Privacy Policy

Privacy Policy Takii Europe B.V. (TEBV)

In some cases, we require information to be able to do our work and offer our service. When this relates to privacy-sensitive information, we believe that there should be no uncertainty. In this policy, we set out how we deal with personal data. We will make clear what personal data we collect and for what purposes we use this data. We explain how long we retain personal data and how this data can be viewed, modified or deleted.

Personal data is any information about an identified or identifiable natural person. This means that this information is about a specific person or that it can be directly tracked back to a person. This can include a name, date of birth and contact details, but an employee number, (business) e-mail address and (business) telephone numbers are also personal data.

Personal data processing relates to all activities we can carry out with personal data, from collecting to destroying. It is, therefore, a broad concept. Activities that fall under that concept include in any event: collecting, recording, ordering, retaining, processing, modifying, requesting, consulting, using, forwarding, disseminating, making available, accumulating, linking, blocking, erasing and destroying data.

Grounds on which, by law, we can process personal data are:

路聽聽聽聽聽聽聽聽 The data is required to be able to decide whether we enter into an (employment) agreement.

路聽聽聽聽聽聽聽聽 The data is required to enter into and/or implement the (employment) agreement.

路聽聽聽聽聽聽聽聽 The data is required to enable us to fulfil a legal requirement (for example, for the payment of taxes and premiums or the identification requirement).

路聽聽聽聽聽聽聽聽 The data is required because TEBV has a legitimate interest in the data (for example, in case of ongoing or threatened legal proceedings and TEBV must be able to mount a defence).

路聽聽聽聽聽聽聽聽 The data is required in a situation of critical importance, for example to be able to arrange help or inform others (such as designated contact persons) in an emergency situation.

路聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities.

Below, you will find our privacy principles and what we do with data if someone:

1)聽聽聽聽聽 Is a (potential) client or (potential) supplier of TEBV.
2)聽聽聽聽聽 Subscribes to our newsletter.
3)聽聽聽聽聽 Is a prospect, stakeholder and/or interested party.
4)聽聽聽聽聽 Is a (potential) TEBV employee.
5)聽聽聽聽聽 Is a visitor to TEBV.
6)聽聽聽聽聽 Makes use of our Wi-Fi network.
7)聽聽聽聽聽 Is a visitor to our website.

TEBV is committed to the protection of personal data.

We do our utmost to protect everyone鈥檚 privacy and we therefore handle personal data with all due care. TEBV complies at all times with the applicable legislation and regulations, including the General Data Protection Regulation (GDPR). This means that, in any event, we:

–聽聽聽聽聽聽聽聽聽 Process personal data in conformance with the purpose for which this information is provided. These purposes and types of personal data are described in this Privacy Policy;

–聽聽聽聽聽聽聽聽聽 Limit the processing of personal data to only the minimum information that is required for the purposes for which the information is provided;

–聽聽聽聽聽聽聽聽聽 Request express permission if we need this information to process personal data;

–聽聽聽聽聽聽聽聽聽 Have taken suitable technical and organisational measures to guarantee the protection of personal data;

–聽聽聽聽聽聽聽聽聽 Do not pass on personal data to other parties, unless this is required for achieving the objectives for which they are provided;

–聽聽聽聽聽聽聽聽聽 Are up to date of rights relating to personal data, make the involved parties aware of these rights and respect these rights.

As TEBV, we are responsible for the processing of personal data. After reading through our Privacy Policy or, in a more general sense, if you have questions about this or wish to contact us, you can do that using the contact information聽at the end of this document.

For Clients or Suppliers

TEBV processes personal data of clients or suppliers for the following purpose(s):

–聽聽聽聽聽聽聽聽聽 Administrative purposes;

–聽聽聽聽聽聽聽聽聽 Communication regarding the assignment and/or invitations;

–聽聽聽聽聽聽聽聽聽 Carrying out or issuing an assignment.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 The agreed upon assignment;

–聽聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities.

For the above objective(s), TEBV can request the following personal data:

–聽聽聽聽聽聽聽聽聽 Company name;

–聽聽聽聽聽聽聽聽聽 Invoicing address;

–聽聽聽聽聽聽聽聽聽 Delivery address;

–聽聽聽聽聽聽聽聽聽 (Business) telephone number;

–聽聽聽聽聽聽聽聽聽 (Business) e-mail address;

–聽聽聽聽聽聽聽聽聽 VAT number;

–聽聽聽聽聽聽聽聽聽 Bank account number (if applicable);

–聽聽聽聽聽聽聽聽聽 Contact person (first name, middle name, last name, department/job title (if relevant), telephone number (if relevant), e-mail (if relevant).

Additionally, we note:

–聽聽聽聽聽聽聽聽聽 Department (flowers, vegetables or home garden);

–聽聽聽聽聽聽聽聽聽 The payment terms as agreed upon;

–聽聽聽聽聽聽聽聽聽 Discount agreements (if any);

–聽聽聽聽聽聽聽聽聽 Other agreements relating to:

o聽聽 Seed quality;

o聽聽 Seed treatments;

o聽聽 Packaging units;

o聽聽 Desired labels;

o聽聽 Required (freight) documents with shipments;

o聽聽 Which transporter/shipper is used (company name, contact person);

o聽聽 Other wishes relating to the method/conditions of delivery.

–聽聽聽聽聽聽聽聽聽 Who the contact person is within TEBV;

–聽聽聽聽聽聽聽聽聽 Whether you would like to receive the annual brochure and/or price list;

–聽聽聽聽聽聽聽聽聽 Whether we can keep you op to date of new products that might interest you.

TEBV will save this personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 That you are a TEBV client or we are your client up to a maximum of 3 years after your/our last order, unless you indicate that you would like a shorter period, and then only in the financial administration for a maximum of 7 years.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

For Newsletter subscribers

On the one hand our newsletters are commercial, and on the other hand they are geared towards knowledge sharing. TEBV processes the personal data of Newsletter subscribers for the following purpose(s):

–聽聽聽聽聽聽聽聽聽 Informing subscribers through news communications.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities (using the Newsletter registration form or by registering for the 鈥榥ewsletter鈥 on the TEBV website).

For the above objective(s), TEBV can request the following personal data:

–聽聽聽聽聽聽聽聽聽 Name (First name, middle name, last name);

–聽聽聽聽聽聽聽聽聽 Gender;

–聽聽聽聽聽聽聽聽聽 Date of birth;

–聽聽聽聽聽聽聽聽聽 E-mail address.

TEBV will save this personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 During the period that people are subscribed. Every newsletter contains a link that can be used to unsubscribe at any time.

Third parties

Personal data that we collect for the newsletter will be processed by MailChimp. MailChimp is located in the United States of America, which territory ensures a suitable protection level with regard to personal data according to a adequacy decision by the European Commission. This is because MailChimp is affiliated with, and meets the requirements of, the EU-US Privacy Shield agreement. You can find the MailChimp privacy statement here.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

For prospects, stakeholder contacts and/or interested parties

TEBV processes the personal data of prospects, stakeholder contacts and/or interested parties for the following purpose(s):

–聽聽聽聽聽聽聽聽聽 Information provision in the form of newsletters and/or targeted contacts.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities (for example, by verbal permission, submitting a business card and/or by connection on LinkedIn).

For the above objective(s), TEBV can request the following personal data:

–聽聽聽聽聽聽聽聽聽 (Company) name (first name, middle name, last name);

–聽聽聽聽聽聽聽聽聽 Telephone number;

–聽聽聽聽聽聽聽聽聽 E-mail address;

–聽聽聽聽聽聽聽聽聽 Postal address;

–聽聽聽聽聽聽聽聽聽 Gender;

–聽聽聽聽聽聽聽聽聽 Date of birth.

TEBV will save this personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 For the period that an individual is considered a prospect, stakeholder contact and/or interested party;

–聽聽聽聽聽聽聽聽聽 Until a prospect, stakeholder contact and/or interested party indicates that they no longer wish to receive the information in the form of newsletters and/or targeted contacts.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

For Employees

TEBV processes the personal data of Employees in the personnel administration for the following purpose(s):

–聽聽聽聽聽聽聽聽聽 Implementing the employment agreement, including:

o聽聽 Calculation, recording and payment of the salary, reimbursements and other monetary amounts and remunerations in kind to the employee or for the employee;

o聽聽 Calculation, recording and payment of taxes and premiums for the employee;

o聽聽 Termination of the employment agreement;

o聽聽 Arranging claims for payments relating to the termination of the employment agreement;

o聽聽 The collection of receivables, including using the services of a debt collection agency;

o聽聽 Handling disputes and having audits carried out;

o聽聽 The implementation or application of another law.

–聽聽聽聽聽聽聽聽聽 Communication with the employee.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 The employment agreement;

–聽聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities.

For the above objective(s), TEBV can request the following personal data:

–聽聽聽聽聽聽聽聽聽 Last name, first name, initials, title if applicable, gender, date of birth, address, postcode, town/city, telephone number and other information that we require to communicate with the employee, such as e-mail address and business e-mail address;

–聽聽聽聽聽聽聽聽聽 Information as indicated in the first ident of parents, guardians or caregivers in case of an underage employee;

–聽聽聽聽聽聽聽聽聽 Nationality and place of birth.

Other personal data that we record includes:

–聽聽聽聽聽聽聽聽聽 Information about completed training, training to be completed, courses and internships;

–聽聽聽聽聽聽聽聽聽 Information about the position or previous position, as well as information about the nature, the content and the termination of the employment agreement;

–聽聽聽聽聽聽聽聽聽 Information in consideration of registering presence at the location where the activities are carried out;

–聽聽聽聽聽聽聽聽聽 Information in consideration of registering absence in connection with various forms of leave, reduced working hours, childbirth or illness, with the exception of information on the nature of the illness;

–聽聽聽聽聽聽聽聽聽 Information that is included in consideration of working conditions;

–聽聽聽聽聽聽聽聽聽 Information that is required in consideration of an agreed upon employment condition. This can also relate (insofar as relevant) to information about family members and former family members;

–聽聽聽聽聽聽聽聽聽 Information with regard to the implementation of the cycle of performance interviews, insofar as the information is known to the employee;

–聽聽聽聽聽聽聽聽聽 Information with regard to having an assessment carried out;

–聽聽聽聽聽聽聽聽聽 Information that is required for the implementation or application of a law;

–聽聽聽聽聽聽聽聽聽 Salary data;

–聽聽聽聽聽聽聽聽聽 Copy of ID;

–聽聽聽聽聽聽聽聽聽 Citizen鈥檚 service (BSN) number;

–聽聽聽聽聽聽聽聽聽 Bank information;

–聽聽聽聽聽聽聽聽聽 Name and contact details of contact person in case of emergency;

–聽聽聽聽聽聽聽聽聽 Member of a trade union.

TEBV will save this personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 That a person has a contract; we do not save personal data for longer than is necessary for the purpose for which the data is provided. After leaving the company, we utilise a standard retention period of 2 years after the date of leaving the company, with the exception of the personal data for which a statutory retention period applies (maximum 7 years). TEBV can also retain data for longer if we have a justified interest in doing so (for example, when legal proceedings are ongoing or are announced and TEBV must be able to mount a defence).

Transfer of personal data:

In principle, TEBV only uses the personal data of employees for its own business operations and in the context of the (implementation of) the employment agreement. TEBV will only use this information for the purposes for which it is obtained. In some instances, it can be necessary to pass on personal data to third parties, such as to a party that processes data on behalf of TEBV. Examples of this include:

o聽聽 Salary processing: information will be provided to our payroll administrator;

o聽聽 Illness and reintegration: information will be provided to the company doctor and/or the Employee Insurance Administration (UWV);

o聽聽 An attachment of earnings: information will be provided to the bailiff;

o聽聽 ICS: credit card application to a bank;

o聽聽 Having surveys carried out such as the employee satisfaction survey;

o聽聽 Travel insurance: request for travel document with insurance;

o聽聽 Second passport: municipality;

o聽聽 Employer鈥檚 declaration: mortgage lender or bank;

o聽聽 Company car: insurance.

TEBV has always entered into an agreement with these third parties concerning the purposes for which the personal data can be used, the protection of the personal data and when and how personal data will be destroyed. Moreover, TEBV will not make personal data available to other parties, unless this is legally required.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

For applicants

TEBV processes the personal data of applicants for the following purpose(s):

–聽聽聽聽聽聽聽聽聽 To assess whether the applicant is suitable for the position for which they are applying;

–聽聽聽聽聽聽聽聽聽 To be able to contact the applicant with additional questions and/or invite the applicant for a (preliminary) interview;

–聽聽聽聽聽聽聽聽聽 To be processed in preparation for a possible employment agreement.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities.

For the above objective(s), TEBV can request the following personal data:

–聽聽聽聽聽聽聽聽聽 Name (first name, middle name, last name);

–聽聽聽聽聽聽聽聽聽 Gender;

–聽聽聽聽聽聽聽聽聽 Date of birth;

–聽聽聽聽聽聽聽聽聽 Telephone number;

–聽聽聽聽聽聽聽聽聽 E-mail address;

–聽聽聽聽聽聽聽聽聽 Curriculum vitae;

–聽聽聽聽聽聽聽聽聽 All of the information relating to the applicant鈥檚 education (and list of marks), courses and internships and on the nature and content of the current occupation and/or previous occupation(s).

To whom can we provide this personal data?

–聽聽聽聽聽聽聽聽聽 Only TEBV employees who are involved in the recruitment process have direct access to this information in TEBV鈥檚 systems;

–聽聽聽聽聽聽聽聽聽 Only if the applicant is invited for an aptitude test and/or other assessment after the preliminary interview will we share the information necessary for this with our assessment firm.

TEBV will save this personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 A maximum of four weeks after the application procedure has ended, unless the applicant grants permission for this information to be retained for a longer period for possible future vacancies. In that case, we will retain the personal data for a maximum of one year after permission is granted to do so.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

For visitors

TEBV processes the personal data of visitors for the following purpose(s):

–聽聽聽聽聽聽聽聽聽 For the registration and hospitable welcoming of visitors;

–聽聽聽聽聽聽聽聽聽 For the protection of TEBV offices and employees;

–聽聽聽聽聽聽聽聽聽 To be able to see who is present at our offices in the event of disasters.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities;

–聽聽聽聽聽聽聽聽聽 Promoting the justified interests of TEBV, specifically to prevent unwanted access to our offices;

–聽聽聽聽聽聽聽聽聽 The legal obligation that rests with TEBV as an FAFS organisation to be able to safely evacuate those who are present at our locations.

For the above objective(s), TEBV can request the following personal data:

–聽聽聽聽聽聽聽聽聽 Name (first name, middle name, last name);

–聽聽聽聽聽聽聽聽聽 Company;

–聽聽聽聽聽聽聽聽聽 TEBV employee with whom the visitor has an appointment;

–聽聽聽聽聽聽聽聽聽 Arrival and departure times.

To whom can we provide this personal data?

–聽聽聽聽聽聽聽聽聽 Only TEBV employees who require the personal data to carry out their work have direct access to this information in TEBV鈥檚 systems;

TEBV will save this personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 1 year.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

For users of TEBV鈥檚 Wi-Fi

During a visit to TEBV, visitors can make free use of Wi-Fi. When people are logged in on our Wi-Fi network, data is automatically collected that is sent by the device itself. TEBV only uses this data to prevent any misuse. The use of the TEBV Wi-Fi guest network is subject to the general terms and conditions and code of conduct. More information on the use of Wi-Fi can be found here.

If illegal activities are conducted from our Wi-Fi network, we can block access on the device (unique) or the type of device (group) with which you make use of our Wi-Fi network. Blocking is also possible if a hotspot is created.

Objectives

–聽聽聽聽聽聽聽聽聽 To prevent abuse of our Wi-Fi network.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 The data is provided with clear and unequivocal permission for certain activities (by logging in to our Wi-Fi network).

For the above objective(s), TEBV can collect the following personal data about you:

–聽聽聽聽聽聽聽聽聽 Identification number (MAC address) of your device, the brand of the device and the name that the user himself has given the device.

TEBV will save your personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 One month after the most recent login on the network, this data disappears.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

The use of the TEBV Wi-Fi guest network is subject to the general terms and conditions and code of conduct.

Applicability

These terms and conditions apply to the use of the TEBV Wi-Fi guest network by anyone that uses the network to access the Internet.

Definition

Use: TEBV makes a free Wi-Fi guest network available to its visitors exclusively for personal and non-commercial use.

User: Anyone that accesses the Internet by means of the TEBV Wi-Fi guest network.

TEBV Wi-Fi guest network: Wireless network, not by means of a cable, but by radio frequency. Using the Wi-Fi guest network, users can connect to the Internet using their own devices without using cables. In this way, you are not bound to a set location, and you can establish a connection with the Internet in various places.

General terms and conditions

TEBV does not offer support with establishing a connection on third-party devices.

Where applicable, the TEBV house rules shall apply, as specified in the General Terms and Conditions of TEBV. TEBV has the right in particular cases to block Internet access.

The use of the Wi-Fi guest network is provided based on a fair use policy. This means that no set limit has been specified for the amount of data that can be sent and received.

TEBV can take measures if significantly more data traffic is used than the average. For this or other reasons, TEBV reserves the right to block Wi-Fi connection with the user and/or to temporarily or permanently block use of the Wi-Fi by a certain user if, in the opinion of TEBV, a user is acting in conflict with these terms and conditions or if, in the opinion of TEBV, there is another reason for doing so.

TEBV is not responsible for any claims that arise from activities of the user.

Code of conduct

The user undertakes to comply with the letter of the law concerning copyright. You may not upload anything to the Internet for which you are not sure that you hold the copyright.

TEBV does not accept responsibility for the information placed by a user on a server or on the Internet. A user is fully responsible for the information that is placed on the server/Internet. The content and scope of the text and images must in no case be pornographic, discriminatory or otherwise offensive and/or improper.

The user is strictly prohibited from making inflammatory statements, inciting violence, conducting criminal activities and/or other illicit activities over the network. In the event of discovery of such acts, reports of these activities will be filed, and appropriate measures will be taken. This includes, among other things:

Spamming and Invasion of Privacy – Intellectual Property Right Violations – Obscene or Indecent Speech or Materials – Defamatory or Abusive Language – Forging of Headers – Hacking – Distribution of Internet Viruses, Trojan Horses, or Other Destructive Activities – Facilitating a Violation of this Agreement of Use – Export Control Violations – Other Illegal Activities – Resale.

The user undertakes never to hold TEBV responsible for any Internet outages, network and/or loss of data or loss of income due to technical disruptions or other malfunctions.

TEBV is not liable for damage, in the broadest sense, to the user. In particular, TEBV is not liable for damage connected with or that is the result of: disruptions in, or blocking of access to, the system or the Internet by TEBV or third parties; a defect in the protection of the information saved on the systems by the customer; actions of other customers or Internet users; or changes to the login procedure, account and e-mail address.

The user that acts in conflict with his or her obligations arising from these general terms and conditions and/or code of conduct is liable for all resulting damage to TEBV.

TEBV reserves the right to make periodic changes to the general terms and conditions without prior notice. Check these terms and conditions regularly for changes.

TEBV undertakes to protect personal data as specified in the TEBV Regulations.

Before being able to use the TEBV Wi-Fi service, the user must agree to the above-described general terms and conditions and code of conduct.

These conditions of use/code of conduct and any disputes related to the use of the TEBV Wi-Fi guest network are governed by Dutch law. The court having jurisdiction in Zutphen, the Netherlands, has exclusive competence with regard to such disputes.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

For visitors to our website

Visitors to our website can leave their personal data to receive our newsletter (see the chapter on the newsletter), to receive an answer to question they ask or to respond to a vacancy. TEBV processes the personal data of visitors to our website for the following objective(s):

–聽聽聽聽聽聽聽聽聽 To contact the website visitor;

–聽聽聽聽聽聽聽聽聽 To respond to a question or to a CV and cover letter;

–聽聽聽聽聽聽聽聽聽 To improve the website itself or the information on the website.

The basis for this personal data is:

–聽聽聽聽聽聽聽聽聽 You have submitted the data with clear and unambiguous consent for certain actions.

For the above objective(s), TEBV can request the following personal data:

–聽聽聽聽聽聽聽聽聽 Name (first name, middle name, last name);

–聽聽聽聽聽聽聽聽聽 Company;

–聽聽聽聽聽聽聽聽聽 Telephone number;

–聽聽聽聽聽聽聽聽聽 E-mail address.

For more information on the privacy policy regarding applicants, click here.

We use various cookies on our website. Would you like to know more about cookies? If so, read our cookie policy here.

TEBV will save this personal data for the above-mentioned processing for the period:

–聽聽聽聽聽聽聽聽聽 Necessary for the purpose for which we process it.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

Issuing to third parties

We can make data that is provided to us available to third parties, if this is required for carrying out one of the above-mentioned tasks.

For example, we use third parties to:

–聽聽聽聽聽聽聽聽聽 Provide the Internet environment for the GDPR programme;

–聽聽聽聽聽聽聽聽聽 Handling the (financial) administration;

–聽聽聽聽聽聽聽聽聽 Preparing newsletters and invitations;

–聽聽聽聽聽聽聽聽聽 Arranging transportation for your order;

–聽聽聽聽聽聽聽聽聽 Printing business cards;

–聽聽聽聽聽聽聽聽聽 Booking trips.

We never make personal data available to other parties with whom we have not concluded a processing agreement. We of course reach the necessary agreements with these parties (processors) in this regard, to guarantee the protection of your personal data. Moreover, TEBV will not make personal data provided available to other parties, unless this is legally required and permitted. An example of this is if police officials request (personal) data from us as part of an investigation. In such cases, we must grant our cooperation and we are therefore required to provide this data. Additionally, we can share personal data with third parties if we are given written permission to do so.

We will never sell data to other parties.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

 

Sending data abroad

Within the EU

We do not make personal data available to parties that are located in other EU countries, with the exception of Takii Group locations. These Takii Group locations satisfy the general requirements of the GDPR.

Outside the EU

We do not provide personal data to parties that are based in countries outside the EU, unless the European Commission has reached an 鈥榓dequacy decision鈥 (Article 45 of the GDPR) or unless an appropriate guarantee has been provided (model contract provision as specified by the European Commission (Article 46 (2) under b)).

At this time, we share personal data with MailChimp, which is based in the United States of America, which territory ensures an adequate level of protection with regard to personal data in accordance with an adequacy decision by the European Commission.

We also share personal data with Takii & Co., Ltd., based in Japan, during which the protection of personal data is ensured under a model contract clause between TEBV and Takii & Co.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

Minors

We only collect the personal data of minors (people younger than 16 years of age) if written permission is given to do so by the parent, guardian or legal representative.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

Retention period

TEBV does not retain personal data for longer than necessary for the purpose for which this data is provided or for longer than required by law.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

Protection

We have taken suitable technical and organisational measures to protect personal data against unlawful processing. For example, we have taken the following measures:

–聽聽聽聽聽聽聽聽聽 All individuals that can access your data on behalf of TEBV are required to keep that data confidential;

–聽聽聽聽聽聽聽聽聽 We utilise a username and password policy on all of our systems;

–聽聽聽聽聽聽聽聽聽 We pseudonymise personal data and provide encryption of personal data if there is reason to do so;

–聽聽聽聽聽聽聽聽聽 We make backups of the personal data to be able to recover information in case of physical or technical incidents;

–聽聽聽聽聽聽聽聽聽 We regularly test and evaluate our measures;

–聽聽聽聽聽聽聽聽聽 Our employees are informed of the importance of protecting personal data.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

Rights regarding your data

You also have the right to access, amend and delete the personal data that we have received from you. You can also object to the processing of your personal data (or a portion of the data) by us or by one of our processors. You also have the right to have us transfer the data that you have submitted either to yourself or, on your behalf, directly to another party. We can ask you to provide valid identification before we can comply with the above-mentioned request.

If we are permitted to process your personal data based on permission you have granted to do so, you always have the right to withdraw this permission.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

TEBV data leak protocol

(relating to procedures on the reporting and handling of data leaks)

If personal data falls into the hands of third parties that should not have access to that data, we refer to this as a data leak. A data leak is the result of a security problem. In most cases, this relates to leaked computer files, although a stolen printed customer list can also form a data leak. Other examples: cyber-attacks, e-mail sent to incorrect addresses, stolen laptops, discarded but not erased computers and lost USB sticks. Illegally obtained business information about a production process or market strategy is valuable information but does not fall under the usual definition of a data leak. If a company telephone is lost or stolen, that is a potential data leak. There is no data leak if a private telephone is lost (the GDPR does not apply to the processing of personal data for exclusively personal or domestic purposes).

Introduction

This document describes the actions to be carried out by TEBV in case of a data leak as defined in the General Data Protection Regulation (GDPR).

A data leak is a security breach involving personal data. The personal data are then exposed to loss or unlawful processing.

A data leak must be reported immediately to the Data Protection Authority (DPA) and, in certain cases, also to the involved party or parties. The involved party is the party whose personal data is leaked.

The reporting obligation also applies to TEBV if the data leak occurs at a third party鈥檚 location, for example, a processor of personal data from TEBV (鈥楶rocessor鈥).

Identification of a data leak: organisation

The employee that identifies a (possible) data leak must report this incident immediately to the Board of TEBV and to the TEBV data protection officer (DPO).

A TEBV employee or a Processor is authorised at all times to submit a report independently to the DPO The data leak notification requirement as described in this protocol will then be started.

When must a data leak be reported?

Not all incidents must be reported to the DPA. Only incidents that meet the following criteria must be reported:

  • an incident for which there is a 鈥榗onsiderable chance鈥 of serious negative consequences for the people whose data is lost;
  • an incident that can have serious consequences for the protection of personal data (for example, the loss of a USB stick with personal data).
    More information on whether a data leak must be reported to the DPA and/or involved party or parties is described in greater detail below.

More information on whether a data leak must be reported to the DPA and/or involved party or parties is described in greater detail below.

Identification of an incident/has a data leak occurred?

The DPO will arrange as quickly as possible the inventory and collection of the information that is required to report a data leak to the DPA (if applicable). The form from the DPA can serve as the basis for reporting data leaks. The form is available at the following website:

datalekken.autoriteitpersoonsgegevens.nl

Based on the information obtained and in the event of a suspected data leak, in consultation between the business director and chairman of the board, the DPO and any other responsible and/or involved persons in the TEBV organisation or the relevant Processor, an assessment will be made of whether a data leak has actually occurred.

During that consultation, an assessment can also be made of whether immediate measures must be taken to limit the damage as much as possible, including submitting a (provisional) report to the involved parties. If required, advice can be requested from the legal advisor and/or the communications consultant, if present.

In case of an incident that must be reported to the DPA, the overview in the policy rules 鈥楧ata leak notification requirement in the General Data Protection Regulation鈥 of the DPA must be used, which can be found at the following website:

https://autoriteitpersoonsgegevens.nl/uploads/imported/policy_rules_data_breach_notification_obligation.pdf

During the assessment of whether a data leak has occurred, the following factors are relevant:

  • has personal data been unlawfully processed?

this refers, among other things, to the unintentional or illegal destruction, loss or changing of processed personal data or unauthorised access to processed personal data or the unauthorised disclosure of that data;

  • has personal data been lost?

this means TEBV (or, in fact, its Processor) no longer has this information, because it has been destroyed or has in some other way been lost;

  • is there a single deficiency or vulnerability in the protection?
  • can it be reasonably ruled out that a security breach has led to unlawful processing?
  • have personal data of a sensitive nature been leaked?

sensitive personal data includes among other things (i) information regarding the involved party鈥檚 financial or economic situation, (ii) information that can lead to stigmatisation or exclusion of the involved party, (iii) usernames, passwords and other login data and (iv) information that can be used for (identity) fraud;

  • do the nature and scope of the breach lead to (a considerable chance) of serious negative consequences?

during the assessment of whether this situation applies, the following factors, among others, are significant: (i) the scope of the processing, (ii) the question of whether the breach involves a large amount of personal data per person and/or the data of large groups of involved parties, (iii) the impact of loss or unlawful processing of personal data, (iv) the sharing of the personal data with third parties as a result of which the consequences of loss and unauthorised change of personal data can also have an impact elsewhere and (v) involvement of vulnerable groups.

If the incident has not led to loss or wrongful processing of personal data, this is not a data leak, but rather a security breach. In that case, reporting to the DPA is not necessary.

If the conclusion is reached that a (potential) data leak has occurred, the communication pathway towards the involved party or parties and (if applicable) the relevant Processor will be discussed between the board of TEBV and the DPO.

Reporting to the Data Protection Authority

The board of TEBV or the DPO handles the prompt reporting to the DPA in accordance with the above-mentioned DPA reporting form. Pursuant to the GDPR, the notification must be submitted immediately, without undue delay, and if possible no later than 72 hours after the discovery of the data leak. The Board will also be informed of the notification.

The Board of TEBV (or, upon request from the board, the DPO) functions as the contact person with respect to the communication with the DPA. Depending on the nature of the data leak or if it turns out that the incident is not a data leak, the notification to the DPA will be supplemented or withdrawn.

The Board or (upon request from the board) the DPO will ensure that the employees involved in the incident are informed and will ask the employees involved in the incident to prepare a report as soon as possible on the circumstances of the incident. This written information will be submitted to the board and the DPO to be added to the TEBV鈥檚 data leak file.

Following receipt of the notification to the DPA, the DPA will send a confirmation. The DPA will only contact you if it sees reason to do so.

Has the system been hacked?

In case of a data leak as a result of an (unethical) hack (Article 138ab Dutch Penal Code), it is important to determine what the nature of the leaked personal data is and what the risks of misuse are for the involved party or parties. In case of a hack, in addition to the notification to the DPA, it can also be worthwhile to report the hack to police. In that case, the DPO will ensure consultation with the board of TEBV.

Must the data leak be reported to the involved party or parties?

If a data leak is reported to the DPA, it must be determined whether the data leak must also be reported to the parties to whom this personal data relates. The board will determine that in consultation with the DPO.

The assessment of whether an incident must be reported to the involved parties can be established using the overviews in the 鈥楧ata leak notification requirement in the General Data Protection Regulation鈥 policy rules of the DPA, which can be found at the website mentioned above.

As part of the consideration of whether the data leak must be reported to the involved parties, the following points, among others, are of importance:

  • if TEBV has taken suitable technical protective measures, as a result of which the personal data to which this relates is incomprehensible or inaccessible to everyone that has a right to view the information, the involved party or parties do not need to be notified. In case of doubt, the data leak must be reported to the involved party or parties;
  • the data leak must be reported to the involved party or parties if the infringement is likely to have unfavourable consequences for their privacy.

The interests of the involved party or parties can be harmed as a result of loss, wrongful use or misuse of personal data. The damage can be of a material or immaterial nature, for example, unlawful publication, defamation of character, identity fraud or discrimination;

The involved party or parties need not be informed if there are significant reasons for this. Notification can only be omitted if this is necessary in consideration of (i) the security of the state, (ii) the prevention, investigation and prosecution of criminal offences, (iii) substantial economic and financial interests of the state and other public bodies, (iv) supervision of compliance with the legal provisions that are set on behalf of the interests as specified under (ii) and聽(iii), or (v) the protection of the involved party or of the rights and freedoms of others).

Procedure for notifying involved party or parties

On assignment from the board of TEBV, the DPO will prepare a notification for the involved party or parties in consultation with the communications advisor and legal advisor. The DPO determines what will be reported to the involved party or parties.

The notification contains, in any event, the nature of the infringement, contact details for TEBV and a contact person or information point where the involved party or parties can find more information about the infringement and the measures that TEBV recommends involved party or parties to take to limit the negative consequences of the infringement.

The data leak must be reported immediately to the involved party or parties. This means that, after discovery of the data leak, TEBV can take some time for further investigation so that TEBV can inform the involved party in a proper and careful manner. When doing this, consideration should be given to the (possible) fact that, as a result of the notifications, the involved party or parties must possibly take measures to protect against the consequences of the data leak. The sooner the involved party or parties are informed of that, the sooner those measures can be implemented.

The involved party or parties will be informed individually.

IThe notification to the DPA indicates whether or not the data leak has been reported to the involved party or parties. If the period specified to the DPA within which notification must be sent to the involved party or parties cannot be met, the DPO must notify the DPA by means of an adjustment to the previous notification.

Data leak investigation and determining improvement measures

As soon as possible after identifying the incident, the DPO will initiate an (internal) investigation into the facts of the (possible) data leak and address the question of whether and how such incidents can be avoided in the future.

In consultation with the board of TEBV, the DPO can speak with employees of TEBV and/or other relevant persons (such as any employees of the Processor(s) of TEBV), view all relevant documents and have access to all locations insofar as necessary for a thorough investigation;

Where necessary, the DPO can propose that the board of TEBV bring in external personnel if that is necessary for a proper investigation.

The DPO will report the conclusions of the above-mentioned investigation as quickly as possible to the board and the management of TEBV.

In consultation, which in any event the board of TEBV and the DPO attend, the results of the above-mentioned investigation will be discussed and agreements will be reached regarding improvement measures to avoid a repeat of the incident to the extent possible.

The board of TEBV will report to management on what improvement measures will be implemented and ensures that the designated improvement measures are implemented and are communicated within the TEBV organisation (and externally where necessary, such as to a Processor).

Data leak file

The data leak file will be maintained digitally by the DPO and the secretariat of the board of TEBV for the a period of at least 1 year. A longer period of at least 3 years can apply, as specified in the 鈥楧ata leak notification requirement in the General Data Protection Regulation鈥 policy rules of the DPA, page聽46.

Please contact us if you would you like to know more, for example, about where your information will be saved, or who you must contact to delete your data.

Complaints

If you have complaints about the processing of your personal data, we ask that you contact us about this immediately. If we are unable to find a solution together with you, we of course find this very unfortunate. You always have the right to submit a complaint to the Data Protection Authority, which is the supervisory authority in the area of privacy protection.

Questions

If you still have questions or comments regarding our Privacy Statement, contact us!
privacy@takii.eu

Takii Europe B.V.
Hoofdweg 19
1424 PC De Kwakel, the Netherlands
+31(0)297-345 700

Who is responsible for your data?

Takii Europe B.V.
Hoofdweg 19
1424 PC De Kwakel,
the Netherlands

Can this Privacy policy be modified?

Yes, this privacy policy can be modified. This version is from 22-12-2023. We recommend that you check the privacy policy regularly. We will inform you separately with regard to major changes.

G眉ncel kal谋n

B眉ltenimize abone olun ve en g眉ncel geli艧melerimizden, 眉r眉nlerimizden ve etkinliklerimizden haberdar olun.

Nas谋l yard谋m edebiliriz?

Uzman ekibimiz size yard谋mc谋 olmaktan ve her t眉rl眉 soruyu yan谋tlamaktan mutluluk duyacakt谋r.

Temasta olmak