Privacy Statement APO Pharmaceutical International BV
During the use of our service, we will receive certain information from you. This could be personal data. In this privacy statement we explain which personal data we collect and use for what purpose.
Processing of personal data and purposes
If we process personal data, this is done in accordance with the requirements of the General Data Protection Regulation (GDPR) and related laws and regulations.
The personal data we process depends on the specific service and circumstances. Generally it concerns the following information:
- Name and address details;
- Job title;
- Date and place of birth (Age);
- Contact details (email addresses, telephone numbers);
- Citizen Service Number (only if necessary!);
- Passport photo (only if strictly necessary! For example for personnel file);
- Bank account number;
- Data about your activities on our website, IP-address, browser and device type.
Goals of and bases for processing
In some cases, we process personal information to comply with a legal obligation, but usually we require this information to provide our services. Some data is recorded for practical or efficiency reasons and we assume that it is also in your interest to collect this data. This may include:
- Communication and information provision;
- Being able to provide our services in the most efficient way possible;
- Improving our services;
- Billing and invoicing.
The above stated means that we may use personal information for marketing purposes or to send you adverting about our services when we think this may be of interest to you. We may also contact you to request feedback on our provided services or for market or other research purposes.
In some cases it may be required to process (additional) personal data for other reasons than previously stated. We will explicitly ask your permission to process this information. If we wish to process personal data for more or other purposes we will ask you for permission again.
Finally, we may also use your personal information to protect the rights or property of our company and our users and, if necessary, to comply with legal proceedings.
Provision to third parties
In the context of providing our services we require third-party services (specialist knowledge and/or resources). Other third parties, who are not processors of personal data but have or may have access to this data, are for example our system administrator, suppliers or hosting parties. If engaging third parties results in access to personal data or recording and/or processing personal data, we will agree (in writing) that those third parties comply with the obligations in accordance with the requirements of the General Data Protection Regulation (GDPR) and related laws and regulations. We will only collaborate with reliable parties that deal with personal data adequately and comply with these regulations.
We will never provide your personal information to third parties for commercial or charitable purposes without your express consent.
We will not keep your personal data longer than required (see the section “Goals of and bases for processing” for more details). This means that your personal data is kept for as long as it is necessary to achieve the relevant goals. Certain information must be kept longer because we have a statutory duty, which requires longer retention (seven year retention period of payment data for tax purposes).
We protect personal data using appropriate organizational and technical measures to the extent that could reasonably be required, taking into account the interest to be protected, the latest tech and the cost of the relevant security measures.
We oblige our employees, and any third parties who necessarily have access to the personal data, to maintain confidentiality. We ensure that our employees are fully instructed on handling with personal data and that they are adequately familiar with the responsibilities and obligations of the GDPR. If desired, we can provide you more detailed information about how we protect your personal data.
You are entitled to access, correct or remove your personal data we keep save (except if this is in variance with any legal obligations). You can also object to processing of your personal data (or a part thereof). You also have the right to have the information, provided by you, transferred by us to you or directly to another party.
Incidents with personal data
If there is an incident (data breach) relating to personal data, we will notify you if there is a clear risk of negative consequences for your privacy, unless compelling reasons prevent us from doing so. We aim to do this within 48 hours after we have discovered this data breach or have been informed about this by the third parties with whom we cooperate.
We would be pleased to assist you if you have complaints about the processing of your personal data. On the basis of the privacy legislation you also have the right to lodge a complaint to the Dutch Data Protection Authority against this processing of personal data. You can contact the Dutch Data Protection Authority to this end.
Processing within the EEA
We will only process personal data within the European Economic Area (EEA), unless we have a written agreement stating otherwise (mapping of visits to our website and/or social media pages, like Facebook and LinkedIn, excluded). When using Google Analytics, LinkedIn or Facebook your data will be stored by third parties outside the EU. These parties are ‘EU-US Privacy Shield’ certified, so they have to comply with European privacy regulations. This only concerns a limited number of sensitive personal data, in particular your IP address.
Changes to this privacy statement