We process personal data in the context of our services. We may have received this information from you, for example via our website, e-mail, telephone or app. With this privacy statement we inform you about how we handle this personal data.
Which personal data we process depends on the precise service and circumstances. Often it concerns
the following data:
- name and address data;
- Contact details (e-mail addresses, telephone numbers) and name and position of contacts;
- Bank account number; VAT number;
- Information about your activities on our website, IP address, internet browser and device type.
In a number of cases we process the personal data in order to comply with a legal obligation, but usually we do this in order to be able to implement our services. Some data is recorded for practical or efficiency reasons, which we (may) assume are also in your interest, such as:
- Communication and information provision;
- Being able to provide our services in the most efficient way possible;
- The improvement of our services;
- Invoicing and payment collection.
The above also means that we use your personal data for marketing purposes or to send you advertising materials or messages about our services, if we believe that these may be of interest to you. We may also contact you to request feedback on services provided by us or for market or other research purposes.
In some cases it may be that we want to process personal data for reasons other than the above and that we will explicitly request your consent. If we ever wish to process personal data that we may process based on your consent for other or more purposes, we will first request your consent for this.
We may also use your personal data to protect the rights or property of ourselves and those of our users and, if necessary, to comply with legal proceedings.
In the context of our services, we can use third-party services, for example if these third parties have specialist knowledge or resources that we do not have in-house. This can be so-called processors or sub-processors, who will process the personal data based on your exact order. Other third parties that, are not processors of the personal data but who have or may have access to it, are for example our
system administrator, suppliers or hosting parties of online software, or advisors whose advice we obtain regarding your assignment. If the engagement of third parties means that they have access until the personal data or which they themselves record and / or otherwise process, we will agree with those third parties that they will comply with all obligations of the GDPR. We will only engage third parties from whom we can and may assume that they are reliable parties who handle personal data adequately and can and will comply with the GDPR. This means, among other things, that these third parties may only process your personal data for the aforementioned purposes.
It is of course also possible that we have to provide your personal data to third parties in connection with a legal obligation.
We will under no circumstances provide your personal data to third parties for commercial or charitable purposes without your explicit permission.
We will not process your personal data for longer than is useful for the purpose for which it was provided. This means that your personal data will be stored for as long as they are necessary to achieve the relevant goals. Certain data must be kept longer (usually 10 years), because we must comply with statutory retention obligations (for example, the tax retention obligation).
We have taken appropriate organizational and technical measures to protect the personal data to the extent that they can reasonably be expected of us, taking into account the interest to be protected, the state of the art and the costs of the relevant security measures.
We oblige our employees and any third parties who necessarily have access to the personal data to secrecy. We also ensure that our employees have received correct and complete instructions on how to handle personal data and that they are sufficiently familiar with the responsibilities and obligations of the GDPR.
You have the right to inspect, rectify or delete the personal data that we hold about you (except of course if this violates any legal obligations). You can also object to the processing of your personal data (or part of it) by us or by one of our processors. You also have the right to have the data provided by you transferred by us to yourself or directly to another party if you wish.
If there is an incident (a so-called data breach) concerning the personal data in question, we will inform you immediately, unless there are compelling reasons, if there is a concrete chance of negative consequences for your privacy and the realization thereof.
If you have a complaint about the processing of your personal data, we ask you to contact us about this. The first point of contact for privacy aspects at our organization is firstname.lastname@example.org