IIrriWatch BV (“IW”, “we”, “us”, “our”) is committed to the privacy of the personal data of its clients and business partners in accordance with the European Union’s General Data Protection Regulation (the “GDPR”). In accordance with disclosures required by the GDPR, this statement provides an overview of how IW uses personal data it collects about individuals such as its clients, re-sellers and other partners (all referred to below as “you”). We are required to handle (“process”) your personal data securely and otherwise in accordance with the GDPR and if our national legislation requires a higher level of protection for personal data than the GDPR, such stricter requirements are to be complied with.
How we collect your personal data
We will only collect personal data about you that is relevant in the context of the relationship which we have with you. This information we will obtain directly from you. However, we also process personal data from other sources, such as our service providers and publicly available sources.
You are not required by law to provide us with personal data. However, if you refuse to do so we may not be able continue the collaboration with you.
Types of personal data which we process
The types of personal data that we process may include your name, address, contact information and records related to our client relationship and relevant services, including data deriving from your usage of our IT platforms (including electronic communications) and applications.
Purposes of processing of your personal data
The purpose for which we process your personal data are summarized below:
· For the performance of a contract with you
It may be necessary for us to process your personal data in order to perform a contract with you relating to our services, or to act upon your instructions prior to entering into a contract.
· For the purpose of complying with a legal obligation to which are subject
We may process your personal data in order to comply with our legal obligations, including without limitation executing requests from administrative, regulatory and judicial authorities, fulfilling taxation, credit controls and reporting obligations, or for the purpose of pending or ongoing litigation proceedings.
· For the purposes of our legitimate interests or those of a third party
Where necessary, we process your personal data to serve our legitimate interests or those of a third party (GDPR permits this only insofar as such interests are not outweighed by a greater need to protect your privacy). Cases where we rely on our legitimate interests to process your personal data include:
- Servicing our products;
- Carrying out marketing or market and opinion research.
- Undertaking business restructurings.
· On the basis of your consent
If we wish to process your personal data in a way not covered by the justifications above, we would need your consent. Where you give consent, you are entitled to withdraw it at any time. Note that withdrawing your consent does not render our prior handling of your personal data unlawful, and that it might have an impact on our ability to continue to provide our services to you in the same way in the future. There are special categories of personal data which the GDPR deems so sensitive that we generally need an individual’s consent to be able to store and use it (Article 9 GDPR). Information about a person’s genetic or biometric data, racial or ethnic origins and sexual life are just few examples. We will not typically process any such information about you. But if we do, we will do so based solely on your prior consent or on one of the purposes listed in Article 9 GDPR.
External recipients of personal data
Where necessary for the purposes outlined above, we may share information about you with a range of recipients including the following: service providers, re-sellers, professional advisers, auditors, insurers and potential purchasers of elements of our business. We will only disclose information about you as permitted under the contractual terms we have in place with you and the GDPR.
Transfer of personal data
Since we are active globally to offer you the best possible service, information relating to you may, in line with the purposes described above, be transferred to counties outside the EU/ EEA that do not by default ensure the same level of protection of your personal data.
However, if we use service providers in such countries, we are required to have them apply the same level of protection of your personal data as would be necessary within in the EU. We would typically achieve this through the use of standard data protecting clauses. We will only transfer your personal data to such countries in a way that is permitted under the GDPR.
Personal data retention and security
In general terms, we retain your personal data as long as necessary for the purposes for which we obtained it. In making decisions about how long to retain personal data, we take account of the following:
· The termination date of the relevant contract or business relationship;
· Any retention period required by law, regulation or internal policies;
· Any need to preserve records beyond the above periods in order to be able
to deal with actual or potential audits, tax matters or legal claims.
We implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store in order to protect it from unauthorized access, use or disclosure. However, please be advised that we cannot fully eliminate security risks associated with the storage and transmission of personal data as we cannot guarantee that our security measures will prevent third-party hackers from illegally obtaining this information.
Profiling in the context of this privacy statement is the use of an automated process to analyze personal data in order to assess or predict aspect of your behavior. We may use it to provide you with information on our products and services that seem likely to be of interest to you.
You data protection rights
Subject to certain exceptions and limitations, under GDPR you have right to:
· Request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
· Request correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate personal data that we hold about you corrected.
· Request erasure of your personal data. The enables you to ask to delete your personal data where there is no good reason for us continuing to process it. This is sometimes referred to as the “right to be forgotten”.
· Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, such as during the period of time it might take us to respond to a claim by you that the personal data is inaccurate or that our legitimate interest in processing it is outweighed by yours.
· Request us to transfer personal data that you gave us to you in a commonly used electronic format. This is known as the “right to portability”.
· Object to the processing of your personal data. This enables you to object to the processing of your personal data which is carried out.
· Request not to be subject to automated decision making. This enables you to ask us not to make a decision about you based purely on automated processing of your personal data, which affects your legal position (or has some other significant effect on you). We do not as a rule make decisions of this nature based solely on automated processing and without any human assessment whatsoever. We would notify you specifically if we did.
To exercise any of these rights, please write to us either by email at firstname.lastname@example.org or by courier at the following address: Garststraat 23, 4021AB, Maurik, The Netherlands. You are also entitled to submit any complaint you may have about our processing of your personal data to the competent supervisory authority for data protection.