Privacy statement Nostium B.V.
Last update: september 9th 2020
Purpose of data processing
We only use your data for the benefit of our services. This means that the purpose of the processing is always directly related to the order you provide. We do not use your data without explicit permission for (targeted) marketing. If you share information with us and we use this information to – other than at your request – contact you at a later time, we will ask you explicitly for this. Your data will not be shared with third parties, other than to meet accounting and other administrative obligations. These third parties are all bound by confidentiality on the basis of the agreement between them and us or an oath or legal obligation.
Automatically collected data
Data that is automatically collected by our website is processed with the aim of further improving our services. This information (for example your IP address, web browser and operating system) is not personal data.
Participation in tax and criminal investigations
In some cases, Nostium can be held on the basis of a legal obligation to share your data in connection with government tax or criminal investigations. In such a case, we are forced to share your data, but we will oppose this within the possibilities that the law offers us.
We keep your data as long as you are our client. This means that we keep your customer profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also regard this as a request to forget. On the basis of applicable administrative obligations, we must keep invoices with your (personal) data, so we will keep this data for as long as the applicable term runs. However, employees no longer have access to your client profile and documents that we have produced as a result of your assignment.
On the basis of the applicable Dutch and European legislation, you as a data subject have certain rights with regard to the personal data processed by or on behalf of us. We explain below which rights these are and how you can invoke these rights. In principle, to prevent misuse, we will only send copies and copies of your data to your already known e-mail address. In the event that you wish to receive the data at a different e-mail address or, for example, by post, we will ask you to identify yourself. We keep records of completed requests, in the case of a request to be forgotten, we administer anonymous data. You will receive all statements and copies of data in the data format that we use within our systems. You have the right to file a complaint with the Dutch Data Protection Authority at any time if you suspect that we are using your personal data in the wrong way.
Right of access
You always have the right to inspect the data that we process or have processed that relate to your person or that can be traced back to you. You can submit a request to that effect to our contact person for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data with an overview of the processors who have this data, stating the category under which we have stored this data to the e-mail address known to us.
Obligation to report data leaks
Nostium will inform you as soon as possible – but no later than 24 hours after the first discovery – about the security breaches as well as other incidents that must be reported to you under the law, without prejudice to the obligation and the consequences of such breaches and incidents undo or limit it as soon as possible. Pursuant to Article 33 GDPR, Nostium has the duty to report (possible) data leaks to the Dutch Data Protection Authority. We keep a detailed record of all security breaches, as well as the measures taken in response to such breaches, and provide you with access to them upon first request.
Right of rectification
You always have the right to have the data that we process or have processed that relate to your person or that can be traced back to you. You can submit a request to that effect to our contact person for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation that the details have been adjusted to the e-mail address known to us.
Right to restriction of processing
You always have the right to limit the data that we process or have related to your person or that can be traced back to you. You can submit a request to that effect to our contact person for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the e-mail address known to us that the data will no longer be processed until you cancel the restriction.
Right to portability
You always have the right to have the data that we process or have processed and that relate to your person or that can be traced back to you by another party. You can submit a request to that effect to our contact person for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you copies or copies of all data about you that we have processed or that have been processed by us by other processors or third parties to the e-mail address known to us. In all likelihood, we will no longer be able to continue the service in such a case, because the secure linking of data files can then no longer be guaranteed.
Right of objection and other rights
In some cases you have the right to object to the processing of your personal data by or on behalf of Nostium B.V .. If you object, we will immediately cease the data processing pending the settlement of your objection. If your objection is well-founded, we will make copies and / or copies of data that we process or have processed available to you and then permanently discontinue the processing. You also have the right not to be subject to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you believe that this is the case, please contact our contact person for privacy matters.