Last updated: 26 April 2023
|Organization||means Unexus B.V., a company registered under number 74840266 of Dutch chamber of Commerce|
|GDPR||means General Data Protection Regulation.|
|Responsible Person||Means Information Security Officer at Unexus|
|Register of Systems||means a register of all systems or contexts in which personal data is processed by the Organization.|
The Organization is committed to processing data in accordance with its responsibilities under the GDPR.
GDPR requires that personal data shall be:
1.1 processed lawfully, fairly and in a transparent manner in relation to individuals;
1.2 collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
1.3 adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
1.4 accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
1.5 kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and Organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
1.6 processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or Organizational measures.”
2.1 This policy applies to all personal data processed by the Organization.
2.2 The Responsible Person shall take responsibility for the Organization’s ongoing compliance with this policy.
2.3 This policy shall be reviewed at least annually.
3.1 To ensure its processing of data is lawful, fair and transparent, the Organization shall maintain a Register of Systems.
3.2 The Register of Systems shall be reviewed at least annually.
3.3 Individuals have the right to access their personal data and any such requests made to the Organization shall be dealt with in a timely manner.
4.1 All data processed by the Organization must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
4.2 The Organization shall note the appropriate lawful basis in the Register of Systems.
4.3 Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
4.4 Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Organization’s systems.
5. Data minimization
The Organization shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
6.1 The Organization shall take reasonable steps to ensure personal data is accurate.
6.2 Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
7. Legal obligation
Organization is legally obliged to keep certain customer data for a certain period of time for the purpose of investigation. Organization must cooperate with claims from the Justice department or other governmental authorities of personal data, but also of other information that we process and store during our normal business operations. This concerns, for example, data about your systems, data usage and your made calls. If the retention period has expired, stored information will be destroyed or made anonymous.
8. Required for our service
Organization provides its services itself, but sometimes uses third parties to support them. In such a case, we need to share the required information with these third parties. When Organization shares data, the recipient is obliged to adhere to the Organization conditions.
9. Consent to use data
Organization will only use your personal data if it is provided with consent by you. Organization may use this information solely to improve Organization products or to provide customized services or technologies to you and will not disclose this information to others in a form that personally identifies you.
10. What information do we collect?
10.1 Personal & User Data
When you purchase a service from Organization, or when you contact us, Organization processes your personal data. Personal data is data that can be traced back to a person. The word “process” has a very broad meaning. It contains every action with regard to personal data, including the collection, storage, modification, consultation and use, provision, merge, protection, erasure or destruction of data.
You’ll find a list of examples of personal data we collect below:
- First and last name
- Phone number
- E-mail address
- Other personal data that you provide us actively, for example through creating a profile, corresponding with us or telephoning us
- Location data
- Activity data on our website
- Internet browser and device type
- Bank account number (if applicable)
10.2 Purpose of collecting personal & user data
Organization collects personal and user data for the following purposes:
- To call or e-mail you if necessary, to perform our services.
- To inform you about changes in our services or products.
- To offer you the possibility to create an account.
- To deliver goods and services to you.
- To take care of payments and orders.
- To send out our newsletters.
- Organization analyses your user behavior on the websites to make further improvements to the user experience. We also improve our products and services based on your preferences.
- Organization is legally obliged to keep certain customer data for a certain period of time for the purpose of investigation. Organization must cooperate with claims from the Justice department or other governmental authorities of personal data, but also of other information that we process and store during our normal business operations.
10.3 Tracking & Cookies
If you visit us via one of our (affiliated) websites, a “cookie” will be placed. These cookies are designed to remember your settings and preferences in order to improve the user experience. In addition, Google places “analytical cookies” to gain insight into the use of our website. If desired, it is possible to set your browser to disable these cookies.
10.4 Retention periods
Organization does not retain your data any longer than strictly necessary to realise the purposes of why we collect the data. Therefore Organization uses the following retention periods:
|Personal data||Purpose||Retention period|
|First and last name||To call you back, or to contact you through e-mail or post||Undetermined period of time|
|Phone number||To call you in case you request us to||Undetermined period of time|
|E-mail Address||To reply to your outreach to us, to answer you on a question or (if you’ve given your permission) to send newsletters to you||Undetermined period of time|
|Data about activity on the website||To analyze for website optimization||50 months|
11. What do we use the information for?
Organization primarily uses the aforementioned data to deliver and improve the services that you purchase. For example; delivering a service at the requested address or setting up a telephone call.
11.1 Sharing personal data with third parties
Organization provides its services itself, but sometimes uses third parties to accomplish these services. In such a case, it is necessary that we share data with these third parties. When Organization shares data, the recipient is obliged to comply with the conditions of Organization.
11.2 Cookies and other techniques we use
Organization uses functional, analytical and tracking cookies. A cookie is a small text file which is documented and saved during the first visit to our website. It is saved in the browser of your computer, tablet or smartphone.
You can opt out of cookies by setting your internet browser so that it no longer stores cookies. In addition, you can also delete all information that has previously been stored via the settings of your browser.
The following cookies are used on this website:
|_ga||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||Session|
|_gat||To speed up data collection processes in statistics.||Session|
|_gid||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||Session|
|Cppro-ft||Organization||Keeps track of special fonts on the website for internal analysis. The cookie does not register any visitor data.||1 year|
|Cppro-ft-style-temp||Organization||Keeps track of special fonts on the website for internal analysis. The cookie does not register any visitor data.||1 day|
|Cp-pro-page-views||Organization||Collects data relates to the user’s visits to the website.||Session|
|Cp-pro-session-limit||Organization||Collects data on user behavior and interaction in order to optimize the website.||Session|
|_clck||Organization||Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.||1 year|
|_clsk||Organization||Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator.||1 day|
|c.gif||Microsoft Clarity||Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.||Session|
|CLID||Microsoft Clarity||Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.||1 year|
|ANONCHK||Microsoft Clarity||Registers data on visitors from multiple visits and on multiple websites. This information is used to measure the efficiency of advertisement on websites.||1 day|
|MUID||Microsoft Clarity & Bing||Used widely by Microsoft as a unique user ID||1 year|
|SM||Microsoft Clarity||Registeres a unique ID to identify device during stay||Session|
|_cltk||Microsoft Clarity||Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator.||Session|
|SRM_B||Bing.com||Tracks the user’s interaction with the website’s search -bar-function . This data can be used to present the user with relevant products or services.||1 jaar|
|MR||Bing.com||Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences.||7 days|
In case you want to alter your cookie settings: Manage cookie settings.
11.3 Statistical research
Organization always strives to provide you with the highest quality of websites and applications. This makes it necessary for Organization to analyze statistics on a regular basis. We can use the outcome for adaptations on our websites and/or applications.
We can use your data for this statistical research. Only designated employees of Organization have access to this data. Results of the research are always aggregated to ensure results are not traceable to a person.
12. Your rights
As an individual, you have several rights with regards to your personal data. These include:
|The right to access||You have the right to access any data that we have processed or are processing that pertains to you or can be traced back to you.|
|The right to rectification||If you believe that any information we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.|
|The right to erasure||You have the right to request that we erase your personal data under certain conditions.|
|The right to restrict processing||You have the right to request that we restrict the processing of your personal data under certain conditions.|
|The right to object processing||You have the right to object to our processing of your personal data under certain conditions.|
|The right to data portability||You have the right to request that we transfer any data we have collected about you to another organization or directly to you under conditions that we agreed upon in our contract.|
Do you want access to the data that Organization processes about you? Please contact firstname.lastname@example.org. It’s possible to request for access, modification, export and/or deletion. We have one month to respond to your request for information.
13. Access to, correction or deletion of your personal data
If you have any questions or remarks about your personal data you can contact us. Please send your message to us by emailing us at email@example.com. We will answer your question as soon as possible.
13.1 How do you get access to your personal data?
If you want to view your stored personal data, you can submit a request to us to provide this personal data to you. This means that you can request to see which personal data of you has been registered and for what purposes that data is used. You can submit this request by email. Our email address is: firstname.lastname@example.org.
13.2 How can you correct your personal data?
You can submit a request for a change or complete removal of your data by email through email@example.com
13.3 Right of objection
You can object to the processing of your personal data by Organization if your personal data is used for purposes other than those necessary for the execution of an agreement, or those necessary for the fulfilment of a legal obligation. You can submit your objection by email. Our email address is: firstname.lastname@example.org.
14. How we secure your personal data
Organization takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. If you feel that your data is not properly secured or there are indications of misuse, please contact us at email@example.com.
We take security seriously:
- The Organization shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
Organization has taken the following measures to protect your personal data:
- Organization applies TLS (formerly SSL). We send your data via a secure internet connection. You can see this by the address bar ‘https’ and the padlock in the address bar.
- Servers and devices of our employees are equipped with the latest updates and security software, such as a firewall. All Organization employees who have access to personal data are trained in the careful handling of your data. DKIM and SPF are internet standards that we use to prevent you from receiving e-mails on our behalf that contain viruses, are spam or are intended to obtain personal (login) data.
- DNSSEC is an extra security (additional to DNS) for converting a domain name (#company_website) to the associated IP address (server name); it is provided with a digital signature. You can have that signature checked automatically. By doing this we prevent you from being redirected to a false IP address.
- Organization is ISO 27001 certified. The ISO 27001 standard specifies strict requirements for establishing, implementing, executing, monitoring, assessing, maintaining and improving a documented Information Security Management System (ISMS). The ISMS for ISO 27001 is not a static system, but is constantly evolving. The certificate is obtained after an independent audit. Annual internal and external checks ensure that Organization continues to meet the security requirements.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Organization shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the Autoriteit Persoonsgegevens
In case you have any questions about this Privacy Statement, please contact us.