security awareness training during their first working week. We encourage our employees to report security incidents immediately, without fear of negative consequences.

Your rights

Pursuant to the General Data Protection Regulation, you have the right to inspect your personal data on request and, if necessary, to amend them or have them deleted. In addition to the right of access, correction, and deletion, you may ask us to restrict the processing of personal data and it is possible to object if you disagree with the processing. Finally, in some cases it is possible to invoke the right to data portability. We do not use automated individual decision-making, such as profiling.

At the top of this privacy statement is how you can contact us to exercise your rights. To verify your identity, we may ask a number of identifying questions, for example.

In addition, it is possible to lodge a complaint with the Authority for Personal Data. See: https://autoriteitpersoonsgegevens.nl/

Privacy statement amendment

We may change our privacy statement. In that case, we will make an announcement of this change on our website. If we want to substantially change the purposes of the processing, and the processing is based on your consent, we will first ask you again for consent for those new purposes. The old version of our privacy statement can be found here.

Our contact details

Questions about this privacy statement or about our services can be directed to info@privacycompany.eu. By post we can be reached as follows: Privacy Company B.V., PO Box 95315, 2509 CH The Hague. We can be reached by telephone on the number: 070-8209690. If you wish to make use of one or more of your rights, you can contact us via all these means.