Privacy Statement
Privacy Statement Nostium B.V.
Last update: 09-09-2020
About our privacy policy
Nostium cares deeply about your privacy. We therefore only process data we need for (improving) our services and treat the information we have collected about you and your use of our services with care. We never make your data available to third parties for commercial purposes. This privacy policy applies to the use of the website. This privacy policy describes what information about you is collected by us, what this information is used for, and with whom and under what conditions, if any, this information may be shared with third parties. We also explain to you how we store your data and how we protect your data from misuse and what rights you have with respect to the personal data you provide to us. If you have any questions about our privacy policy, please contact our privacy contact, you will find the contact information at the end of our privacy policy.
Purpose of data processing
We use your information solely for the purpose of providing our services. That is, the purpose of the processing is always directly related to the task you provide. We do not use your data for (targeted) marketing without express permission. If you share data with us and we use this data to contact you – other than at your request at a later time, we ask for your explicit consent. Your information will not be shared with third parties other than to meet accounting and other administrative obligations. These third parties are all bound to confidentiality by virtue of the agreement between them and us or an oath or legal obligation.
Automatically collected data
Data automatically collected by our website is processed for the purpose of further improving our services. This data (for example, your IP address, web browser and operating system) is not personal data.
Cooperation in tax and criminal investigations
Where appropriate, Nostium may be required by law to share your data in connection with government tax or criminal investigations. In such a case, we are forced to share your data, but we will oppose it within the possibilities provided by law.
Retention periods
We keep your information for as long as you are a client of ours. This means that we keep your customer profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also take this as a forgetting request. Pursuant to applicable administrative obligations, we must retain invoices containing your (personal) data, so we will retain this data for as long as the applicable term runs. However, employees no longer have access to your client profile and documents we have produced as a result of your assignment.
Your rights
Pursuant to applicable Dutch and European legislation, as a data subject you have certain rights with respect to personal data processed by us or on our behalf. We explain below what these rights are and how to invoke them. In principle, to prevent misuse, we send statements and copies of your data only to your e-mail address already known to us. In case you wish to receive the data at a different e-mail address or by mail, for example, we will ask you to identify yourself. We keep records of completed requests, in the case of a forgetting request we administer anonymized data. You will receive all transcripts and copies of data in the data format we use within our systems. You have the right to file a complaint with the Personal Data Authority at any time if you suspect that we are using your personal data in an inappropriate way.
Right of inspection
You always have the right to see the data we process (or have processed) that relates to your person or can be traced to it. You may make a request to this effect to our privacy contact. You will then receive a response to your request within 30 days. If your request is granted, we will send you a copy of all the data with a list of the processors who hold this data, indicating the category under which we have stored it, at the e-mail address known to us.
Duty to report data breaches
Nostium will inform you as soon as possible – but no later than 24 hours after the first discovery – of security breaches as well as other incidents that must be reported to you under the law, without prejudice to the obligation and consequences of such breaches and incidents to undo or mitigate them as soon as possible. Under Article 33 AVG, Nostium has a duty to report (possible) data breaches to the Personal Data Authority. We keep a detailed record of all security breaches, as well as the measures taken in follow-up to such breaches, and will make these available to you upon first request.
Right of Rectification
You always have the right to have the data we process (or have processed) that relates to your person or can be traced back to that person amended. You may make a request to this effect to our privacy contact. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the e-mail address known to us that the data has been updated.
Right to restriction of processing
You always have the right to limit the data we process (or have processed) that relates to your person or is traceable to it. You may make a request to this effect to our privacy contact. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation at the e-mail address known to us that the data will no longer be processed until you lift the restriction.
Right to transferability
You always have the right to have the data we process (or have processed) that relates to your person or can be traced back to you by another party. You may make a request to this effect to our privacy contact. You will then receive a response to your request within 30 days. If your request is granted, we will send you copies or transcripts of all data about you that we have processed or have processed on our behalf by other processors or third parties at the e-mail address known to us. In all likelihood, in such a case, we will no longer be able to continue to provide services because the secure linking of data files can no longer be guaranteed.
Right to object and other rights
You have the right, where appropriate, to object to the processing of your personal data by or on behalf of Nostium B.V. If you object, we will immediately discontinue data processing pending the resolution of your objection. If your objection is well-founded we will make copies and/or copies of data we process (or have processed) available to you and then permanently stop processing. You also have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe it does, please contact our privacy contact.
