In the context of our activities and your business relationship with us, we will collect, hold, use and/or otherwise process personal data about you.
Based on applicable data protection and privacy law, such as EU General Data Protection Regulation 2016/679, GDPR, CJP Europe B.V. (“CJP”) qualifies as individual ‘controller’ with respect to the personal data which it collects and processes about you. CJP will hereinafter be referred to as: ‘we’ or ‘us’.
We understand that your privacy is important and that you care about how your personal data is used. We respect and value your privacy and will only collect and use personal data in the manner and for the purposes as described in this document and that is consistent with our obligations and your rights under the applicable legislation and regulations. By entering into a business relationship with us and by sharing your personal data with us, you acknowledge and understand that your personal data will be processed by us in accordance with this Privacy Notice.
Information about us
CJP Europe B.V.
Registered in the Netherlands under company number 80116035
Address: Kingsfordweg 151, 1043 GR Amsterdam, the Netherlands
What does this Privacy Notice cover and whose personal data do we process?
This Privacy Notice is intended to ensure compliance with the GDPR and the Dutch GDPR Implementation Act (UAVG).
This external Privacy Notice is relevant for anyone whose personal data we may process in the context of our (business) activities, including but not limited to directors, authorized representatives, employees and/or (other) contact persons of our current and former clients, contracting parties, business partners and/or service providers and users of our corporate website (www.safeguard-locks.com) (hereinafter also referred to as: ‘you’). This Privacy Notice is not relevant for employees and job applicants.
This Privacy Notice explains on what legal basis we may process your personal data and:
- what personal data we collect;
- for what purposes and how we may use/process such personal data;
- how we collect the personal data;
- how we store the personal data;
- for what period we store the personal data; and
- what your rights are under the applicable data protection and privacy legislation.
We encourage you to carefully read this Privacy Notice. From time to time, we may need to update this Privacy Notice. This may be necessary, for example, if the law changes or if we change our business in a way that affects the way we process personal data. The most recent version of this Privacy Notice will always be available on our website (www.safeguard-locks.com). You may also ask us to send you a copy of the most recent version of this Privacy Notice.
In the event that the Privacy Notice will materially and/or substantially change, we will actively inform you of this change and provide you with the new version of the Privacy Notice.
Note: Where you provide personal data to us which relates to another individual than yourself (for example of the legal representative of the company you are representing), please provide the concerned individual with (a copy of) this Privacy Notice before providing us with his/her personal data.
What personal data do we collect and how do we collect this personal data?
We collect personal data in various ways:
- Directly from you, for example when you provide us with your personal information by telephone, email or other correspondence;
- Directly from you, for example when you engage in business with us;
- From third parties, for example agents, advisors, intermediaries, custodians of your assets, tax authorities, credit agencies, governmental and competent regulatory authorities;
- From the company you work for (in case the client/contracting party is a legal entity);
- From other companies of the corporate group that CJP belongs to;
- Otherwise, for example, from public sources such as the trade register, public directories or your website;
- When you visit our website (www.safeguard-locks.com) and use the contact information provided on this website to get in touch with us.
We collect or process some or all of the following personal data:
- Name, date and place of birth;
- Contact details, including but not limited to addresses, telephone numbers and email addresses;
- Anti-money laundering identification (including passport or drivers’ license) and verification documentation and, if applicable, additional information for any individual regarded as a politically exposed person;
- Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details and tax identification number;
- Information about your employment, education, family, your (criminal) background or personal circumstances, and interests, where relevant;
- Excerpts of registers (public or not, for example excerpts from the Chamber of Commerce).
Legal bases for processing
The following legal bases shall apply with respect to the processing of these personal data:
- The processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract with us (for a natural person who is the data subject), such as further detailed in paragraph 6 section (a);
- The processing is necessary for compliance with legal obligations to which we are subject, such as further detailed in paragraph 6 sections (b) and (c); and
- The processing is necessary for the purposes of the legitimate interests pursued by us, such as further detailed in paragraph 6 sections (d), (e), (f) and (g).
We will only process your personal data on the basis of consent if this has been explicitly stated. If any kind of processing is based on your consent, we hereby inform you that you have the right to withdraw your consent at any time by contacting us via the contact details mentioned in paragraph 13, without affecting the lawfulness of processing based on consent before its withdrawal.
We do not seek to collect or otherwise process your sensitive personal data.
There may however be other exceptional occasions where we may need to process your sensitive personal data or information relating to a criminal background namely where:
- (i) the processing is necessary for the detection or prevention of crime (including the prevention of fraud, money laundering or financing of terrorism) to the extent permitted by applicable law or regulation;
- (ii) the processing is necessary for the establishment, exercise or defence of legal rights.
Purposes for processing
We process your personal data for the following purposes:
- to provide our services to you and/or to comply with contractual obligations;
- to comply with other regulatory, fiscal, tax information reporting, and other legal and regulatory obligations;
- for the purposes of our internal administration;
- to deal with any complaints or feedback you may have;
- for establishing, exercising and defending our legal rights;
- to monitor and record telephone and electronic communications for:
- quality assurance, business analysis, training and related purposes in order to improve our service (callers are advised beforehand if their telephone call will be recorded and recordings are subsequently edited to ensure that no personal data is revealed and the identity of the caller and as much as possible the voice of the same caller are rendered non-identifiable)
- ensuring accuracy and proper performance of your instructions;
- investigation and fraud prevention purposes, crime detection, prevention, investigation and prosecution; and
- exercising and defending our legal rights.
How long will we keep your personal data?
We will not keep your personal data for a longer period than is necessary in light of the purposes for which we process them (we refer to the purposes as listed above in paragraph 6).
Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will keep the personal data for longer periods.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we had collected it (that is, the ongoing performance of your business relationship with us) and, thereafter:
- for the purpose of satisfying any legal, accounting, tax and regulatory reporting requirements or obligations to which we may be subject; and/or
- to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.
In some circumstances you can ask us to delete your data. See Request erasure below for further information.
How do we protect your personal data?
We have implemented the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Further, we seek to ensure that we keep your personal data accurate and up to date. In that respect we kindly request that you actively inform us of any changes to your personal data (such as a change in your contact details).
Do we share your personal data?
In the context of the purposes as listed above in paragraph 6, we may share your personal data with third parties in the following situations:
- to our affiliates for the purposes of e.g. warranty extension;
- to any third party service providers engaged by us, in order to provide our services to you, to comply with regulatory requirements or to provide (without limitation) the following functions:
- using our IT systems, software and business applications; and
- supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions;
- our professional advisors where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisors;
- third parties and their advisors where those third parties are acquiring, or considering acquiring, all or part of our business;
- to any bank, financial institution, insurer, tax authority, court or any other authority or supervisor, where required.
Where relevant, we will implement appropriate safeguards to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements when engaging a data processor (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.
Some of the above-mentioned recipients may be situated or operating in countries outside the European Economic Area. Where we transfer your data outside the European Economic Area we will do so on the basis of: (i) an adequacy decision; (ii) contractual model clauses as drafted and approved by the European Commission; or (iii) another valid transfer mechanisms pursuant to the GDPR. For more information about the safeguards applied by us to international transfers, please contact us via our contact details mentioned in paragraph 13.
Can I access my personal data?
If you want to know what personal data we have of you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a ‘data subject access request’.
All such requests should be made in writing (including by e-mail) and sent to the email or postal addresses shown in paragraph 13 below. In principle, there is no charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make unnecessary repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 30 working days after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time is required up to a maximum of three months after the date on which we received your request. In this case you will, of course, be kept fully informed of our progress.
What are your other rights?
Under certain circumstances you have the right to:
- receive additional information regarding the processing of your personal data;
- rectify your personal data;
- the erasure of your personal data;
- object to (part of) the processing of your personal data;
- the restriction of (part of) the processing of your personal data; and
- data portability (receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization).
Right to receive information when collecting and processing personal data about you from publicly accessible or third party sources. When this takes place, we will inform you, within a reasonable and practicable timeframe, about the third party or publicly accessible source from which we have collected your personal data.
Request correction or rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us. As mentioned, it is in your interest to keep us informed of any changes or updates to your personal data which occur during the course of your relationship with us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where:
- there is no good reason for us continuing to process it;
- you have successfully exercised your right to object to processing (see below);
- we may have processed your information unlawfully; or
- we are required to erase your personal data to comply with local law.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include instances where continued processing is necessary in order to be able to:
- comply with a legal or regulatory obligation to which we are subject; or
- establish, exercise or defence of legal claims.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes on the basis of our legitimate interests.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer (data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
You may also withdraw consent at any time where we are relying on your consent to process your personal data (which will not generally be the case). This will not however affect the lawfulness of any processing which we carried out before you withdrew your consent. Any processing activities that are not based on your consent will remain unaffected.
Kindly note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.
Finally you also have the right to lodge a complaint to the local data protection authority. The contact details of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) are as follows: Bezuidenhoutseweg 30 (2594 AV) The Hague; telephone no. 088 – 1805 250.
Automated decision making and profiling
We do not undertake any automated decision making or profiling.
To contact us about anything related to your personal data and/or data protection, including exercising your data subject rights as discussed above in paragraphs 10 and 11, in particular your right to object, please use the contact details below:
CJP Europe B.V.
Address: Kingsfordweg 151, 1043 GR Amsterdam, the Netherlands