Privacy Policy

Privacy policy

Version 1.0, last modified on 25-03-2020

 

Introduction

Because we see it as our responsibility to protect your privacy, we have drawn up a privacy policy.

In this privacy policy we describe which information we use, process and store and when we will delete this information. We also describe the measures taken to handle your data as safely as possible and what action we take in the event of a data breach.

 

Apply to

Our privacy policy applies to all services of Storm Engines & Parts B.V., Storm Connect B.V., Storm Services & Trading B.V., Storm Systems B.V. and Storm Group.

 

Purposes

Storm Engines & Parts B.V., Storm Connect B.V., Storm Services & Trading B.V., Storm Systems B.V. and Storm Groep collect and use data only for the stated purposes described in our privacy policy.

 

E-mail

When you send e-mail or other messages to us, we may store these messages. This data is stored on our secure server. This data is not provided to and/or used for purposes other than the performance of our services.

 

View

We offer all visitors, customers, suppliers and employees the opportunity to view, change or delete the information that is currently on our server/known to us.

 

Third parties

All information is only stored on our own server and is not shared with third parties.

 

 Applicant data

We store the data of applicants who have applied for the Storm Group but are not employed, for a maximum of 4 weeks after applying. After this period, the data will be destroyed and deleted.

 

Employee data

We collect the following data from employees with the aim of complying with the administration obligation of the personnel file and also to be able to carry out the salary administration. It concerns the following data:

  • Copy of ID card and/or passport, valid on the date of employment
  • Completed payroll tax statement
  • Personal data:
    • Name
    • Address data
    • Sex
    • Phone number and/or email addresses
    • Bank account number
    • Birthdate and place
    • Social Security Number
    • Information regarding the employment, such as salary, position, etc.
    • Emergency contact details.
  • Employment contracts
  • Study agreement (if applicable)
  • Certificates and/or diplomas obtained.

 

Save and access

This personnel data is stored both digitally and on paper. The digital files are on a secure disk to which only the following persons have access: HR employee and management. The paper file is kept in a locked cabinet, the key of which is managed by the HR employee.

 

Retention periods

The data will be destroyed in accordance with the guidelines that have been drawn up by law.

 

Data from (future) customers

We collect data from our customers that are necessary for making quotations, orders, invoices and e-mail correspondence.

The data that we can process are:

  • Company Name
  • Address data
  • Phone numbers and/or e-mail addresses
  • VAT number
  • Chamber of Commerce number
  • Account number
  • Contact details.

The above data is registered in an (electronic) register.

 

Data from (future) suppliers

We collect data from our suppliers that are necessary for quotation requests, purchase orders, purchase invoices and e-mail correspondence.

  • Company Name
  • Address data
  • Phone numbers and/or email addresses
  • VAT number
  • Chamber of Commerce number
  • Account number
  • Contact details.

The documents (quotations, orders and invoices) are stored in our administration, together with the correspondence, both digitally and on paper.

The above data is entered into our inventory and accounting program.

 

Safety precautions

  • Processing Agreements
  • Measures in the field of ICT
  • Measures in the field of security of the paper data.

 

Data breach

When a data breach is detected, it is mandatory to report this. Hereafter it is determined what should be done:

  • In the case of already leaked or distributed data (such as sending an email to a wrong addressee), the relevant persons will be contacted and will be forced to remove the information and not to distribute it further in any way. In addition, a data breach is reported to the AP (Personal Data Authority).
  • In the event of an imminent danger of data being spread or leaked (such as with a stolen phone or laptop), all access to this device will be blocked as soon as possible and the theft will be reported to the police. In addition, it is checked whether data has been leaked or distributed. If this is the case, action is taken as per rule 1 (see above). If no data has been leaked about the threat, the cause of the threat will be investigated and it will be corrected as soon as possible or, if possible, removed completely.
  • In the event of an imminent threat of data distribution or leakage (such as in the event of a system failure), a check is made to see whether data has been leaked or distributed. If this is the case, action is taken as per rule 1 (see above). If no data has been leaked about the threat, the cause of the threat will be investigated and it will be corrected as soon as possible or, if possible, removed completely.

All employees are obliged to take action in the event of a (imminent) danger of leaked or distributed data or data that has already been leaked or distributed.