Privacy statement

Privacy Statement Privacy Company B.V.

(Version 10 October 2019, version 1.1)

Summary

We are Privacy Company from The Hague. You can reach us via info@privacycompany.eu. You can call us at 070-820 96 90, but you can also send mail to Privacy Company B.V., P.O. Box 95315, 2509 CH The Hague.

We collect personal information that you give to us yourself, when you mail or call us, when you enter contact information via our website, or when you become a customer of Privacy Company. We also collect very limited personal information about you when you visit our website. We describe this more specifically in our cookie statement.

Privacy Company uses your personal data as a visitor to the website for the following purposes:

  • for the (technical) maintenance and improvement of our website;
  • to be able to contact you by telephone or e-mail, following a request for a demo
  • to be able to contact you by telephone or e-mail in response to a question via our contact form.

PrivacyCompany uses your personal data when you’re a user of our product Privacy Nexus. We do this for the following purposes:

  • For sending the newsletter;
  • To share updates about Privacy Nexusand associated tools;
  • To manage our customer base;
  • For regular business operations(such as forwarding invoices);
  • Accessing and using Privacy Nexus.

Privacy Company does not process special personal data, does not collect information about you from other organisations and does not engage in profiling.

We process most of this data because it is necessary to either enter into an agreement with you or to perform the contract. Otherwise we need to look after our legitimate interests. We will only send you our newsletter if you have given your explicit permission to do so.

Privacy Company does not keep the data longer than is absolutely necessary. We do not provide the data to third parties in any way, unless we are legally obliged to do so. For example, if the Tax and Customs Administration requests access to our accounting records. We have, however, engaged a number of other organisations to carry out tasks for us. These organisations process the personal data on our behalf and under our supervision, for the purposes we have defined and under strict confidentiality.

If Privacy Company processes personal data about you, you have the right to access, modify and delete your personal data. In addition, you have the right to object and data portability.

Below, in the extended version of this privacy statement, we explain in more detail what personal data we collect, how we do it, for which purposes and on the basis of which principles. Do you have any questions about this statement or about your privacy rights? Feel free to call or email us!

 

Introduction

We are Privacy Company from The Hague. We also have offices in Germany and Croatia. With this privacy statement we would like to inform you about what data we collect, how we do this (directly or indirectly), why we do this (for which purposes), on the basis of which principles and how we handle your data.

What data do we collect?

As a visitor to our website, we collect cookies and personal data that you give to us yourself. As a customer of Privacy Nexus, we collect personal data to perform our agreement.

As a visitor to our website, this means specifically:

  • Cookies;
  • Name, e-mail address, telephone number, name of the organisation.

As a customer of Privacy Nexus this means concretely:

  • Name of a contact person, email address, telephone number;
  • Organisation name, address, Chamber of Commerce number;
  • Invoice information;
  • When you subscribe to our newsletter, we also collect the date and time of the confirmation of your subscription. This allows us to prove that you have given your consent.

If you use the Privacy Nexus application this means concretely:

  • Username, hashed passwords, accesslogs;
  • The pseudonymised IP address from which your device is connected to the Internet;
  • The unique identifier of an analytical cookie (from our own server);
  • The specific pages visited from IP addresses and the time (server access log).

Privacy Company does not process special personal data, does not collect information about you from other organisations and does not profile.

Use of the data

Privacy Company uses the collected data via the website for 3 specific purposes. Those purposes are:

  1. For (technical) maintenance and improvement of our website.
  2. To be able to contact you by telephone or e-mail when requesting a demo.
  3. To be able to contact you by telephone or e-mail in response to a question via our contact form.

If you are a customer of Privacy Company, we use the collected data for 5 specific purposes. Those purposes are:

  1. Sending the newsletter.
  2. To share updates about Privacy Nexus and associated tools.
  3. Managing our customer base.
  4. Regular business operations (such as forwarding invoices).
  5. Giving access to and being able to use Privacy Nexus.

Below we explain which data we can process for each purpose. Privacy Company does not use personal data to create profiles. Privacy Company does not use online behavioural advertising (showing personalised advertisements based on information from cookies). If Privacy Company does want to place targeted advertisements in the future, based on interests derived, for example, from your surfing behaviour or your social media profile, Privacy Company will first ask for permission to do so.

Maintenance and improvement of our website

Privacy Company uses the information about your visit to our website to be able to show you the website, to analyse which web pages are most frequently visited and how you came to our site (through which other websites or via our newsletter). This information enables us to analyse and improve our website in a privacy-friendly manner. Privacy Company does not place or read tracking cookies through the website. Read our cookie statement for more information on how we do our analysis.

Contact by phone or e-mail following a demo request or use of our contact form

If Privacy Company has your contact details, Privacy Company only uses them to contact you. This can bedone via the website, via a 'call me' option, a contact or download form, or ifyou contact us by e-mail or telephone. In order to be able to use the contactforms on the website, Privacy Company uses a processor to store the informationyou enter and send it to Privacy Company.

Sending the newsletter

PrivacyCompany can use your e-mail address to send you our newsletter. But this will only happen with your permission. Privacy Company sends out a newsletter about 6 to 10 times a year. Every newsletter contains a link to unsubscribe. The subscriber file of the newsletter is not provided to third parties and Privacy Company does not send emails on behalf of third parties.

Sharing updates on Privacy Nexus and associated tools

If you purchase our Privacy Nexus tool, we may use your email address to notify you by email of important updates and to advise you on how to get the most out of the software. If you do not (or no longer) wish to receive these emails, please send a message to support@privacynexus.io or unsubscribe using the unsubscribe button at the bottom of each service email.

Managing our customer base

PrivacyCompany processes contact information (name of company, name of contact person,e-mail address of contact person, company address, CoC number of company) of(potential) customers in order to track and analyse the sales of our productsand services.

Regular business operations

Privacy Company processes contact, payment and communication details of (former) customers for regular business operations. Privacy Company sends invoices, keeps records and keeps correspondence with (former) customers on an email server and in online work folders.

Accessing and using Privacy Nexus

Privacy Company processes username, hashed passwords, unique identifier, specific pages and times so that you and your colleagues can make optimal use of Privacy Nexus. You can think of:

  • Authentication of users of Privacy Nexus.
  • Logging of entries in Privacy Nexus (for example: at the moment you submit a processing activity, a log line is generated).
  • Sending out invitations by email to give others access to Privacy Nexus.
  • Sending notifications from Privacy Nexus.
  • Finding and fixing bugs.

 

Legal grounds

Organisations may only process personal data if they have a legal basis for doing so. The General Data Protection Regulation mentions six possible legal grounds. We use four of these grounds for our various processing operations:

  • Consent: to send out the newsletter, to give software demonstrations and to be able to contact you if you ask us to do so. Privacy Company wants to make sure that the newsletter will only be sent if you have given us your permission to do so. That's why Privacy Company will ask you to confirm your consent the first time.
  • Contract: when you, as a customer, purchase or intend to purchase the Privacy Nexus tool from Privacy Company, and Privacy Company must necessarily process personal data in order to provide this tool. Privacy Company also uses this basis to provide you with the necessary information about updates as a user of Privacy Nexus.
  • Legal obligation: if Privacy Company receives a legitimate request to provide information to a competent authority. Privacy Company is also required by law to retain personal data for a (long) period of time in our financial records, pursuant to tax legislation.
  • Legitimate interest: if you have been a customer of Privacy Company, Privacy Company will retain your contact details two years after the last moment of contact in order to be able to contact you in the future for possible follow-up procedures.

Recipients and transfer

Privacy Company does not provide personal data to third parties, unless Privacy Company is legally obliged to do so. Privacy Company does use the services of a number of specialised suppliers in the field of IT. We have concluded processing agreements with these organisations. The processors may only process the personal data on our behalf and under our supervision, only for the purposes that we determine and under strict confidentiality. We actively monitor compliance with the security obligations of our processors. Our processors come from the European Union, or have a branch in the EU, which means that they must comply with the GDPR. We therefore do not transfer personal data to countries where your personal data is less protected. If we cooperate with self-employed persons, temporary workers or partners who are not processors because they are under our direct authority, and it is necessary to exchange personal data, we conclude a confidentiality agreement.

Data retention period

Privacy Company does not retain personal data for longer than is necessary for the purpose for which it was collected. We base this consideration on the type of personal data, the product or service for which Privacy Company has obtained the personal data, and what you, as a data subject, can reasonably expect as aretention period.

Seucrity of data

Privacy Company has encryption enabled on the traffic to the website. This makes the data traffic between you and our web server unreadable, so that unauthorised people can’t access it. In addition, we ensure that we protect your data in an appropriate manner in all our systems. We do this with a variety of technical measures, including physical protection of access to our office, but also with organisational measures. For example, we use access control to ensure that only authorised accounts, such as administrators, have access to participant accounts. In addition, new employees receive a security awareness training during their first working week. Privacy Company encourages its employees to report security incidents immediately, without fear of negative consequences. Our motto is: You are a hero when you report!

Your rights

Under the GDPR, you have the right to access your personal data on request and, if necessary, to amend them or have them removed. In addition to the rights of access, correction and deletion, you can ask Privacy Company to limit the processing of personal data and it is possible to object if you disagree with the processing. Finally, in some cases it is possible to invoke the right of data portability. Privacy Company does not use automated individual decision-making, such as profiling. There are instructions on how you can contact us to exercise your rights, at the top of this privacy statement. To verify your identity, we may ask a number of identifying questions.

It is alsopossible to submit a complaint to the Data Protection Authority. To do so, go to https://autoriteitpersoonsgegevens.nl/

Amendment of the privacy statement

Privacy Company may change this privacy statement. We will announce this change on our website. If Privacy Company wishes to substantially change the purposes of the processing, and the processing is based on your consent, then Privacy Company will again ask for consent for those new purposes. The old version of our privacy statement can be found here.

Our contact details

Questions about this privacy statement or about our services should be addressed to info@privacycompany.eu. We can be reached by post as follows: Privacy CompanyB.V., PO Box 95315, 2509 CH The Hague. You can reach us by telephone at: 070-820 96 90. If you want to make use of one or more of your rights, you can contact us via all these routes.