We only process personal data in accordance with the purposes for which they were provided and in accordance with the Dutch Data Protection Act.
Our contact details are:
HRK Solutions B.V.
3824 ML Amersfoort
Chamber of Commerce: 55430171
We have appointed a Data Protection Officer (DPO). You are able to contact our DPO via: firstname.lastname@example.org or +31(0)88-7119711.
The data processing
We can be involved in the processing of (your) personal data in various ways.
We process the personal data of our existing or potential clients. This processing is, among other things, necessary to be able to serve our clients, to be able to invoice and because of a legal obligation to retain certain data. In such cases, we process these data as a controller. The data that we process as controller are necessary for the (future) execution of an agreement. We cannot enter into an agreement without these data.
We also process personal data on behalf of our clients (the controllers). In such situations, we process the data as a processor. Because we do not have the (final) responsibility for the security of the personal data we process on behalf of the controller, we have entered into a contract with the controller. This contract specifies, amongst other things, which data we process and how we will secure the data on behalf of the controller.
Which data do we process?
The type of data that we process, depends on the role we have, either as a controller or as a processor. When we process personal data as a processor, we have entered into a contract with our client that specifically includes the types of personal data we process on behalf of that client.
Special categories of personal data
Special categories of personal data are sensitive data; such as data revealing racial or ethnic origin (such as a portrait), data concerning health, political opinions and/or genetic and biometric data. When we are a controller, we do not process such special categories of personal data.
We may process special categories of personal data as a processor, on behalf of one of our clients (the controller). Specific agreements have been made about this in the contract with said client.
Who do we share personal information with?
A (part of) your personal data may be provided to third parties who will take on part of the processing as a (sub)processor.
First, our servers are hosted externally. We also have an external CRM-system that stores our clients’ business data. Finally, we use an external mailing program for storing our mailing lists and sending our newsletters. These parties are (sub)processors, within the meaning of the GDPR.
Transfer to a third country
The servers of our mailing program for newsletters are located in the United States. Your data can therefore be transferred, stored and processed in the United States. The transfer of this data is done on the basis of the EU-US Privacy Shield Framework.
We also have our own development team based in Macedonia. In principle, this team only has access to anonymous data, whereby the data always remains on a server in the Netherlands. In high exceptions, personal data are still passed on. Appropriate safeguards have been taken for this transfer, by signing and complying with the model agreement set out in the Commission Decision of 5 February 2010 (2010/87/EU). This agreement can be consulted here [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087].
Security of personal data
We and our (sub) processors have taken appropriate technical measures to protect personal data against loss or other forms of unlawful processing. These measures provide a level of security that matches the data we process.
The security measures taken by us include separate databases per client, whereby data is stored separately, security through SSL-connections, encryption of backups and logical access control with passwords.
If we are controller, we do not store data for longer than necessary for the purpose for which it was collected. Data of our clients that we have stored is retained during the period that the company is an actively (paying) client. When the client is no longer active, or no longer wishes to use our services, the data about that client will be deleted within 30 days after the last contact with the client.
If we are processors, we will delete personal data if we receive clear instructions to do so, from the controller (the client) or within the retention period as agreed upon in the contract with the controller. As soon as a client indicates that he no longer wishes to use our services, the client’s database will be removed within 20 days.
The retention periods mentioned above apply unless we have further legal obligations to keep the data for a longer period and/or to keep it available.
Cookies are used for the best possible operation of this website. A cookie is a small file that is sent by this website and placed by your browser on your device. More information about cookies can be found on the ConsuWijzer website: [http://www.consuwijzer.nl/telecom-post/internet/privacy/uitleg-cookies].
Since we like to know how visitors use our website and in order to optimize the use of our website, we use Google Analytics. Through this website, analytical cookies from Google are placed on your device. More information about the Google Analytics policy can be found here: [https://www.google.nl/intl/nl/policies/privacy/]. These Google Analytics cookies are stored for two years.
In addition, we place cookies from Facebook (Facebook Custom Audience, Facebook Connect, Facebook Impressions and Facebook Pixel). These cookies ensure that more relevant advertisements are displayed for you. More information about Facebook cookies can be found here: [https://www.facebook.com/policies/cookies/]
The retention periods of these cookies are:
Facebook Custom Audience: 18 months
Facebook Impressions: 18 months
Facebook Pixel: 18 months
Facebook Connect: 18 months
Finally, we place cookies from Zopim, to make it possible to assist you through our chat function. These cookies from Zopim are stored for a maximum of 10 years. More information about Zopim’s cookies can be found here [https://www.zopim.com/privacy.html].
Do you want to disable or delete the cookies? You can do this via your browser settings. If necessary, use the help function of your browser to find out how to do this.
Via the website Your Online Choices [http://www.youronlinechoices.com/be-nl/] you can find more information on disabling cookies.
Social media and links
To make it as easy as possible for you to share the content of this website via social media, this website has a number of social media buttons. Read the privacy statements of the respective social media channels to know how they handle privacy.
- Facebook: [https://www.facebook.com/privacy/explanation]
- Instagram: [https://www.instagram.com/about/legal/privacy/?hl=en]
- LinkedIn: [https://www.linkedin.com/legal/privacy-policy]
You always have the right to withdraw your consent to the processing of your data. Withdrawal of this consent does not affect the lawfulness of data processing on the basis of your consent, which took place prior to this withdrawal.
You also have the right to access your personal data and the right to rectify your personal data. If you want to know what personal data we process about you, you can make a written request for access. If your details are incorrect, incomplete or irrelevant, you can request us in writing to change or supplement your data.
You also have a right to erase your personal data, a right to limit the processing and a right to object to the processing. You also have the right to data portability. You can submit a written request for this.
You have the right to file a complaint about how we handle your data. You can submit this complaint to the Dutch Data Protection Authority.
If we are the controller, we will process your request within 4 weeks. If we are solely the processor, we will refer your request to the controller, who will then handle your request.
With ‘in writing’, we also mean an e-mail. You can e-mail your request to us via email@example.com.
We reserve the right to make changes to this privacy statement. The changes take effect on the announced time of entry into force.