How we handle your data and your rights – information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) This data protection information applies to the collection, processing and use of your personal information when using our website and its subpages, if you come to visit our premises or when you contact us in any other way.
Scheidt & Bachmann Nederland B.V. (hereinafter "we" or "Scheidt & Bachmann") takes the protection of your personal information very seriously and adheres strictly to the rules set down by data protection legislation. The following statement provides an overview of how Scheidt & Bachmann ensures this protection and explains which types of data we collect for which purposes.
1.2.1 Responsibility for data processing
Responsibility for processing your personal information lies with:
- Scheidt & Bachmann Nederland B.V., Maarssenbroeksedijk 11, 3542 DL Utrecht.
- E-mail: email@example.com
1.2.2 Data Protection Officer
You can reach our Data Protection Officer as follows:
- Scheidt & Bachmann Nederland B.V., attn. Data Protection Officer, Nederland B.V., Maarssenbroeksedijk 11, 3542 DL Utrecht.
- Telephone: +31 85 486 1500
- E-mail: firstname.lastname@example.org
1.2.3 Which data do we process and from what sources?
We process personal data which you provide to us voluntarily or in the course of using one of our services like our website. For further details, see the following paragraphs.
1.2.4 For what purpose do we process your data and on what legal basis?
We process your personal data for various purposes in line with the relevant data protection laws, in particular the GDPR and the Dutch “Algemene Verordening Gegevensbescherming (AVG)”. The following generally apply in terms of the purpose of data processing:
- Processing to perform contractual obligations (Art. 6 (1) lit. b GDPR),
- To protect legitimate interests (Art. 6 (1) lit. f GDPR),
- Based on your consent (Art. 6 (1) lit. a GDPR),
- And / or based on legal obligations (Art. 6 (1) lit. c GDPR).
For further details, see the following paragraphs.
1.2.5 Transfer of personal data to third countries
Scheidt & Bachmann Nederland B.V does not transfer personal data to third countries outside the European Economic Area (EEA)
1.2.6 Storage of data
We only process your personal data for as long as is necessary to serve the respective purpose of processing. In addition, we are subject to various storage and documentation obligations, including those arising from the Dutch fiscal laws. These obligations can apply for up to 7 years.
1.2.7 Your rights
Any data subject has:
- The right of access according to Art. 15 GDPR
- The right to rectification according to Art. 16 GDPR
- The right to erasure according to Art. 17 GDPR
- The right to restriction of processing according to Art. 18 GDPR
- The right to data portability based on Art. 20 GDPR
In order to exercise your above rights, use the contacts specified above in paragraphs 1.2.1 and 1.2.2.
If you have issued your consent for us to process your data, you can withdraw this at any time without any particular formal requirements. If possible, the withdrawal should be sent to the use the contacts specified above in paragraphs 1.2.1 and 1.2.2.
Users are also legally entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for Scheidt & Bachmann Nederland B.V is:
Autoriteit Persoonsgegevens, https://autoriteitpersoonsgegevens.nl/
1.3 Processing of personal data when visiting our website
In order to make visiting our website more attractive and allow the use of certain functions, we use so-called cookies on various pages. Cookies are small text files which are stored on your end device.
A cookie is an amount of data that our server sends to your web browser with the intention that it is stored.
Some of the cookies used by us are deleted when the browser session is finished, i.e. when the browser is closed (so-called session cookies). Other cookies remain on your end device and make it possible for us to recognise your browser again on your next visit (so-called persistent cookies).
You can set your browser so that you are informed when cookies are used and then decide in each individual case whether to accept them, or else you can rule out acceptance of cookies in certain cases or in general. You can delete cookies which have already been applied. If cookies are not accepted, the functionality of our website may be limited.
- Session ID
1.3.2 Automatic collection of access data/ server log files
When you visit our website, the following set of data is automatically stored relating to each access:
- IP address
- Browser type / version
- Operating system used and resolution
- Previously visited website
- Time and frequency of server request
The personal data in log files is processed based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the easier administration of our website and the possibility of identifying and pursuing hacking.
1.3.3 Google Analytics
However, in case of the activation of IP anonymization on this website, your IP address is first abbreviated by Google within the member states of the European Union and in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website.
Google uses this information to analyse your use of the website so as to compile reports on website activities for website operators and provide other services for the website operator connected with website use and internet use. Google does not link the IP address transferred by your browser in connection with Google Analytics to other data.
You can prevent the saving of cookies by making the appropriate setting in your browser software; however, we would like to point out that if you do so, you will not be able to use the full range of functions offered by this website. You can also prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being transmitted to Google and you can prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=nl).
Processing of personal data by Google Analytics is based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the analysis and use of our website.
On our website you will find contact forms which can be used to make contact electronically. Alternatively, it is possible to contact us via the e-mail addresses provided. If you contact us via one of these channels, we collect the personal data you have entered and sent to us.
If you use the contact form, the personal data recorded comprises the master data entered (required fields: form of address, last name, e-mail address, country; voluntary fields: first name, company, telephone number) and potentially any other personal data entered by you in the field labelled “Message". If you contact us directly by e-mail, we record your e-mail address and any personal data included in the text of the e-mail.
Should it be necessary to answer your inquiry, we will pass on personal data to group companies.
Processing is carried out based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in customer care and the ability to reply to messages sent to us.
1.3.5 Visitors of our “Restitutie website”
For those visitors that have encountered a problem after having used one of our “OV-chipkaart Oplaad apparaten”, we refer to our “Restitutie website” ( www.sb-ov.nl ) for any specific privacy rules that may be applicable, next to those stipulated here.
1.4 Visitors of our company premises
1.4.1 Video surveillance
A video surveillance system is operated to monitor the company premises. The purpose of the video surveillance of the employee / company parking spaces, the entrances and exits to the company premises, is to protect the company premises and its facilities, the people and the objects which are on them. In addition, the purpose of video surveillance is to increase the sense of security of the people staying at these places, to deter people who are willing to commit vandalism, to prevent crime and to preserve evidence for the effective prosecution and enforcement of criminal and civil claims of both the responsible person and the employees.
Video surveillance is carried out on the basis of our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR and Sections 4, 26 (4) BDSG: exercise the right to determine who shall be allowed or denied access, protection of property, people, objects and facilities located on the company premises; protection against criminal offences; assertion of civil law claims for damages by the controller and his employees; on the basis of a collective agreement in the case of processing personal data of employees.
However, it must be assumed that the interest of the person responsible or of a third party in video surveillance does not unduly interfere with the rights and freedoms of natural persons, in particular since the latter are made aware of video surveillance. Video surveillance is necessary and suitable to fulfil the intended purpose and is also the mildest means in this respect. Video surveillance is quite suitable to deter possible disturbers / perpetrators.
1.4.2 Access to the company premises
When we grant you access to our premises, we need personal information for communication, the provision of information and services, and for the purposes associated with the relationship. Your personal information will be collected either directly from you by the gatekeeper or through your contact person with us.
The following data categories can be collected and processed:
- Identification data such as surname, first name, company, license plate number, special authorizations (for truck drivers) to identify you as an authorized visitor,
- Addresses and contact data such as postal address, e-mail addresses, telephone number and, if applicable, organizational data such as company, department, function, in order to be able to contact you if, for example, questions need to be clarified, information needs to be exchanged, appointments need to be made or access to the Internet is set up for you.
- Time recording, e.g. on company premises or for the provision of services in order to be able to bill services.
- Video/image data, e.g. for monitoring the publicly accessible areas of the company premises and certain areas on the company premises, in order to monitor our domestic rights and to secure our property and that of third parties.
The legal basis for the processing of personal data is the protection of our legitimate interest on the basis of Art. 6 (1) lit. f GDPR: Enforcement of our right to determine who shall be allowed or denied access rights; granting access to the company premises only to authorized visitors; protection of property, people, objects and facilities located on the company premises; protection against criminal offences; assertion of civil law claims for damages by the person responsible and by third parties.
1.5 Final notes
We use technical and organisational security measures to adequately protect your personal data managed by us against accidental or intentional manipulation loss, destruction or against access by unauthorised persons.
1.5.2 Validity and timeliness of the data protection declaration
This Data Protection Declaration is dated as of February 2020 and is effective for as long as no updated version replaces it.
Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Declaration. We reserve the right to change the Data Protection Declaration at any time with effect for the future. We recommend that you re-read the current Data Protection Statement from time to time.
1.6 Information on your right to object
Information on your right to object according to Art. 21 General Data Protection Regulation (GDPR)
You have the right at any time to object to personal data relating to you being processed based on Art. 6 (1) lit. f GDPR on grounds relating to your particular situation (data processing based on a balancing of interests); this also applies to any profiling based on this provision as defined by Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data, unless we can prove compelling, legitimate grounds for processing which override your interests, rights and freedoms or if the processing serves the enforcement, exercise or defence of legal rights.
In individual cases, we process your personal data for the purpose of direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is has to do with such direct advertising.
If you object to the processing of data for the purpose of direct advertising, we will no longer process your personal data for this purpose.
There are no particular formal requirements for filing the objection; if possible it should be sent to the contacts specified above in clauses 1 and 2 under Part I – General of this data protection notice.
Page last modified on: 22.12.2020 - 14:52 pm