Grensoverschrijdend Bedrijventerrein, located at Snellius 8 6422 RM Heerlen Netherlands, is responsible for the processing of personal data as set out in this privacy statement.
1. Personal data that we process
In the course of its services, Grensoverschrijdend Bedrijventerrein processes personal data of employees, customers, relations and suppliers. Depending on the relationship with the person concerned, other personal data are processed. This privacy statement serves, among other things, to provide insight into which personal data we process, what the purpose of the processing is, as well as on which legal basis the data are processed and how long we keep the personal data.
Below is an overview of the personal data we process:
- First name and surname
- Date of birth
- Place of birth
- Address details
- Telephone number
- E-mail address
- Image recordings
- Education and training
- Profession and job
- IP address
- Other personal information that you actively provide, for example in correspondence and by telephone
- Internet browser and device type
- Bank account number
2. Special and/or sensitive personal data that we process
Only in exceptional cases will Grensoverschrijdend Bedrijventerrein also process the following special and/or sensitive personal data, namely:
- Citizen service number (BSN).
This personal data will only be processed if there is a legal basis for it, e.g. in the case of employees.
3. For what purpose and on what basis do we process personal data?
3.1 Purposes of processing
As indicated earlier in this statement, it depends on the relationship that Grensoverschrijdend Bedrijventerrein has with the data subject which personal data are processed. In general, we process personal data for the following purposes:
- Personnel administration
- Customer management
- Supplier management
- Workplace well-being management
- Handling payments
Grensoverschrijdend Bedrijventerrein will therefore only process personal data insofar as this falls within the context of the relationship we have with the person in question. This will be for example to contact a customer by phone or e-mail to explain our services or to inform customers or suppliers about changes in our services and products. It is also possible that we process personal data to deliver goods and/or services to customers or relations..
3.2. Legal basis for processing
Grensoverschrijdend Bedrijventerrein processes personal data on the basis of various legal grounds. Depending on the relationship with the data subject, personal data are processed on a different legal basis.
With regard to the data subjects with whom Grensoverschrijdend Bedrijventerrein has an agreement, the basis will be found in that agreement. In order to be able to execute the agreement, personal data will have to be processed. In other situations there may be a legal obligation on the basis of which it is necessary for Grensoverschrijdend Bedrijventerrein to process personal data, such as the processing of personal data for the purpose of our tax return.
There are also situations in which Grensoverschrijdend Bedrijventerrein has asked the person in question for permission to process the personal data, in which case the permission forms the legal basis for the processing. The person in question may always withdraw this consent. If Grensoverschrijdend Bedrijventerrein in that case has no additional ground to process the personal data, the data processing will be stopped as from the moment the consent is withdrawn.
4. How long we keep personal data
Grensoverschrijdend Bedrijventerrein does not keep your personal data longer than is strictly necessary to realise the goals for which your data are collected. We apply at least the following retention periods for the following (categories) of personal data: Employees’ personal data will be kept for a maximum of 2 years after the end of their employment, except insofar as the personal data must be kept for a longer period on the grounds of other legal obligations, such as tax legislation. For the rest, we adhere to the generally applicable criteria with regard to the retention periods to be used.
5. Sharing of personal data with third parties
Grensoverschrijdend Bedrijventerrein does not sell your data to third parties and only provides it if this results from the agreement we have with the person in question, or in order to comply with a statutory obligation. If applicable, we will enter into a processor’s agreement with companies which process personal data of the person in question on behalf of Grensoverschrijdend Bedrijventerrein in order to ensure, among other things, that the processor guarantees the same level of security and confidentiality of your data. Grensoverschrijdend Bedrijventerrein remains responsible for these processing operations.
6. Viewing, modifying or deleting data
Any person concerned whose personal data are processed by us has the right to inspect his/her own personal data or to have them corrected. Under strict circumstances, the data subject may request that Grensoverschrijdend Bedrijventerrein erase processed personal data. We must comply with this request in the following situations:
- When the personal data are no longer needed for the purpose for which they were obtained
- the personal details are processed on the basis of permission obtained from the person involved, after which the person involved withdraws this permission and there is no longer any other basis on which we can process the personal details
- the person involved objects to the processing of the personal details and there are no compelling legitimate grounds that outweigh this objection
- the personal details were processed unlawfully
- the personal details must be deleted on the basis of a legal obligation
In addition, the data subject has the right to object to the processing of the personal data by Grensoverschrijdend Bedrijventerrein and has the right to have the data transferred. This means that the data subject can lodge a request with us to send the personal data we have of the data subject in a computer file to the data subject or to another organisation named by the data subject.
The data subject may send a request for inspection, correction, deletion, data modification or a request to withdraw permission or to object to the processing of their personal data to email@example.com. To ensure that the request for inspection is made by the person concerned, the person concerned must send a copy of their own identity document along with the request. We advise you to make the passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and Citizen’s Service Number (BSN) illegible in this copy. This is to protect your privacy. We will respond to your request as soon as possible, but in any case within four weeks.
Grensoverschrijdend Bedrijventerrein also draws the attention of the data subject to the fact that he/she has the right to lodge a complaint with the national supervisory authority, the Autoriteit Persoonsgegevens. This can be done via the following link:
7. How we secure personal data
Grensoverschrijdend Bedrijventerrein takes the protection of personal data seriously and takes appropriate measures to prevent abuse, loss, unauthorised access, unwanted disclosure and unauthorised amendments. If a data subject has the impression that his/her data is not properly secured or there are indications of misuse, we request the data subject to contact our customer service or via firstname.lastname@example.org.