5. Legal basis for processing your data
We may process your personal data on the ground that the processing is necessary for purposes of legitimate interest pursued by us. We believe that our interest(s) to process certain personal data outweigh the interest(s) of data subjects, also taken into account the nature of the personal data that we process (as a company that provides mainly business-to-business services) and where possible we will regularly balance those interests. We may also process personal data to the extent necessary for the performance of a contract with you or to comply with a legal obligation. Finally, in some cases we may ask for your consent to process your personal data for certain purposes. You are always free to withdraw such consent, although this will not affect the lawfulness of the processing before your consent has been withdrawn.
6. Parties who may have access to your data
We may share your personal data in the following circumstances:
- Our employees may have access to the personal data. In such a case, access will be granted only if necessary for the purposes described above and only if the employee is bound by an obligation of confidentiality;
- We may share your personal data with third parties acting on our behalf. These third parties include our (IT)-service providers, maintenance parties, security/surveillance agencies and credit rating agencies. In such cases, these third parties may only use your personal data for the purposes described above and only in accordance with our instructions;
- We may share your personal data if required to do so by law or court order, for example with law enforcement agencies or other governmental agencies.
We have taken appropriate technical and organizational measures to protect your personal data against accidental or unlawful processing, including by ensuring that:
- your personal data is protected against unauthorized access;
- the confidentiality of your personal data is assured;
- the integrity and availability of your personal data will be maintained;
- relevant personnel is trained in information security requirements;
- actual or suspected data breaches are reported in accordance with applicable law.
When providing sensitive personal data by using e-mail, we endeavor (and cause our suppliers to do the same) to maintain state of the art security standards.
8. Location of your personal data
Your personal data will remain within the European Economic Area while it is in our care.
9. Retention of personal data
We retain your personal data for a limited amount of time and will delete your personal data after it is no longer necessary for the purposes of the processing (unless a mandatory regulatory requirement requires the retention for a longer period of time). Financial data will be deleted as soon as this is possible, taken into account (local) legislation and accounting requirements. Please be informed that, for communication purposes, personal data may be processed through e-mail systems / servers and may (for that reason) continue to exist for longer terms.
10. Your rights under data protection law
You have certain rights under the so-called General Data Protection Regulation that is applicable in the European Economic Area, which rights you can request to exercise through the contact details provided below.
Right of access
You are entitled to a copy of the personal data we hold about you and certain details of how we use it. This information will usually be provided to you by electronic means.
Right to rectification
We take reasonable steps to ensure that the personal data we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
Right to erasure
In certain circumstances, you have the right to ask us to erase your personal data, for example where the personal data we collected is no longer necessary for the original purpose or where you withdraw your consent. However, such decision will be guided by (other) interests involved. For example, we may have legal and regulatory obligations which prevent us from complying with your request.
Right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal data.
Right to data portability
In certain circumstances, you have the right to ask that we transfer personal data that you have provided to us to another third party of your choice.
Right to object
You have the right to object to processing activities which are based on our legitimate interests. Unless we have a compelling legitimate ground for the processing, we will no longer process the personal data on that basis when you file an objection.
Rights relating to automated decision-making and/or profiling
You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. We generally do not use automated decision-making or profiling, but if you feel that you in some way have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision.
Right to withdraw consent
In most cases, given the nature of our business and the nature of your personal data, we do not base the processing of your personal data on your consent. However, it may happen that we ask for your consent in specific cases. Where we do this, you have the right to withdraw your consent to further use of your personal data.
Right to complain with a data protection authority
You have the right to make a complaint with your local data protection authority.
11. Contact details
Should you have any questions regarding this policy or the way personal data is processed by us, please contact the local management. You can also contact the Privacy Officer at our Central Office at Laan van Vredenoord 8, 2289 DJ Rijswijk, the Netherlands or send an e-mail firstname.lastname@example.org.