ALLIANCYS (and its Related Entities and Related Bodies Corporate is committed to protecting the privacy of personal information obtained through its operations as a professional services firm. ALLIANCYS is bound by AVG/GDPR regulations. The purpose of this policy is to generally inform people of: how and when we collect personal information and personal data; how we use and disclose personal information and personal data; how we keep personal information and personal data secure, accurate and up-to-date; how an individual can access and correct their personal information and personal data; and how we will facilitate or resolve a privacy complaint.
The Dutch AVG/GDPR Principles apply to personal information, that is, information or an opinion (whether true or not) relating to an identified individual or which can be used to reasonably identify that individual. Please note that information about companies is not personal information. However, the principles will apply to an individual who is carrying on a business as a sole trader. All ALLIANCYS offices in Europe are subject to policies and procedures that seek to ensure that the organization complies with the Dutch Privacy Principles.
The kinds of personal information we collect and hold
Disclosure of Personal Information
ALLIANCYS will ordinarily make the following disclosures of your personal information where it is necessary to support the delivery of the client services or other related activities: third party service providers utilized in connection with any administrative matters; service providers (including IT service providers and consultants) who assist ALLIANCYS in providing or marketing our services; related entities and related bodies corporate of ALLIANCYS; third parties in connection with the sale of any part of ALLIANCYS’ business; our contractors and agents; Where ALLIANCYS is required by law to provide personal information so that ALLIANCYS complies with court orders, subpoenas or other legislation that requires us to provide personal information (for example, a garnishee order). If we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety; If we have reason to suspect that unlawful activity has been, or is being, engaged in; or If it is required or authorized by law. Should it be necessary for ALLIANCYS to forward personal information to third parties outside the firm, we will make every effort to ensure that the confidentiality of the information is protected. In the event we propose to disclose such personal information other than for the reasons set out in this policy, we will first notify you or seek your consent prior to such disclosure. If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us via the details set out at Section 9 and we will ensure the relevant communications cease.
You give your express and informed consent to us using your personal information set out in Section 3 where that information relates to the provision of services to you or marketing activities to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party products, services, and events) which we consider may be of interest to you, whether by post, email, SMS, messaging applications and telephone (Direct Marketing Communications). If you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you Direct Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information for the purpose of sending you Direct Marketing Communications which we consider may be of interest to you. If at any time you do not wish to receive any further Direct Marketing Communication, you may ask us not to send those to you or disclose your information to other organizations for that purpose by using the “unsubscribe” facility in the Direct Marketing Communications.
How we store your personal information
ALLIANCYS may at times use and disclose personal information about an individual for the “primary purpose” of collection (i.e. the dominant or fundamental purpose for which that information is collected). As well as abovementioned purposes, that “primary purpose” includes facilitating our internal business processes, communicating with clients, prospective clients and other external parties, providing ongoing marketing information about our products and services, complying with our legal obligations and dealing with enquiries and complaints. In certain circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where a client would reasonably expect us to and the purpose is related to the purpose of collection). Sensitive information Sensitive information is a subset of personal information. It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organization, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates. Our policy is that we attempt not to collect sensitive information about our clients or prospective clients, however that may not always be possible. If any of our clients or prospective clients elects to provide us with any sensitive personal information, we will take all reasonable steps to ensure that the sensitive information is securely protected. In the event we propose to use such personal information other than for the reasons set out in this policy, we will first notify you or seek your consent prior to such use.
How we use your personal information
Once we collect your personal information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third-party service provider who have taken reasonable steps to ensure they comply with the AVG/GDPR Privacy Act. ALLIANCYS will take all reasonable steps to protect against the loss, misuse and/or alteration of the information under its control, and that the information it holds is accurate, complete and up to date including through appropriate physical and electronic security strategies. Only authorized ALLIANCYS personnel are provided access to personal information, and these employees are required to treat this information as confidential. We may need to maintain records for a significant period of time. However, when we consider information is no longer needed, we will destroy or permanently de-identify these records. Our policy is that all electronic records are only stored within Europe whenever this is commercially feasible. However, on occasion, a limited number of specialist software applications may involve the storage of personal data at an overseas location where a suitable alternative is not available. We presently disclose some information to the jurisdictions in Section 6 of this policy in limited circumstances. ALLIANCYS will only store data with an external provider if a technical assessment of a service provider’s security protocols is considered to meet or exceed the level of security that ALLIANCYS could apply if the electronic data were to be stored in ALLIANCYS’s own in-house systems and where we are satisfied that ALLIANCYS is able to meet its commitments under Dutch Privacy Legislation.
Accuracy of personal information
ALLIANCYS will take all reasonable steps to make sure that any personal information collected, used or disclosed is accurate, complete and up to date. As the accuracy of personal information largely depends on the information that you provide to us, we request that you advise us of any errors in or updates require to your personal information. If you believe that the information we hold about you is inaccurate or out of date, they may contact our Privacy Officer (refer Section 9) and we will update the relevant information accordingly.
Access to personal information
Under the Dutch Privacy Principles, you have the right to request access to any personal information that we may hold about you and to advise us if the information should be corrected. The Dutch Privacy Principles set out the circumstances when we can refuse those requests. If we do refuse your request, we will provide you with a written notice that sets out the reasons (unless it would be unreasonable to provide them to you). Subject to our right to refuse access, ALLIANCYS will provide you with a report that lists any personal information that we may hold about you. Our policy is to provide written acknowledgement of our receipt of any request for access to personal information or a request for correction of personal information within 7 days of the request being received. We will then provide a written response within 30 days of our receipt of the request. If you would prefer to submit a privacy request using a pseudonym or otherwise keep your identity secret, ALLIANCYS will do its best to support that request if it is feasible to do so under the circumstances.
We have put in place an effective mechanism and procedure to resolve privacy complaints and enquiries. We will ensure that all complaints and enquiries are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision (in respect of a complaint). If you wish to make an enquiry about your personal information at ALLIANCYS, or make a complaint because you believe that we may have breached the Dutch Privacy Principles or a privacy code that applies to us, please email our nominated Privacy Officer at firstname.lastname@example.org In order to resolve a complaint, we: will liaise with you to identify and define the nature and cause of the complaint; may request that you provide the details of the complaint in writing; will keep you informed of the likely time within which we will respond to your complaint; and will inform you of the legislative basis (if any) of our decision in resolving such complaint. We will respond to each request within a reasonable time. We will also maintain a record of your complaint in a Register of Complaints. If a party has lodged a complaint with ALLIANCYS and is not satisfied with our response, they may contact the Dutch AVG Office.
Consent, modifications and updates
This policy is a compliance document prescribed by law rather than a legal contract between two or more persons. However, certain contracts may incorporate all, or part, of this policy into the terms of that contract. In such instances, ALLIANCYS may incorporate the terms of this policy such that: certain sections or paragraphs in this policy are incorporated into that contract, but in such a way that they do not give rise to contractual obligations onto ALLIANCYS, but do create contractual obligations on the other party to the contract; and the consents provided in this policy become contractual terms provided by the other party to the contract. By using our website, engaging us to provide you with services, where you have been provided with a copy of our policy or had a copy of our policy reasonably available to you, you acknowledge and agree that you: give the consents given by you in this policy; and have been informed of all of the matters in this policy. We reserve the right to modify our policy as our business needs require. We will take reasonable steps to notify you of such changes (whether by direct communication or by posting a notice on our website). If you do not agree to our continued use of your personal information due to the changes in our policy, please cease providing us with your personal information and contact us via the details set out at the Section 9 of this document.