The General Data Protection Regulation (GDPR) is a new EU-wide legislation that has recently come into effect. It dictates how companies and institutions that handle personal data must operate. We would like to update you on the data that we have (there should be nothing that surprises you), and your legal rights in relation to this data.
Because we frequently interact on a personal level with you and others, it is unavoidable that BPF collects personal data. None of that data is unexpected, but all of it is relevant to the GDPR legislation:
- We have a CRM in which we store contact details (name, email and/or phone number, and how we should address you (e.g. Mr., Ms., Mrs.). Your contact details are a subsection to the company profile of the company/institute where you work.
- Our agenda, in which we store who we meet, where we meet, and what the meeting is about.
- Our email client, in which we sort and archive the emails received from our contacts.
- The time and location where we met you: this may sometimes be stored in written or digital notes of an event.
- Meeting minutes which may include attendance lists. In rare cases, subsidy programs demand hand-written and signed attendance lists.
- Business cards, given by you personally to one of our employees.
- Photographs, for example taken at an event.
Our CRM system is a digital platform which is managed by Exact. We also use Microsoft software for our email clients, and our agenda. Both of these systems are password-protected. BPF also has a policy to never share any such data outside BPF. Photographs and attendance lists are stored in digital form on digital systems that are only accessible by individual BPF employees. These too are never shared outside BPF. Business cards are stored in locked cabinets on our site.
BPF collects your personal data only to be able to contact you again, either in person or to send you a newsletter. We do not share your personal data with anyone without your explicit permission. The only exception to that is where we have to share an attendance list for the reporting of a subsidized project. BPF does not process any personal data: we only store it.
It is your legal right to ask us to show which personal data we have stored of you. We are also legally obliged to remove any or all of your personal data on your request. Our newsletters also contain information how to unsubscribe.
Permission to store
In this message we have explained you how we handle the limited personal data that we store, and we ask that you contact us if you disagree with this.
Is this all really necessary?
Yes. The GDPR legislation is valid for all companies, and not just for those processing large amounts of data such as the social media networks. But besides the legislation, at BPF we feel that privacy is an important issue and it is a good thing to remind you that whatever limited personal data of you that is stored at BPF is safe, can be removed on request, and will be used only for what it was intended: to contact you in person.
This policy is a simplified and a comprehensible interpretation of the actual legislation (https://www.rijksoverheid.nl/documenten/rapporten/2016/01/07/tk-bijlage-1- council-of-the-european-union/) and based on the AVG (General Data Protection Regulation). Naturally the applicable law and regulations are leading and no rights can be derived from this document.