Processing of personal data
Personal data is data that directly or indirectly says something about a person and can therefore identify a person. The processing of this data can involve different activities: gathering, saving, using, editing, enrichment, propagation or erasure of the data.
We process personal data for the following purposes:
- Personalisation of the user experience
- Sending e-mails on services and/or products
- Communication relating to a (potential) business relationship
The basis for this processing is the explicit consent of the visitor.
We can process the following personal data for the above purposes:
- Name and gender
- Address details
- Telephone and/or e-mail details
- Company name
- IP address
- Website visitor behaviour
- Requested services/products
- Technical information, such as browser name, operating system and internet service providers
We do not keep data for longer than is necessary for the purpose for which the data is gathered or in order to comply with statutory obligations. We will not keep the data for more than one year if no agreement is contracted.
If use is made of the services on the website, data concerning the use of these services will be saved. This information is used to send e-mails on updates and other interesting services and/or products. This data will not be provided to third parties.
Our website uses ‘cookies’ to improve the user experience by means of analysis of visiting and click behaviour on the website. The data is anonymised as far as possible and is not provided to third parties. You can opt to switch off cookies, but parts of the website will then not function properly. The information generated by cookies on the use of the website can be transferred to our own secure servers or those of a third party. We use this information to track how you use the website, so that we can offer other services relating to the pages visited.
Use is made of Google Analytics on our website. This service is used to analyse visitors’ behaviour and the effectiveness of Adwords advertisements. The information is transferred to and saved on servers operated by Google in the United States. Google can provide this information to third parties if Google is required to do so by law or in as far as these third parties process the information on Google’s behalf. We have not granted Google permission to use the Analytics information obtained for other Google services.
Google is registered under the EU-US Privacy Shield framework. This means that there is an appropriate level of protection for the processing of data.
The security of personal data is a crucial aspect of the processing of the data. We ensure that the correct technical and organisational measures are taken to be able to guarantee such security. Our information security programme is certified in accordance with the ISO 27001:2013 standard. The Agile Governance team works continually on the development, implementation and maintenance of the information security programme. In this way, we ensure that technical and organisational measures, in view of the state of the art and the costs involved, are consistent with the nature of the data to be processed and that the data is protected against loss, unauthorised access, damage or any form of unlawful processing. We also ensure the availability of the data in this way.
Rights of the data subject
We respect the rights of all parties with which we collaborate and will handle requests concerning rights of access, correction, deletion, restriction of processing and transfer meticulously. If you wish to make use of one or more of these rights, you can submit a request to firstname.lastname@example.org. In order to ensure that the request is from the person concerned, we do always ask for a copy of an identity document to be attached. Please make the passport photograph, passport number and Citizen Service Number (BSN) unidentifiable. This is to protect your own privacy.
If we process the data on the basis of consent, you have the right to withdraw this consent at any time. If you wish to withdraw your consent, you can do so by sending a request for this to email@example.com.
Sharing of data with third parties
We will not share data with third parties without your consent unless we are required to do so to comply with statutory obligations. If we share your data, we will do this only with companies that pursue the same security of information principles as we do ourselves. In this way, we can guarantee that the data is shared in a secure and responsible manner.
We will send data to countries outside the EU only if the country concerned offers an appropriate level of security or if the party works under the Standard Clauses Agreement.
Questions or complaints
If you have any questions concerning the way in which we process the data, or a complaint that we have not done this correctly, please contact our Agile Governance team via firstname.lastname@example.org.
If we cannot reach agreement, you can always file a complaint with the Dutch Data Protection Authority (DPA), but naturally, we hope that this is not necessary.
We have the right to unilaterally change or make additions to this privacy statement from time to time. If this happens, we will notify you via our website and mailings.