Version May 2018
1. Who are we?
Responsible for the processing of personal data is:
van der Pol-Consulting bv, Rentmeester 7, 6561 CT Groesbeek
websites https://vanderpol-consulting.com and https://vanderpol-consulting.nl
The data protection officer can be contacted via
2. Which data, for what purpose and for how long?
In the event of contact with van der Pol-Consulting bv (hereinafter referred to as vdPConsulting) via the website, by telephone, e-mail and other digital communication forms, privacy-sensitive data or personal data are processed. vdPConsulting considers a careful handling of personal data of great importance. Personal data is therefore carefully processed and secured by us.
In our processing we comply with the requirements set by the General Data Protection Regulation (GDPR). We therefore respect the following rights:
- right to inspect the personal data processed by us;
- the right to rectification and addition of the personal data we process;
- the right to limit the processing, if you wish, we will process less data if requested;
- right to forgetfulness so that your information is completely removed;
- the right to data portability with which your personal data can be transferred;
- law with regard to automated decision-making and profiling, there is a human look at decisions;
- right to object to data processing.
Use of personal data
vdPConsulting will only keep and use the personal data that you provide or which is clear when it is submitted that we are provided to us to be processed. vdPConsulting will not use the personal data for other purposes than you have given permission in advance.
vdPConsulting processes and stores your personal data as long as there is a (possibly future) agreement for the hiring of services of vdPConsulting, unless you have indicated that your personal data must be deleted immediately.
After expiry of the retention period, vdPConsulting will destroy and/or anonymise the personal data in that current year, unless it is obliged by law (for example under tax legislation) to retain certain personal data for a longer period of time. In the latter case, only this specific personal data will be retained during the legal storage period.
When you leave a comment on our website, that reaction and the metadata of that response will be kept forever. In this way we can automatically recognize and approve follow-up reactions instead of moderating them.
vdPConsulting processes the following data:
- first name, last name, company name, address, phone number, e-mail address and social media profile in order to include this data in the customer database.
- When you visit our website, your IP address is automatically stored in the log files of our web server. This is necessary to enable us to manage and secure the web server in a good way. We do not use your IP address to track and register your behavior online. We are normally not able to link your IP address to your name, address or other identifying information, unless you actively provide us with such information and continue to use the same IP address.
- When visitors leave comments on the website, we collect the data shown in the response form and also the IP address of the visitor and the browser user agent string to help detect spam.
Reactions from visitors can be guided through an automated spam detection service.
- Contact forms/Cookies
When you leave a comment on our site, you can indicate whether we can store your name, your e-mail address and website in a cookie. We do this for your convenience so that you do not need to re-enter this information for a new response. These cookies are valid for one year.
Third party websites
Messages on this site can show embedded content. For example, videos, images, messages. Embedded content from other websites behaves exactly the same as if the visitor had visited this other website.
3. Security measures and processors
To protect your personal data vdPConsulting has taken appropriate technical and organizational measures. This protects your personal data against unauthorized or unlawful processing and against unintentional loss, destruction or damage.
vdPConsulting uses the services of third parties, so-called processors, for the processing of the personal data. These processors process the personal data exclusively on behalf of vdPConsulting. vdPConsulting has a processor agreement with the processors. In a processor agreement, it is guaranteed which obligations the other party has, which processing operations may be carried out and how vdPConsulting supervises this.
You can request a list of our processors via the data protection officer.
4. Right of inspection, removal and questions complaints
Would you like to submit a request to view, receive, change or delete your personal data, or do you want to object to the (further) processing of your personal data or submit a complaint about the way in which your personal data are used? Please contact the data protection officer. vdPConsulting will always process your request immediately and inform you, at least within one month of receipt of the request, about the follow-up given to the request. If vdPConsulting does not grant your request, it will always explain this in more detail.
5. Provision to third parties
We will not pass on the information provided by you to other parties if you have not given permission for this, unless this is necessary in the context of the implementation of the agreement that you conclude with us or if this is legally required.
6. Data leaks
We record for each data breach:
- a short description of the leak;
- when it happened;
- what happened to the data (lost, unauthorized, copied or modified);
- which (group of) people have leaked data, and how many people are involved;
- what types of data are involved;
- the (possible) consequences of the infringement (eg a risk of identity fraud or reputational damage);
- the measures taken as a result of the leak (for example, deleting data remotely, or changing passwords) and what actions have been taken to ensure that it can not happen again.
By means of this registration we want to learn from the event in order to prevent it as much as possible in the future. Where necessary, we will inform those about whom the data are going (the data subjects).
In addition, registration to the Dutch Data Protection Authority can demonstrate that data leaks are monitored and monitored. If the leak poses a risk of negative consequences such as identity fraud or reputational damage, this will be reported to the Dutch Data Protection Authority.