Florijnz takes privacy very seriously and takes the necessary measures to ensure the privacy of individuals. This document sets out how Florijnz handles personal data and what measures have been taken.
Florijnz does not collect special personal data, does not observe people and is not a government agency. Therefore, there is no need to appoint a Personal Data Officer. Also (given the data that is collected) a so-called PIA (Privacy Impact Assessment) is not required.
The note AVG Florijnz is shared with the employees and (associate) Partners as well as the procedure Reporting Data Breach (Annex 1).
What data is recorded by Florijnz, why and how does Florijnz handle this data.
- What personal data are collected?
- Where are they kept?
- Why are we recording this?
Customers, potential customers and parties with whom we work.
Florijnz collects information from customers, potential customers and parties with whom we work together or with whom we intend to work together (collectively called 'organizations') for commercial purposes. Of contact persons within the organizations only strictly necessary information is recorded such as: - name - business address - business telephone numbers (landline and mobile) - business e-mail address
This data is saved in excel sheets and other documents and stored on Google Drive. This Google Drive is only accessible to (associate) partners and employees on a 'need to know' basis. Data is also stored on the mobile phones of the (associate) partners and employees. Florijnz sends out a Newsletter 4 times a year and makes use of the email addresses that (potential) customers have provided to Florijnz. Florijnz ensures that permission to send this newsletter is obtained from the addressee. Laptops and phones are protected with an access code and with respect to mail (Outlook) a 2-step verification is used.
Florijnz also collects information from its customers in the context of an assignment. Here, only the strictly, for the transaction, necessary information is collected. If for the purpose of the order personal information is needed from the customer, then the strictly necessary information is provided. This will be an exception, as in almost all cases the information traceable to a person will be deleted. In all cases a statement is signed by the receiving party whereby the party is forced to maintain strict confidentiality. Data is stored on Google Drive with limited access (need to know).
For sharing confidential information about the transaction, Florijnz uses a so-called virtual data room. Preferred supplier of Florijnz is Virtual Vaults. Florijnz prepares a processing agreement with the supplier. After completion of the transaction, the parties (buyer and seller) receive a USB or DVD that is secured by encryption and meets (current) stringent requirements (source website Virutal Vaults).
Employees , interns and potential employees/trainees
In addition, Florijnz collects data from potential employees and interns and stores them according to legal requirements. Of employees and interns is the legally permitted and required information kept in a secure folder on Google Drive, which is only accessible by the partners. This data includes: - Private address - Private telephone number - Private email address - Copy of identification document - Phone number of partner/family in connection with accessibility in the event of an emergency
After leaving the company, the data is stored in accordance with the maximum period and then deleted.
CVs of applicants (employees and interns) are stored on Google Drive and in Outlook. CVs of potential employees (applicants) are kept for a maximum of 4 weeks, unless otherwise agreed with the applicant.
Cleaning up Google Dr ive/cleaning. Once an assignment is completed, the Google Drive is cleaned. This means that information/data that is no longer needed is removed from the drive.
Parties that process data on behalf of Flor i jzn In Appendix 2 is the overview of parties that process data on behalf of Florijnz. A Processing Agreement is entered into with these parties.
Website www.florijnz.com and social media
Florijnz has a website with url www.florijnz.com as one of its manifestations to customers, potential customers and other interested parties. Florijnz collects no personal data through this website and through a privacy statement the visitor is informed of this. Regarding social media, Florijnz uses Facebook. LinkedIn and Twitter. Through these channels, no personal data are collected.
Let individuals know what we are storing
Florijnz collects no special personal data. For sending the Newsletter, explicit permission is requested (opt in). Employees are informed in advance what personal data is stored.
Reporting a data breach
We speak of a data breach when personal data falls into the hands of third parties who should not have access to that data. A data leak is the result of a security problem. In most cases it concerns leaked computer files or client data. Other examples include cyber attacks, misdirected e-mail, stolen laptops, discarded non-cleaned computers, and lost USB sticks.
A data breach should always be reported. Appendix 1 of this memo describes the procedure.
- Who within Florijnz a data leak must be reported to; - Who else within Florijnz must be informed; - Who checks what has been leaked; - How the consequences for the persons whose personal data has been leaked are mapped out; Reports can be made digitally at the reporting desk of the Authority for the Protection of Personal Data: http://datalekken.autoriteitpersoonsgegevens.nl