Privacy policy

Privacy Policy

Version 1.0, last updated on 25-03-2020

 

Introduction

Because we see it as our responsibility to protect your privacy, we have drawn up a privacy policy.

In this privacy policy we describe what information we use, process and store and when we delete this information. We also describe the measures taken to handle your data as safely as possible and what action we take in the event of a data breach.

 

Apply to

Our privacy policy applies to all services of Storm Engines & Parts B.V., Storm Connect B.V., Storm Services & Trading B.V., Storm Systems B.V. and Storm Group.

 

Purposes

Storm Engines & Parts B.V., Storm Connect B.V., Storm Services & Trading B.V., Storm Systems B.V. and Storm Groep collect and use data only for the stated purposes described in our privacy policy.

 

E-mail

When you send e-mail or other messages to us, we may store these messages. This data is stored on our secure server. This information is not provided to and/or used for purposes other than the performance of our services.

 

Insight

We offer all visitors, customers, suppliers and employees the opportunity to view, change or delete the information currently on our server / known to us.

 

Third parties

All information is only stored on our own server and not shared with third parties.

 

Applicant data

We store the data of applicants who have applied for a job at the Storm Group but do not enter employment for a maximum of 4 weeks after applying. After this period, the data will be destroyed and deleted.

 

Employee data

We collect the following data from employees with the aim of complying with the obligation to keep records of the personnel file and also to be able to carry out the payroll administration. It concerns the following data:

  • Copy of ID card and/or passport, valid on the date of employment
  • Completed payroll tax statement
  • Personal data:
    • Name
    • Address data
    • Sex
    • Phone number and/or email addresses
    • Bank account number
    • Birthdate and place
    • BSN
    • Data regarding the employment, such as salary, position, etc.
    • Contact details in case of an emergency.
  • Employment contracts
  • Study agreement (if applicable)
  • Obtained certificates and/or diplomas.

 

Storage and access

This personnel data is stored both digitally and on paper. The digital files are stored on a secure disk to which only the following persons have access: P&O employee and management. The paper file is kept in a locked cabinet, the key of which is held by the HR employee.

 

Retention periods

The data will be destroyed in accordance with the guidelines set by law.

 

Data of (future) customers

We collect information from our customers that is necessary for making quotations, orders, invoices and e-mail correspondence.

The data we can process are:

  • Company Name
  • Address data
  • Telephone numbers and/or e-mail addresses
  • VAT number
  • Chamber of Commerce number
  • Account number
  • Contact details

The data is registered in an (electronic) register.

 

Data from (future) suppliers

We collect information from our suppliers that is required for quotation requests, purchase orders, purchase invoices and e-mail correspondence.

  • Company Name
  • Address data
  • Telephone numbers and/or email addresses
  • VAT number
  • Chamber of Commerce number
  • Account number
  • Contact details

The documents (offers, orders and invoices) are stored in our administration together with the correspondence, both digitally and on paper.

The above data is entered into our inventory and accounting program.

 

Safety precautions

  • Processing agreements
  • Measures in the ICT field
  • Measures in the field of security of the paper data

 

 

Data leak

When a data breach is detected, it is mandatory to report it. Here is what needs to be done:

  • If data has already been leaked or distributed (such as sending an email to a wrong addressee), the relevant persons will be contacted and the information will be forced to be removed and not to be further distributed in any way. In addition, a data breach is reported to the AP (personal data authority).
  • In the event of an acute danger of spreading or leaking data (such as a stolen phone or laptop), all access to this device will be blocked as soon as possible and the theft will be reported to the police. In addition, it is checked whether data has been leaked or distributed. If so, action is taken as in rule 1 (see above). If no data has been leaked about the threat, the cause of the threat will be investigated and it will be corrected or, if possible, completely removed as soon as possible.
  • In the event of an imminent danger of data being distributed or leaked (such as in the event of a system failure), it is checked whether data has been leaked or distributed. If so, action is taken as in rule 1 (see above). If no data has been leaked about the threat, the cause of the threat will be investigated and it will be corrected or, if possible, completely removed as soon as possible.

All employees are obliged to take action in the event of (imminent) danger of leaked or distributed data or data that has already been leaked or distributed.