GDPR – Privacy Notice
We are Creative Communications Consultants. We are based at Frederik Hendriklaan 73, 5212BC, Den Bosch, The Netherlands. You can contact us at firstname.lastname@example.org. In this privacy notice we describe how we process data, including personal data. We are committed to a lawful, fair and transparent processing of personal data, adhering to the EU General Data Protection Regulation (GDPR).
- We process the following (categories of) personal data
- Name. We collect the given names (first name, family name) of clients, and of contacts when they express interest in our services or sign up for our newsletter.
- Email address. We collect the email address of clients, and of contacts when they express interest in our services or when they sign up for our newsletter.
- Postal address. We collect the postal address of clients for billing purposes, and of customers who order books or other materials.
- Telephone number. We collect the phone numbers of clients.
- What (purposes) do we use the data for
We use the data under 1. to offer two services:
- Speech and language coaching.
- A newsletter we periodically send to all our subscribers. We also add e-mails that we obtain from general inquiries to this list. Within each newsletter e-mail, an opt-out link is provided.
- What is our legal basis for the processing
We base our processing on consent of the data subject for the newsletter, and the execution of a contract with the data subject for clients and people who order books or other materials.
- Where do we obtain the data from (sources)
We collect the data for our database, including any personal data contained therein directly from the data subjects, who provide it to us.
- How long and where do we store data
- We store client and customer information for at least 7 years to be able to meet our obligations to keep accurate records for the tax authorities.
- We store newsletter subscriber information until such subscriber indicates they no longer want to receive the newsletter.
- What safeguards have we taken to protect data
Taking into account the nature, scope, context and purpose of the processing, we have taken the following technical and organizational measures:
- Our database, and the information contained therein, is protected with access control.
- Access to the database is limited, not all staff in our organization have full access.
- Data submitted via our website is not encrypted in transit.
We do not actively monitor the security of our database and need to rely on our processors to notify us of any data breaches.
- Who we share data with
We do not actively share data with any third-parties, other than processors acting on our behalf.
We have included a Facebook pixel on our website, and Facebook may capture some of your data that way. Please refer to the Facebook Privacy pages for more information on how Facebook may collect and use your data, including any personal data: https://www.facebook.com/about/privacy/.
- Your Rights
You have the right to request access to your personal data that we process. You also have the right to:
– Rectify incorrect personal data or erase it in certain circumstances.
– Restrict or object to the processing of your personal data.
– Receive your data so that you can use it elsewhere (data portability).
Where we process data based on your consent, you also have the right to withdraw your consent at any time but we would like to point out that this does not affect the lawfulness of the processing before the date that you withdrew your consent. If you wish to exercise any of the above rights, please write us at email@example.com. Finally, you have the right to lodge a complaint with a supervisory authority. If you do not know who your supervisory authority is, please contact us and we will tell you.
- How to contact us
- Version information
This policy was last updated on 5 December 2017.
It can be viewed on: http://www.buffiduberman.com/privacy