Whose personal data do we process?
We process the personal data of our clients, their spokespersons, suppliers, etc. This data is processed because we have entered into an agreement with you or have the intention to enter into an agreement with you. Data is also recorded of persons who register for a newsletter or if you use our online services.
If you register to organize an event with us, personal data will be processed via the form that must be filled in. This information is also used for administrative processing, such as invoicing.
Cameras have been placed in public areas to prevent criminal offences.
Which personal data do we process?
We process the following personal data:
- Data needed to contact you, such as your e-mail address and telephone number. We obtain these data from things like your business card.
- Data needed to draw up an agreement, such as your name and address. We also use data acquired from the Dutch Chamber of Commerce or the land registry office to draw up an agreement.
- If you are located in one of our buildings, the Villa Flora or Innovatoren tower, we preventively store the data that we acquire via your key. These data are read out if, for example, a criminal offence is committed in one of the buildings. We collect these data preventively in a system to which only certain employees at our organization have access.
- Security cameras have been installed in public spaces. These data are stored and read only, for example, if a criminal offence is committed. Not everyone has access to the images stored. The police will always be contacted if a criminal offence is committed.
- Data obtained via cookies when you use our website or other online services.
These data are stored in a secure environment, which is only accessible to employees who actually have to work with this information. This protects your information and ensures that it is only used for the purpose for which we collect it.
How do we obtain these data?
A number of principles have been drawn up based on the General Data Protection Regulation (GDPR). We must comply with particular principles for the processing of your personal data for this processing to be lawful. We apply the following principles for processing your personal data.
You have given us your consent to process your personal data. This consent was given, for example, when you registered for a newsletter for which you gave us your e-mail address, when you gave your business card to one of our employees, for commercial purposes, or for the intention to enter into an agreement.
Execution of an agreement
We process personal data that are necessary for the execution of an agreement. An example of this is the conclusion of a lease. The data we need for this are, for example, address details or the full name of an authorized signatory. This principle only applies if the processing of personal data is necessary for this purpose. In this case, the data will not be used for other purposes.
It may happen that we have to process certain of your data for the implementation of the tax law or other legal matters. If this is the case, we process this data on the principle of a legal obligation and will comply with all requirements arising from the law.
We may process data if a) we have a legitimate interest, b) the processing is necessary to promote this legitimate interest and c) we have weighed our interests to process your data against your interests and make a decision to process your data based on this consideration. We process data related to key management and camera footage on the principle of a legitimate interest. We only examine these data if, for example, a criminal offence has been committed, which is the legitimate interest under this principle.
How long do we retain your personal data?
We will not retain your data for longer than the purpose for which we obtained it. If the purpose for which we processed the data is no longer applicable or has been achieved, but we think we still need the data, we will retain them for a reasonable period of one year. This may be the case, for example, if an agreement has expired but responsibilities still arise from it.
We retain camera images for a maximum of four weeks in compliance with the law. If a criminal offence has been committed, we may retain this data for a longer period. This will always be done in consultation with the police.
Do we transfer personal data?
We engage a number of third parties to process personal data on our behalf. We work with HEYDAY Facility Management B.V., which provides the facility services on the Campus. Another third party that we engage is ITSN, which organizes the ICT services. We conclude a processing agreement with each party with whom we have a partnership for the processing of your personal data. We will only engage a third party if it can be demonstrated that appropriate security measures have been taken for personal data and that confidentiality is guaranteed.
What rights are there for the individuals whose personal data are being processed?
- The right to data portability. The right to transfer personal data. This means that you have the right to receive the personal data that we process about you. This right can be used to pass on the data to another organization.
- The right to be forgotten. This means that in some cases we have to delete your data if you request us to do so. The right to be forgotten only applies in the following situations:
a) The data is no longer needed;
b) As a data subject, you have withdrawn your previous express consent;
c) You object against the processing;
d) The data is processed unlawfully by the organization;
e) The organization is obliged to delete the data after a legal term has expired.
f) The data subject is under sixteen years of age and the personal data were collected via an app or website.
- The right of access to personal data. You may ask what information we have about you. You may also request to access these personal data.
- The right to rectification and supplementation. You can ask for incorrect personal data to be corrected or for personal data to be supplemented.
- The right to restrictions on the processing of personal data. In certain situations, you have the right to restrict the use of your data. One of the following criteria must be met for this to apply: (a) The data may be inaccurate; (b) The processing is unlawful; (c) The data are no longer necessary; (d) The data subject objects.
- The right with regard to automated decision-making and profiling. The right to human intervention when making decisions. This right is important if your personal data are processed automatically.
- The right to object to the data processing. Objections can be made if data are processed on the basis of a task that is of general interest or on the basis of a legitimate interest.
Our website only places functional cookies. Cookies are small text files that are stored on a device during the use of a website. Functional cookies allow the website to function better. Pursuant to the law, you do not need to be asked for permission for the placement of functional cookies.
Who can I contact with questions or objections?
If you have a question or would like to invoke one of the above rights, please contact the service point at firstname.lastname@example.org. The service point ensures that the question reaches the right person and is answered quickly.