!-- Google Tag Manager -->
These privacy rules relate to the processing of personal data by PiCompany B.V., subsidiary of GITP B.V. ¨Processing of personal data¨ means amongst other things the collection, storage, recording, editing, accumulating, requesting, consulting or deletion of personal data.
GITP and PiCompany collect personal data of clients, participants, suppliers and visitors of our websites.
General Data Protection Regulation
The General Data Protection Regulation, also named GDPR, is European legislation with direct effect in the European Economic Area. Starting 25 May 2018, these rules replace the Personal Data Protection Act.
GDPR and the protection of personal data
In 2016, PiCompany as part of GITP acquired the ISO 27001:2013 certification with a view to the introduction of this Regulation as extra security for its clients and participants. To this end we have established a management system for information security policies.
The introduction of this standard has been accompanied by a (mandatory) awareness programme regarding privacy and information security for all (new) employees. It comprises our system of technical and organisational security measures and procedures for reporting incidents, control mechanisms, education of employees, evaluation of activities and continuous improvement. The management owns this programme and is assisted by a Security Officer and a Data Protection Officer.
A number of processes of PiCompany are performed in a Processor role. A processor agreement will be entered into for recording the agreement in this relation regarding the processing of personal data as part of the contract agreements.
In all the processes within our organisation, we handle personal and client data very carefully; the principles as mentioned in the GDPR are a starting point, as are the ones in the professional codes we comply with or regard ourselves to be bound by.
What are cookies? Cookies are small, simple text files and are sent to your computer, tablet or mobile phone when you visit a website. Cookies increase the user friendliness when you visit a website or use an app of PiCompany.
What happens when cookies are turned off? If you turn off your cookies, we have less insight in the use of our website and can not optimise it to be of even better service to you in the future.
To grant visitors of websites more choice in how their data is collected by Google Analytics, you can also download the Google Analytics Opt-out Browser Add-on.
III. Your personal data – purposes, bases and use of your data
Providing (pre-)contractual services. We process your personal data to provide our services to you. We use the data, for instance, to give you a quote at your request and subsequently implement the agreement, to maintain our relations with you regarding the assignment, to process and confirm an order for registration, or to send an invoice. We also use the data to reply to requests for information; it is our legitimate interest to process your data for that purpose.
Marketing and Sales activities. We like to inform clients about offers, innovations and other relevant (professional) content relating to our services, conform the applicable regulations, or because you explicitly permitted it. We can do this by phone, e-mail, newsletter or via direct personal contact. Naturally, you always have the right to indicate that you (no longer) appreciate it.
Processing of your data on the website. We collect and use your personal data on our website to provide you with (personalised) web content and to communicate with you in the most targeted manner. Your data will also be used for research and analysis to improve our services and websites, as explained above. We can also use the data submitted on our websites to send information by e-mail about other services, provided you gave permission to do so. Naturally, this permission can be withdrawn at any moment.
Application purposes for vacancies at PiCompany. On the website we offer the possibility to send us your motivation letter and CV in the context of (open) applications. At that point we have a legitimate interest to process your personal data. Processing the data is necessary to properly carry out the application procedure.
Scientific research by PiCompany. Tests offered to you, via your organisation (our client), should be of the best quality, valid and reliable. Our scientific department conducts (benchmark) research and statistical analyses for this legitimate purpose.
For this purpose, we collect information in the form of answers to optional demographical questions that are asked as part of tests. It is entirely up to you to answer these questions or not, and your potential choice to not reply to the optional questions will not have any effect on the possibility to take the test or on the results of the test. PiCompany is the Controller for this process.
In the certification course you will learn to interpret the results of tests of (future) employees for your organisation. This course is set up based on our expertise, in order for you to be best equipped as professional. In the (blended) course we use a digital learning environment. Personal data is also processed for these training purposes. PiCompany is the Controller for this process. After you certified, you will be included in our certification register.
Involvement of and sharing with third parties. As Controller we can engage other parties to perform an aspect or part of the service to you; this could be a platform we use for our services, for instance a crm system or e-learning platform. As far as these third parties need access to personal data to perform these services, we have contracted the correct, contractual, technical and organisational security measures to ensure these third parties use or process your data solely for the intended purposes and conform the instructions we agreed to with these third parties.
Under no circumstance will we sell your data to third parties.
IV. Storage periods
We store your personal data no longer than necessary for the purposes for which the data is collected. This storage period depends on the nature of the information and the purposes of the processing.
Below we specify the storage periods of personal data for various purposes and services.
As far as personal data is involved in the tax retention obligation: 7 years
Data of participants in our certification courses in our administration or marketing system: 5 years.
Your data in the PiCompany certificate register: unlimited
For application procedures: 4 weeks
Learning activities as part of your certification course in our learning system: 1 year
V. Your rights
PiCompany has facilitated this by order of your organisation, in case you are a test participant at the request of your organisation. PiCompany is the Processor and your organisation the Controller. Agreements about this have been made with your organisation. In this situation you can exercise your privacy rights via your organisation. PiCompany is not allowed to handle these requests in this relationship.
In the situation where PiCompany is directly responsible, you can address us directly. The following information applies to that situation. You have the right to request us in writing, as far as PiCompany is the Controller for the collection of this data:
Access to your personal data. You can ask us whether we process your personal data. If that is the case, we will explain which personal data of yours we process, how we process it and for which purposes. You can also request a copy of your personal data we process;
Correction of your personal data. If you feel that your personal data we process is incorrect or incomplete, you can request us to supplement or edit your data;
Deletion of your personal data. You can request us to delete your personal data we process. We will delete your data without unreasonable delay after receiving such a request, if: the data is no longer needed for the purpose we processed it; you no longer give us permission to process it, if that was the base for processing it; the data was processed by us as part of direct marketing; you object against the processing of it and there is no reason (anymore) why we should still be permitted to process the data; there is a legal reason to delete the personal data.
Limitation to processing your data. In some cases you might want a limitation to the processing of your personal data. In that case, you can request us to limit the data we process. We will comply with such a request if, after investigation it turns out to be possible, for example if you do not want all your data deleted, but other data is no longer necessary for the original purpose.
Portability of your personal data (data portability). You can request a copy of your personal data we process.
You can also indicate your right to object if you do not agree with our processing of your data.
Questions, requests, complaints and supervision
It is possible you have a question, request or complaint. Please contact us in this respect via this form.
Or via the contact details below:
For the attention of the GITP/PiCompany B.V. Data Protection Officer
0031 (0)88 – 448 70 00
You will receive a written response within 4 weeks.
File a complaint with the Dutch Data Protection Authority
The Dutch Data Protection Authority (DPA) is the Dutch regulatory body to supervise the compliance with the GDPR. You have the right to file a complaint with the DPA when you believe your rights have been violated. You can see how to do that on the website of the Data Protection Authority (www.autoriteitpersoonsgegevensp.nl).
Version management of these privacy rules
PiCompany reserves the right to change these privacy rules. Modified versions will be dated and published on our website.
These privacy rules were last updated in April 2018.