Privacy statement Nostium B.V.
Last update: 09-09-2020
Purpose of data processing
We only use your data for the benefit of our services. This means that the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing without explicit permission. If you share information with us and we use this information to contact you at a later time other than at your request, we will ask you for explicit permission. Your data will not be shared with third parties, other than to comply with accounting and other administrative obligations. These third parties are all bound to secrecy by virtue of the agreement between them and us or an oath or legal obligation.
Automatically collected data
Data that is automatically collected by our website is processed with the aim of further improving our services. This data (for example your IP address, web browser and operating system) is not personal data.
Cooperation in tax and criminal investigations
In some cases, Nostium may be required by law to share your data in connection with government tax or criminal investigations. In such a case we are forced to share your data, but we will oppose this within the possibilities that the law offers us.
We keep your data for as long as you are a client of ours. This means that we keep your customer profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also regard this as a request to forget. Based on applicable administrative obligations, we must keep invoices with your (personal) data, so we will keep this data for as long as the applicable term runs. However, employees no longer have access to your client profile and documents that we have produced in response to your order.
Under the applicable Dutch and European legislation, you as a data subject have certain rights with regard to the personal data processed by or on behalf of us. We explain below which rights these are and how you can invoke these rights. In principle, to prevent misuse, we only send copies and copies of your data to your already known e-mail address. In the event that you wish to receive the data at another e-mail address or, for example, by post, we will ask you to identify yourself. We keep records of completed requests, in the event of a forget request we administer anonymised data. You will receive all statements and copies of data in the data format that we use within our systems. You have the right at all times to submit a complaint to the Dutch Data Protection Authority if you suspect that we are using your personal data in the wrong way.
Right of access
You always have the right to view the data that we process or have processed that relate to your person or can be traced back to it. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data with an overview of the processors who hold this data, stating the category under which we have stored this data, at the e-mail address known to us.
Data breach notification obligation
Nostium will inform you as soon as possible – but no later than 24 hours after the first discovery – about the security breaches as well as other incidents that must be reported to you under the law, without prejudice to the obligation and the consequences of such breaches and incidents. to be canceled or reduced as soon as possible. Pursuant to Article 33 GDPR, Nostium has the obligation to report (possible) data leaks to the Dutch Data Protection Authority. We keep a detailed record of all security breaches, as well as the measures taken in response to such breaches, and provide access to them upon first request.
Right of rectification
You always have the right to have the data that we process or have processed that relate to your person or that can be traced back to it, adjusted. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation that the data has been changed at the e-mail address known to us.
Right to restriction of processing
You always have the right to limit the data that we process or have processed that relate to your person or that can be traced back to it. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the e-mail address known to us that the data will no longer be processed until you lift the restriction.
Right to portability
You always have the right to have the data that we process or have processed that relate to your person or that can be traced back to it, be carried out by another party. You can make a request to this effect to our contact person for privacy matters. You will then receive a response to your request within 30 days. If your request is granted, we will send you copies or copies of all data about you that we have processed or that have been processed by other processors or third parties on the e-mail address known to us. In all likelihood, we will no longer be able to continue the service in such a case, because the secure linking of data files can then no longer be guaranteed.
Right of objection and other rights
In some cases you have the right to object to the processing of your personal data by or on behalf of Nostium B.V. If you object, we will immediately cease data processing pending the handling of your objection. If your objection is well-founded, we will make copies and/or copies of data that we process or have processed available to you and then permanently suspend the processing. You also have the right not to be subject to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe that this is the case, please contact our contact person for privacy matters.