Oesterbaai aims to create trust, which is why your privacy is important to us. In this privacy statement, we will explain to you what kind of personal data we collect, how we collect it and what we use it for. Oesterbaai offers a wide range of services, to all of which this statement applies. This statement is regularly reviewed and updated as our products and services may evolve. Oesterbaai invests in securing your privacy by enhancing knowledge, professionalism and ethics among its employees and contractors, and takes steps to ensure adequate protection for your personal data.
Who are we?
We are one of the major global players in the TIC market (Testing, Inspection, Certification).
What personal data do we collect?
Oesterbaai collects personal data to enable us to provide you with our products and services. Personal data collected vary with the nature of the product or service we provide or may provide you with. Commonly, this includes among others your name, contact data such as email address, phone or mobile phone number, (business) location and the country you live in. Sensitive information is only processed when explicitly required and within the constraints of the law. You provide some of this data to us directly by subscribing to newsletters or other regular information from Oesterbaai, by requesting offers for products or services from us or by taking delivery from products or services we offer. We also get some of your data by using tracking cookies on our public websites. Incidentally we may also receive data from third parties, e.g. when your employer registers you for certain training sessions or certifications.
What do we use personal data for?
Oesterbaai has a policy of collecting only personal data which are necessary for processing. We will process your personal data only with your consent or in cases of necessity, such as the execution of a contract, legal obligations, carrying out a task in the public interest or for our own legitimate interests.
We need your personal data for one or more of the following business purposes:
- the assessment and acceptance of a customer, supplier or business partner;
- the development and improvement of products and/or services;
- the conclusion and execution of agreements with customers, supplier and business partner;
- relationship management and marketing;
- business process execution, internal management and management reporting;
- health, safety, security and integrity;
- compliance with law;
- the protection of the vital interests of individuals.
If and when the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time.
Where is your personal data stored?
Oesterbaai makes use of three main ways of processing your personal data: in our datacenter, online with major providers, and for specific products and services using applications (cloud) provided by selected third parties. Oesterbaai has a strict security policy to ensure adequate security of your personal data. When we use an online provider we choose to work with industry leaders – or other parties who comply with EU law and who have extensive security and privacy measures in place. The storage period of your personal data depends on the type of process for which it is needed. For many of our products and services, your personal data are part of a continuous process, which is why your personal data will be stored until that process terminates. In all other cases, your personal data will be deleted without undue delay when it has served its purpose, unless any kind of legal storage period is applicable.
With whom do we share personal data?
Oesterbaai generally does not share data with others that collect and use personal data for their own (business) purposes. If needed to provide you with products and services by Kiwa, third parties may receive data from us about you. We may share your personal data with others who are related to our products and services. Personal data of a sensitive nature is generally not shared unless the strict exemptions of the law are followed or in case of emergency where your vital interests are best served by sharing relevant information.
Who can access your data?
Oesterbaai provides limitation of access internally, and we expect third parties to equally limit access to your personal data on a ‘need to know, right to know’ basis. That is, only those who actually actively need to process your data are allowed to do so. Right to know means we only entrust working with personal data to persons we can put trust in, and being entitled to access such data. We extend this towards our suppliers or third-parties we work with.
Your rights as an individual
The General Data Protection Regulation (GDPR) provides you with a set of rights. These individual rights are stated in the GDPR and will be respected by Oesterbaai. These rights include the right to be informed where personal data are collected, the right to access and the right to rectification of your data if and when it is inaccurate. Also, under specific circumstances mentioned in the GDPR, you may request erasure of your personal data or restrict the processing of it. Furthermore, you have the right to object to the processing of your personal data, or to being subject to automated decision making and profiling. Lastly, you have the right to data portability. In addition to these rights, you have the right to lodge a complaint with the Data Protection Authority.
About this privacy statement
The version of this Kiwa Privacy Statement was created in May, 2018.
We will update this privacy statement if any changes apply. If there are any material changes to the statement or in how we will use your personal data, we will either notify you by prominently posting such changes on our website or by directly sending you a notification. In the event of a conflict between this privacy statement and the terms of any agreement(s) between a customer and Oesterbaai, the terms of those agreement(s) will control.