Below you can read how we process your data, where we save it, what security techniques we use and to whom the data is visible.
For our regular business email, we use the email services of Office365. This party has implemented fitting technical and organisational measures to prevent misuse, loss or corruption of your data. Office365 does not have access to our mailbox and we treat our email-traffic confidentially.
We use your data with the sole purpose of providing you with our services. This means that the goal of processing this data stands in direct relation to the assignment or task that you offer us. We do not use this data for (addressed) marketing purposes. If you share information with us and we use this information to – not based on a request – contact you at a later time, we will first ask for explicit consent. Your data is not shared with third parties, with any other purpose than to fulfil accountancy and administrative obligations. These third parties are all obligated to a duty of confidentiality based on the agreement we have with them, an oath or legal obligation.
Information automatically gathered by our website is processed with the sole purpose of providing you with and/or to further improve our services. This information (for instance your IP address (anonymised), web browser and operating system) is not personal information.
In some cases, we may be obligated by government to a lawful duty of sharing your information with the purpose of assisting in a fiscal or criminal investigation. In such cases we are forced to comply and assist, but will, based on lawful possibilities, offer objection.
We store your data for as long as you are a client with us. This means that we maintain and keep your client profile until you make it known to us that you no longer desire to use our services. Such a message also functions as a request to be forgotten. We are required to keep invoices with your (personal) information due to relevant administrative obligations, this information is safely stored for as long as the relevant term for these obligations has not yet passed. Personnel no longer has access to your client profile and any documents made because of your assignment or task.
Based on valid Dutch and European law you, as a concerning party, have certain rights when it comes to personal data that is processed by or on behalf of us. Below you may find an explanation of these rights and how you, as a concerning party, can invoke these rights. In principle to prevent abuse we only send invoices and copies of your data to e-mail addresses that you have made known to us. Should you wish to receive this data on another e-mail address or for instance per mail we will ask you to identify yourself accordingly. We maintain an administration of concluded requests, in case of a request to be forgotten we will maintain an administration of anonymised data. You receive all invoices and copies of data in files that are structured in a machine-readable format Based on data classifications that we use within our system. At all times you maintain the right to lodge a complaint with Autoriteit Persoonsgegevens if you suspect that we mistreat or misuse your personal data.
At all times you maintain the right to view the data we process that has a relation or may be reducible to your person. You may request such a viewing to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a copy of all data with an added overview of processors managing this data while also mentioning the categories under which we store this data.
At all times you maintain the right to have the data we process that has a relation or may be reducible to your person be adjusted. You may request such an adjustment to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a confirmation that the data has been adjusted.
At all times you maintain the right to limit the data we process that has a relation or may be reducible to your person. You may request such limiting to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a confirmation that the processing of your data is limited until you chose to cancel said limitation.
At all times you maintain the right to request for the data we process that has a relation or may be reducible to your person be processed by a third party of choice. You may send in such a request to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, your (personal) invoices or copies of data that we, or third parties on behalf of us, have processed. It is highly likely that in such a case we can no longer offer our services to you for we can no longer guarantee the previous data safety.
At all times you maintain the right to object to the processing done by us, or on behalf of us by third parties, of your personal data. In case of such an objection we will immediately cease all processing of your data while your objection is being investigated and handled. In case of a justified objection we will return all invoices and/or copies of personal data that we, or third parties on behalf of us, have processed up until that point and cease processing thereafter. You also maintain the right to not be subject of automated decision-making processes or profiling. We process your data in such a way that this right does not apply. Should you believe that this right does apply then we ask you to reach out to our contact in charge of privacy matters.
Stichting ThingsIX Foundation
Noord Brabantlaan 1A
5652 LA Eindhoven