In some cases, we require information to be able to do our work and offer our service. When this relates to privacy-sensitive information, we believe that there should be no uncertainty. In this policy, we set out how we deal with personal data. We will make clear what personal data we collect and for what purposes we use this data. We explain how long we retain personal data and how this data can be viewed, modified or deleted. Personal data is any information about an identified or identifiable natural person. This means that this information is about a specific person or that it can be directly tracked back to a person. This can include a name, date of birth and contact details, but an employee number, (business) e-mail address and (business) telephone numbers are also personal data.
Personal data processing relates to all activities we can carry out with personal data, from collecting to destroying. It is, therefore, a broad concept. Activities that fall under that concept include in any event: collecting, recording, ordering, retaining, processing, modifying, requesting, consulting, using, forwarding, disseminating, making available, accumulating, linking, blocking, erasing and destroying data.
Grounds on which, by law, we can process personal data are:
Below, you will find our privacy principles and what we do with data if someone:
TEBV attaches a great deal of importance to the protection of personal data.
We do our utmost to protect everyone’s privacy and we therefore handle personal data with all due care. TEBV complies at all times with the applicable legislation and regulations, including the General Data Protection Regulation (GDPR). This means that, in any event, we:
As TEBV, we are responsible for the processing of personal data. After reading through our Privacy Policy or, in a more general sense, if you have questions about this or wish to contact us, you can do that using the contact information at the end of this page.
TEBV processes personal data of clients or suppliers for the following purpose(s):
Administrative purposes;
The basis for this personal data is:
For the above objective(s), TEBV can request the following personal data:
Additionally, we note:
TEBV will save this personal data for the above-mentioned processing for the period:
Would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data > more
TEBV processes the personal data of prospects, stakeholder contacts and/or interested parties for the following purpose(s):
The basis for this personal data is:
For the above objective(s), TEBV can request the following personal data:
TEBV will save this personal data for the above-mentioned processing for the period:
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
TEBV processes the personal data of applicants for the following purpose(s):
The basis for this personal data is:
For the above objective(s), TEBV can request the following personal data:
To whom can we provide this personal data?
TEBV will save this personal data for the above-mentioned processing for the period:
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
TEBV processes the personal data of visitors for the following purpose(s):
The basis for this personal data is:
For the above objective(s), TEBV can request the following personal data:
To whom can we provide this personal data?
TEBV will save this personal data for the above-mentioned processing for the period:
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
During a visit to TEBV, visitors can make free use of Wi-Fi. When people are logged in on our Wi-Fi network, data is automatically collected that is sent by the device itself. TEBV only uses this data to prevent any misuse. The use of the TEBV Wi-Fi guest network is subject to the general terms and conditions and code of conduct. More information on the use of Wi-Fi can be found here.
If illegal activities are conducted from our Wi-Fi network, we can block access on the device (unique) or the type of device (group) with which you make use of our Wi-Fi network. Blocking is also possible if a hotspot is created.
Objectives
The basis for this personal data is:
For the above objective(s), TEBV can collect the following personal data about you:
TEBV will save your personal data for the above-mentioned processing for the period:
Would you like to know more, for example, about where your information will is stored, or who you must contact to delete your data, > more
These terms and conditions apply to the use of the TEBV Wi-Fi guest network by anyone that uses the network to access the Internet.
Use: TEBV makes a free Wi-Fi guest network available to its visitors exclusively for personal and non-commercial use.
User: Anyone that accesses the Internet by means of the TEBV Wi-Fi guest network.
TEBV Wi-Fi guest network: Wireless network, not by means of a cable, but by radio frequency. Using the Wi-Fi guest network, users can connect to the Internet using their own devices without using cables. In this way, you are not bound to a set location and you can establish a connection with the Internet in various places.
TEBV does not offer support with establishing a connection on third-party devices.
Where applicable, the TEBV house rules shall apply, as specified in the General Terms and Conditions of TEBV. TEBV has the right in particular cases to block Internet access.
The use of the Wi-Fi guest network is provided based on a fair use policy. This means that no set limit has been specified for the amount of data that can be sent and received.
TEBV can take measures if significantly more data traffic is used than the average. For this or other reasons, TEBV reserves the right to block Wi-Fi connection with the user and/or to temporarily or permanently block use of the Wi-Fi by a certain user if, in the opinion of TEBV, a user is acting in conflict with these terms and conditions or if, in the opinion of TEBV, there is another reason for doing so.
TEBV is not responsible for any claims that arise from activities of the user.
The user undertakes to comply with the letter of the law concerning copyright. You may not upload anything to the Internet for which you are not sure that you hold the copyright.
TEBV does not accept responsibility for the information placed by a user on a server or on the Internet. A user is fully responsible for the information that is placed on the server/Internet. The content and scope of the text and images must in no case be pornographic, discriminatory or otherwise offensive and/or improper.
The user is strictly prohibited from making inflammatory statements, inciting violence, conducting criminal activities and/or other illicit activities over the network. In the event of discovery of such acts, reports of these activities will be filed and appropriate measures will be taken. This includes, among other things:
Spamming and Invasion of Privacy – Intellectual Property Right Violations – Obscene or Indecent Speech or Materials – Defamatory or Abusive Language – Forging of Headers – Hacking – Distribution of Internet Viruses, Trojan Horses, or Other Destructive Activities – Facilitating a Violation of this Agreement of Use – Export Control Violations – Other Illegal Activities – Resale.
The user undertakes never to hold TEBV responsible for any Internet outages, network and/or loss of data or loss of income due to technical disruptions or other malfunctions.
TEBV is not liable for damage, in the broadest sense, to the user. In particular, TEBV is not liable for damage connected with or that is the result of: disruptions in, or blocking of access to, the system or the Internet by TEBV or third parties; a defect in the protection of the information saved on the systems by the customer; actions of other customers or Internet users; or changes to the login procedure, account and e-mail address.
The user that acts in conflict with his or her obligations arising from these general terms and conditions and/or code of conduct is liable for all resulting damage to TEBV.
TEBV reserves the right to make periodic changes to the general terms and conditions without prior notice. Check these terms and conditions regularly for changes.
TEBV undertakes to protect personal data as specified in the TEBV Regulations.
Before being able to use the TEBV Wi-Fi service, the user must agree to the above-described general terms and conditions and code of conduct.
These conditions of use/code of conduct and any disputes related to the use of the TEBV Wi-Fi guest network are governed by Dutch law. The court having jurisdiction in Zutphen, the Netherlands, has exclusive competence with regard to such disputes.
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
Visitors to our website can leave their personal data to receive our newsletter (see the chapter on the newsletter), to receive an answer to a question they ask or to respond to a vacancy. TEBV processes the personal data of visitors to our website for the following objective(s):
The basis for this personal data is:
For the above objective(s), TEBV can request the following personal data:
For more information on the privacy policy regarding applicants, click here.
We use various cookies on our website. Would you like to know more about cookies? If so, read our cookie policy.
TEBV will save this personal data for the above-mentioned processing for the period:
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
We can make data that is provided to us available to third parties, if this is required for carrying out one of the above-mentioned tasks.
For example, we use third parties to:
We never make personal data available to other parties with whom we have not concluded a processing agreement. We of course reach the necessary agreements with these parties (processors) in this regard, to guarantee the protection of your personal data. Moreover, TEBV will not make personal data provided available to other parties, unless this is legally required and permitted. An example of this is if police officials request (personal) data from us as part of an investigation. In such cases, we must grant our cooperation and we are therefore required to provide this data. Additionally, we can share personal data with third parties if we are given written permission to do so.
We will never sell data to other parties.
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
We do not make personal data available to parties that are located in other EU countries, with the exception of Takii Group locations. These Takii Group locations satisfy the general requirements of the GDPR.
We do not provide personal data to parties that are based in countries outside the EU, unless the European Commission has reached an ‘adequacy decision’ (Article 45 of the GDPR) or unless an appropriate guarantee has been provided (model contract provision as specified by the European Commission (Article 46 (2) under b)).
At this time, we share personal data with MailChimp, which is based in the United States of America, which territory ensures an adequate level of protection with regard to personal data in accordance with an adequacy decision by the European Commission.
We also share personal data with Takii & Co., Ltd., based in Japan, during which the protection of personal data is ensured under a model contract clause between TEBV and Takii & Co.
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
We only collect the personal data of minors (people younger than 16 years of age) if written permission is given to do so by the parent, guardian or legal representative.
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
TEBV does not retain personal data for longer than necessary for the purpose for which this data is provided or for longer than required by law.
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
We have taken suitable technical and organisational measures to protect personal data against unlawful processing. For example, we have taken the following measures:
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
You also have the right to access, amend and delete the personal data that we have received from you. You can also object to the processing of your personal data (or a portion of the data) by us or by one of our processors. You also have the right to have us transfer the data that you have submitted either to yourself or, on your behalf, directly to another party. We can ask you to provide valid identification before we can comply with the above-mentioned request.
If we are permitted to process your personal data based on permission you have granted to do so, you always have the right to withdraw this permission.
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
(relating to procedures on the reporting and handling of data leaks)
If personal data falls into the hands of third parties that should not have access to that data, we refer to this as a data leak. A data leak is the result of a security problem. In most cases, this relates to leaked computer files, although a stolen printed customer list can also form a data leak. Other examples: cyber attacks, e-mail sent to incorrect addresses, stolen laptops, discarded but not erased computers and lost USB sticks. Illegally obtained business information about a production process or market strategy is valuable information, but does not fall under the usual definition of a data leak. If a company telephone is lost or stolen, that is a potential data leak. There is no data leak if a private telephone is lost (the GDPR does not apply to the processing of personal data for exclusively personal or domestic purposes).
This document describes the actions to be carried out by TEBV in case of a data leak as defined in the General Data Protection Regulation (GDPR).
A data leak is a security breach involving personal data. The personal data are then exposed to loss or unlawful processing.
A data leak must be reported immediately to the Data Protection Authority (DPA) and, in certain cases, also to the involved party or parties. The involved party is the party whose personal data is leaked.
The reporting obligation also applies to TEBV if the data leak occurs at a third party’s location, for example, a processor of personal data from TEBV (‘Processor’).
The employee that identifies a (possible) data leak must report this incident immediately to the Board of TEBV and to the TEBV data protection officer (DPO).> A TEBV employee or a Processor is authorised at all times to submit a report independently to the DPO The data leak notification requirement as described in this protocol will then be started.
Not all incidents must be reported to the DPA. Only incidents that meet the following criteria must be reported:
More information on whether a data leak must be reported to the DPA and/or involved party or parties is described in greater detail below.
The DPO will arrange as quickly as possible the inventory and collection of the information that is required to report a data leak to the DPA (if applicable). The form from the DPA can serve as the basis for reporting data leaks. The form is available on this website.
Based on the information obtained and in the event of a suspected data leak, in consultation between the business director and chairman of the board, the DPO and any other responsible and/or involved persons in the TEBV organisation or the relevant Processor, an assessment will be made of whether a data leak has actually occurred.
During that consultation, an assessment can also be made of whether immediate measures must be taken to limit the damage as much as possible, including submitting a (provisional) report to the involved parties. If required, advice can be requested from the legal advisor and/or the communications consultant, if present.
In case of an incident that must be reported to the DPA, the overview in the policy rules ‘Data leak notification requirement in the General Data Protection Regulation’ of the DPA must be used, which can be found at this website.
During the assessment of whether a data leak has occurred, the following factors are relevant:
this refers, among other things, to the unintentional or illegal destruction, loss or changing of processed personal data or unauthorised access to processed personal data or the unauthorised disclosure of that data;
this means TEBV (or, in fact, its Processor) no longer has this information, because it has been destroyed or has in some other way been lost;
sensitive personal data includes among other things (i) information regarding the involved party’s financial or economic situation, (ii) information that can lead to stigmatisation or exclusion of the involved party, (iii) user names, passwords and other login data and (iv) information that can be used for (identity) fraud;
during the assessment of whether this situation applies, the following factors, among others, are significant: (i) the scope of the processing, (ii) the question of whether the breach involves a large amount of personal data per person and/or the data of large groups of involved parties, (iii) the impact of loss or unlawful processing of personal data, (iv) the sharing of the personal data with third parties as a result of which the consequences of loss and unauthorised change of personal data can also have an impact elsewhere and (v) involvement of vulnerable groups.
If the incident has not led to loss or wrongful processing of personal data, this is not a data leak, but rather a security breach. In that case, reporting to the DPA is not necessary.
If the conclusion is reached that a (potential) data leak has occurred, the communication pathway towards the involved party or parties and (if applicable) the relevant Processor will be discussed between the board of TEBV and the DPO.
The board of TEBV or the DPO handles the prompt reporting to the DPA in accordance with the above-mentioned DPA reporting form. Pursuant to the GDPR, the notification must be submitted immediately, without undue delay, and if possible no later than 72 hours after the discovery of the data leak. The Board will also be informed of the notification.
The Board of TEBV (or, upon request from the board, the DPO) functions as the contact person with respect to the communication with the DPA. Depending on the nature of the data leak or if it turns out that the incident is not a data leak, the notification to the DPA will be supplemented or withdrawn.
The Board or (upon request from the board) the DPO will ensure that the employees involved in the incident are informed and will ask the employees involved in the incident to prepare a report as soon as possible on the circumstances of the incident. This written information will be submitted to the board and the DPO to be added to the TEBV’s data leak file.
Following receipt of the notification to the DPA, the DPA will send a confirmation. The DPA will only contact you if it sees reason to do so.
In case of a data leak as a result of an (unethical) hack (Article 138ab Dutch Penal Code), it is important to determine what the nature of the leaked personal data is and what the risks of misuse are for the involved party or parties. In case of a hack, in addition to the notification to the DPA, it can also be worthwhile to report the hack to police. In that case, the DPO will ensure consultation with the board of TEBV.
Must the data leak be reported to the involved party or parties?
If a data leak is reported to the DPA, it must be determined whether the data leak must also be reported to the parties to whom this personal data relates. The board will determine that in consultation with the DPO.
The assessment of whether an incident must be reported to the involved parties can be established using the overviews in the ‘Data leak notification requirement in the General Data Protection Regulation’ policy rules of the DPA, which can be found at the website mentioned above.
As part of the consideration of whether the data leak must be reported to the involved parties, the following points, among others, are of importance:
The interests of the involved party or parties can be harmed as a result of loss, wrongful use or misuse of personal data. The damage can be of a material or immaterial nature, for example, unlawful publication, defamation of character, identity fraud or discrimination;
The involved party or parties need not be informed if there are significant reasons for this. Notification can only be omitted if this is necessary in consideration of (i) the security of the state, (ii) the prevention, investigation and prosecution of criminal offences, (iii) substantial economic and financial interests of the state and other public bodies, (iv) supervision of compliance with the legal provisions that are set on behalf of the interests as specified under (ii) and (iii), or (v) the protection of the involved party or of the rights and freedoms of others).
On assignment from the board of TEBV, the DPO will prepare a notification for the involved party or parties in consultation with the communications advisor and legal advisor. The DPO determines what will be reported to the involved party or parties.
The notification contains, in any event, the nature of the infringement, contact details for TEBV and a contact person or information point where the involved party or parties can find more information about the infringement and the measures that TEBV recommends involved party or parties to take to limit the negative consequences of the infringement.
The data leak must be reported immediately to the involved party or parties. This means that, after discovery of the data leak, TEBV can take some time for further investigation so that TEBV can inform the involved party in a proper and careful manner. When doing this, consideration should be given to the (possible) fact that, as a result of the notifications, the involved party or parties must possibly take measures to protect against the consequences of the data leak. The sooner the involved party or parties are informed of that, the sooner those measures can be implemented.
The involved party or parties will be informed individually.
The notification to the DPA indicates whether or not the data leak has been reported to the involved party or parties. If the period specified to the DPA within which notification must be sent to the involved party or parties cannot be met, the DPO must notify the DPA by means of an adjustment to the previous notification.
As soon as possible after identifying the incident, the DPO will initiate an (internal) investigation into the facts of the (possible) data leak and address the question of whether and how such incidents can be avoided in the future.
In consultation with the board of TEBV, the DPO can speak with employees of TEBV and/or other relevant persons (such as any employees of the Processor(s) of TEBV), view all relevant documents and have access to all locations insofar as necessary for a thorough investigation;
Where necessary, the DPO can propose that the board of TEBV bring in external personnel if that is necessary for a proper investigation.
The DPO will report the conclusions of the above-mentioned investigation as quickly as possible to the board and the management of TEBV.
In consultation, which in any event the board of TEBV and the DPO attend, the results of the above-mentioned investigation will be discussed and agreements will be reached regarding improvement measures to avoid a repeat of the incident to the extent possible.
The board of TEBV will report to management on what improvement measures will be implemented and ensures that the designated improvement measures are implemented and are communicated within the TEBV organisation (and externally where necessary, such as to a Processor).
The data leak file will be maintained digitally by the DPO and the secretariat of the board of TEBV for the period of at least 1 year. A longer period of at least 3 years can apply, as specified in the ‘Data leak notification requirement in the General Data Protection Regulation’ policy rules of the DPA, page 46.
Would you like to know more, for example, about where your information is stored, or who you must contact to delete your data, > more
If you have complaints about the processing of your personal data, we ask that you contact us about this immediately. If we are unable to find a solution together with you, we of course find this very unfortunate. You always have the right to submit a complaint to the Data Protection Authority, which is the supervisory authority in the area of privacy protection.
If you still have questions or comments regarding our Privacy Statement, contact us!
privacy@takii.eu
Takii Europe B.V.
Hoofdweg 19
1424 PC De Kwakel, the Netherlands
+31(0)297-345 700
Takii Europe B.V.
Hoofdweg 19
1424 PC De Kwakel,
the Netherlands
Yes, this privacy policy can be modified. This version is from 01-11-2018. We recommend that you check the privacy policy regularly. We will inform you separately with regard to major changes.