Your privacy is of great importance to De Winter Information Solutions. The topic is close to our hearts precisely because we also provide services on privacy. If we don’t really need it, we prefer not to process any data. If we do have to, we naturally handle personal data with care and ensure that your data is treated confidentially. In this privacy statement, we explain in understandable language which personal data we collect, why we do so and how we protect your data. In doing so, we comply with the General Data Protection Regulation (AVG). Our aim is to inform you so that you can be confident that we take your privacy seriously.
What data is collected and why?
We process personal data only when necessary for clear purposes. Below we explain what data we collect and for what reason:
-
Personal data for business, administration and services: When you use our services or contact us, we collect data such as your name, contact details (address, e-mail, phone number) and any business information. We need this data to conduct our business and administration, to be able to help you with your question or order, and to provide the agreed services (e.g. to prepare quotes, execute orders and send invoices). Without this information, we cannot offer our services properly.
-
Data in the context of journalistic research: De Winter Information Solutions may, in exceptional cases, process personal data as part of journalistic investigation. This may occur if, for example, we investigate wrongdoing or security issues and publish about them. In such a case, we process personal data only when necessary for the journalistic purpose, and always with great care for privacy. In doing so, we comply with journalistic freedom rights as well as privacy legislation.
-
Data for preparation of a legal claim: Sometimes it may be necessary for us to process personal data to prepare a legal claim. This means that if we need to consider legal action (for example, to enforce our rights or defend against a claim), we may collect and retain certain data. We only do so when strictly necessary and based on a valid legal basis. In such a case, your data will only be used for this legal purpose.
-
No person-centred research processing: We do not process any personal data for research targeted at one individual personally. That is, we do not conduct profiling, surveillance or other research targeted specifically at an individual outside the situations mentioned above. Your data will thus not be used by us to conduct in-depth research on you as an individual without reason. We limit ourselves to data processing that is necessary for our services, journalistic purposes or legal necessity, and no more than that.
In all cases, we do not collect more data than necessary. We also do not use your personal data for any other purpose than we have described here.
No use of cookies?
Our website does not use cookies or similar tracking technologies. You will therefore not see a cookie message on our site. We therefore do not place small text files on your computer or phone to track your behaviour. Because we do not use cookies, we also do not have a separate cookie statement. You can visit our website without us storing any information on your device (except possibly highly necessary information for the functioning of the site). This means you can feel free to use our site without worrying about cookie tracking.
How will data be secured?
We take the security of your personal data very seriously. To prevent misuse, loss or unauthorised access to your data, we have appropriate technical and organisational measures in place. Some key measures we employ include:
- Restricted access: Only authorised persons within our organisation can access your data, and only to the extent necessary for their duties. Employees and any contractors have a duty of confidentiality.
- Secure systems: We use up-to-date security technologies to protect our IT systems. These include firewalls, anti-virus software and encryption. For example, our website and online forms use an encrypted connection (TLS/SSL), recognisable by “https://” in the URL. This ensures that data you send through the site is encrypted.
- Awareness and Policy: We have internal agreements and procedures to safeguard your privacy. Our staff are trained to handle personal data with care. In addition, we regularly review our security measures and adjust them when necessary.
In the unlikely event that something does go wrong with the security of personal data (e.g. a data breach), we will act in accordance with our reporting obligation and, if required, will inform you. You can trust us to do everything we can to keep your data safe.
Data sharing
Your personal data is not shared with third parties unless absolutely necessary. We never sell or rent your data to other parties. Situations where it may be necessary to share data include:
-
Conducting our services: If our services require us to engage a third party, we may provide your data to that party. For example, a partner company working with us on an assignment, or a service provider performing work on our behalf (such as an accountant for financial records, or an IT hosting company for our website). In such cases, we limit the data shared to the minimum necessary. Moreover, we make clear agreements with these parties (e.g. by means of a processor agreement) so that your data are also well protected with them and are not used for other purposes.
-
Legal obligation: If we are legally obliged to provide certain data, we will do so. For example, when a government agency or court requires this. In such a case, we will of course first check the legality of the request. We only provide information if we are legally obliged to do so.
-
With your consent: In the exceptional case that we wish to disclose your data to third parties for any other reason, we will first ask you for explicit consent. You then have the choice to give or refuse that consent. Without your consent, we will not share the data in such a case.
Outside the situations mentioned above, De Winter Information Solutions will not share your personal data with third parties. If we share data, the following always applies: we remain responsible for the processing and ensure that your privacy is maintained.
Rights of data subjects
You have certain rights regarding your personal data. It is important to us that you can easily exercise these rights. Below we list your privacy rights under the AVG and how you can make use of them:
- Right of inspection - You may ask us to confirm whether we process personal data about you. If so, you can access that data. We will then tell you, for example, what data we hold about you and for what purposes we use it. You can also request a copy of the personal data we process about you.
- Right to correct - If some personal data we hold about you contains incorrect or outdated information, you have the right to have it corrected. You can ask us to correct or supplement the data so that it is correct again.
- Right to erasure - In many cases, you have the right to have your personal data erased (the “right to be forgotten”). This means that, at your request, we delete data that is no longer needed, unlawfully processed, or for which you withdraw your consent (if consent was the basis). Please note that we may not always delete all requested data, for example if we need it because of a legal obligation or for an ongoing contract. In such cases, we will explain to you why certain data cannot be deleted.
- Right to object - You may object to certain processing of your personal data. For example, you can object if we process data based on a legitimate interest or in the context of a public task, and you disagree with that processing. If you object, we will stop that processing unless there are compelling legitimate grounds that outweigh your privacy interest (or if the processing is necessary because of a legal claim). If your data is used for direct marketing, you always have the right to object and, if you object, we will immediately stop using your data for that purpose.
- Right to restrict processing - In certain situations, you can ask us to temporarily restrict the processing of your personal data. This can be done, for example, if you dispute the accuracy of your data (in which case we will restrict processing during the period we check this), or if you feel that we no longer need the data but you do not yet want it deleted because you need it, for example, for a legal claim. With a restriction, we will ensure that your data is temporarily not used or modified.
- Right to data portability - You have the right to receive from us the personal data you yourself have provided to us in a structured, commonly used and machine-readable form. You may then store that data yourself or transfer it to another service provider. If technically possible, we may also transfer the data directly to another organisation of your choice at your request. This right applies to personal data that we process with your consent or in performance of a contract.
- Right to withdraw consent - Insofar as we process certain data based on your consent, you always have the right to withdraw that consent. For example, if you have signed up for a newsletter (hypothetical example, as we do not send unsolicited emails), you can always unsubscribe again. The withdrawal of consent then applies to future uses of your data; previous processing remains legal because you had consented to it at that time.
How to exercise your rights? You can contact us at any time to exercise any of these rights. Our contact details are at the bottom of this statement at Contact details. To prevent abuse, when making a request we may ask for additional information to verify your identity. For example, we want to make sure we are providing or changing the data to the right person. In principle, we will respond to your request within one month. If the requests are complex, we may extend this time limit for another two months if necessary, but in that case we will let you know within the first month that we need more time.
Right to complain to regulator: If you feel that we are not handling your personal data properly, we would of course like to hear from you so that we can find a solution. You also have the right to file a complaint with the Authoriteit Persoonsgegevens (the Dutch privacy regulator). You can do this via the website of the Personal Data Authority (www.autoriteitpersoonsgegevens.nl) or by contacting them in writing. Naturally, we hope to resolve any problems in consultation with you before it comes to that.
Contact details
After reading this privacy statement, do you still have questions about how De Winter Information Solutions handles your personal data? Or would you like to invoke any of your rights? You can always contact us.
Contact information from De Winter Information Solutions:
- Address: Weidemolen 12, 2211 PW Noordwijkerhout, the Netherlands
- E-mail: informatie@dewinter.com
- Telephone: +31 (0)85 333 2942
Feel free to ask our privacy contact or data protection officer (if applicable) for privacy-related questions. We will be happy to talk to you and help you with your requests or comments.
This privacy statement is intended to give you clear insight into how we handle your data. De Winter Information Solutions reserves the right to change this statement if necessary, for example in the event of adjustments to our services or changes in the law. You will always find the most up-to-date version on our website. We therefore recommend that you consult this page from time to time.