GDPR / AVG legislation
From 25 May 2018, every European company must comply with the GDPR (General Data Protection Regulation) regulations, which will be implemented in Dutch law as the AVG (General Data Protection Regulation). The purpose of this law is to protect natural persons, in connection with the processing of personal data.
Where the term GDPR is mentioned in this document, this can also be replaced by the term AVG.
Definition of personal data
What do we mean by personal data in the context of Presis' services?
Data that can be traced back to a natural person.
This includes: name, e-mail address, personal/business home address, account number, credit card number and religion.
Pseudo personal data (indirectly identifiable personal data)
Not reducible to a natural person without additional information.
This includes requesting an extract from the Chamber of Commerce
The GDPR legislation applies to natural persons and not legal entities and is therefore set up by Presis with that objective in mind.
What data does Presis store and for what purpose?
As you will understand, Presis stores data from its customers. The data stored varies from one customer to another. Presis' purpose in storing customers' data is to be able to carry out its services. In case the customer is a natural person, we store the following data:
- E-mail address
- Fixed and/or mobile phone number
- Address, postal code and city
- Bank account number
We need this data to record all agreements relating to the performance of our services in a legally valid service agreement. These agreements are the customers' order confirmation to Presis. In addition, we need this data to be able to correctly carry out our financial administration and produce legally valid invoices.
How do we keep your data safe?
Presis has taken measures to keep your data optimally protected.
Presis works with Google Workspace as standard office automation. The privacy and security of this is guaranteed by Google. More information can be found here.
Use of computers, smartphones and tablets
We use laptops to carry out our work. Our laptops are equipped with the following security measures: password protection with a local access password, encryption on the local hard disk and installed anti-virus software and webshield software.
Presis' website (www.presis.nl) is secured with an SSL certificate, so data stored via the website is also well protected.
Chat, Administration package, Mailchimp, self-developed web apps
The other applications used by Presis are web applications that have been tested for security. These providers have GDPR policies, secure connections, identity management and encrypted databases.
Personal data must not be kept longer than necessary. The determination of the retention period depends on the purpose for which Presis collected the data and any legal obligations to retain data.
Protocols relating to the GDPR
Protocols have been established to implement the procedures, which fall within the legal provisions of the GDPR. These protocols relate to data of natural persons and are aimed at answering questions regarding access, modification and/or deletion of personal data.
For this purpose, an e-mail sent with the concrete GDPR request can be sent to firstname.lastname@example.org. Such a request will then be complied with by Presis within 30 days.
Presis also cooperates with other companies to best serve its customers. Presis has concluded a processing agreement with every other company with which Presis cooperates and which stores personal data of customers. These companies thus comply with the requirements of the GDPR and maintain the same level of security.
In the event of a data breach, this will be recorded internally and Presis will consider whether there is a legal obligation to inform the Personal Data Authority and data subject(s) within 72 hours of knowledge.
Responsible officer and contact
Presis has appointed a DPO (Data Protection Officer), who is responsible for data protection. For questions or comments regarding the Privacy Statement, please contact the DPO (Data Protection Officer). The contact details are:
- Kees-Jan Diepstraten
Amendments to this Privacy Statement
The last change to this Privacy Statement was made on: 2 May 2018.