FOR GENERAL USERS, SUPPLIERS AND CLIENTS
OF CRESTEC EUROPE B.V.
Introduction and objective
Crestec Europe B.V. (Chamber of Commerce registration no. 33 26 45 26) (hereinafter “Crestec” and “we”) takes your privacy very seriously. As a general user, supplier or client you could disclose a certain amount of personal data to us and in this Privacy Statement you can read how we as the “data controller” process and protect it.
This document is in fact intended to answer any queries you may have about your personal data, why we collect it and for how long we keep it as well as set out your rights. We invite you to read the below information carefully and to check it regularly on our website.
Crestec as “controller” – Responsible for the processing of your data
Crestec in its role as “controller” is responsible for the processing of your personal data and therefore decides which personal data is collected, as well as the purpose and the technical and organizational means we put in place to protect it.
Personal data – Information we collect
We collect and process personal data about you when you interact with us and our products and when you purchase goods and services from us or when you provide us with those. Personal data includes any information relating to an identified or identifiable natural person.
By providing your personal data to Crestec you acknowledge and fully agree that Crestec processes your personal data in accordance with this Privacy statement and the applicable and binding legislation.
This Privacy Statement refers and applies to any data processing activity carried out by Crestec and its processors, regardless of the form, the environment and means by which you provide the personal data to Crestec, including the Crestec website and its forms, via email correspondence, on paper or via telephone, and of the systems used by Crestec to process it.
The personal data we process might include:
- your name (first and last name);
- your user name and password;
- your home or work address, email address and/or phone number;
- your job title and company name;
- your payment and delivery details, including billing and delivery addresses, bank account details and VAT numbers;
- information related to the browser or device you use to access our website, including IP-addresses;
- internet browser and operating system;
- and/or any other information you might provide.
Processing of personal data – Our right to use it
We process the personal data listed in the paragraph above with a legitimate interest for the following purposes and on the following legal basis:
- to select you as a service provider or employee and establish cooperation with you;
- to establish and fulfill a contract or agreement with you, as a client or service provider, to provide or receive services. This may include for example verifying your identity, receiving and making payments, communicating with you, providing customer services and arranging the delivery or other provision of products or services;
- to comply with applicable laws and regulations;
- to protect Crestec’s legitimate business interests and legal rights in fulfilling the obligations existing between you and Crestec (including contractual obligations) including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
- We may also send you direct mailing (the CEU newsletter or other forms of marketing) in relation to relevant products and services. Electronic direct marketing will only be sent when you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt out. You will continue to be able to opt out of electronic direct mailing at any time by following the instructions in the relevant communication.
- When visiting our website, some personal data is being collected by the usage of cookies which are necessary for us to optimize your user experience. You know when a cookie is being sent to your computer and you explicitly agree to this collection of data for functional and statistical purposes.
Protection of personal data – Our certifications
- Crestec takes appropriate administrative, technical and physical security measures to protect your personal data against accidental, unlawful or unauthorized destruction, loss, correction, access, disclosure or use, and other unlawful uses.
- Crestec processes your personal data using modern technologies, taking into account the current privacy risks and organizational, financial and technical resources reasonably available to Crestec in accordance with our IT and Security Guidelines and the international ISO 27001:2013 Information Security Standard.
- Crestec has been certified for ISO 27001:2013 since 2009, which proves that the information security management system which we have in place conforms to the ISO standard. The ISO certificate was renewed for the years 2018-2021.
Personal data recipients – With whom we share your personal data
- Crestec does not disclose to third parties your personal data or any information obtained through the provision of services and during the term of a contract, including information on services received or provided, except to:
- our professional advisors such as our auditors and external legal and financial advisors;
- our suppliers, business partners and sub-contractors who will process it on behalf of Crestec;
- other third parties necessary in the performance of the contract or agreement;
- affiliated companies of Crestec;
- Government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.
Storage of personal data – How long we keep it
Crestec will not keep your personal data longer than it is necessary and will only retain the personal information that is necessary in relation to the purpose. Crestec also regularly updates personal data based on the information you provide directly to us.
We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions. In some instances, the law may require Crestec to hold certain information for specific periods other than those mentioned above.
If you are a customer or a supplier, we will keep your information for the length of any contractual relationship you have with us, unless there is another legal basis for continuing the processing of data, and as specified in our internal data retention procedures, whose details can be disclosed upon request.
If you are a job candidate or applying as a supplier, we will retain your data for 12 months from when you last interacted with us.
Location of the processing – Where my data is stored
The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place. Further information may be obtained from our Privacy Team.
Access to personal data – My rights in relation to my personal data
Where you have consented to us using your personal data, you can withdraw that consent at any time.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any personal data we hold about you.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you may ask us to restrict how we use your personal data while your complaint is being resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don’t have a good reason to continue to use it; or (d) if we haven’t handled your personal data in accordance with our obligations.
If in your opinion we have failed to take all necessary steps to handle your complaint, you have the right to contact the competent Data Protection authorities (for the Netherlands: Autoriteit Persoonsgegevens).
You have the right to withdraw the consent to process the data at any time in the same way it was given, in which case the further processing of data based on the previously given consent for the specific purpose will not be conducted. The withdrawal of consent does not interrupt the processing of data conducted based on other legal grounds. The withdrawal of consent does not affect the data processing performed at the time when the consent was valid.
Our personal information handling policy and procedures, including this Privacy Statement, have been developed in line with and observant to the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (Regulation (EU) 2016/679, effective from 25th May 2018) and applicable national laws.
Crestec has the right to modify and update this Privacy Statement at all times. Only substantial changes will be clearly communicated to you and the current and latest version will always be available for consultation at any moment.
Should you have any queries regarding this Privacy Statement, about Crestec’s processing of your personal data or wish to exercise your rights you can contact Crestec’s Privacy Team using this email address: GDPR@crestec.nl