Privacy conditions
Assurance of rights and GDPR-compliant pop-up on the site.
What tools do we use, what do these track?
Google Analytics does not record direct personal data, but aggregates traffic data at group level. The use of Google Analytics therefore does not constitute a direct infringement of the GDPR. However, it is advisable to mention Google Analytics in the privacy statement as its use involves the processing of personal data (even if not traceable to individual level). As long as an opt-in option is offered, the use of this tool is not a problem.
Embedded videos on the site
Usage data concerning viewed videos comes under the GDPR. As soon as an embedded video on the site records usage data (as with YouTube), this must be separately mentioned in the opt-in window.
GDPR and email
The collection of email addresses for marketing purposes is permitted. To ensure the collection process is GDPR-compliant, a double opt-in (opt-in via a form on the website, and then confirmation in the mailbox) must be enabled, and the email addresses must be correctly saved. In addition, the purpose for which the email addresses are used (purpose limitation) and the period that the data must be kept (retention period) must be explicitly mentioned. GDPR-compliant opt-ins must be collected for the email addresses that are already in the database. This can be lawfully done by sending a personal email to the current addresses. The latter only applies to leads/clients.
Procedure rights: (advisable to mention these as follows in the privacy statement)
- The right to data portability. The right to transfer personal data (NEW).
- The right to be ‘forgotten’ (NEW).
- Right to data access. This is the right of people to access their personal data that you process.
- Right to rectification and completion. The right to modify the personal data that you process.
- The right to limitation of processing: The right to have less data processed.
- The right in relation to automated decision-making and profiling, i.e. the right to human review of decisions.
- The right to object to the data processing.
Privacy register (internal): how have you assured the privacy of personal data?
- List of clients/suppliers + privacy agreements. Consent to save data.
- Data protection policy: how do you make sure that you handle data safely? Place as much responsibility as possible with the parties who are the principal managers of the data.
Data Protection Policy (if you manage lots of data yourself)
- Access control
- Logging
- Physical measures
- File encryption
- Network security
- Random checks
- Management of copies and back-ups
- Pseudonymisation & limitation of storage (e.g. retention periods)
- Procedure for data breaches
Nieuwstad OrangeGlobal Privacy Statement
Version 19 May 2019
Nieuwstad OrangeGlobal is part of Nieuwstad Advies BV. With this statement Nieuwstad OrangeGlobal (hereinafter ‘we’ or ‘our’’ ) provides information on how we deal with the personal data that we process in connection with our work and services.
Our contact details
Name Nieuwstad OrangeGlobal
Address P.O. Box 390
Postcode and town 3940 AK DOORN
Contact person Barbette de Graaf
Email address persoonsgegevens@nieuwstadorangeglobal.com
Our services
Nieuwstad OrangeGlobal offers a range of advisory and management services.
What personal data are collected?
In carrying out our services, we process certain personal data, either on our own behalf or on the instructions of third parties. Personal data comprise all information with which a natural person (the data subject) can be identified or is identifiable. Processing comprises: receipt, storage, modification, transfer and removal.
For instance, if you complete, sign and return statements or agreements in connection with our services, or use our services in any other way, we may process personal data.
The personal data that we can process of you include:
- Title
- Gender
- The company where you work
- Your job title
- Contact details such as home, visiting and postal address, landline/mobile telephone number, email address
- Place and date of birth
- Nationality
- Marital status
- Technical data such as your IP address, the device you use to visit the website of Nieuwstad OrangeGlobal, or the website environments created via Nieuwstad OrangeGlobal, and the pages you view
How do we obtain your personal data?
In most cases we obtain your personal data directly from you, for instance when you give us your business card, return completed statements or agreements, or visit website environments created by or via Nieuwstad OrangeGlobal, or from information that you communicate to us by telephone or email.
If we process personal data of you that we have not obtained directly from you, we will do so in connection with an assignment. In this case, the source of these data shall be one of the following:
- Public registers including the trade register of the Chamber of Commerce, the Land Registry, the guardianship register and the insolvency register
- A lawyer, tax adviser, real estate agent, financial adviser or other adviser in connection with an agreement where you are one of the parties or hold a position at said party, such as director, supervisor, authorised representative or adviser
- Other sources such as the Personal Records Database (BRP) and Visa Information System (VIS)
- Public sources such as social media platforms and commercial websites
Where we process personal data of you that we have received from a third party, these data have been collected under that third party’s responsibility and in accordance with their privacy policy and shared with us in connection with our services.
How do we use your personal data?
We use your personal data for the purposes for which these were collected in connection with our services, such as for the performance of contracts, client contacts and communication, marketing and new business development, statutory and professional compliance, the use and improvement of website environments created by or via Nieuwstad OrangeGlobal, the resolution of disputes, participation in events, satisfaction surveys, job applications and recruitment.
Your data are not used for other purposes without your consent.
What are our grounds for using your personal data?
We must have a legal basis to use your personal data. The legal basis for the aforementioned usage is one of the following:
- The performance of a contract
- The purposes of legitimate interests
- A legal obligation
- Your consent
Who do we share your personal data with?
We may need to share your personal data with third parties, for instance in the following cases:
- We may need to share your personal data with third parties, for instance in the following cases:
- To be able to provide our services, e.g. for the compilation of project files used by multidisciplinary project teams
- To enable advisers you have engaged to perform their work
- To comply with all legal obligations, such as disclosures to or approvals from a supervisory authority
- To organise or host events of or by Nieuwstad OrangeGlobal
Third parties to whom we provide your personal data are responsible for processing these data in compliance with GDPR. If a third party processes your personal data as a processor on behalf of Nieuwstad OrangeGlobal, we enter into a GDPR-compliant processor agreement. If a third party processes your personal data as processor on behalf of a client of Nieuwstad OrangeGlobal in connection with the performance of our services, Nieuwstad OrangeGlobal will request this client to conclude a GDPR-compliant processor agreement with said third party.
How long do we keep your personal data?
We keep your personal data for as long as necessary for the purposes for which we collected and recorded them or for as long as they are used and/or for as long as required by law. We adhere to all retention periods that are required by law or professional regulations/codes of conduct.
How are the personal data protected?
We always take appropriate technical and organisational measures in accordance with the standards applicable at that time in order to prevent any misuse or loss or any unauthorised access, disclosure or alteration of your personal data.
If you have any questions about the protection of your personal data or if you suspect misuse, please contact us.
What are your rights?
You have the following rights:
- The right to data portability. The right to transfer personal data (NEW).
- The right to be ‘forgotten’ (NEW).
- Right to data access. This is the right of people to access their personal data that you process.
- Right to rectification and completion. The right to modify the personal data that you process.
- The right to limitation of processing: The right to have less data processed.
- The right in relation to automated decision-making and profiling, i.e. the right to human review of decisions.
- The right to object to the data processing and to have personal data altered or removed if the data are not or no longer correct or if the processing is not or no longer justified.
To exercise these rights, you must submit an appropriate request. We will decide whether we are able, under the law, to meet your request. We would like to receive your request in writing and will verify your identity on the basis of a valid proof of identity before complying with your request.
In some circumstances we may not be able to meet your request. For instance because the processing of certain personal data is required in order to meet statutory obligations and/or professional requirements or because of other exceptions, such as the rights and liberties of third parties or a legitimate interest in pursuing legal action. If we are unable to meet your request, we will always inform you and explain why.
Complaints
If you have a complaint about our processing of personal data, please let us know via persoonsgegevens@nieuwstadorangeglobal.com. You also have the right to submit a complaint to the Personal Data Authority via www.autoriteitpersoonsgegevens.nl.
This statement may be changed from time to time and we advise you to check the website regularly to stay informed of the latest version.
19 May 2019