Privacy conditions Damstra Techniek BV

Definitions

Contractor: Damstra Techniek BV, Midstrjitte 35, 8551 PH Woudsend, Netherlands (damstratechniek.nl, info@damstratechniek.nl) registered at the Chamber of Commerce with number 39065428.
Client: the natural body or legal person that commissioned the contractor to carry out the activities.
Terms and Conditions: the contractor’s General Terms and Conditions apply to agreements between the client and the contractor.
Data: personal data that the contractor registers of the client:
- (Company) name and contact person;
- Address, postcode and city;
- Mailbox numbers;
- Email address and domain name;
- Chamber of Commerce number;
- VAT number;
- Technical login details of electronic data carriers required to carry out the activities.
Agreement: any agreement between the contractor and the client to carry out the activities.
Activities: all activities that have been assigned and given by the client. In this document, the case activities are as stated in the agreement.

Grounds for privacy conditions

It is necessary for the contractor to process data to fulfil an agreement.
The contractor processes the data exclusively in accordance with these privacy conditions, as set out in the General Data Protection Regulation of 25/05/2018.
The contractor declares that he/she does not provide data for activities other than those necessary to carry out the activities.
The control over the information made available will never rest with the contractor.

Client’s rights

The client has the right to see, correct and delete the data recorded by the contractor.
The client has the right to withdraw consent provided for a specific activity.
The client may submit a complaint. The contractor prefers to resolve complaints together. If no agreement is reached, a complaint can be submitted to the privacy regulator.

Confidentiality

The contractor only processes data on behalf of the client unless statutory regulations state otherwise.
The contractor is obliged to maintain confidentiality regarding the personal data that he/she manages unless statutory regulations state otherwise.
On request of the client, the contractor will provide a confidentiality statement.

The contractor will never provide data to third parties unless the client has given written permission for this. If the contractor is required by regulations to share the data with third parties, the contractor will notify the client.

Retention period

For as long as the client and contractor have a business agreement, the contractor will store the business contact details, technical login details and backup files.
Client requests for the removal, inspection and correction of data must be made by e-mail or in writing. The processor will then make the contact details available on his/her website.
Business contact details, login details and backup files that are managed by the contractor, without an agreement with the client, are kept for a maximum of two years and will then be destroyed. Exceptions to this are contracts and invoices; these are stored in accordance with legal requirements.

Security measures

To protect data in accordance with the General Data Protection Regulation of 25-05-2018, the contractor has taken the following security measures:
- Technical security measures
  - Use of a virus scanner;
  - Use of a firewall;
  - Keeping the software up-to-date;
  - Authorization/Authentication of electronic data carriers;
  - Securing back-up files (offline and Cloud);
  - The contractor’s website has a valid SSL certificate, which means that the information is sent in an encrypted manner.
- Organisational security measures:
  - The contractor works exclusively with partner companies that meet the requirements of the General Data Protection Regulation of 25/05/2018.
  - The contractor works exclusively with partner companies that have signed a nondisclosure agreement.
  - The contractor has concluded processing agreements with parties that process personal data for the contractor such as Google, hosting parties, etc.
- Additional security measures:
  - The contractor limits the use of personal data to a minimum by only recording data from the client that is necessary to carry out an activity.

Procedure in case of a data breach

If a data breach or incident is discovered by the contractor that relates to the data, the contractor will inform the client within 24 hours.
In accordance with the guidelines of the General Data Protection Regulation of 25/05/2018, a report will be made to the Data Protection Authority.
The contractor will take the necessary measures in consultation with the client to limit the consequences of the data breach.
If applicable, the contractor will implement improvement measures and change protocols.

Sub-contractor

If the contractor outsources activities based on the agreement, it will only do so to partner companies that act in accordance with the General Data Protection Regulation dated 25/05/2018.

Cookie policy

Cookies are divided into technical, analytical and tracking cookies. Only technical and analytical cookies are used on the website of the contractor:

Technical cookies are strictly necessary for a well-functioning website. These are permitted in accordance with the General Data Protection Regulation dated 25-05-2018.
Analytical cookies are used to analyse website traffic. In order to comply with the General Data Protection Regulation of 25-05-2018, the contractor has taken the following measures:
- A processing agreement with Google;
- The contractor does not share information with Google;
- The contractor has deactivated the sharing of data for advertising purposes with Google.
- IP Addresses are anonymised before being stored.
Tracking cookies are used to identify website visitors across different websites and to build a profile for advertising purposes. On the contractor’s website there are no active tracking cookies.

Other provisions

If one or more provisions of the privacy conditions are invalid, the other privacy conditions remain valid.
Dutch law applies to all the provisions.