1. Who is RiskSphere?
RiskSphere collects your (“Data Subject”) personal information (“Personal Information”) and uses it to provide services (“Service”). RiskSphere is located on Maliebaan 75 in Utrecht and is registered with the Chamber of Commerce under number 89101219.
3581 CG Utrecht
3. What is classified as Personal Information?
The General Data Protection Regulation has been enforced since May 25, 2018. This means that from that date on, the same privacy legislation applies throughout the entire European Union (EU). National personal data protection acts no longer apply, as the GDPR takes precedence.
The GDPR defines Personal Data as any information about an identified or identifiable natural person. Specifically, this entails all information that is either directly about someone or can be traced back to this specific person. This definition solely includes a natural person as the data of deceased persons, and that of organisations is not classified as personal data.
Personal data can include many types of input. It can range from someone’s name and city of residence to telephone numbers and postcodes with house numbers. Sensitive data such as details on a person’s ethnicity, religion, or health status are referred to as special personal data, as they have additional protection under this legislation.
4. What type of information is collected and used by RiskSphere?
To use the “Service” that RiskSphere provides, personal data must be collected, processed, and used. The personal data that RiskSphere collects, processes, and uses, are received from the person at hand via a contact form, white paper download, resume, business card, personal conversation, or have been noted in a contract with RiskSphere. Whether the data is obtained directly or indirectly, RiskSphere will always explicitly ask for your permission to collect, process, save, and use your “Personal Data”. This information is necessary to conclude, administer and execute your agreement and contract with RiskSphere.
The exact types of personal data used and what purpose it fulfils can be found in clauses 4 and 5 of this Privacy Statement, respectively.
Automatically generated information
RiskSphere also collects automatically generated information about your surfing behaviour while using the “Service”. This includes your IP address (the number of your computer that makes it possible to recognise your computer), the date of filling in the “Personal data”, and “cookies”. When RiskSphere uses this information, it is always anonymised. We do this by masking the last octet of the IP address.
What are cookies? And how does RiskSphere use them?
The information saved within the cookies is used to optimise the RiskSphere website. You can change your cookie preferences by choosing “Yes, accept all” or “No, I’d rather not” when asked for your cookie preferences. If you do not select “Yes, accept all”, RiskSphere solely uses functional and (masked) analytics cookies.
RiskSphere uses the following cookies:
These cookies are necessary to keep the website up and running, and our systems operational. They are usually only put into working after an action from your side in which you request a service, such as changing the settings of your privacy preferences, logging in, or filling out a form. Your browser can be set up to block these cookies or warn you before they are used. However, if you choose to block them, some parts of the website may not function as normal.
These cookies allow us to see where our visitors come from so that we can measure and improve the functionality of our website. They help us gain insights into which pages are the most (and least) popular and allow us to follow users’ movements throughout the website. All the information collected by these cookies is aggregated into one block of data, keeping all of it anonymous. If you do not allow these cookies to track you, we will not know when you have visited the website.
These cookies are placed on our website by our advertisers. Those advertisers can potentially use them to build a profile of your interests and show you relevant advertisements on other websites. The cookies identify your unique browser and device. If you do not allow these cookies, you will see fewer of our targeted advertisements on various websites.
5. What will RiskSphere use your data for?
RiskSphere will use your data for the following:
- To conclude, administer and execute your agreement with us and thereby providing a “Service” to you;
- To provide the “Service” to you with your specific consent, without prior agreement with you (see clause 6);
- To send information about RiskSphere’s services and events via, for example, newsletters;
- To maintain contact with you and to answer your questions;
- To compile anonymised statistical data and to secure the “Service”;
- To provide your information to third parties based on legal obligations;
- To customise and improve the “Service”;
6. Authorising the processing of personal data
The Data Subject must give explicit permission to process their “Personal Data” by RiskSphere. Article 4 (11) of the GDPR defines the Data Subject’s right as any free, specific, informed and unambiguous expression of will by which the Data Subject accepts the processing of “Personal Data” utilising a statement or a clear active act.
7. Use by third parties
Without your explicit permission, RiskSphere will not provide your “Personal Data” to third parties for direct marketing purposes (for example, sending advertisements directly to the Data Subject). RiskSphere can provide your data to third parties insofar as this is necessary for the provision of the “Service” to you and/or insofar as this data cannot be traced back to you personally (such as automatically generated information, not being your IP address ). Lastly, RiskSphere can provide your data to third parties if it is obliged to do so based on legal provisions, if RiskSphere is forced to do so as a result of a lawsuit, and/or if it deems this necessary to protect its rights.
8. Retention period
RiskSphere does not store your “Personal Data” for longer than is legally permitted or longer than necessary to realise the purposes for which your data is processed. How long certain data is kept depends on the nature of the data and the purposes for which it is processed. The retention period can thus differ per purpose.
9. Rights of the Data Subject
Under the General Data Protection Regulation, you have the right to invoke the following requests in regards to your “Personal Data”:
- The right to data portability. The right to transfer personal data.
- The right of erasure. The right to be ‘forgotten’.
- Right of access. The right to access your “Personal Data” that we process.
- Right to rectification and addition. The right to change your “Personal Data” that we process.
- The right to restrict the processing of your “Personal Data”.
- The right to object to data processing.
- The right to information about the way in which RiskSphere processes your “Personal Data”. You will find this information in this Privacy Statement.
- Requests to exercise your privacy rights as described above can be submitted in writing by sending an email to firstname.lastname@example.org.
10. How does RiskSphere protect your “Personal data”?
- RiskSphere will process your “Personal Data” properly and carefully, per the GDPR legislation.
- RiskSphere requires you to fill in the data with an asterisk (*) behind it. It is not mandatory to fill in the data without an asterisk (*) behind it.
- RiskSphere will take appropriate technical and organisational measures to protect your “Personal Data” against loss or against any type of unlawful processing.
- RiskSphere will not keep your “Personal Data” for longer than necessary.
11. Transfering data within the EU
The level of data protection is the same throughout the EU. All EU member states have adapted their legislation to the European privacy directive. This means that the EU acts as one jurisdiction in protecting Personal Data. Foreign organisations must only meet the general requirements of GDPR legislation.
12. Transfering data outside of the EU
On the occasion that Personal Data is transferred to third parties in accordance with this Privacy Statement, and these third parties are established outside the European Union, the transfer will only occur if that country guarantees an appropriate level of security or has been designated as safe by the European Union. Third countries are all countries outside the EU, with the exception of countries in the European Economic Area (EEA).
13. Company Transfer
It may be possible that one or more parts and/or assets of RiskSphere are transferred to a third party or that RiskSphere merges with a third party. In that case, your “Personal Data” may also be transferred.
14. Is this Privacy Statement subject to change?
This Privacy Statement can be changed. These changes will be announced on the website.
15. Any questions?
If you have questions about this Privacy Statement, you can email email@example.com.