This privacy statement applies to the processing of personal data by Medace B.V., Gaetano Martinolaan 63-65, 6229 GS Maastricht as the ‘party responsible for processing’, hereafter to be called Medace or referred to as ‘we/us/our’. When you visit our website or purchase our goods or services, we process your personal data. We do this to help you as best we can and to achieve our goals. This statement will describe how we process your data and our aims in doing so. We will also explain how you can exert control over the process.
What we do
Medace offers a working environment where entrepreneurial researchers transfer into researching entrepreneurs. We collect and use data for no other purposes than described in this private policy unless we have received your permission to do otherwise. Medace will only provide the data to third parties who are involved in the process of our services. In some cases, your data will be shared internally but our personnel signed a non-disclosure contract to respect the confidentiality of your personal data.
What personal data do we process?
Personal data is all data that provides information about you as an identifiable person; it says something about who you are. We ‘process’ this data when we store, look at, share, send or remove it, etc. If you enter into an agreement with Medace and/or sign up for emails or request a quote or any other information via the website or perhaps by telephone, we ask you to fill in your company details and/or contact details. We can combine the information that you complete on our website or supply us with on the telephone with previously given data, as well as with data automatically harvested by using cookies and other technical means, provided of course you have given us permission to do so. For example, we can retrieve your IP address, actions you have performed on the website, the operating system you use or what you downloaded from the website. In fact this concerns all details we can connect with you, directly or indirectly. We have a separate cookies statement.
The specific personal data we process is:
· Email address, opt-in for e-mailings
· Company and position
· Contact history
· Surfing behaviour
· If you receive emails from us, we register your interactions (opening and clicking behaviour)
We do not process specific personal data such as your faith, race, political or sexual orientation, criminal data, beliefs, membership of a union or biometric/genetic or medical background without you giving explicit permission to do so.
Why do we process this data?
Our aim is to market products and/or services to you, therefore in the first instance we use your personal data to identify and communicate with you. The legal basis for this is article 6 paragraph 1 sub b of the General Data Protection Regulations.
We also use your personal data within the framework of marketing activities if we consider this is relevant to you as our client. Good examples are special offers and ads centred on your personal interests or to participate in research or questionnaires. The legal basis for this is article 6 paragraph 1 sub f of the General Data Protection Regulations.
When we request your personal data, we will make it obvious per situation whether providing us with certain data is necessary or obligatory, and what the (possible) consequences are if this data is not provided. The starting point here is that Medace will not process more data than necessary for the described purposes.
Exchange with third parties
We will never supply, sell, let or lease your personal data to third parties, unless obliged to do so by legislation or you have given us your prior permission to do so. We use service suppliers to perform certain services for us. These are not ‘third party receivers’ but ‘processers’. These processers do not use the data for their own objectives and process the personal data solely in agreement with and by assignment by Medace.
We work with the following processers:
Automated decision-making and profiling
Medace does not use automated decision-making and/or profiling.
We store your data no longer than is necessary for one of the objectives we have described. Storage periods can vary, according to legislation. You can be assured that we erase all personal data we no longer need to process two years after the date of last contact between you and Medace. However, we also have the option of anonymization in place of erasing if this is required for our statistics purposes for example.
Personal data security
Medace has taken appropriate technical and organisational measures to secure personal data against interference or loss or any other form of unlawful processing, including:
· Our website and software possess SSL certification which gives visitors and users the guarantee that (personal) data is sent via browsers using HTTPS. This means the information is encrypted and secure. For example SSL (Secure Sockets Layer) is also used for online transactions (with credit cards).
· Medace has taken extensive measures to cover the procedure in the event of a data leak. More significantly however: various technical and organisational measures are in place to prevent data leaks. We use reliable systems that meet with all privacy legislation when sending email. In addition, we have processing agreements in place with our suppliers. The CRM system in which we store our clients’ personal data also meets with privacy legislation and we do not store more information than is necessary. Our clients’ websites are managed by a reliable hosting party and we ensure the CMS system we use is regularly updated. In the process, as a protection against hackers, we monitor and block IP addresses we consider unsafe.
· Medace has an appointed data protection officer, whose task it is to supervise personal data processing within our organisation.
Rights you can exercise
If we process your personal data, then you have the right to control this process as part of your privacy protection. You can for example request sight of the data we hold on you and rectify any errors if you spot one. We can grant your objection or right to be forgotten if it appears that processing is no longer appropriate in the way we do it.
Whatever your request, contact us and we will do our best to help you, at no cost to you. You can get in touch with us using the contact details below. Please note that in some instances we will be unable to honour your request, as processing such data by us is necessary. Examples include when a transaction has not been finalised or the financial data we are obliged to store to comply with legislation. If this is the case, then the burden of proof lies with Medace and we will explain this to you. When withdrawing permission for or objecting to direct marketing, we will always honour your request. Finally, you are also entitled to data transferability if this is technically feasible and if this does not involve disproportionate costs to us.
Finally, we would like to make clear that as a so called ‘party responsible for processing’ we are obliged to identify the person making a request and will therefore request and require additional information. In all instances we will react to a request within four weeks.
Medace reserves the right to amend this statement as and when required. Any amendments will be implemented on this page. The most recent amendments were made on September 16, 2019. All amendments will be made known on our website. Medace can process your personal data for new purposes that have not yet been made known to you. In the event of this we will contact you prior to using your personal data for these new objectives, to inform you of the amendments to the protection of personal data and to offer you the opportunity to refuse.
Gaetano Martinolaan 63-65
6229 GS Maastricht