PRIVACY STATEMENT WEBSITES AND CONTACT CHANNELS
1. PRIVACY STATEMENT
Careful handling of personal data is of great importance to the Controller, the private limited liability company Van Oers Accountants en Belastingadviseurs B.V., with registered office and place of business at Ginnekenweg 145 in Breda and all entities affiliated with Van Oers, including but not limited to, Van Oers Audit B.V., Van Oers Agro N.V.,Van Oers Corporate Finance B.V., Van Oers Organisatieadvies N.V., and Van Oers IT en Cybersecurity N.V (hereinafter referred to as: Van Oers).
Personal data are therefore also carefully processed and secured. When processing data, we adhere to the current laws and regulations in respect of the protection of personal data. Our business activities take place in the Netherlands and we store our data on servers in the European Economic Area (EER). If personal data have to be exchanged for correct execution of the contract outside of the EER, this shall take place based on adequacy decisions or appropriate guarantees in accordance with the General Data Protection Regulation (GDPR).
In this privacy statement, we summarise when and how your personal data are collected, used, secured and disclosed in relation to the websites and contact channels that we offer (hereinafter: ‘Websites and Contact Channels’). A separate privacy statement applies to the use of our services, which is sent to you if you wish to utilise our services.
Van Oers is entitled to amend the provisions in this privacy statement and if we amend these provisions, we shall inform you of that. Nevertheless, we recommend that you occasionally check whether the privacy statement has changed.
3. LEGAL GROUNDS AND PURPOSES FOR THE PROCESSING OF YOUR PERSONAL DATA
If you visit our websites, request information through our websites and/or register with us or contact us by telephone, we will register your personal data.
Van Oers only processes personal data for the purposes stated here, pursuant to one of the following statutory legal bases:
3.1. Processing for which you must give consent
If you are not prepared to provide the personal data that we process for these purposes, or you do not want us to process these data, this will not have a negative impact on your use of the Websites and Contact Channels. You can therefore continue to use the Websites and Contact Channels.
3.2. Processing that is required for Van Oers' legitimate interest
Below you will find which personal data Van Oers processes when you use the website functionalities.
Use of contact forms:
- name, company name;
- email address, telephone number;
- content of the information provided in the contact form.
Your data are processed by a select group of professionals who may contact you. In this respect, Van Oers uses a hosting party which sends the information that you have entered directly to Van Oers. If the request for contact results in a contract with Van Oers, your contact details will be recorded in our CRM/ERP solution. If this is not the case, your data will be deleted. Your data will not be kept by the hosting party; the hosting party is only responsible for forwarding the details and these are then only saved for 45 minutes.
Registration for a course through our Van Oers Academy:
- first name, surname, initials, prefix, title;
- email address, telephone number;
- name of the organisation, details of the organisation.
Your data are processed by a select group of professionals; your data will be saved in our CRM/ERP solution. Your data will be saved for at least 2 years, which enables us to inform you in the event of there being an updated course or related course.
Online job applications:
- initials, preferred name, surname prefix, surname;
- street name, postcode, house number, annex, town/city;
- email address and telephone number;
- curriculum vitae and cover letter.
Your data are processed by a select group of professionals who may contact you. In this respect, Van Oers uses a hosting party which saves your data temporarily and forwards this to Van Oers. Your data are then stored in a separate job application module within our CRM/ERP solution. Van Oers keeps your data for a maximum of 4 weeks after the end of the application process. If you have stated that Van Oers may keep your data for longer for future job vacancies, these will be kept for 1 year.
Sharing files with Van Oers:
- email address, telephone number.
Van Oers offers you, as the client, the option of sharing large files safely with Van Oers employees.
Your data are provided and processed by the person to whom you send the files. The files are stored temporarily (up to 21 days), as a download request on Van Oers' own systems.
Also understood to be meant by ‘legitimate interest' is the prevention or investigation of actual or possible fraud, burglary, infringement or other misconduct that relates to our Websites and Contact Channels. In addition, Van Oers may process your personal data in order to ask for feedback and to enable us to develop, modify and to improve our Websites and Contact Channels.
If you are not prepared to provide these personal data or you do not wish us to process these data, this may mean that you are no longer able to use the Websites and Contact Channels (properly). For example, we may block or limit your access to the Websites and Contact Channels. The reason for this is that we collect these data because Van Oers has a so-called “legitimate interest”. We also need the data to prevent misuse of the Websites and Contact Channels or to prevent security incidents.
4. FOR HOW LONG DO WE KEEP PERSONAL DATA?
Van Oers does not keep personal data for any longer than required in order to accomplish the purposes for which the data are processed. Unless stated otherwise in this privacy statement, the guiding principle is that your personal data will be kept for no more than 2 years after the last time you used the Websites and Contact Channels.
We keep job application data for a maximum of 4 weeks after the actual application process, unless you provide consent for us to keep this for longer (maximum 1 year).
5. SHARING YOUR PERSONAL DATA
As the client, you can purchase several services from Van Oers, If this is the case, we can use your data internally in order to prevent duplicate or incorrect data. The longest applicable retention period (depending on the service) is applied based on periods laid down in current laws and regulations.
5.1 Sharing with processors
We can engage the services of third parties, such as hosting providers, to assist us in offering the website and the contact channels. As part of their role, those third parties can process your personal data. In this respect, a third party like this will hereinafter be referred to as 'Processor'.
In some cases, the Processor may collect your personal data on our behalf. We inform Processors that they may only use personal data that they receive from us to enable the functionalities on the website. We are not responsible for any additional information that you provide directly to Processors. It is prudent to make sure you are well informed about the Processor and its company before you provide personal data.
5.2 Sharing with your consent
We can also share personal data with other parties, provided you give your consent to that end. We can, for example, work with other parties in order to offer you specific services or offers directly. If you register for these third party services or marketing offers, we can provide your name or contact details if they are required to provide that service or to contact you.
5.3 Our legal responsibility
We may also share personal data with third parties if this:
- is reasonably necessary or appropriate in order to fulfil the legal requirements;
- is required in order to fulfil statutory requests from authorities;
- is required in order to respond to possible claims;
- is required to protect the rights, property or safety of ourselves, our users, our employees or the public;
- is required to protect ourselves or our users from fraudulent, offensive, inappropriate or unlawful use of the Websites and Contact Channels.
We will immediately inform you of requests that we receive from a government agency and that concern your personal data, unless we are not allowed to do so pursuant to the law.
5.4 Anonymised information
Meant by 'anonymising information' is that the information is amended in such a way that identification of natural persons is no longer possible. Take into account that such information can be shared with third parties without your consent.
6. PROTECTION OF PERSONAL DATA
We adhere to generally accepted standards in order to protect personal data, both during the transfer thereof and as soon as we have received the personal data.
We have introduced physical, electronic and management procedures that are designed in order to prevent unauthorised access, loss or misuse of personal data as much as possible.
We limit, where reasonably possible, the internal access to personal data to employees who need that information to be able to carry out their work. Unless authorised, employees are not allowed access to personal data and in the event of violation, disciplinary action will be taken. Our employees are bound by a non-disclosure clause.
Our information management systems are configured, where reasonably possible, in such a way that employees who are not authorised to consult certain information or personal data have, in principle, no access to that information.
You must take into account that our Processors are responsible for processing, managing or saving (some of) the personal data that we receive. In the Processor's contract that we have entered into with these Processors, we have compelled the processors to protect your personal data.
We would like to remind you that absolute security in relation to sending personal data via the internet or saving personal data cannot always be guaranteed.
7. LINKS TO THIRD PARTY WEBSITES
8. WHICH RIGHTS DO YOU HAVE WITH REGARD TO THE USE OF YOUR PERSONAL DATA?
As an involved party, by virtue of the law, you have a range of rights that you can exercise. Below we will briefly outline your rights and how you can make use of these rights. Remember that exercising your rights can result in you no longer being able to use the Websites and Contact Channels or that these shall no longer be provided (as defined in article 3).
You can check, revise, correct or delete the personal data that are collected within the scope of the use of the Websites and Contact Channels.
We have in certain situations the right to keep your personal data. This is allowed if this is necessary or recommended in order to resolve disputes, to enforce the applicable conditions of use, for technical and/or legal requirements and/or if the use of the Websites and Contact Channels requires this.
You can ask us to restrict or to stop the processing of your personal data in the future. Where possible we will comply with your request.
You can ask us to transfer the personal information that we process about you to another party. You must then specify which information you wish to have transferred. We shall only fulfil this request if this concerns information that is processed pursuant to article 3.1 of this Privacy Statement, unless this information also contains personal data about other (natural) persons.
You have the right to submit a complaint to the competent privacy authority that relates to our processing of personal data. In the Netherlands, this authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
8.1 Submission of requests
You can submit a request in writing or by email to exercise your rights. A written request must be dated and signed. Written and digital requests outline at least:
- that this is a request within the scope of 'exercising rights of the involved party under the General Data Protection Regulation (GDPR)';
- that these are addressed to the Privacy Officer;
- the full name and initials and the address of the involved party;
- a copy of a valid identity document belonging to the involved party (in which the CSN number and the passport photo are obscured);
- the email address;
- an explanation about the request and which right you wish to exercise;
- that a request for limitation or correction states which changes you wish to make.
As verification, we ask that you identify yourself by means of a copy of an identity document. We ask for a copy of your identity document in order to prevent your personal data from being shared with the wrong people.
The request for inspection, correction, transfer, deletion or limitation must be submitted to the postal address P.O. Box 165, 4870 AD Etten-Leur or by email: firstname.lastname@example.org.
8.2 Processing of and dealing with requests
Van Oers shall only examine requests in respect of which Van Oers is considered to be the Controller. If this is not the case, you will be informed that the request will not be processed. If Van Oers is considered to be the Processor, it shall forward the request to be processed to the correct Controller. You shall be informed of that.
If the request does not fulfil the stipulated conditions (see submission of requests), you will be given the opportunity to modify the request within 2 weeks. If the request is not modified within this period of time, you will receive a decision stating that the request will not be processed.
Van Oers shall provide you immediately and, in any case, within one month after receiving the request, with information on how the request will be followed up. Depending on the complexity of your request and on the number of requests, if necessary that period of time can be extended by two months. If applicable, within one month of receipt of the request, Van Oers shall inform you of this extension.
If you have any questions, problems or remarks about this privacy statement, please contact us by e-mail at email@example.com.