Privacy Statement
This Privacy Statement sets out how AspisID (hereinafter: ‘AspisID’, ‘we’ or ‘us’/’our’) processes your personal data which you provide to us or which we obtain through our SAAS solution (Argos) and website. This Privacy Statement was last amended on June 28, 2019. We may amend this Privacy Statement from time to time.
1. About AspisID
AspisID is the party responsible for processing your personal data (the ‘controller’) within the meaning of the General Data Protection Regulation (‘GDPR’).
AspisID is located at Atoomweg 63 in Utrecht. Any questions you might have can be emailed to info@aspisid.com.
2. What personal data do we process?
This Privacy Statement provides information on the processing of personal data of (prospective) clients, contact persons of our clients, and visitors to our websites. We also use cookies (after seeking your consent, if required). Further information on this can be found in our cookie statement.
Amongst other things, we process the following personal data from our contact persons of our clients when they start using Argos:
- Name;
- Telephone number;
- Email address.
Amongst other things, we process the following personal data from visitors to our websites:
- Website visit and use;
- IP address;
- Duration and time of visit to the website.
3. For what purposes do we process personal data?
We process personal data for the purposes of carrying out the services with respect to the monitoring solution (Argos).
The personal data supplied by clients is processed for the following purposes:
- Registration contact details for the purposes of contacting the clients;;
- To provide information to the clients;
- To provide (more detailed) updates on current developments, conferences, seminars, etc;
- To email newsletters and other (necessary) information.
The personal data supplied by visitors to our websites is processed for the following purposes:
- To compile user statistics;
- To promote security and improvement of our website;
- To improve our services.
4. Grounds for processing personal data
In order to be allowed to process your personal data, there must be a legitimate basis for doing so as set out in the GDPR. In the case of AspisID this legitimate basis will be – depending on the type of personal data concerned – performance of an agreement, a legal obligation or consent. If you do not provide certain personal data, you may not benefit from all website functionality.
Agreement
We need to process personal data for the purposes of fulfilling certain contractual obligations. Examples include processing personal data in connection with an agreement between AspisID and a client in order to perform the activities with respect to the monitoring solution.
Legal obligation
We need to process (and, in particular, save or hand over) certain personal data pursuant to such legislation as tax law.
Consent
If the aforementioned bases for processing do not apply, then we will request your consent to process certain personal data. An example of a situation for which we could ask for your consent is issuing your personal data to add your emailaddress to our mailinglist for news letters about our activities. You are free to withdraw your consent at any time.
5. Processing personal data outside of the EU
AspisID will process your data solely within the European Economic Area (‘EEA’) by saving your data on a server located in the EEA (in Amsterdam).
6. Your rights with regard to personal data
You are entitled, under certain circumstances, to access any personal data processed by us or to have it corrected or deleted or restrict its processing. Sometimes you can also lodge an objection or request a transfer of your personal data. To submit a request to us in this respect, please contact us by sending an email to info@aspisid.com. If in doubt about your identity, we are entitled to ask you to provide proof of your identity first.
Access and correction
If you wish to know whether we are processing your personal data or would like to amend your personal data, please get in touch with us.
Erasure
Under certain circumstances, the GDPR allows you to have personal data erased. We will assess whether it is possible to implement such a request: in some cases we will have to retain your personal data, e.g. to see to it that you will no longer receive messages from us.
Restriction
You are entitled to contact us with a request to restrict the processing of your data if you think that your personal data is incorrect, the processing of it is unlawful, you require it for legal action or you have objected to it being processed.
Data portability
If we process your personal data on the basis of agreement or consent you have the right of portability of your data to another party.
Objection
If we process your personal data, then you can object to further use of your personal data on the grounds of your specific reasons.
Objection to receiving messages
If you no longer wish to receive email messages or any other electronic messages from us, then you can deregister for these by contacting us.
7. How do we secure your personal data?
We have taken appropriate technical and organisational measures to prevent loss or unlawful processing of personal data. For example, Multi Factor Authentication (MFA) or the measure that your personal data can only be viewed by staff authorised to view it on the grounds of their role.
8. How long do we keep your personal data?
We will not keep your personal data for longer than is necessary for the purposes for which we use it. We are required by law to keep some data for a certain period of time.
For example, it could be that after you have completed a course of study we have to keep certain personal data for administrative purposes or due to a legal obligation. Wherever possible, we will pseudonymise or anonymise your personal data to the fullest extent possible.
9. Questions and complaints
If you have any questions on the way in which we process your personal data or if you believe that your personal data is being processed in breach of the GDPR, please let us know by sending an email to info@aspisid.com. We will be happy to help. If you disagree with the outcome of the handling of your complaint by AspisID, you can submit a complaint to the Dutch Data Protection Authority (Autoriteit Gegevensbescherming) directly. The Dutch Data Protection Authority will handle the complaint or request and make a decision on it.
