External privacy statement SERIS Version no. 1.
Date: 9th May 2018.
We have drawn up this document to clarify to you the circumstances in which we process your personal data and how we protect this. It is possible that we make interim changes to this privacy statement. Any changes made to this document will be published on our website, so you will always be aware of what kind of information we collect, how we use it and in which cases we can transfer this data to third parties. For this reason we request that that you read this document regularly.
This privacy statement generally entails the processing of personal data of our current clients and, in some cases, our past clients, our suppliers, our prospective clients, as well as their staff members and persons designated by them, persons who show an interest in our activities and persons we come into contact during the execution of our activities.
In according with the legislation concerning the protection of personal data, we inform you of the following:
1) This privacy statement entails the processing carried out by the following enterprises of the group SERIS Netherlands:
SERIS Holding B.V., Pieter Zeemanweg 61, 3316 GZ Dordrecht, Chamber of Commerce no. 24251292
SERIS Security B.V., Pieter Zeemanweg 61, 3316 GZ Dordrecht, CoC no. 52242072, ND licence ND15
SERIS Facility B.V., Pieter Zeemanweg 61, 3316 GZ Dordrecht, CoC no. 24251293
SERIS Safety B.V., Pieter Zeemanweg 61, 3316 GZ Dordrecht, CoC no. 52241831
Hereinafter collectively called “SERIS”.
2) The e-mail address of the SERIS Data Protection Officers is: email@example.com.
3) The personal data we can process are the following:
Identification data: surname, given name, language, title, function, type and document numbers, identification documents, etc.
Contact data: postal address, fixed and or mobile phone number, e-mail address, etc.
Financial data: bank account number.
Other particular personal data required by the Dutch law on private security firms and detective agencies .
Data concerning image recording: security footage.
Data concerning audio recording: phone calls on fixed lines.
4) If you have a contractual relationship with SERIS, this agreement forms the basis for processing personal data. The purpose of processing personal data consists of enabling SERIS to guarantee the service provision described in the contract, as well as general management of clients and suppliers, including accountancy, the management of disputes and judicial procedures, the collection and transfer of debts, as well as protection of our rights.
We base the procession of your personal data on our justified interest and can thereby offer you promotions related to similar products of services you have made use of and to keep you informed of our activities and those in our sector, or to protect our activities, properties and buildings by registering visitors.
We base the procession of your personal data on your permission when you subscribe to our newsletter, when you send us a request for information, when you call us by phone (in which case you will be informed beforehand that the conversation may be recorded), or when you enter our premises where a pictogram indicates camera surveillance. You can unsubscribe to our newsletter at any time.
Finally, the procession of your personal data can be justified by satisfying our legal requirements. In this matter we are subject to fiscal and accounting requirements compelling us to store certain personal details to transfer to accounting and fiscal administration. Furthermore, we are subject to legal requirements in regard to our sector, which is strictly regulated and obligates us to transfer certain information to our supervisory authority at their explicit request or on our own initiative.
5) SERIS will store your personal data until your relationship to SERIS is terminated (for instance, when you are no longer contractually bound to SERIS or when you unsubscribe to the SERIS newsletter). There are exceptions to this tenet in the following cases:
a) if there is a legal retention period;
b) to adhere to a possible limitation period;
c) to have our or your rights defended and asserted in case of a dispute.
6) Your personal data will be accessible to persons indicated in agreement with the need-to-know principle, in order to satisfy the purposes mentioned above.
One of the enterprises of the SERIS group can transfer your personal data to another enterprise mentioned above in point 1) when this is necessary or to satisfy a legal of contractual obligation.
SERIS will not transfer your personal data to third parties without prior notice, except if this transfer is required to satisfy legal or contractual obligations, or judicial or police actions.
If subcontractors are hired by SERIS, they are always contractually bound to process your personal data in regard to the implementation of the agreement in compliance with the applicable regulations, without processing your personal data to other ends than those stated in our collective subcontractor agreement. If a client chooses to make use of this service, SERIS Security can grant this client access to an ERP solution at that client’s request. Through this, inspections and reports of the surveillance activities can be carried out by SERIS Security, if the client makes such a request. SERIS will hire an external subcontractor to maintain this platform, to whom the client’s personal data will be transferred. The amount of information that is transferred is limited to the information required for the external subcontractor to carry out the assignment we have entrusted him with through contract.
7) In accordance with the General Data Protection Regulation  , under certain conditions everyone has the following rights:
1) to access personal data and correction of it;
2) to deletion of the personal data in cases stated in the law;
3) in case of a dispute concerning the processing of personal data, to limitation of the processing of that personal data until the dispute has been settled;
4) to the transferability of the personal data;
5) at all times and without reason, to object to processing the personal data for the use of marketing purposes or automated individual decision-making.
If the process of your personal data is based on your permission, you have the right revoke this at any time.
Anyone who wants to invoke these rights is requested to send an e-mail to the address firstname.lastname@example.org . Every person also can appeal to the Dutch Data Protection Authority through https://www.autoriteitpersoonsgegevens.nl/ .
8) SERIS carries out a continuous follow-up of the security of personal data within the company. SERIS is committed to take all technical and organisational measures within reason to prevent unauthorised persons from accessing personal data entrusted to SERIS, as well as to prevent any undue loss, destruction and publication of personal data. SERIS uses systems that are regularly updated, through which personal data can be encrypted if necessary, and its firewalls are in accordance with industrial norms.
 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (…), Official Journey of the European Union, 4th may 2016, L. 119/1.
 In compliance with the Dutch law on private security firms and detective agencies, prevailing as of 2013 up and until now (in Dutch).