VECOS PRIVACY STATEMENT
1. Introduction
We respect your privacy and handle privacy-sensitive data with care in accordance with the provisions of the General Data Protection Regulation (GDPR) and other applicable privacy legislation. In this privacy statement, we describe how we process personal data, for what purposes we do so, how you can exercise your privacy rights, and provide other information about how we handle personal data. Personal data is information that can be used to identify an individual person or that can be traced back to an individual person.
Please read the section of the privacy statement that is relevant to you:
• Prospects and potential customers
• Customers
• Suppliers
• Job applicants
• Website visitors
Vecos processes (personal) data of a variety of data subjects, such as website users, prospects, customers, suppliers and job applicants. This Privacy Statement explains which personal data is processed by Vecos and how. Vecos’ s headquarter is located in the Netherlands (Brainport Eindhoven) and Vecos processes personal data in accordance with the General Data Protection Regulation (the ‘GDPR)’, so that the privacy of data subjects is guaranteed.
For the processing of personal data of employees and former employees, Vecos refers to the Vecos HR handbook. For other data subjects, Vecos explains the processing below. If you have questions or remarks after reading the Privacy Statement please contact: informationsecurity@vecos.com.
2. Capacity
Vecos processes personal data in the capacity of both ‘controller’ and ‘processor’. This Privacy Statement only describes the processing carried out by Vecos as a ‘controller’. For the processing by Vecos as a processor, reference is made to the processing agreement that Vecos concludes with all its customers and to (the summary of) the Information Security Policy. Vecos standard DPA can be found via this link: https://www.vecos.com/en/general-terms-and-conditions/.
3. Business Relationships
For each separate group (prospects, customers, suppliers, job applicants or website users) of which Vecos acts like a controller the purpose of processing, the legal basis, the types of personal data that is processed and the retention periods will be stated and explained.
PROSPECTS AND POTENTIAL CUSTOMERS
Retention period:
A maximum of 1 year after it has been announced that a (commercial) process will not be followed up. And up to 4 weeks after an opt-out is received.
CUSTOMERS
Retention period:
A maximum of 2 years after the end of the service, unless the data must be kept longer on the basis of legal grounds. In that case, the minimum statutory retention period applies. If processing is based on consent: no more than 4 weeks after an opt-out has been received.
SUPPLIERS
Retention period:
A maximum of 2 years after the end of the agreement, unless the data must be stored for a longer period of time on the basis of legal grounds. In that case, the minimum statutory retention period applies. If processing is based on consent: no more than 4 weeks after an opt-out has been received.
JOB APPLICANTS
Retention period:
The personal data of applicants who are not eligible for possible employment after assessment will be deleted within one month after completion of the application process. After consent, the data can be stored for max. 1 year.
4. Processing
Retention periods
Vecos retains personal data in accordance with its retention period policy as mentioned above. The following principle applies: personal data will not be stored longer than necessary for the purpose for which they are processed.
Data that may be important for the possible handling of disputes/(legal) proceedings will be processed on the basis of legitimate interest and may be processed for a maximum of 20 years – depending on the particularity of the file – until the end of the agreement/event that gave rise to a dispute/procedure will be kept.
Third parties and onward delivery
Vecos processes personal data within the EU and Vecos does not share personal data with third parties, except for its service providers and unless this is necessary for the purposes mentioned above or if the data is collected via a cookie provider that has its hosting location outside the EU. Vecos will take appropriate measures to ensure that the processing of data is always carried out in a manner that ensures an ‘adequate level of protection’ of personal data.
Vecos does not use automated decision-making (including profiling). We do not sell or rent your personal data to third parties.
5. Contact
Withdrawal of consent
When Vecos processes personal data on the basis of consent, this consent can be withdrawn. This can be done by sending an e-mail to the person from Vecos with whom you are in contact or by sending an e-mail to informationsecurity@vecos.com.
Rights of data subjects
Data subjects can exercise their rights under the GDPR, such as access, correction and deletion, by sending a request to informationsecurity@vecos.com. Vecos will then handle this within 1 month, or if more time is needed to handle a request carefully, within an extension of maximum 2 months. Vecos will inform the person concerned about a possible extension. The request to exercise rights under the GDPR should be as specific as possible and the data subject should identify himself/herself. If Vecos asks for a copy of an identity document, this copy must meet the following conditions: illegible BSN and illegible passport photo.
Questions and complaints
Questions about this policy or complaints about Vecos’ failure to comply with the GDPR can be submitted to Vecos via informationsecurity@vecos.com. If a data subject is of the opinion that his/her complaint is not being handled satisfactorily, he/she can submit a complaint to the Dutch Data Protection Authority in The Hague or to a competent court.
Customers can send any request or question about data processing by sending an email to servicedesk@vecos.com.
PRIVACY STATEMENT WEBSITE VISITORS
When you visit our websites, we store cookies to ensure a properly functioning website and to improve our services and websites. We are happy to explain to you which data we store and what we do with them. The information can be categorized into Vecos.com and Releezme.net.
What cookies do we store on the Vecos.com website?
What cookies do we store on the Releezme.net website?
Functional cookies
To ensure a properly functioning website and optimal performance, we use necessary functional cookies. Otherwise, the website would be unable to function or you would be unable to log in.
_RequestVerificationToken
Expires when browsing session ends; used for form’s post.
ASP.NET_SessionId
Expires when browsing sessions ends; standard ASP.NET MVC session id cookie. Only contains the session id for the current session, information stored at server side.
.AspNet.ApplicationCookie
Expires when browsing session ends; used for login only.
.AspNet.TwoFactorCookie
Expires after 5 minutes; used for two-factor authentication login. Automatically deleted upon successful login.
.AspNet.ExternalCookie
Expires after 15 minutes; used for login only in connection with two-factor authentication. Automatically deleted upon successful login.
Analytical cookies
We use Microsoft Azure Application Insights to improve the quality of the website. Data which are stored for that purpose are anonymized and IP addressed are also masked. Data is not shared with other Microsoft Azure services. We have entered into a Data Processing Agreement with Microsoft. Below, you find information about the different cookies that we use:
ai_session
Expires after 30 minutes; used for Microsoft Azure Application Insights.
ai_user
Expires after 1 year, used for Microsoft Azure Application Insights.
Safety measures
We protect stored data and ensure that these data are not directly traceable to individuals. By taking technical and administrative measures, we reduce risks as much as possible, for instance by means of access control on the systems, a secure internet connection (SSL) with the website and a firewall.
How can you exercise your rights, such as to view, correct or remove data?
Send a message to informationsecurity@vecos.com and state ‘Privacy’ in the subject line. We will then process your message as required by the GDPR. We would like to point out to you that if your request is not processed to your satisfaction, you can file a complaint with the Dutch Data Protection Authority.
How can you disable or remove cookies?
You can choose whether to allow cookies or you can set your internet browser to block cookies. Most browsers explain how to do that via the help feature. If you block cookies, this may affect the website’s performance and your user experience on our website.
Google Chrome
Block cookies in Google Chrome
Microsoft Internet Explorer
Block cookies in Internet Explorer
Microsoft Edge
Block cookies in Microsoft Edge
Firefox
Block cookies in Firefox
Apple Safari
Block cookies in Apple Safari
[nd_disable_cookie]
Processing outside the EU
It is possible that personal data are sent cross-border to third parties as mentioned above for the purposes as described above. This means that personal data may be processed in countries with a lower level of security and protection of personal data than in the EU. In such an event, we will take appropriate measures, to ensure that the data are processed at an ‘adequate level of protection’.
Questions?
Vecos Europe B.V.
Esp 237
5633 AD Eindhoven,
the Netherlands
informationsecurity@vecos.com
Changes
The information in this statement may be subject to change. These changes will be published on vecos.com.
Eindhoven, the Netherlands, 17 September 2024.