2. During your course of dealing with us, we will collect, use, disclose and process your personal data to employ, to communicate, and to provide services to you, as well as for other purposes required to operate and maintain our business. You have been directed to this Policy because the Company or a company within the Group is collecting, using or disclosing your personal data.
3. This Policy applies to all personal data that you may provide to us and the personal data we hold about you.
4. Any of our websites are not intended for children and we do not knowingly collect personal data relating to children through our websites.
5. Any of our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling thouse connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave any of our websites, we encourage you to read the privacy notice of every website you visit.
Collection of Personal Data
6. Personal data means any information that can be used to identify you or another individual.
7. Common examples of personal data could include names, identification numbers, contact information, photographs and video images.
8. Here are examples of situations where we collect your personal data:
(a) when you complete purchase orders, requests or applications for our products or services (by telephone, in person, mail or electronically);
(b) when you communicate with us directly in relation to our products and services (in person, by email, telephone or any other means with our employees); or
(c) when you apply for an employment with us and provide us with your personal information;
Data protection principles
9. We will comply with the six principles of the GDPR, which state that personal data must be:
(a) processed lawfully, fairly and in a transparent manner in relation to individuals;
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Data Protection Law in order to safeguard the rights and freedoms of individuals;
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Fair and lawful Processing
10. We will process your personal data where we have a lawful basis for doing so under Article 6 of the GDPR. Under Article 6, processing of personal data is lawful if: (i) the individual has consented; (ii) it is necessary to perform a contractual obligation or, if before a contract is agreed, it is necessary to comply with the individual's requests; (iii) it is necessary to comply with a legal obligation; (iv) it is necessary to protect the individual's vital interest; (v) it is necessary to perform a task in the public interest; (vi) it is necessary for the legitimate interests of the client or a third party, except where these interests are overridden by the interests and fundamental rights of the individual.
11. This usually means that the processing is necessary to comply with our legal obligations, where we have a legitimate interest to process the personal data, where the processing of such personal data is necessary for the performance of a contract, where we have your consent and/or where the processing is in your vital interests (i.e. for emergency medical attention).
12. Some personal data is of a special categories of personal nature (a "special category" of personal data under the GDPR) and includes information about racial or ethnic origin, political opinions, religious or similar philosophical beliefs, trade union membership, health, sexual orientation, sex life, genetic data or biometric data. We will only process this "special categories of personal data" in accordance with Article 9 of the GDPR, which states as follows:
(a) the individual has provided explicit consent;
(b) it is necessary to carry out our obligations/rights under employment, social security, social protection laws or an applicable collective agreement subject to EU law;
(c) it is necessary to protect the vital interests of the individual or someone else where the individual is incapable of providing consent;
(d) it is carried out in the course of our legitimate activities with appropriate safeguards by a foundation association or other non-profit body with a political, philosophical, religious or trade union aim and provided that processing relates to the members of this body or those who have regular contact with it in connection with its purposes (but the data cannot be disclosed outside the body without consent of the individual);
(e) the individual has made the personal data public;
(f) it is necessary to establish, exercise or defend legal claims;
(g) it is necessary and proportionate to reasons of substantial public interest;
(h) it is necessary in relation to healthcare treatment;
(i) it is necessary for reasons of public interest relating to public health; or
(j) it is necessary for archiving in the public interest, scientific or historical research or statistical purposes. Additionally, criminal conviction data can also be processed lawfully where necessary for employment, social security, social protection laws or with the consent of the individual. Usually this will mean that the processing of the special categories of personal data is legally required for employment purposes, measuring for equality and diversity or in relation to legal matters.
When/What Personal Data is Collected
13. The provision of your personal data is voluntary. However, if you do not provide your personal data to us, we may not be able to provide the products and services that you require of us.
14. We collect personal data through employment, completion of forms, emails, inquiries, requests, and other situations where you have chosen to provide personal data to us.
15. If you are a candidate for employment, we will collect personal data that you provide to us during the recruitment process, including personal data that is contained in your resume and in any application form that we require you to fill up.
16. Other types of personal data which we may collect from you include:
(a) contact information such as names, addresses, telephone numbers, and email addresses;
(b) bank account information; and
(c) unique information such as ID or passport number, photograph, contact preferences, and date of birth.
Disclosure of Personal Data to Third Parties
17. Most of our processes, procedures and systems are shared with our Affiliates, which means that we need to share your personal information among the Group. We make sure that access to your personal information is limited to those of our staff who needs it, and that all staff understand how and why we protect your personal information.
19. Examples of third parties that we disclose your personal data to include:
(a) Our Affiliates
(b) data entry service providers;
(c) professional advisors, consultants and/or external auditors;
(d) third party service providers who provide operational services in connection with our business such as marketing, telecommunications, information technology, logistics, delivery, assembly, installation, printing and postal services; and
(e) relevant government regulators or authorities.
20. As part of our agreement with the above third parties (other than government regulators or authorities), they are required to adhere to applicable law and to this policy.
21. We will not sell your personal data to any third party.
Protection and Destruction of Personal Data
We have put in place reasonable security arrangements to ensure that your personal data is adequately protected from any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data.
22. We will also put in place measures to ensure that any of your personal data under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (a) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (b) retention is no longer necessary for any other legal or business purposes.
23. We will use appropriate technical and administrative measures, including encryption, to protect your personal information and privacy, and review those regularly. We will use physical and IT security controls to restrict and manage the way in which your personal information is processed, and handled. We will also ensure that our staffs are adequately trained in protecting your personal information.
24. If you have any inquiries about our handling of your personal information, you can contact us (or send us any request or complaint form) by email at the following address:
Email Address: firstname.lastname@example.org (Netherlands), email@example.com (UK)
25. We will endeavour to respond to and process any query, request and/or complaint in a timely manner.
Updates on Personal Data Protection Policy
26. We review our policies, procedures and processes from time to time to ensure compliance with applicable law.
27. If we need to amend this Policy, we will post the amendments on this website. If we have your e-mail address, we may also e-mail you with information on those changes.
28. This Policy was last reviewed in March 2019.