Privacy Statement Kivo Plastic Packaging BV
(24-01-2020)
Introduction
As part of our services, we process personal data. We may have received this data from you, for example through our website, email, phone or app. In addition, we may obtain your personal data in the context of our services through third parties. With this privacy statement, we inform you how we handle these personal data.
Processing of personal data and purposes
If we process Personal Data, this is done in accordance with the requirements of the General Data Protection Regulation (GDPR) and related laws and regulations.
Which personal data we process depends on the exact service and circumstances. Typically, it involves the following data:
- Name and address details;
- Function contacts;
- Date and place of birth;
- Gender;
- Contact details (e-mail addresses, phone numbers) and name and function of contacts;
- Passport photo (only if strictly necessary! For example, for personnel records);
- Age;
- Bank account number;
- Data about your activities on our website, IP address, internet browser and device type.
Purposes of and bases for processing
In some cases, we process personal data to comply with a legal obligation, but mostly we do so to be able to perform our services. Some data are recorded for practical or efficiency reasons, which we (may) assume are also in your interest, such as:
- Communication and information;
- Providing our services in the most efficient way possible;
- Improving our services;
- Invoicing and debt collection
Specifically, the above also means that we may use your personal data for marketing purposes or to send you promotional materials or notices about our services, if we think these may be of interest to you. We may also contact you to request feedback on services provided by us or for market or other research purposes.
In appropriate cases, we may wish to process personal data for reasons other than those set out above and we will seek your explicit consent to do so. If we ever want to process personal data that we are allowed to process on the basis of your consent for different or more purposes, we will ask you for your consent again first.
Finally, we may also use your personal data to protect our own and our users' rights or property and, if necessary, to comply with legal proceedings.
Disclosure to third parties
As part of our services, we may use the services of third parties, for example if these third parties have specialist knowledge or resources that we do not have in-house. These may be so-called processors or sub-processors, who will process personal data on the basis of your exact instructions. Other third parties who, although not strictly speaking a processor of the personal data, have or may have access to it, are, for example, our system administrator, suppliers or hosting parties of online software, or consultants whose advice we seek regarding your order. If engaging third parties results in them having access to the personal data or that they themselves record and/or otherwise process, we will agree (in writing) with those third parties that they will comply with all obligations of the AVG. Naturally, we will only engage third parties whom we can and may assume to be reliable parties who handle personal data adequately and, for that matter, can and will comply with the AVG. This means, among other things, that these third parties may only process your personal data for the aforementioned purposes.
Of course, we may also need to provide your personal data to third parties in connection with a legal obligation.
Under no circumstances will we provide your personal data to third parties for commercial or charitable purposes without your explicit consent.
Retention periods
We will not process your personal data for longer than is useful for the purpose for which it was provided (see the section ''Purposes of and bases for processing'). This means that your personal data is kept for as long as it is needed to achieve the relevant purposes. Certain data must be kept longer (usually 7 years) because we have to comply with legal retention obligations (e.g. tax retention obligations) or in connection with regulations from our professional association.
Security
We have taken appropriate organisational and technical measures for the protection of personal data as far as can reasonably be required of us, taking into account the interest to be protected, the state of the art and the costs of the relevant security measures.
We require our employees and any third parties who necessarily have access to the personal data to maintain confidentiality. Furthermore, we ensure that our employees have otherwise received correct and complete instructions on how to handle personal data and that they are sufficiently familiar with the responsibilities and obligations of the AVG. If you would like, we would be happy to inform you further about how we have designed the protection of personal data.
Your rights
You have the right to access, rectify or delete the personal data we hold about you (except, of course, if this interferes with any legal obligations). Furthermore, you can object to the processing of your personal data (or part of it) by us or by one of our processors. You also have the right to have us transfer the data you have provided to yourself or directly to another party if you so wish.
Personal data incidents
If there is an incident (a so-called data breach) concerning the personal data in question, we will inform you immediately, unless there are compelling reasons, if there is a concrete risk of negative consequences for your privacy and the realisation thereof. We aim to do this within 48 hours of discovering this data breach or being informed about it by our (sub)processors.
Complaints
Should you have a complaint about the processing of your personal data, we ask you to contact us about this. Should this not lead to a satisfactory outcome, you always have the right to file a complaint with the Personal Data Authority; the supervisory authority in the field of privacy.
Processing within the EEA
We will only process personal data within the European Economic Area, unless you agree other written arrangements with us about this. Exceptions to this are situations where we want to map contact moments through our website and/or social media pages (such as Facebook and LinkedIn). Think for example of visitor numbers and requested web pages. Your data is stored by third parties outside the EU when using Google Analytics, LinkedIn or Facebook. These parties are 'EU-US Privacy Shield'-certified, so they have to comply with European privacy regulations. Incidentally, this concerns only a limited amount of sensitive personal data, notably your IP address.
Changes
Undoubtedly, our privacy policy will change from time to time. The most recent version of the privacy policy is logically the applicable version and can be found on our website.
In conclusion
We hope this privacy statement has given you a clear picture of our privacy policy. However, should you have any questions about how we handle personal data, we would be happy to hear from you. First point of contact for privacy issues at our organisation is Theo Schilder, TSchilder@kivo.nl