Privacy Statement

Audittrail Professionals B.V. (hereafter: Audittrail) audits and advises in the fields of information security, privacy, GRC and quality. It goes without saying that we take your privacy very seriously. However, we cannot escape processing a few personal details, such as names, e-mail addresses and telephone numbers, including yours. We obtain personal data if, for example, you sign up for our newsletter, if you request a quotation, send us a message or call us. You also provide us with personal data via cookies when you visit our website.

We use the following principles with respect to privacy:

We deal with your privacy like we deal with our own privacy.
We handle your personal information carefully. This means, amongst other things, that we do not use or share your personal data beyond what is strictly necessary, and treat all personal data internally as confidential.
We take all reasonable precautions to protect your personal data and ensure that our suppliers do the same.
We strictly adhere to the General Data Protection Regulation (GDPR) and other laws and regulations concerning the processing of personal data.

In this privacy statement you can read how we handle your personal data. We reserve the right to change this privacy statement. In order to keep up-to-date on the way in which we handle your personal data, we advise you to review this privacy statement from time to time. You will be actively informed about significant changes. This privacy statement was last modified on September 19, 2018.

If you have any questions or comments relating to this privacy statement, please contact our privacy officer Joyce de Jong via mail@audittrail.nl.

Audittrailgroup
Sisalbaan 5a
2352 AZ Leiderdorp - Netherlands
Postbus 263

What do you want to know?

On which principles does Audittrail base its processing of data?

We only process your data to the extent permitted by law. This means that each instance of data processing has a designated legal basis. The bases we use are:

Agreement: all information necessary for reaching or executing an agreement with us;
Legal duty: information that we are obliged to pass on to, for example, the tax authorities, the police and other government bodies;
Legitimate interest: information that we need for internal management, representation of our interests and security, whereby a balance is achieved between the interests of Audittrail and your privacy;
Vital importance: in the unlikely event of emergencies or life-threatening situations

And when none of the above bases apply, we ask for your:

unambiguous consent, which may always be withdrawn.

Why does Audittrail collect my data?

Audittrail uses your personal data, in so far as we need to, for the following purposes:

engaging with customers and partners to come to agreements and providing services and/or products;
making payments and collecting on invoices (including debt collection by third parties, should that be necessary);
marketing purposes, client relations and product development;
internal management processes.

Which personal data does Audittrail use?

From our contact persons at clients and suppliers we have the following data in us collect the following personal data from you:

Name
Gender
Phone number
E-mail address
Job title
Information that you provide us voluntarily, such as in a survey or contact form.

What about the Audittrail newsletter?

We send our newsletter via Active CampaignSendinblue, an American party. You will only receive the newsletter if you have registered for it. All newsletters contain trackers, and ours is no exeption. This allows us to see who opened the newsletter, clicked on which link, and when. We use this information to improve our newsletter and articles, and make them even more relevant.

Would you like to receive our bimonthly newsletter? Sign up here.

What about the Audittrail website?

Audittrail collects and uses your personal information on its website primarily to provide you with (web) services and to communicate with you. In addition, your data is used for conducting research and performing analyses, with the aim of improving our website and services .

Audittrail processes the following information provided by you on its website:

If you sign up for our nice newsletter:

Name
E-mail address
Sector

If you want to become our client (and who would not want that?) And fill out our contact form:

Name
E-mail address
Telephone number (optional)

Information about your visit to the website. With this information we can improve visitor experience. Would you like to know more about this? Click here to read more about the cookies we use on our website.

Which processors and third parties does Audittrail work with?

Audittrail works with various processors: suppliers to whom we have outsourced our data processing. We conclude processing agreements with all our processors to ensure privacy protection. If you have questions about these or other processors, please contact our privacy officer via mail@audittrail.nl.

Below is an overview of our main processors:

Active Campaign
Pro Contact
Exact online
Teamleader
Microsoft 365
Phishingtest.nl
Windrecht

Audittrail only provides your data to third parties, e.g. specialized auditors or IT specialists, who are necessarily involved in the above mentioned activities. Audittrail has adopted the necessary contractual and organizational measures to ensure that your data is used by a third party solely for purposes defined by us and mentioned in this statement.

Audittrail is, in accordance with the relevant law, required in some cases to provide personal data to third parties e.g. the appropriate authorities in the context of a criminal investigation.

In cases other than those described above, we will always ask you for your permission first.

How does Audittrail protect the data?

As you might expect, the security of your personal data receives the utmost attention at Audittrail . Your data stored with us are therefore protected by efficient ad state-of-the-art technical and organizational measures to effectively prevent data loss or misuse by third parties.

Our employees who process personal data are obliged to keep your data confidential. Moreover, only relevant employees will have access to your personal data. Technical safety measures to protect your data are regularly checked and adjusted according to the latest state- of-the-art technology. These principles also apply to third party organizations that process and use data according to our instructions.

How long does Audittrail store my data?

Audittrail does not keep your data longer than legally permitted, and necessary for the realization of the purposes for which the data has been processed. How long certain data is stored depends on the type of personal data, and the purposes for which it is processed.

When this time has expired, your personal data will be deleted and destroyed by us in a secure manner. We think it is important that data are destroyed/disposed of with care.

What are my rights as a data subject?

Right to information
You have the right to receive information in a clear format and lucid language about how and why the data processing takes place. This applies both to the personal data collected directly from you as well as when this happens via others.

Right of access
You have the right to request access to personal data we hold about you , including information on for which purposes the data is used, and with whom this personal data is shared. You also have the right to receive a copy of this. If personal data of another person is included in the file which you wish to access, then their personal data will be protected.

Right to rectification
You have the right to have data corrected or supplemented, if necessary.

Right to erasure
You have the right to request Audittrail to delete data from you . This request must be granted in, inter alia, the following cases:

- The personal data are no longer necessary for the purposes for which they were collected;

- The personal data have been processed unlawfully;

- You withdraw your consent (if the processing is based on this).

Right to restriction of processing
You have the right to request (temporarily) a limit on the processing of your personal data (stop the use of your data) if one of the following applies:

- You dispute the accuracy of the personal data: the processing is limited during the period required by us to verify the accuracy of the personal data;

- The processing is unlawful: you oppose the erasure of the personal data and, instead, request that the use be restricted;

- We no longer need the personal data for the processing purposes, but you need it for establishing, substantiating or exercising a legal claim;

- You have objected to the processing, and are awaiting an answer to the question whether the justifications of Audittrail outweigh those of you.

Data portability
You have the right to data portability, also called transferability of data. This means that you have the right to obtain the personal data that you have provided to Audittrail in a structured and up-to-date digital file. You also have the right to transfer that personal data to another organization without being hindered by us.

This right only applies to data that:

- Have been digitally processed, and

- Are processed in the context of an agreement or based on permission.

Right of objection
If the processing of personal data takes place on the legal basis ‘interest of the organization’, then you have the right to object to the processing of your personal data.

You can submit your request regarding the above rights in writing to the privacy officer via mail@audittrail.nl. We handle your request within (max.) one month.