privacy statement.

General
When networking, negotiating or entering into agreements with DEMCON, you may provide DEMCON with personal data. You may do so while representing your employer, for instance. DEMCON then processes the personal data that it receives. In this privacy statement, processing refers to collecting, storing, consulting, updating, protecting, destroying and, if necessary, sharing the personal data with third parties. Generally speaking, the processing of your personal data is necessary in order to contact you, also in the future, to comply with contracts and other agreements, to comply with the applicable laws and regulations, to keep you informed of important developments at DEMCON and to invite you to events organised by DEMCON. This will be further addressed in the remainder of this document.

The increasing volume of data processing has led to increasing awareness of the importance of the data protection. DEMCON therefore wishes to inform you about the processing of your personal data at DEMCON. This privacy statement has been drawn up for that purpose.

This privacy statement applies to all of Demcon’s business partners, such as (potential) customers, suppliers, (project) partners, visitors to the DEMCON website and/or participants in DEMCON events.

Controller

DEMCON consists of several companies. The processing of your personal data will mainly take place within the DEMCON company that you have a business relationship with. In addition, your personal data within the DEMCON group is processed by the following company:

DEMCON management & support B.V.
Institutenweg 25
7521 PH ENSCHEDE
Tel: 088-115 2000

Within DEMCON management & support B.V., most of the support services for the entire DEMCON group are centrally arranged. This includes finance, legal, PR & Communication and HR. Insofar as it is involved in the processing of your personal data, every company within the DEMCON group can be regarded as the controller and is therefore bound by this privacy statement. In case of questions about the actual processing of your individual personal data, please contact privacy@demcon.com.

Diligence and technical security
DEMCON handles your personal data diligently and takes sound technical and other security measures. DEMCON at all times complies with the statutory data protection regulations, including the European General Data Protection Regulation (Regulation (EU) 2016/679). For instance, DEMCON avoids unnecessary data processing, restricts access to personal data to a group of employees who need to process your personal data, uses only ICT systems that adequately protect your personal data, and has a detailed policy and protocol in place to prevent data leaks.

What personal data are processed?
Depending on the type of business relationship between you and DEMCON, different types of personal data may be processed. For example, different data is processed with regard to customers, than it is with regard to the visitors to the DEMCON website. DEMCON may process the following personal data:
a. surname, first name, initials titles, middle name and the name by which you are known;
b. date of birth and/or age;
c. place of birth;
d. sex;
e. contact details: address, telephone number and email address;
f. IP-address; and
g. special personal details: dietary requirements.

Purposes of the data processing
Your personal data are processed only for the following purposes:
a. performance of agreements with the company where you are employed;
b. negotiations on or processing of offers or inquiries of the company where you are employed;
c. taking (personal) safety measures during your visit at DEMCON premises;
d. projects and activities (including invoicing);
e. invitations to events organised by DEMCON or other parties;
f. PR/marketing/prospecting by DEMCON; and
g. making contact in response to a contact request (e.g. via website or during an event);
h. improvement of DEMCON operations.

Your personal data are not processed for any other purposes.

Duration of the data processing
Your personal data are processed no longer than necessary or prescribed by law. Data processing takes place throughout the customer/supplier/partnership relationship with you or with the company where you are employed.

If the customer/supplier/partnership relationship with you or with the company where you are employed ends, DEMCON retains your personal data for a period of seven (7) years after the end of the relationship. This retention is necessary to comply with applicable laws and regulations, as well as in connection with individual arrangements with you or your company.

If your personal data are not processed on the grounds of an (existing) customer/supplier/partnership relationship, DEMCON retains your personal data for a period of three (3) years after the personal data were provided. During this period, DEMCON can contact you for the follow-up on events, for providing information and/or reports and with regard to any contact request.

After that period, DEMCON destroys your personal data, unless DEMCON is obliged by law to store and/or process the relevant personal data for a period of time that is longer than the above mentioned period, or you give permission again for the processing of your personal data.

Sharing of personal data with third parties
Your personal data are shared only with employees at DEMCON who need to access your personal data in order to perform the agreement with you or insofar as necessary in order to contact you. DEMCON uses several software and other systems to keep proper central records. DEMCON has entered into agreements with the suppliers of those systems to protect your personal data. A list of the suppliers who currently have access to your personal data can be provided on request.

DEMCON’s finance department furthermore works together closely with accountants. On that ground your personal data (such as those stated in purchase orders of customers, purchase invoices, agreements, payment arrangements and various other supporting documentation) may be shared with accountants. DEMCON has entered into agreements to protect your personal data also in that context.

Your rights
You have the following rights with regard to the processing of your personal data:
a. the right of access to your personal data processed by DEMCON. You also receive a list of any third parties to which your personal data have been disclosed;
b. the right to rectification, if, for instance, DEMCON processes inaccurate personal data, such notice of as a change of address;
c. the right to erasure (the “right to be forgotten”). This does not apply if DEMCON is required by law to retain the personal data;
d. the right to restriction of processing of your personal data;
e. the right to data portability;
f. the right to withdraw permission for processing your personal data; and
g. the right to present questions or to object to DEMCON and, if your questions or objections are not handled to your satisfaction, to the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

If you wish to exercise any of these rights, please contact privacy@demcon.com.

Questions and complaints
If you have any questions, or if would like to file a complaint about the use of your personal data, you can contact DEMCON via privacy@demcon.com. DEMCON will answer your question and/or deal with your complaint to the best of its ability. If you feel that DEMCON is not helping you in the right way, you can contact the Dutch Data Protection Authority to submit a complaint. The contact details are as follows:

Personal Data Authority
PO Box 93374
2509 AJ The Hague.
www.autoriteitpersoonsgegevens.nl
088 – 1805 250

Governing law and amendments
This privacy statement is governed exclusively by Dutch law. DEMCON may unilaterally amend this privacy statement if its operations or a change in the law so requires.