Privacy statement – Kessels & Smit, The Learning Company BV
Date: 23-04-2018, version 2
1. Introduction
K&S processes your personal data carefully, securely and confidentially. We are committed to protecting your privacy. The rules on protecting your privacy are laid down in the General Data Protection Regulation, with the Personal Data Protection Authority supervising compliance with the law. K&S acts within the framework of the law.
2. Privacy statement structure
K&S is responsible for processing your data, which it receives in the performance of various activities. In the sections below, we describe which personal data we process and why we do this. We also explain which services we process the data for, and on what basis we can do so. The sharing of data with other parties is explained, as is the processing of personal data outside the EU. The security of personal data is addressed together with retention periods. Finally, a section has been added about your rights as a data subject and the possibility of lodging a complaint or contacting K&S.
3. What are personal data?
Personal data are any data that can be traced back to a certain person. Examples include your name, address, phone number and email address. Personal characteristics, too, can be classified as personal data.
4. Are you obliged to provide personal data?
In some cases, yes. If you decide to use our services or order a product from us, these data are necessary. Only then can the contract be concluded and we can deliver the products. In some cases, it is also necessary to obtain data from your employees in order to be able to carry out a certain project properly. This mainly concerns names, telephone numbers and email addresses in order to be able to contact people when necessary over the course of a project.
5. What about data collected from others?
Inside the web store, K&S does not collect data from third parties. The only data we process are the data we receive from the data subjects themselves.
For our other activities, data are collected from the parties involved, and also via their employers, which could be managers or HR departments.
6. Who is the controller of personal data?
When ordering products, K&S is the legal data controller.
When a project is started in a company in which work is carried out for and on behalf of employees, the customer is the data controller.
7. Who is the data protection officer or privacy officer?
K&S does not employ a data protection officer. If you have any questions about our privacy statement or matters relating thereto, please send an email to the following email address: privacy@kessels-smit.com
8. What personal data do we use for our services and products?
For the sake of simplicity, personal data may be divided into categories. We use the following personal data categories for you:
Category 1 Name and contact details: These are your first and last name, address, date of birth, email address, phone number, etc.
Category 2 Payment details:
This is your account number.
Category 3 Other personal data:
This includes the order history for our web store, i.e. the details of the products you ordered. For the other services offered by K&S, we also process personal data collected during the course of various activities such as coaching and from personal videos and profiles.
9. What do we use your data for?
We use the aforementioned personal data for various purposes.
. Provision of services
· Subscribing to our systems
· Preparation of an agreement or contract
· Monitoring the progress of our projects
B. Research and statistics
· Tracking the number of new customers per region
· Analysing this data
· Improving our website
C. Legal disputes
· Handling legal proceedings
10. Which services do we use your data for?
K&S uses personal data from the 1st category for the correct performance of the services we provide and the projects we carry out. The purpose of this is to be able to reach the customer's various employees.
For the sale of products, K&S uses personal data from the 1st, 2nd and 3rd categories.
In addition, K&S may process your data in order to comply with legal obligations.
11. On the basis of which principles do we use your data?
Consent: K&S uses the data on you provided by the customer in connection with personal development processes such as coaching, the development centre and personal leadership, on the basis of consent.
Agreement: K&S uses personal data to execute a purchase agreement. Before this agreement is concluded, a customer is entered into the system, which is considered to be the pre-contractual phase.
12. Existence of automated individual decision-making
K&S does not make use of automated individual decision-making, as this is not necessary for our services. This means that K&S does not carry out profiling, for example.
13. Do we share the data with other parties?
K&S uses a number of suppliers for software programs, for example. The suppliers of these programs have access to the personal data and make backups for us.
These suppliers are our processors and we have concluded a processor agreement in order to lay down agreements about, for example, the careful handling of your data. K&S may be required by law to provide personal information to law enforcement authorities. We only do this if there is a legal obligation to do so, otherwise we do not.
K&S ensures that the exchange of data with third parties falls within the legal frameworks. This includes making arrangements with third parties to ensure that they take appropriate organisational and technical measures to assure customers that privacy is guaranteed.
14. Will your data be transferred outside the EU?
K&S's starting point is to process personal data only within the EU. Since the privacy regulation applies within the EU, it can, in principle, always ensure an adequate level of protection.
15. How do we secure your data?
Because the security of personal data is very important, K&S has a strict policy when it comes to this. As made clear under point 14 of this statement, we only process personal data within the EU. In addition, we have various technical and organisational measures in place to ensure that personal data cannot be misused or otherwise end up in the hands of the wrong person. Everyone in the organisation is aware of the obligations laid down in the GDPR and knows that private details need to be protected. We have implemented standard processing operations. K&S will ensure that when data is processed by a third party, there is a processing agreement in place with that party that guarantees the same level of privacy protection.
16. For how long do we store your data?
Category 1) Name and contact details
We keep this information for as long as a customer is registered with us.
With respect to employee data within projects, we delete all sensitive data once every three months. This means that the data is with us for a maximum of 3 months after the end of a project.
Category 2) Payment information
We store this information for as long as a customer is registered with us, and for a further 7 years thereafter. In case of a paid product or service, we also store any stored data for 7 years after the last transaction. This is the statutory retention period.
Category 3) Special personal data:
With respect to web store order history, we store the data for as long as a customer is registered with us.
With respect to employee data within projects, we delete all sensitive data once every three months. This means that the data is with us for a maximum of 3 months after the end of a project.
17. What rights do you have based on the processing of personal data?
K&S considers it important that the customer be able to properly exercise their rights on the basis of the law. You can exercise the following rights:
Right of inspection: You have the right to see which personal data of yours we process;
Right of rectification: If the personal data we process about you are incorrect, you have the right to have them corrected;
Right of deletion: If we no longer need your personal data for the purpose for which we received them, you have the right to ask us to delete them. There are a number of exceptions to this, such as our obligation to retain certain data for, among other things, the tax authorities;
Right of limitation: During the period in which we are determining whether your data needs to be rectified, the unlawfulness of the data processing, whether data needs to be deleted, or whether you have lodged an objection to the processing, you have the right to request limitation of the processing;
Right to data portability: At your request, we must transfer any personal data we have about you to you or to any other organisation of your choice. You can only exercise this right if the data are processed on the basis of consent or agreement;
Right of objection: If we process data on the grounds of justified interest or general interest, it is possible to object, after which a weighing of interests will take place. In the case of direct marketing, you always have the right to object.
If you are unable to find out or would like to obtain additional information about invoking your rights, please send an email to privacy@kessels-smit.com or call the telephone number.
18. Making a complaint to the competent authority: Personal Data Protection Authority
K&S considers it important to have satisfied customers. Even if we do everything we can to ensure this, it may be the case that you as a customer are still not satisfied. If you are concerned about the protection of your personal data, you can lodge a complaint with the Personal Data Protection Authority. You can do this via: https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us
19. How to contact us
If you have any questions, wish to make a complaint or have any comments, please contact privacy@kessels-smit.com or call the telephone number +31 30 2394040.