The kinds of personal information Incontrol may collect and hold
In the process of conducting its business, Incontrol may collect, hold, use, and in some cases, disclose personal information, including sensitive information, relating to its business, suppliers, and employees.
Personal information is information or an opinion about an individual who is reasonably identifiable from that information, whether or not the information or opinion is correct, and whether or not it is in a material form, and regardless of its source. Examples of the type of personal information we may collect includes a person’s name, address, phone number, and email address.
Collecting personal information
Incontrol will only collect personal information where necessary.
Incontrol may collect personal information from an individual, for example, through registration of newsletter, or if an individual requests information or otherwise engages with Incontrol. Incontrol may ask an individual to provide their contact information.
Incontrol will generally only collect personal information from the relevant individual, unless in Incontrol’s opinion it is unreasonable or impracticable to do so.
If an individual elects to not give Incontrol their personal information, Incontrol may be unable to procure services or otherwise engage with the individual.
Holding personal information
Incontrol may hold personal information electronically, or in paper files. Incontrol will take all reasonable steps to protect personal information against misuse, interference, loss and unauthorised access, modification or disclosure.
Where Incontrol holds personal information that it no longer requires, Incontrol will take reasonable steps to destroy or de-identify such information, subject to any law or court order requiring retention.
Use of personal information
Administration. If an individual engages with Incontrol, we may use personal information in order to manage the relationship, to verify the individual’s identity and send important information about the Incontrol software and its services.
Legal obligations. Incontrol may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law (including the GDPR), which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our contractual relationship with an individual; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
Incontrol will notify individuals in advance if the way Incontrol uses or processes personal information changes.
Disclosure of personal information
Incontrol only discloses personal information when necessary to conduct our business operations as described below. When we disclose personal information, we do so in accordance with applicable data privacy and security requirements including GDPR.
Within Incontrol. Our business is supported by a variety of Incontrol teams and functions, and personal information will be made available to them if necessary for the provision of services, and business and product development, for instance. All of our employees are required to follow our data privacy and security policies when handling personal information.
Third-party suppliers. Incontrol partners with and is supported by suppliers around the world. Personal information will be made available to these parties only when necessary to fulfill the services they provide to us, such as software, system, and platform support; cloud hosting services; advertising; data analytics; and order fulfillment and delivery.
Third parties for legal reasons. We will share personal information when we believe it is required, such as:
- To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence.
- In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- To protect our rights, users, systems, and capabilities.
3. Access to, and correction of personal information
Under applicable data protection law, individuals may have the right to access and control personal information that Incontrol holds about them. Any individual wishing to access, amend, correct or delete their personal information held by Incontrol must contact our Privacy Officer at firstname.lastname@example.org or Vanadiumweg 11L, Amersfoort, 3812 PX. Before providing data to requesting individuals, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
Access will be provided where this is reasonable and practicable. However, in accordance with applicable law, Incontrol may refuse an access request in certain permitted situations.
Should an individual wish to make a complaint in relation to Incontrol’s use, collection, disclosure or management of personal information on this website, or request access or correction, they must contact our Privacy Officer at email@example.com or Vanadiumweg 11L, Amersfoort, 3812 PX.
Where a complaint is received, the Privacy Officer will consider the complaint and, within a reasonable time, will decide whether the complaint warrants further investigation. The complainant will be advised by Incontrol of the outcome of its investigations within a reasonable time.
Alternatively, you may refer your complaint to the Dutch Data Protection Authority.