Introduction and Scope
- clients, visitors, job applicants, principals, contractors (including self-employed persons without employees and suppliers, to the extent the latter are natural persons) and other contacts of Circular IT group;
- visitors to the website of Circular IT group or a domain name associated with this domain name.
It is important to us that your Personal Data are handled with all due care. Needless to say, we comply with all statutory rules, including the General Data Protection Regulation (‘GDPR’) and exercise due care to adequately secure your Personal Data.
- The personal data pertaining to you which we can process
- Why do we process your personal data?
- Grounds on which we process personal data
- Sharing personal data with other parties
- Sharing personal data outside the European Economic Erea
- Your rights
- Cookies and similar applications
- Retention periods
- Contact details / questions / complaints / comments
Data subject: person whom the Personal Data being processed regard. In other words: the person whose personal information is being processed.
Third parties: natural or legal persons which are not Data Subjects or part of Circular IT group, such as: natural or legal persons with which Circular IT group shares Personal Data pursuant to a contract. These Third Parties might be processors or co-Controllers.
Personal Data: all data that related to an identified or an identifiable person. In other words: all information that identifies or can be used to identify the Data Subject.
Processing: everything that can be done with Personal Data, such as collection, recording, storage, alteration, retrieval, use, dissemination, or destruction.
2. The personal data pertaining to you which we can process
Below, we explain which of your Personal Data Circular IT group can process.
Data you have provided yourself, such as:
- your contact details (name, address, city/town of residence, email address, telephone number);
- your gender and date of birth;
- data collected from you in a telephone conversation;
- data collected from an email from you;
- login details;
- payment details;
- data from your CV or about your employment history.
Data we have received via our websites, newsletters, and emails:
- information about the device you used to visit our website;your surfing behaviour on the website, such as:
- which data/which of our web pages you have viewed;
- how you navigate the website;
- whether you open a newsletter or email and which parts of it you click on;
- the dates and times of your visit to the website;
- the operating system you are using;
- your browser type and IP address;
- your Internet provider;
- the Internet address of the website to which the link is made;
- the geolocation;
- the data you downloaded from the website.
Data we have received from other sources, such as via:
- video images (in the locations which we have posted signs referring to the presence of security cameras);
- data available from public sources and apparently published by you, such as those on social media and commercial websites;
- data obtained from the Trade Register of the Chamber of Commerce and the Land Register.
3. Why do we process your personal data?
We use your Personal Data for the following purposes:
- to verify your identity;
- to improve our services (and the safety of those services), including by conducting checks;
- to process your orders, to inform you about the status of your order and to ensure that your orders are handled as easily and as smoothly as possible;
- to personalize the website for you and to be able to recommend you the products which you might find interesting;
- to place product reviews on our websites;
- if you react to any sale discount, to be able to process such sale discount and to measure the response to our marketing campaigns;
- to inform you about news and developments at Circular IT Group;
- to enable us to evaluate, study, and develop our services;
- to contact you for newsletters, if you have signed up for them;
- for internal quality purposes;
- to manage, secure, adjust, and improve our websites;
- for marketing/commercial purposes;
- for recruitment and selection;
- to comply with a statutory obligation imposed on Circular IT group;
- to be able to contact you and respond to any questions you have submitted;
- to deal with your requests for information and to settle complaints;
- to prevent theft, misuse, vandalism, or other criminal conduct;
- for educational purposes;
- to enable us to conduct satisfaction surveys.
4. Grounds on which we process personal data
In order for us to use Personal Data, we must have a ground to do so based on the GDPR. We use the following grounds:
- you have given Circular IT group your express consent;
- the use is necessary to performing or entering into a contract with you;
- the use is necessary to comply with a statutory obligation;
- in emergency situations: the use is necessary to protect your vital interests or those of another person;
- we have a legitimate interest in the use, unless this interest is outweighed by your interest, or a Third Party’s interest, in privacy.
If Circular IT group processes your personal data on the basis of your consent, Circular IT group will ask you for it separately. You may withdraw your consent at any time. Circular IT group draws your attention to the fact that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.
Circular IT group can invoke the following legitimate interests:
- the protection of your safety;
- the protection of the safety of our clients and/or others, as well as the security of the buildings and property of Circular IT group;
- quality and training;
- the advancement of IT management and the improvement of security;
- the analysis and improvement of the services and content of our websites;
- the supply, improvement, adjustment, support, research, and analysis of our services;
- the advancement of the quality and security of our services;
- communication with you and other contacts of Circular IT group;
- the prevention and combating of fraud, unauthorised use, and violations of our general terms and conditions and policy rules or other harmful or illegal activities.
5. Sharing personal data with Third Parties
Circular IT group may engage contractors from the following categories:
- IT management;
- website management;
- website hosting;
- email communication.
Circular IT group remains responsible for the processing of your Personal Data. Circular IT group enters into contracts with Third Parties to ensure that your Personal Data are properly secured.
Circular IT group may, as the result of a merger, acquisition, or sale, of all or part of its organisation, share your Personal Data with a Third Party, such as a potential buyer or seller. Naturally, we will inform you of this via a clearly visible notification on our website.
6. Sharing personal data outside the European Economic Erea
It may sometimes be necessary to transfer your Personal Data to Third Parties established outside the European Economic Area (‘EEA’). In accordance with the GDPR, Circular IT group will only transfer your Personal Data to countries outside the EEA if:
- the European Commission has decided that the third country offers an adequate level of protection; or
- appropriate safeguards are offered, you have enforceable rights, and you have effective legal remedies; or
- the transfer is necessary for the performance of your contract with Circular IT group; or
- you have expressly consented to the transfer after being informed of the risks that such transfer entails; or
- the transfer is necessary for important reasons of public interest; or
- the transfer is occasional and required by the compelling interests of Circular IT group and Circular IT group has implemented appropriate safeguards and has informed the Dutch Data Protection Authority of these.
In situations in which Circular IT group transfers your Personal Data outside the EEA, we take measures to ensure that your Personal Data remain adequately protected.
Circular IT group takes the protection and security of your Personal Data very seriously and takes continuous measures to afford your Personal Data optimum protection against unlawful use. We have taken the following measures, among other things:
- access to the Personal Data is restricted to authorised persons, whereby this number is kept as low as possible;
- all employees of Circular IT group have signed a confidentiality agreement, whereby they undertake to observe
- complete confidentiality with regard to all information (including Personal Data);
- the electronic transmission of Personal Data always takes place via a secure connection;
- the website is secured via https;
- we ensure that your Personal Data are only shared with Third Parties if we have agreed appropriate security measures with these Third Parties.
In addition, Circular IT group ensures that all of its user settings, programs and services are designed from the very beginning of development to maximise your privacy protection. With regard to the provision of information and services, Circular IT group applies the ‘opt-in’ rule by default: information or services are only provided if you have expressly consented to this. This can be done, for example, by ticking a box on the website.
8. Your rights
If any of your Personal Data are processed, you have a number of rights, which are set out below. You may exercise these rights by submitting your request in writing to Circular IT group or by sending an email to firstname.lastname@example.org. Circular IT group verifies your identity before your request can be met.
Circular IT group will respond to your request as soon as possible, but at the latest within one month. In principle, your requests will be processed electronically, unless this is not possible or you request otherwise. Circular IT group will not charge you for the processing of the aforementioned requests, unless your requests are excessive.
1. Access to Personal Data
You can ask us at any time to indicate which (categories of) your Personal Data Circular IT group processes, for which purposes, from which source the data come, and which retention periods are applied.
2. Changing Personal Data
In addition, you can contact us at any time to complete or correct your Personal Data. In the unlikely event that Circular IT group has processed and/or provided incorrect Personal Data about you, Circular IT group will rectify this immediately. If Circular IT group has changed your Personal Data, Circular IT group will notify you accordingly.
3. Minimising the processing of your Personal Data
If you do not agree with the content of the Personal Data about you stored by Circular IT group, you can submit a request to temporarily minimise the processing of your Personal Data.
4. Withdrawing consent
You can also withdraw the consent you have given for the processing of your Personal Data. Upon receipt of your letter or email, Circular IT group will immediately cease processing of your Personal Data for which you have given your consent. However, the withdrawal of your consent will not affect the processing operations that have already taken place.
5. Right to transfer Personal Data (right to data portability)
You can retrieve the Personal Data about you stored by Circular IT group in a structured, commonly used and machine-readable format. After receiving your Personal Data, you are free to transfer this information.
6. Right to be forgotten
If you no longer wish to make use of Circular IT group ’s services, you may submit a request for the deletion of all your Personal Data.
7. Right to object
You have the right to object to the processing of your personal data which Circular IT group bases on the grounds ‘legitimate interest of Circular IT group or a Third Party’ or ‘performance of a task carried out in the public interest’. If Circular IT group bases itself on these grounds, Circular IT group will weigh its interests against your privacy. The right to object entitles you to require Circular IT group to repeat this weighing of interests.
8. Right to lodge a complaint / pursue a judicial remedy
We make efforts to join you in working to find a fair solution if you have a complaint or problem relating to our use of your Personal Data. However, if your position is that we cannot assist you with your complaint or problem, you also have the option of lodging a complaint with the Dutch Data Protection Authority or instituting judicial proceedings. You will find the contact details of the Dutch Data Protection Authority (Nederlandse Autoriteit Persoonsgegevens) by clicking here.
9. Cookies and similar applications
10. Retention periods
Circular IT group does not retain personal data for longer than is necessary for the purpose of the processing. Circular IT group retains your Personal Data as long we consider this necessary to be able to provide you with services, to enable you to use our website, to comply with applicable laws, to resolve disputes with parties, and for other purposes that enable us to conduct our commercial activities.
Circular IT group in any case retains your Personal Data during the period in which you are party to a contract with Circular IT group. Some Personal Data are subject to statutory retention periods. Circular IT group fully complies with these retention periods.
Circular IT group retains video images from security cameras for a maximum of four (4) weeks, unless these must be retained longer in connection with an incident.
11. Contact details / questions / complaints / comments
We have appointed a privacy officer whose duties include supervising the proper handling of your Personal Data. If you have any questions, remarks or complaints about the protection of your Personal Data by Circular IT group, you can of course contact the privacy officer. The contact details are:
Joop Geesinkweg 801, 1096 AZ Amsterdam, The Netherlands
+31 202 400 600
We truest that you ensure that your Personal Data are complete, correct, and up to date. Please inform us immediately of any changes or errors in your Personal Data by contacting the privacy officer.