Privacy Statement
This is the privacy statement of BPSOLUTIONS. This statement pertains to the collection and processing of personal data of both our employees and our customers.
Your Personal Data is well protected
The protection of privacy is important to you and to us. We handle personal data with care. Naturally, BPSOLUTIONS acts. according to the requirements of the General Data Protection Regulation and the applicable laws and guidelines from the European Union and the national government. Below are your most important rights and obligations in the field of privacy and we discuss the way we handle personal data, which processes and protocols we use and how we guarantee the security of data.
To ensure that you are always kept informed of the current state of affairs regarding the collection and processing of your personal data, we periodically review this Privacy Statement. So please make sure that you always have the current version of the Privacy Statement when you exercise one of your rights so that we can serve you as efficiently as possible.
Definitions
- Controller, hereinafter referred to as controller: B + P SOLUTIONS B.V., established in Utrecht, registered with the Chamber of Commerce under number 36048680;
- Processor: Parties that process personal data on behalf of the controller
- Personal data: data that directly or indirectly says something about you. Think of your name and address or your income.
- Processing: Everything that can be done with your personal data. For example, the collection, storage, use, transfer and deletion of your data.
Comply with privacy legislation
BPSOLUTIONS is an organization that falls under the scope of the General Data Protection Regulation. We are working hard to continue to comply with the requirements that this regulation and other legislation imposes on us. For example, we have appointed a data protection officer and we keep track in a so-called “Processing Register” which types of data we process in which way.
Whose data do we process?
BPSOLUTIONS processes data from parties with whom we (want to) enter into or have entered into a business relationship. This includes in any case:
- Our (potential) customers, including personal data of employees employed or working for the relevant customers to the extent necessary within the performance of our agreement;
- Our suppliers;
- Our employees
Which data?
To enter into a relationship, we collect data such as the name, gender and contact details of contact persons with whom we do business. In the performance of our work, these personal data can be expanded with information about training courses, tasks and positions within the organization with which we have a relationship. For our invoicing we use bank details that can be in the name of both your company and your person.
We collect data from our employees and self-employed persons that are necessary for the performance of the contract for work or assignment.
Responsible
This privacy statement concerns the processing of personal data by:
- B+P SOLUTIONS B.V.
- HubSpot, Inc.
Purpose limitation
BPSOLUTIONS collects and processes data for:
- Concluding and executing an agreement concluded with individual customers, including invoicing for services provided. In this case, the basis for the processing is the concluded agreement, supplemented in some cases with a legal basis that obliges us to collect certain data. In this case, consider, for example, tax legislation;
Implementing agreements concluded with suppliers. In this case, too, the basis for processing lies in the first instance in the performance of the agreement; - Handling incidents and complaints with regard to the service, in the context of quality and improvement management. The basis for this processing lies primarily in the performance of the agreement, but we also have a legitimate interest in this processing. In special cases, we will ask you for permission to process data in the context of incident management;
- The conclusion of and implementation of employment contracts with employees, including the implementation of related legislation such as the Working Conditions Act. The bases for this processing lie in the agreements entered into and legal obligations imposed on our organization. We collect certain data with the permission of our contractors and employees;
- For relationship management, promotion and marketing purposes. The basis for this processing lies in our legitimate interest, for example to be able to send newsletters we request specific permission. Withholding consent
Use data for a different purpose
Using your personal data for a purpose other than that with which we collected it is only permitted if both purposes are closely related to each other.
How do we collect this information?
In the first instance, we collect data from the persons concerned themselves, for example via the information we receive by telephone or e-mail. When you request a quote, place an order, or if you are a supplier, you want to submit a quote, you share personal data with us.
In addition, we also collect personal data ourselves, for example by consulting public registers such as the Chamber of Commerce.
How long do we keep data?
The starting point for the retention of data is that we do not keep it longer than is necessary to achieve the purpose for which the data was collected. For example, if you stop the cooperation with [organization], we will delete your data after completion of the agreement. In a number of cases, we are bound by legal retention periods that oblige us to keep data for a number of years. In many cases, this retention period is set at 7 years, in the case of the storage of personal data, the period is set at 15 years.
If we no longer need the data to achieve the purpose for which it was collected, we can still keep data for archiving purposes. When possible, this will be done anonymously and the personal data concerned will subsequently be deleted.
Special data
It is possible that BPSOLUTIONS collects special personal data in the performance of a concluded agreement. We only do this when necessary, for example:
- BSN (SSN)
- Health data
Who has access to data?
Within BPSOLUTIONS, only those persons have access to your data who need it in view of their duties and powers. Anyone who works on behalf of or under the responsibility of BPSOLUTIONS is bound by a confidentiality agreement.
Sharing of data
Within BPSOLUTIONS we share your data with internally involved employees when necessary and we can also share this data with other parts within the holding. We share data outside of our own organization when we are legally obliged to do so, this is necessary in the performance of an agreement or when you have specifically given permission for this.
Data protection
We handle your data with care. Our systems are well secured so that unauthorized persons do not have access to your data. You determine who may view your data, and we record your consent to sharing data in writing. We have taken appropriate technical and organizational measures to prevent misuse of your personal data.
All BPSOLUTIONS employees are aware of the applicable rules with regard to your personal data. Upon commencement of employment, they sign a confidentiality agreement as part of the employment contract. We also request a confidentiality agreement from our suppliers who have to deal with your personal data. We have also made agreements about the processing with suppliers who have to process your data.
Reporting data leaks
Despite the fact that we take the greatest care, it is possible that personal data may become visible to unauthorized persons or may be lost. We then speak of a data breach. A data breach involves access to personal data or the destruction, modification or release of data without the intention to do so. A data breach therefore does not only include the release (leaks) of data, but also the unlawful processing of data.
BPSOLUTIONS has drawn up a procedure for dealing with data leaks, which describes which steps we take to limit the damage as much as possible, which parties we inform and how we keep you informed as a stakeholder.
Your rights
Information
Through this privacy statement we inform you about how we handle your data. Where appropriate, we will have to provide you with more information, which we will do in a manner that we believe to be appropriate.
Viewing data
You may request access to your data at any time, in principle we will never refuse you. However, we may not be able to allow you to view all data because permission is first required from other involved persons. We will then look for a suitable solution in consultation with you. If you want to make a written request to view your data, we ask you to sign this request and to enclose a copy of your proof of identity. We will not charge you any costs for viewing data, electronically or on paper.
Changing data
You can submit a request to us at any time to change your data. This could be because you have moved or because contact details have changed. You can only have the actual data adjusted, it is not possible, for example, to have a report adjusted afterwards. You can always ask to have your comments added to these types of reports.
Restricting data
You can submit a request to restrict the processing of your data. This means that we will process less data.
Data portability
You have the right to ask us to obtain or transfer data that you have provided to us under a contract with us or with your consent in a structured and machine-readable form or to transfer it to another party. Are you requesting to transfer data directly to another party? This is only possible if it is technically possible.
Desctruction of data
You can request us to destroy your data or parts thereof after termination of the service. We will always do this, unless we are required by law to keep the data for a specific period of time. For example, we must keep data for financial administration for at least 7 years. Even if it is clear that other persons have a great interest in retaining the data and that interest outweighs your interest in destroying the data, we may not proceed to destruction. We will always discuss this with you to look for suitable solutions.
Objection
When processing your data on the basis of a legitimate interest, you can always object to the processing. We will then have to make a new assessment.
Direct marketing
You have the right to object to direct marketing for which you have not given explicit consent. Consider, for example, sending a newsletter, but also approaching them by telephone. Without your prior registration, BPSOLUTIONS will not use your data for direct marketing.
Objections or requests
If you believe that we have incorrectly collected data, have not given you access or have violated one of your other rights, you can submit a complaint about this to our security officer or the Dutch Data Protection Authority. Rick Schouten is responsible within BPSOLUTIONS for questions and comments regarding the protection and processing of your data. For questions regarding your personal data, you can always consult your own advisor.
Contact information: privacy@bpsolutions.com.