4. What you may expect from us regarding your data
Your data is up to date and accurate
We take all reasonable steps to keep personal information in our possession or control, which is used on an on-going basis, accurate, complete, current, and relevant, based on the most recent information made available to us by you.
We rely on you to help us keep your personal information accurate, complete, and current by answering our questions honestly and you are responsible for ensuring that we are notified of any changes to your personal data.
We store data no longer than necessary
Personal information will be retained only for such period as is appropriate for its intended and lawful use, in this case, we shall retain the data in accordance with our contractual commitment unless otherwise required to do so by law. Personal information that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.
As part of the Company Business Continuity plan and as required by ISO 27001:2013
, and in certain circumstances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired
, the data is deleted and the physical media destroyed to ensure the data is erased completely.
Your data is safe
Any personal data you provide to us will be treated with care and respect. Our ISO 27001:2013 certification guarantees you that we take appropriate technological and organizational measures to protect the personal information submitted to us, both during transmission and once we receive it. We follow generally accepted industry standards used to protect personal information.
All our employees are contractually obliged to follow our policies and procedures regarding confidentiality, security, and privacy.
You have rights
Under various data protection laws, you have the right to access, rectify or erase your personal information
from our systems, unless we have legitimate interest reasons for continuing to process it.
Please notify us by email to firstname.lastname@example.org
- do not want your personal data to be used in a manner described before (we will be grateful if you set your specific objections to any use);
- want to see the personal data we hold about you;
- want to change or delete inaccurate, incomplete, or irrelevant data;
- want to contact our Data protection officer.
Our Data Protection Officer (DPO) is Gillie Abbots-Jones.
We will endeavour to respond to your access request within 30 days of receiving your request
. This period may be extended, in which case we will explain why we cannot respond within the given timeframe. Also, we may decide not to honor your request for information, in which case we will also explain why.
Complaints & Country Specific Disclosures
If you have any complaints about how we use your personal data and cannot be resolved with us directly, you have the right to lodge a complaint with a Data Protection Authority. This can be a data protection authority in your country of residence, however, the lead Data Protection Authority for us will be the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”) because our establishment is in the Netherlands. NIPO will work with the authorities and comply with their decisions.
Notification of Material Changes
. We will record when the policy was last revised. If there are changes in how we use your personal data, we will notify you of these changes by sending you an email