RINIS Foundation Privacy Statement
Version 1.0 – July 2020 – Document owner CISO
1. Introduction
This privacy statement explains how RINIS Foundation uses your personal data. The statement details which personal data we process, why we do so, how we do so and how you can have your say in respect of the processing of your personal data.
2. For whom is this privacy statement intended?
This privacy statement is intended for those people whose personal data we process under our own responsibility (which makes us what is referred to in law as the “Data Controller”). This includes:
- people who visit our website or who have contacts with us in some other way;
- people who are in the employ of RINIS Foundation or who perform work contracted by RINIS Foundation and;
- people who conclude an agreement with us, either directly or on behalf of an organisation.
In addition, we also process personal data at the behest of government organisations and public service organisations, such as pension funds and health insurers (which makes us into what is known in law as a “Processor”). Our services enable these clients to carry out their legal duties. If we did not process your personal data for them, this might jeopardise the pay-out of benefits, allowances and retirement pensions. If you have any questions relating to these processing operations of personal data, please get in touch with us at (see point 9), so we may refer you to the appropriate organisation.
3. What are personal data?
Data which directly relate to a particular person or information which allows for that person to be identified are called personal data. Examples of personal data include your name, address, telephone number, citizen service number and e-mail addresses.
4. What do we do with your personal data?
We process your personal data whenever you contact us, either in writing or by phone, whenever you sign up for newsletters or events or where you are intending to enter into an agreement with us. In most cases, these data are directly supplied by yourself. In these instances, we will explain to you in advance that we will be processing your personal data and we will ask you for your consent.
We do not use automated decision-making procedures ('Profilng').
When you visit our website, we store information in the form of a 'cookie'. We only use these cookies to make sure the website is working properly. We do not use cookies to analyse or track your surfing behaviour ('Tracking'). Nor do we collect or transfer any personal data relating to you.
Your personal data are kept inside the EEA (European Economic Area). We use data systems (servers) that are located inside the EEA.
5. On which grounds does RINIS Foundation use my data?
We process your personal data only in the following situations:
- You have given your consent for us to use your personal data, for example at the time when you visited our website or where you completed a web form;
- We need to be able to use your personal data to enable us to prepare or perform an agreement we concluded with you, for instance where you provide services to or procure services from RINIS Foundation;
We do not process personal data at the behest of private commercial operators.
6. How do we protect your personal data?
We take the protection of your personal data very seriously. To this end, we have implemented appropriate technical and organisational measures as imposed by applicable laws and regulations (such as GDPR, UAVG and BIO) and in the agreements we have in place with our clients. Measures we have put in place include encryption and strict access authorisation, for example.
To enable us to prove the fact that we conscientiously handle your personal data with a keen eye on safety, we are ISO-27001 certified. The ISO-27001 standard is an exacting internationally recognised norm for data protection. We have also appointed an in-house supervisor who deals with all matters relating to the protection of your privacy, known as the Data Protection Officer (DPO).
7. How long do we store your personal data for?
Pursuant to the GDPR, we keep your personal data on record only for as long as strictly necessary to achieve the purpose for which your personal data were collected. Upon the expiry of the data retention period, your data are destroyed or anonymised. We will retain messages for longer only where we are required to do so pursuant to applicable laws and regulations or if so required by our clients.
8. What are my rights?
As an individual whose personal data we process, the law (GDPR) gives you a number of rights which you may exercise (in certain cases). These rights enable you to gain a better understanding of the processing of your personal data and the ways open to you to have a say in the way we do so. You have the right:
- to access your personal data (‘access')
- to correct your personal data ('rectification')
- to restrict processing operations of your personal data
- to object to the processing of your personal data for a particular purpose
- to have your personal data deleted ('erasure')
- to have your personal data transferred to a different organisation ('data portability')
- to withdraw the consent previously given
- to file a complaint
Further details regarding your rights are available to be consulted on the website of the Personal Data Authority (https://autoriteitpersoonsgegevens.nl/en). If you would like to exercise your rights, please get in touch with us.
9. Who to contact with any questions, comments or complaints you may have?
If you would like to exercise your statutory rights or if you have any questions or comments after reading the present privacy statement, please get in touch with us by sending an e-mail to privacy@rinis.nl. To exercise your rights, please use the same e-mail address. We will get back to you as soon as possible (within 5 working days at the latest). If you have a complaint about the way we process your personal data, or if you sent us an e-mail, only to be left feeling you did not get the assistance you are entitled to, you are entirely within your rights to file a complaint. You can do so in one of two ways:
- Directly with our in-house supervisor (the Data Protection Officer) at privacy@rinis.nl
- Or with the Data Protection Authority as the external supervisor. Please consult https://autoriteitpersoonsgegevens.nl/en for further details regarding the applicable laws and regulations that govern the protection of the personal privacy of citizens and businesses and on how to file a complaint.
We trust this privacy statement gives you the confidence and peace of mind that we process your personal data safely and correctly.