Privacy & Cookies
This privacy statement sets out which personal data Helin Data B.V. (“Helin”) and its affiliated companies collect from you through our interaction with you and through our services and products, in which way this takes place, the role of cookies, for which we use the personal data, how long we store personal data, how you can view and change the personal data stored by us and how your personal data is protected by us.
Helin Data B.V.
2289 EX Rijswijk
Phone: +31 088 185 185
Chamber of Commerce number: 69210594
Applicability of General Data Protection Regulation (GDPR)
When processing data, the General Data Protection Regulation (GDPR) may apply. We refer to it further as the GDPR. The GDPR applies in the case of the fully or partially automated processing of personal data, but also to the manual processing of personal data included in a file or intended for recording therein.
To determine whether the GDPR applies, the following questions are important:
Is data processed?
Is this data personal data?
Is this data processed automatically fully or partially, or is it included in a file or intended to be included in a file?
Is the data processing within the scope of the GDPR?
How do we obtain personal data?
Personal data is shared with us by employees, potential employees, customers, prospects, suppliers or if you have contact with us.
Users of our websites, e-mails, films and videos and other digital communication channels share certain personal data directly with us.
Personal data is collected from visits to our websites by entering or leaving personal data on one of our websites, by filling in personal details or leaving them behind at one of our branches or with employees or by registering to use our services.
Personal data that have been placed, published or shared, respectively, on a forum on or linked to one of the websites operated by us, have not been collected, stored or processed by us or on our behalf or initiative, respectively. We are neither a controller or a processor pursuant to the applicable laws and regulations, including GDPR, for placing, publishing or sharing, respectively, of the these personal data and in no event will Helin and/or its associated companies be responsible or liable for any damage, costs or any equitable relief hereunder in relation to placing, publishing or sharing, respectively, of these personal data, respectively.
We also collect personal data, for example you create a Helin account, register for events and activities (in writing or on our websites), consent (opt-in) for marketing or recruitment activities or are willing to be added to our customer database.
We obtain another part of the data by recording how you handle our products, for example by using technologies such as cookies and receiving error reports or usage data from software on your device.
We also obtain personal data by entering into agreements or through other business activities. These may be commercial project agreements for products or services, employment contracts, detavast agreements, contracts for hiring in freelancers or temporary workers, subscriptions or licenses.
Which websites are hosted by Helin?
www.helindata.com – corporate and commercial website
Which personal data is processed by us?
We collect the following personal data:
- name and address
- date of birth and place
- phone number
- e-mail address
- IP address
- bank account number
- identity card details (passport photo and citizen service number (BSN))
Processing targets: for what purposes do we process personal data?
Helin uses the data that is processed for:
- business management
- delivery of products and services
- improvement of products and services
- offering events
Helin works for contractors and supplies professionals to hirers. The legal requirement for such cases is that the contractor or the hirer obtains certain data from the identity card of the professional, including the BSN.
In addition, as an employer Helin is legally required under Article 28 of the Wage Tax Act to include a copy or scan of the identity documents of its personnel in the payroll administration.
A copy or scan of the identity card is made when an employee starts work at Helin. This means that we can prove later that our employees have properly identified themselves and that they were in the Netherlands legally. The copies of the IDs processed by Helin are also used for inspections on the work floor, for example by the SZW Inspectorate.
Delivery and improvement of Helin products and services
We collect (personal) data that we receive via websites in order to be able to work effectively and to inform and provide our customers with the best possible information about our products and services.
Furthermore, personal data may also be used for communication with customers and users, for example for providing information about user accounts, security updates and product information.
Recruitment for Helin
We use personal data for recruitment for Helin and its affiliated group companies. We may provide this personal data to these companies.
Prior to an event, we ask visitors for permission to take photos, or make video or sound recordings. These recordings are kept (up to a maximum of 3 years) and may also be used for the internal/external communication purposes of Helin, using online and offline resources, both for commercial purposes and recruitment. Visitors and participants in such events can also announce prior to the event that they do not wish to appear recognizable on photos, video or sound recordings of the event. They then receive a colored sticker that they can affix to their clothing. When processing the material we take their objections into account.
Helin websites and cookies
Cookies enable us to:
- store the preferences and settings of Helin website visitors
- make it possible for Helin website visitors to register for a specific purpose
- offer advertising and marketing based on specific interests
- achieve sound security (identification, fraud prevention, internal controls and operational safety)
- analyze how our websites and online services perform. Our apps also use other IDs for similar purposes, such as the advertising ID in Windows.
There are exceptions to the permission requirement. For example, if the cookies are technically necessary for the website to function correctly. Examples include certain analytical cookies, which provide better insight into how our website functions. The Telecommunications Act was amended on 11 March 2015. The provider of a website no longer needs permission to use analytical cookies, provided that these cookies are only used to count visitors. If analytical cookies are not used to treat people differently, they hardly affect the privacy of website visitors. In that case permission from website users is no longer necessary.
The Dutch Personal Data Protection Act also applies to tracking cookies (in combination with other data collected on the website visit).
Helin uses tracking cookies on the website www.helindata.com. The website user is asked to give explicit permission for this purpose. If permission is not granted, the website visitor is asked to click for further information and the choice can be made to activate cookies fully or partially. A choice for all or none of the cookies may reduce functionality of the website.
How do we store personal data?
Personal data is stored by Helin, among others, in the following databases:
- Azure Cloud
- Dynamics for 365
This list of the most important databases is based on an inventory on the date on which this privacy statement was formulated and may be subject to change.
We have created a so-called “Privacy Impact Analysis” for a number of these systems in order to identify the risks associated with their use.
With whom can your personal data be shared?
Personal data is shared with:
- other Helin companies
- customers, for whom Helin fulfils service and/or management functions
- Facebook, Google, SurveyMockey and LinkedIn
- clients, suppliers or subcontractors, government agencies and other business relations.
Basis for providing personal data
The provision of personal data is based on:
- a legitimate interest
- legal obligation and/or
- implementing the agreement in accordance with the aforementioned objectives
Helin has added the applicable basis to its processing register.
Helin deems the following means of communication as permission:
- handing over a business card at an event;
- request for information;
- quotation request;
- execution of an assignment;
- permission for use of data by email.
Processing personal data
We conclude a data processing agreement with data processors of personal data. We record these data processing agreements in a data processing register.
The data processing register includes the following information:
- the name and contact details of the responsible individual;
- the purposes for which personal data is processed;
- the categories of personal data (such as name and address details, contact details, payment details);
- the categories of individuals involved (for example: customers, website visitors, employees);
- the categories of recipients (to whom is the data provided?);
- information about the potential transfer of personal data to countries outside the EU;
- the retention periods of the personal data;
- the ways in which personal data is secured (for example: encryption, access control, pseudonymization).
Data processing register
With regard to the requirements for a data processing register, Helin has adapted the following:
Since Helin has no obligation to appoint a data protection officer, this is not included in the processing register. Helin has instead included the roles of process owner and an application manager in the processing register. This also stipulates that the owner can never be the same person as an application manager, as a result of which the “two sets of eyes” principle is achieved. The purpose for which the personal data is processed has been translated by Helin into the process for which the personal data in question is used.
The categories of personal data are based on the categories in the retention period schedule. This enables the storage period to be defined. Where the data is hosted: NL, EU or outside the EU.
Rights of data subjects
Helin undertakes to:
- provide data subjects with reasonable information about the processing of their personal data
- provide data subjects with a copy of or otherwise provide insight into their processed personal data
- remove, correct, supplement or protect the personal data of data subjects on request, unless a legal (storage) obligation conflicts with this
- provide evidence that personal data of data subjects has been removed or corrected
- enable data subjects to exercise other rights under the applicable legislation.
Sharing personal data outside the Netherlands
If personal data is shared outside the European Union, we will only do so if and insofar as this is legally permitted. This means, for example, that processors of our personal data outside the European Union are asked to draw up so-called “Standard/Model Contractual Clauses”.
Obviously, we ask our data processors to store the personal data that is processed on our behalf on servers that are located within the European Union.
How do we protect your personal data?
Helin does everything necessary to protect your personal data. To this end, Helin has identified specific measures that include Multi Way Authentication and encryption. In addition to technical protection, people are also important. All our employees have a confidentiality clause in their contract. Helin also invests significantly in raising employee awareness in the area of information security and data privacy.
Helin may amend this privacy statement from time to time. You can always view the most recent version via the hyperlink “Privacy & Cookies Statement” on the Helin website. If and insofar as you provide Helin with personal data, we advise you to regularly check the contents of the Privacy Statement.
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation gives you the right to lodge a complaint with a supervisory authority, for the Netherlands this is the DPA (Autoriteit Persoonsgegevens). You can lodge your complaint via: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons