Contact

Privacy Statement as of Jan. 24, 2022

This page was last modified on January 24, 2022. We see it as our responsibility to protect your privacy. On this page, we let you know what data we collect when you use our website, why we collect this data and how we use it to improve your user experience. This privacy policy applies to the services of Compris Consulting B.V.

Compris Consulting B.V. is not responsible for the privacy policies of other sites and sources. By using this website, you indicate your acceptance of the privacy policy.

Compris Consulting B.V. (hereinafter: Compris) respects the privacy of all users of its site and ensures that the personal information is treated confidentially.

Unknowingly you share all kinds of personal information with Compris.  Of course we handle this information with care. In this Statement you will find information about how Compris handles  your personal information,  clarified with examples. Do you have any questions about this Privacy Statement? Please contact us at info@compris.eu.

1. What is processing personal data?
Personal data
This is data directly or indirectly refers to you personally.  Examples are your name and address, income, BSN number. But also data of a sole proprietorship, ZZP'er, VOF or partnership, is personal data. When it comes to data from a legal entity such as a B.V. or N.V., this does not apply. Data of the contact person or representative of a legal entity are personal data.
Processing
Anything that can be done with your personal data. For example, the collection, storage, use, transmission and deletion of your data.

2. Who do we process personal data from?

We process personal data if we have, want to have or have had a business relationship with you. Or if we have had direct or indirect contact with you. Such as:
- When you apply for a job at Compris;
- Working on behalf of Compris for one of our clients, as a self-employed person or through an intermediary or secondment agent;
- anyone who is in any other way connected to a company or organization with which we have, want to get or have had a business relationship (for example employees, directors or (ultimate) stakeholders of organizations.

3. What does Compris expect from companies and organizations?
Does your company or organization provide us with personal data of employees, directors or ultimately interested parties (UBO )? If so, we expect you to inform them on this matter. You can give this Privacy Statement to them. So they can see how we handle their personal data.

4. Who is responsible for processing your personal data?
This Privacy Statement deals with processing of personal data by Compris in the Netherlands.

5.1 What personal data do we process?
Type of data.
-Capture e-mails
-Data about the use of our website
-Data we receive from other parties
-Data we share with other parties
-Data we need to fulfill our legal obligations

What kind of data might this be?
-Name, address, phone number, email address, data that appears on your ID card.
-Criminal data, data showing your ethnic origin, Citizen Service Number (BSN).
-E-mails you send to us.
-Cookies
-IP address
-Data about the device with which you use our website.
-Data from intermediaries or clients with whom Compris has agreements.
-Data we receive from companies to whom you have given permission to share data
-Financial data
-Project data
-Pension data
-Data we provide to other parties we engage to assist with our services
-Data that you have asked us to share with another party
-Data we store to fulfill our obligations as an employer and service provider

Examples of use of this information by Compris
-For identification purposes, to draw up an agreement or to contact you.
-We use your BSN to pass on relevant financial data to the tax authorities, in connection with obligations under tax legislation.
-In the context of placement with our clients it may be necessary to record information about your country of birth (e.g. when a declaration of no objection (VGB) is requested) or for the purpose of criminal data by means of a certificate of good conduct (VOG)
-We use the e-mails for example because of legal obligations, to provide evidence and for quality purposes
-To improve our website
-We use this data to meet the obligations as agreed in the contract between Compris and the client in question.
-Data we receive because you have given permission to a third party with whom Compris has an agreement in the context of mediation
-We are obliged to provide certain information to the Tax Office
-Other parties (such as Pension Providers) who process data on our behalf because we engage them in our services
-You can ask us to share certain data with a third party or when you give us permission to do so under an agreement
-We process personal data to comply with legal obligations, including under the Tax Act, Occupational Health and Safety Act
-We process personal data to fulfill contractual obligations as agreed between Compris and the client in question as a client of Compris

5.2 How do we obtain your personal data?
We receive your data because you give it to us yourself. For example, when you enter into a contract with us, enter into an employment agreement, leave your data on our website or use our services. We may also receive data from others. For example, from suppliers or other parties we work with. We may also use public sources such as public records, newspapers and the Internet. Sometimes we receive data because you have given permission to another party to share data with us.

5.3 What do we use your personal data for and for what purpose?
In order to perform our services, we need and must process your personal data. But also because we are legally obliged to process some data. We process your data for the following purposes.

a. In order to enter into a relationship and agreement with you.
-If you want to work for Compris (directly through employment or through an intermediary) we need and must process your personal data.
-If hired or through an intermediary, we need to establish your identity and comply with our legal obligations. In doing so, we may make a copy of your proof of identity.
-It may occur that from contractual customer requirements (Client of Compris) there must be a check against national and international sanctions lists. For example by having a Certificate of Good Conduct (VOG) or a Certificate of No Objection (VGB) carried out.

  1. Basis
    We usually process your data because we are legally obliged to do so. However, if this legal obligation does not apply directly to Compris, we have a legitimate interest in processing your data for these purposes. We may also process the data because it is necessary for the conclusion of the contract. We may also ask your permission to process your data for the development and improvement of our products and services. In the case you don't give permission, this ill not affect our services to you. You can always withdraw your given consent by reporting this to us.
  2. To execute agreements and assignments.
    -When you work for Compris through employment or through an intermediary, we carry out assignments and concluded agreements. For this we process personal data.
    -At your request we pass on your data to third parties. For example, when required by pension providers, for processing payroll.
    -E-mail traffic we may record. We do this, for example, because we are required to do so by law, to provide evidence, for research (e.g. for the purpose of an audit report).
  3. For the development and improvement of our services.
    -In order to perform our services well and innovate, we are constantly developing and improving our services. We do this for ourselves, but also for our business customers or other parties.
    -When analyzing your visit to our website, we process data. We do this in order to improve our website, for example through the use of cookies.
  4. For relationship management
    -We process your personal data for relationship management. In doing so, we use you personal data provided to us. But we also use data not obtained directly from you, such as public registers ( the Chamber of Commerce), public sources ( the Internet) and other parties (such as an intermediary when you work on behalf of Compris, but are not employed by Compris.)
    -We can create and use analyses and profiles to provide insight to our clients for the purpose of benchmark research. So that a business client of ours can determine how they are performing against competitors. If we use your data for this purpose we ensure that this data is pseudonymized as much as possible. And only available to a limited number of employees within Compris. If you do not want us to use your data for benchmarking, please let us know.
  5. To enter into and perform agreements with suppliers and other parties 
    If you have contact with Compris for work purposes, we may process your personal data. For example, to determine whether you are allowed to represent your company. If necessary, we may contact your company prior to, but also during the agreement as part of screening.
  6. To comply with legal obligations
    -Based on (international) laws and regulations, we have to collect, analyze and sometimes transfer a lot of data about you to government agencies. We have to comply with legislation in order to provide our services. We also process personal data to fulfill our duty of care as an employer.
    -The tax authorities, the police and the public prosecutor, but also intelligence services, for example, can request data from us. We then have a legal obligation to cooperate in investigations and to pass on information about you.
    -Laws and regulations may also oblige us to pass on (analyzed) data about you to a government agency, a tax authority or a supervisory authority in or outside the Netherlands.
    -We record e-mail traffic. We do this to comply with legal obligations. We may also do this for providing evidence or in the context of quality assurance, for training, coaching and assessing employees.
    -We process your data because it is required by law. Or because we cannot otherwise perform an agreement with you. Or if we have a legitimate interest to process your data in order to comply with a statutory or other legal obligation.
  7. For the execution of business processes, management reports and internal management
    -We use your data to conduct internal audits and investigations, for example, to examine whether new rules have been properly implemented. Or to identify risks.
    -We also use data to map and improve our business processes so that we can serve you better. If possible, we anonymize or pseudonymize your data first.
    -We process your data because it is required by law, or because we have a legitimate interest. Also, processing your data may be necessary for the performance of our agreement with you.

6. What period of time do we keep your personal data?
We keep your data no longer than we need for purposes of collecting in the first place or reusing. We have a retention policy. This sets out how long we retain data. In the Netherlands this is in most cases 7 years after the end of the agreement or your relationship with Compris. Sometimes this period is longer. For example if you have performed work in a high-risk environment and additional obligations have been set by the Health and Safety legislation. Data you have provided to us in relation to an assignment, for example, we usually keep for only two years. We may also retain data longer than the retention period we have set for specific situations. For example, if you have filed a complaint that makes it necessary to keep the underlying data longer. If we no longer need the data for the purposes described in 1.7 a. to g it will be destroyed taking into account the legally required retention periods.

7. Does Compris also process special personal data and BSN?
-Special personal data, criminal data and the BSN are sensitive data. Special personal data are, for example, ethnic data. We only process this information if it is necessary in relation to the contractual requirements of a client. For example, when asked to provide a Certificate of Good Conduct (VOG) or Certificate of No Objection (VGB).
-We will only use your BSN if this is legally permitted. For example, because it is necessary for the tax authorities.
-We also process special personal data if this is permitted by law, because you have disclosed this data yourself or with your permission. We ask your permission to record this data. Do you give us permission to record special personal data about you? Or do you disclose this data yourself? Then we will only process this data if it is necessary for our services. Have you given us permission to record special personal data? Then you can always withdraw that permission. You can contact Compris at info@compris.eu.

7.1 Does Compris make automatic decisions about me?
Automatic decisions are decisions about you that are made by computers, and not (anymore) by humans. Compris does not use automatic decisions.

7.2 Who has access to your data?
Only employees within Compris have access to your personal data who need withing their function. All these employees have a duty of confidentiality.

7.3 Do we also use personal data for other purposes?
Compris does not also use personal data for other purposes.

7.4 Do we transfer your personal data to others and countries outside the EU?
-Your personal data may be passed on to a third party, for example an intermediary, because you ask us to do so. Data that establishes your identity may also be used, for example, by a third party you wish to do business with.
-Sometimes we engage other parties/business partners who process personal data on our behalf. For example, a Pension Provider. We can only engage other parties if this fits the purpose for which we have processed your personal data. In addition, this other party can only be commissioned by us if it makes certain arrangements with us and has demonstrably taken appropriate security measures and guarantees confidentiality.
-In principle, we do not pass on your data to other parties outside the European Union.

What rights do you have?

8.1 Right to information
With this Privacy Statement, we inform you about what we do with your data.

8.2 The right to access
Everyone has the right to inspect the personal data that has been collected. A data subject may ask at  reasonable intervals whether, and if so what, personal data is being processed.
The overview provided will include at least the following information:

  • The purposes for which Compris processes the data;
    - the categories of personal data processed about the data subject;
    - the recipients or categories of recipients to whom the personal data have been or will be transferred, in particular recipients in third countries or international organizations;
    - if possible how long Compris keeps the data, or if that is not possible, the criteria to determine the retention period;
    - the right to modify, delete, restrict or object;
    - the right to file a complaint with the Personal Data Authority;
    - when personal data are not collected, any available information on the source of these data;
    - the existence of automated decision-making including profiling, and if so, useful information on the underlying logic, as well as the importance and expected consequences of such processing for the data subject

If you request to provide a copy of the data, this will be provided by Compris or you will be given remote access to the data (via a secure environment). If you wish to receive multiple copies, an administrative fee will be charged. The information will be provided by email if the request is made by email. If the request is made via written request by mail, Compris will send the information in writing accordingly.

8.3 The right to rectification
It may happen that personal data that is processed is not correct (anymore).  The data subject has the right to request Compris to correct this data. The data subject also has the right to have the information completed when it is incomplete, for example by providing an additional statement. If Compris has shared the data with other parties, Compris will notify these parties of the changes. Compris will not do this when:

  • this is impossible;- this requires a disproportionate effort by Compris.

Whether something requires a disproportionate effort is determined by carefully weighing the interests. On the one side the interests of the data subject on the other side the efforts (costs, time et cetera) Compris must make to inform the recipients (third parties).

8.4 The right to erasure and the right to be forgotten
Under certain circumstances, the data subject has the right to have data deleted by the data controller, for example when the processing is unlawful. In addition the data subject has the right to be "forgotten". This right was created so that people on the Internet are not forever (wrongly) confronted with their past. The data subject has the right to have data erased as soon as possible, but only in one of the following cases:

  • the personal data are no longer necessary for the original;
    - the data subject, has withdrawn their consent to the processing and this is the only basis of the data processing;
    - the data subject, has legitimate objections to processing;
    - personal data are unlawfully processed;
    - personal data must be deleted in order to comply with a legal obligation;
    -personal data are collected in connection with a direct offer of Internet services to a child.

In addition to the right to erasure,  the data subject also has the right to be "forgotten" under certain circumstances. This right is an extension of the right to delete data.

In specific situations Compris has made personal data public (for example, by putting it online) and the data subject asks Compris to delete the data. In this case, Compris will take reasonable technical and organizational measures to inform other controllers processing the personal data. The right to erasure and the right to be forgotten are not absolute, and will have to be weighed by Compris against other rights and interests. The right to erasure and the right to be forgotten do not apply if the processing is necessary for:

  • the right to freedom of expression and information (if by an employee of Compris);
    - fulfilling a legal processing obligation incumbent on Compris;
    - fulfilling a task of public interest incumbent on Compris;
    - exercising public authority (for example from chain responsibility);
    - for reasons of public interest in the field of public health;
    - archiving in the public interest, scientific or historical research or statistical purposes when deletion of the data threatens to make the purposes of such processing impossible or seriously jeopardized;
    - the institution, exercise or support of legal proceedings.

When the data are shared with other parties, Compris will notify these parties that the data have been deleted at the request of  the data subject. Unless this is the case for Compris:

  • proves impossible;
    - Requires a disproportionate effort.

Whether something requires a disproportionate effort is determined by carefully weighing the interests. On the one side the interests of the data subject on the other side the efforts (costs, time et cetera) Compris must make to inform the recipients (third parties).

8.5 The right to restriction
The right to restriction of the processing of personal data means that the data subject has the opportunity to temporarily stop the processing of the  personal data'. Compris may only process the data (or have it processed) in the following cases:
- with the consent of the data subject;
- for the establishment, exercise or substantiation of a legal claim;
- to protect the rights of others or for important reasons of general interest for the European Union or for a Member State.

the data subject has the right to restrict processing if any of the following situations occur: 

  • the accuracy of the personal data is disputed by the  data subject, for a period that allows the controller (Compris or third party) to verify the accuracy of the  personal data;
    - the processing is unlawful and the data subject opposes the erasure of the personal data and requests  the restriction of its use;
    - the controller (Compris or third party) no longer needs the personal data for the purposes of processing, the data subject, needs it for the establishment, exercise or substantiation of a legal claim;
    - the data subject has objected to the processing, pending the answer to the question of legitimate grounds of the processing controller outweigh those of the data subject.

In case of the occurance of one the above situations, Compris will take appropriate technical precautions. For example, temporarily removing the published data from the Compris website.
In case Compris removes the restriction, the data subject will be notified in advance.

8.6 The right to object
The data subject, under circumstances, can object to the (further) processing of data and invoke the right to object. In this case, Compris will stop processing.
The data subject can invoke the right to object in three situations:
- because of personal circumstances;
- in case of the performance of a task of public interest or public authority;
- in the case of the legitimate interest of the processing controller.

The processing will pauzed in the above cases unless there are compelling, legitimate grounds in which the interest of Compris outweighs the interest the data subject.
the data subject can object to the processing of  personal data for the purpose of direct marketing. This right to object is absolute, Compris needs to comply with this.

8.7 The right to portability of data (data portability).
The right to portability of personal data gives the data subject the right to obtain a copy of personal data that is provided to Compris. When exercising tis right, a copy will be provided in a structured, common and machine-readable form (CSV, JSON, XML et cetera). The purpose of the right to data portability is to increase the control over the data as a data subject. The idea behind this is that the data subject can take the data with to another employer, for example.
The right to portability only applies to provided data that is processed automatically on the basis of the following bases:
- the unambiguous or explicit consent the data subject;
- the necessity for the performance of the contract (e.g. your employment contract).

Thus, the right to portability does not apply when the processing is done on a legal basis other than consent or a contract. Derived data (interpretations or conclusions that Compris draws from the data) are not covered by the right to portability. Compris is not obliged to accept transferred data.

8.8 The right not to be subject to automated individual decision-making including profiling
When personal data are used to reach a certain decision and this decision is based solely on automated processing of personal data, this is automated individual decision-making. In other words, automated individual decision-making does not involve (significant) human intervention so that any outcomes can be corrected.
Profiling is dividing people into categories (profiles) based on their personal data. Based on these profiles, (automated) individual decisions can then be made, such as, for example, the granting of credit by a financial institution.
Profiling can be used in the following three ways:
1) general profiling (still without decision-making);
2) decision making based on profiling;
3) automated individual decision-making based on profiling.

The difference in application 2 and 3 is human intervention. Under application 2, there is still significant human intervention. The profile only serves to support decision-making. Whereas under 3, the decision is automated and there is no longer significant human intervention.

Data subjects have the right not to be subject to a decision based solely on automated processing, (including profiling), where it:
- has legal consequences for the data subject;
- it otherwise significantly affects the data subject.

In principle, Compris does not use automated decision-making.

9. Who to contact in case of a question?
For questions about the processing of personal data, please contact the Risk & Compliance Officer at info@compris.eu.

10. Can we change this Privacy Statement?
Yes, our Privacy Statement may change from time to time. This may happen if there are new data processing operations and this data processing is of interest to you. We will of course keep you informed. You can always find the most current version of our Privacy Statement at www.compris.eu/privacy.

Questions and feedback

If you have any questions about this privacy policy, please contact us:

Compris Consulting B.V.
Schipholweg 655
1175 KR Lijnden
Email: info@compris.eu

Our enthusiastic asset management professionals ensure that our clients regain control of their complex infrastructure, production and logistics systems, enabling them to excel. We understand professional management and have an eye for the people who work with it. Compris works exclusively for asset owners and will gladly assist your organization as an independent expert to realize a pragmatic and sustainable asset management system'. More information.