Introduction

In this privacy statement, we explain how Impact Orange Partners (IOP) handles your personal data. In order to be able to carry out our business activities, we process personal data. Personal data is any information that can be traced back to a person, directly or indirectly. Examples of personal data are name, date of birth and (email) address, but also an IP address and Citizen Service Number (BSN). We handle personal data in a careful and responsible manner, in accordance with the applicable (privacy) regulations (the General Data Protection Regulation). In this privacy statement, you will find information about which personal data we process and for what reason. Information about privacy rights is also included.

Where this privacy statement refers to personal data of customers, we also refer to the personal data of representatives or people who are connected to a legal entity with which IOP has or has had a relationship. Depending on the services you purchase or may want to purchase from us, other data may be processed from you.

Changes

We may amend this privacy statement from time to time to keep it up to date. If there is a material change in the privacy statement, we will inform you about this. The current version of our privacy policy can be found on our website at any time.

Security

It is very important to us that your and our information is secure. We have implemented appropriate organisational and technical measures to protect personal data against loss or unauthorised access and processing. In addition, we make agreements with third parties who process personal data on our behalf to also take such appropriate organisational and technical measures. In the event of a data breach, personal data can end up somewhere where it does not belong. We report data breaches to the Dutch Data Protection Authority. We will not do this if there is no risk for you. We will also inform you. We will do this if necessary in view of the risks you could run. Risks include identity theft or fraud. We will then provide you with information about what has happened and what consequences it has or may have. We will also tell you about the measures we have taken to limit any adverse effects.

Duration

In any case, personal data will be kept for as long as necessary in light of the purposes for which we process the data. How long we keep personal data varies. This is due to the fact that we are bound by legislation that applies minimum retention periods (e.g. included in the Money Laundering and Terrorist Financing (Prevention) Act). There may also be an operational reason why we retain personal data for a longer period of time. The basic principle is that we do not store personal data for longer than 7 years after the termination of the (customer) relationship. We store personal data of potential relations for a maximum of three years if there has been no contact. We may retain the personal data for a longer period of time if this is necessary to defend our interests in the context of (legal) proceedings. A supervisory authority may also require us to retain certain personal data for a longer period of time.

Legal rights

If your personal data is processed, you have (in certain situations) a number of privacy rights. These rights are as follows:

  • Right of access
  • Right to rectification
  • Right to restriction of processing of your personal data
  • Right to object
  • Right to erasure of data
  • Right to data portability

If you make use of one of the above rights, a written request must be made. In addition, you also have the right to file a complaint with the Dutch Data Protection Authority. The contact details of the Dutch Data Protection Authority can be found below:

Website: www.autoriteitpersoonsgegevens.nl/contact

Postal address: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag