The InSocial platform enables you to use our InSocial service to support your business activities. The operation of the InSocial services is explained on the website www.insocial.eu. Through this website and our services (whether or not because you supplied personal data to us) we obtain personal data from you. Our offered services regard, inter alia, the organisation of customer satisfaction surveys for the benefit of our clients.
We are convinced of the fact that the protection of the personal privacy of the users, visitors, customers and subscribers of our websites / services is of utmost importance to our activities. Hence, we attach ample importance to the protection of yourprivacy, our users, visitors, customers and subscribers. That is why we handle, treat and process the personal data that we obtain diligently and exclusively in accordance with the applicable privacy legislation and regulations. This implies, inter alia, the following:
- we clearly indicate for what purposes we process your personal data;
- we limit the (collection of) processed personal data exclusively to the data that are truly required;
- we first ask for your express/explicit and specific consent to the processing of your personal data in instances where your consent is required;
- we take appropriate organisational and technical security measures to protect your personal data and we also require this of parties that process personal data under our authority (as the occasion arises).
In this Privacy Statement we explain what personal data we collect and use as also for what purposes we do this and on the basis of what grounds. In addition, it is elaborated how long we retain your personal data, if we share these data with third parties, how your data is secured and how you can contact us.
2. What personal data do we collect and process
To optimise our website and to offer and supply our services in the best way possible we process personal data. This regards any and all information about an identified or identifiable natural person. For the purposes enumerated in this Privacy Statement we process the following personal data:
- Basic information: name (including initials), title(s), gender, date of birth;
- Contact information: email address, address (business and/or private), telephone number(s);
- Position and profession;
- Business and organisation;
- Your contact person at [company name];
- Data related to the visit to our website, e.g. an URL, IP address, browser type and the duration of your visit (see ‘What are cookies’);
- Personal data that you supply to us with regard to applications, e.g. name and address information, date of birth, telephone number(s), nationality, civil status and other personal information that you provide in your application;
- Personal data that you supply with regard to the attendance at meetings or events organised by [company name];
- Any other personal data or information that you supply to us or that we obtain in connection with the purposes or grounds mentioned under 3.;
- Data about interests of you as a user of one or more of our websites (also see ‘What are cookies’).
We collect this information and these data because you supplied them to us or because you gave consent to us for it. This is, for instance, the case when you conclude an agreement with us, when you voluntarily supply these data to us because you enter data on the website, because you provide us with your business card, because you accept our cookie notification or because you send in an application. We can also collect these data from other sources, e.g. the Chamber of Commerce, the Land Registry or other publicly accessible sources (including social media).
3. Purposes and grounds for the processing of your personal data
We exclusively use the personal data that we collect from you for the purposes that are outlined in this Privacy Statement, unless we obtained your express prior consent for other purposes.
The purposes of our data processing are:
- Use of our services: to be able to use our services it is necessary that you supply personal data to us. The services that we perform are any and all services that you can reasonably expect of the provider of customer satisfaction surveys (whether or not with additional information, adjustments to needs and wishes, etc.). In this respect we process your personal data on account of the consent given by you or on account of the need for the implementation of the agreement (for the provision of services) awarded by you and accepted by us.
- To comply with our legal and statutory obligations; an example are our tax obligations.
- Marketing and business activities: we collect and process personal data to send, for instance, news updates, invitations for events, reactions to our contact form and other communications that may be of interest to you (promotions).
- Application procedures: We collect and process data of applicants for the benefit of the application procedure directly or by means of forms and/or attached CVs, whether or not via third parties or by email.
- Website: we also process personal data with regard to the use of our website. We use this to, for instance, analyse the use of our website. This allows us to make the website even better and to fine tune it to our target groups and marketing.
- To give you the opportunity to post and exchange information on one of our websites, or if our websites offer this possibility, to contact other users.
We process your personal data on the basis of one or more of the following grounds:
- Required for the implementation of the agreement
- Required to look after justified interests
- Required to comply with a statutory obligations
- Your consent (if required)
We do not use automated decision-making or profiling. In addition, you are not held to share personal data with us. This may, however, imply that we can serve you less well.
4. Retention period personal data
To the extent that this Privacy Statement does not indicate otherwise, your personal data is/ are not retained longer than required for the use in accordance with the purposes for which the data were supplied or collected or to act in accordance with applicable legislation and regulations (the applicable legislation and regulations include both maximum and minimum retention periods).
With regard to applications: your personal data are deleted at the latest 4 weeks after the end of the application procedure if you unfortunately did not get the job. If we obtained your consent to retain the data longer, for instance because appropriate positions may become available in the future, then this retention period shall be one year.
5. Your personal data and third parties
We only use third parties during the processing of personal data for the performance of the purposes described in this Privacy Statement if this is required and/or if you give us consent for it. In this respect, if third parties are hired, we always take appropriate measures to ensure that your data are secured sufficiently and are exclusively used for the purposes proposed in this Privacy Statement.
Upon the performance of our services and activities we rely on, inter alias, the following third parties with whom we may share your personal data (the following list is not exhaustive):
- Third parties relevant in the context of the performance of the services offered and supplied by us: for instance our clients, Facebook, Google etc.;
- Third parties with whom we deal to comply with our statutory obligations, e.g. supervisory authorities and other bodies as well as the accountant (for our business administration), pension providers etc.;
- Other third parties with regard to the processing of personal data in the context of the purposes described in this Privacy Statement, e.g. ICT providers, communications providers and other organisations to which we outsource any ‘support services’.
Third parties to whom we supply your personal data are personally responsible and liable for their actions and personally ensure that they comply with the applicable legislation and regulations. We are neither responsible nor liable for the processing of your personal data by hired third parties. If a third party is hired to process personal data then we shall always conclude a processing agreement within the meaning of the GDPR with the relevant party. We never give a third party consent to share your data with others.
As the occasion arises, a transfer of the personal data to countries outside the European Union only takes place if the said countries offer an appropriate level of protection for the processing of personal data in conformity with the relevant legislation, e.g. the US / EU Privacy Shield, if the transfer is necessary and if one of the processing grounds mentioned in this agreement offers the possibility for this.
6. The security and protection of your personal data
We took appropriate technical and organisational measures to protect your personal data against loss and violation or against any form of unlawful processing, insight, adjustment, etc.
These measures include, but are not limited to:
- any and all information is handled confidentially and everyone who is in contact with personal data is bound by a (contractual) confidentiality obligation;
- our employees only have access to the data that they need for the performance of their activities;
- any and all information and personal data are located on secure servers;
- we ensure that our network connections are secure;
- regular backups are made of any and all systems used by us;
- our business premises are properly secured (with an alarm) to prevent theft;
- regular security checks are performed with regard to the offered applications and the systems used by us by an external party (pen tests & server scans);
- all our employees are aware of the considerable importance of the protection of the privacy;
- Access security (both at the business premises and in the systems of InSocial);
- The encryption, pseudonymisation or anonymisation, as much as possible, of personal data, inter alia in case of the transfer of the said data.
For more information about our security you can contact us via the following details (see 13.).
7. Your rights
You are entitled to request us information about (all) your personal data and/or to correct, supplement, otherwise change, delete and/or protect the same. If a processing act is based on your consent then you are entitled to always revoke the said consent (without retroactive effect). In addition, you are entitled to request data portability of your personal data, to object to the processing of your personal data (provided in a substantiated manner), to object to the exchange of your personal data and to request restriction of the processing of your personal data (also in a substantiated manner). In addition, you are entitled to submit a complaint to the relevant privacy supervisory authority (in the Netherlands this is the Data Protection Authority).
To exercise these and/or other rights and corresponding requests we ask you to contact us (see 13.). In your request you must indicate on the basis of what ground you submit the request and you must supply sufficient information on the basis of which we can check your identity.
In some instances we can reject your requests. You shall be informed of this with reference to the statutory basis that makes it possible to reject your request. Reason for this can, inter alia, be statutory obligations vested in us or the excessive or unreasonable nature of one or multiple requests.
In case of extremely complex requests, or an excessive number of requests, instead of rejecting the request it is also possible to pass an appropriate administrative cost reimbursement for the implementation of the request on to the person making the request. You shall be informed of this in advance.
The website of InSocial as well as the websites / web links that we set up, maintain and use for the benefit of our customers cookies to operate properly. You can indicate in the settings of your web browser whether or not you want to allow these cookies. You only need to indicate this once (until you delete your temporary files). This may, however, limit the functionality of the website.
9. What cookies
We use two types of cookies:
- Necessary cookies: these are cookies that are required for the proper performance of our website. For instance your choice in accepting cookies or not or remembering the details entered on the website. These cookies are not shared with third parties. These cookies do not require your consent.
|Google Tag Manager||Essential|
|Google Tag Manager||Essential|
|Google Analytics (anonymised)||Analysis|
This Privacy Statement is not applicable to websites of third parties that are connected to our website with links. We cannot guarantee that the said third parties handle your personal data in a reliable or secure manner. We advise you to read the privacy and cookie statement of these websites before using these websites.
We conduct customer satisfaction surveys for and in the name of our clients. The personal data that we obtain in this respect are not owned by us. Hence, the provisions of this (our) Privacy Statement are not applicable to the said personal data. Instead, the privacy statements of our clients and the processing agreements concluded between us and the clients are applicable to the said personal data. This means that you, if you have questions or comments with regard to these personal data, or if you want to exercise the rights as intended in article 8 in respect of the said personal data, should contact our client. We shall actively support you in this, inter alia by forwarding your questions, comments or requests to our relevant client.
11. Change in this Privacy Statement
We reserve the right to change this Privacy Statement at any time and for any reason whatsoever and therefore advise you to regularly check this part of the website.
Do you have a complaint about the processing of your personal data? Then we are happy to discuss this with you. In pursuance of the privacy legislation you are also entitled to submit a complaint about incorrect processing of your personal data to the Dutch Data Protection Authority. For more information you can contact the Dutch Data Protection Authority. For other complaints we refer you to our complaints procedure.
For all your questions and/or comments and/or requests, whether or not about the processing of your personal data or this Privacy Statement, you can contact InSocial B.V., established at the Phoenixstraat 58 in (2611 AM) Delft, via: firstname.lastname@example.org or on 085–130 17 00.
Delft, 18 january 2019