Ruma Rubber BV values the careful handling of personal data. As an organization, we want to be transparent about the processing of personal data. How we deal with this is based on laws and regulations, including the General Data Protection Regulation, issued by the Dutch Data Protection Authority. For privacy-related questions and requests, you can of course always contact us. We endeavor to ensure the correctness, completeness and actuality of this document; nevertheless, we make no explicit or implicit guarantee that the information in these privacy regulations is correct, complete or up to date.
Ruma Rubber BV
7903 BM Hoogeveen
Chamber of Commerce number: 04033678
- Organization: Ruma Rubber BV, the entire organization and its affiliated companies / institutions / natural persons.
- Customer(s): Any customer of the organization.
- Personal data: any data relating to an identified or identifiable natural person.
- Processing of Personal Data: any operation or set of operations involving Personal Data, including in any case the collection, recording, organization, storage, adaptation, modification, retrieval, consultation, use, interconnection, making available, provision by means of transmission, as well as the blocking, erasure or destruction of Personal Data.
- Controller: the person who determines the purpose and means for Processing Personal Data, has control over the Personal Data and is responsible for compliance with these Regulations. In doing so, the responsible party has actual control over the data processing. He issues instructions to the Processor for the purpose of data processing. The customer ultimately determines which Personal Data are processed by the organization. The customer is the one who determines which personal data are issued and processed by the organization and for what purpose. This qualifies the client as the data controller. The responsible party for the processing of medical data within the meaning of these regulations is the organization.
- Processor: the person who processes Personal Data on behalf of the Responsible Party, without being subject to its direct authority. This makes the organization a processor when it comes to Personal Data – this does not apply to Medical Data, for this data the organization is the Controller.
- Data Subject: the person to whom a Personal Data relates.
- Third Party: any person, other than the Data Subject, the Responsible Party, the Processor, or any person authorized under the direct authority of the Responsible Party or the Processor to process Personal Data.
- Consent of Data Subject: any freely given, specific and informed expression of will by which the Data Subject accepts that Personal Data concerning him/her be processed.
- Collection of Personal Data: the acquisition of Personal Data.
- Provision of Personal Data: the disclosure or availability of Personal Data
- Code of Conduct: a decision of one or more organizations, representative of the sector to which the decision relates, containing rules or recommendations made in the interest of the protection of privacy with respect to Personal Data.
- AVG: the General Data Protection Regulation.
- Authority: the Personal Data Authority (AP, formerly CBP): the organization whose task is to supervise the processing of personal data in accordance with the applicable laws and regulations.
- Regulations: these privacy regulations.
General business data is not personal data, unless you as a customer are ZZP’er or have a sole proprietorship, vof or partnership. In that case, your data is also seen and treated as personal data. Nevertheless, as an organization we also treat your general business data confidentially.
3. Type of personal data
As an organization, we receive and process the following data:
- Customers: general company data, contact details of contact persons, payment details and other data for the purpose of executing the agreement.
- Prospects: contact details of individuals who have contacted our organization in the past or participated in one of our meetings.
- Website visitors: through data tracking, individuals can be identified by IP address or other unique information.
We collect personal data such as:
- General personal data: Name and address information of you or your company, phone number, email address, job title.
- Relationship management: relationship management appointments are recorded for existing or possible future assignments and inquiries.
We use personal data for, among other things:
Execution of assignments pursuant to agreements.
For the execution of assignments based on agreements, we store contact data of the designated contact person. We do this for the purpose of communicating the order. These data are also required for quotation and invoicing of the order.
Marketing and commercial purposes
As an organization, we like to maintain our relationships with customers and any other parties. To keep these persons informed of external and internal developments. This is done through newsletters, which are sent. Company names may also be published on our website or Social Media channels. Personal data of contact persons are not shared with external parties for marketing or other commercial purposes. If you no longer wish to receive newsletters or do not want your company name published, please contact us.
In order to continuously develop and improve the products and services we provide as an organization, we may use your personal data. This data is only used for internal analyses and not communicated to external parties. If we communicate our findings to external parties, all personal data will be anonymized. We are able to provide high quality products and services because we store certain data in a database. This data is also completely anonymized and cannot be traced back to you or your company. If personal data is used for purposes other than those mentioned above, then we as an organization have a duty to inform you about the nature of the personal data, as well as the purposes that are pursued.
5. Retention terms
During the assignment or agreement, personal data will be processed in our system. If necessary, contact data will be kept indefinitely for relationship management or future agreements. If the retention period has expired, personal data will be removed and destroyed within one year.
Personal data may not be destroyed if it is reasonably plausible that the retention is of substantial importance, as well as retention is required by law or if there is an agreement between the Data Subject and the organization about this. If the data in question have been processed in such a way that tracing back to identifiable individuals is reasonably impossible, they may be retained in this anonymized form.
For the protection of the personal data processed, appropriate technical and organizational measures have been taken to prevent loss, unauthorized access, use and processing by others.
The following measures have been taken:
- Login names and passwords;
- Permissions and roles;
- The creation of encrypted backup tapes, etc.
- The authorized access to the data category of Personal Data is discussed and agreed upon for each employee. Employees employed by the organization sign a confidentiality agreement. Storage of physical Personal Data is done in locked cabinets and desks.
7. Inspection, modification and destruction of personal data
You have the right to be informed of the personal data processed. A request for insight can be submitted in writing to the organization. Within 4 weeks you may receive a response to your request for insight. Access will only be granted to the person whose data is being processed. Prior identification is required. A request for insight can be refused if there are important interests of others than the person involved.
You also have the right to request the destruction or amendment of personal data. This request must be made in writing and must be substantiated. You may receive a response to your request within 4 weeks. A request to destroy or change personal data can be granted if:
- Data are factually incorrect;
- Data are incomplete;
- Data are unnecessary for the processing and the previously mentioned purposes;
- Data conflicts with the legal grounds of the AVG or other legislation.
If your request for destruction or modification is granted, the data will be destroyed or modified within three months of the request. Unless it is reasonably plausible that the retention of the data is of substantial interest to a person other than the data subject, as well as for retention pursuant to a legal requirement.
If you are of the opinion that provisions of these regulations are not being complied with, you can contact the organization. The person responsible within the organization will then handle the complaint in accordance with the organization’s complaints procedure.
You also have the right to file a complaint with the Dutch Data Protection Authority if you feel that Ruma Rubber BV does not handle your data correctly via this link.
10. Entry into force, duration and amendment of the regulations.
These regulations entered into force on 01.01.2018.
Subject to any legal provisions, these regulations are in force for the entire duration of the processing of personal data.
11. Questions and contact details
If you have any questions about the privacy regulations, processing of personal data or any other privacy-related request, please feel free to contact us.