Privacy Policy

Responsible for this privacy policy:

The European General Data Protection Regulation (GDPR) – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – provides that government organizations must appoint a data protection officer.

The business manager has been appointed as data protection officer within the meaning of Article 37 of European Regulation 2016/679 on data protection.

Your privacy is very important to us. We want to process your personal data in a legal, correct and transparent manner. In this privacy statement we explain which personal data we collect and process from you as a natural person. From now on we are always talking about data about you as a citizen, or as another data subject, such as beneficiary, contact person in a company, etc. In whatever capacity, your rights remain the same and we treat your data with the same care.

We are responsible for the processing of personal data. You must be able to rely on us to handle your personal data carefully and securely. To guarantee this, we have an approved information security policy. This policy is in line with the relevant legislation.

Geru BV strives for an efficient and qualitative service. We are committed to managing your personal information securely at all times.

We are careful to only process your data if we have a valid legal basis to do so. We mainly process personal data in the context of a legal assignment or in the public interest. In a limited number of cases, we do this on the basis of a contractual obligation or to protect the vital interests of a natural person. In all other cases we will ask you to give your consent to the processing of your data. This is the case for, among others:

• The use of cookies on the website
• Processing footage: photos and videos
• Use of contact details for newsletters you subscribe to

The collection of personal data only happens in one way:

• We request your personal data directly from you

The processing of personal data is done by employees of Geru BV. All employees are subject to legal professional secrecy and sign a confidentiality statement. We do everything we can to continuously train our employees about the importance of privacy and data protection.

The employees use automated systems purchased from third parties. In addition to IT suppliers, we also have contracts for personnel management, legal assistance, etc. These suppliers are processors who process personal data on our behalf. To guarantee privacy, a processing agreement has been concluded with these suppliers. These suppliers are subject to the same legal bases and security measures as those that apply to us.

We may also disclose your personal information: (i) if we are required to do so by law or other legal process; (ii) to law enforcement or other government agencies in accordance with their statutory powers; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm; or (iv) in connection with an investigation of suspected or actual fraudulent or illegal activity.

We mainly store and process your data within the European Union. We will also only use IT systems that operate within the European Union.

If there is no equivalent alternative within the zone, the administration can use applications that process data in countries outside the European Union, insofar as these applications provide sufficient guarantees that they comply with the European regulation, preferably because they are located in the so-called safe countries.

We store personal data and base ourselves for this on the legally established retention periods.

Personal data is not kept longer than necessary. After the expiry of these periods, the personal data will be destroyed according to the procedure described in the information security policy.

We take appropriate administrative, technical and physical security measures to protect personal data against accidental or unlawful deletion, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing of the personal data in our possession. The level of security is determined by a data protection impact assessment.