1. INTRODUCTION TO THIS PRIVACY STATEMENT

In this Privacy Statement, we explain the main ways in which Aurum processes personal data. We use a number of specific terms, including:

 

Personal Data

Information that directly or indirectly relates to you as an individual; for example, your name, address, consumption data, or date of birth.

 

Processing

Anything that can be done with personal data, such as collecting, storing, using, or deleting personal data from our records.

 

Controller

The Controller is the party responsible for compliance with legislation relating to the protection of personal data. This may be a third party, or Aurum itself, depending on the nature of the data (as explained below).

 

Processor (or Sub-Processor)

The party that processes personal data on behalf of the Controller.

2. Different Purposes of Processing

Aurum may be involved in the processing of your personal data in various ways.

First, Aurum processes the personal data of its direct and indirect, existing or prospective business relationships, such as customers and suppliers. This processing is necessary for Aurum to communicate with contact persons, enter into and perform agreements, provide services to customers, maintain financial records, place orders with suppliers, carry out promotional or marketing activities, maintain commercial relationships, and comply with legal obligations.

Aurum also processes personal data of users of the ICT services it provides, where necessary to monitor the use of those services and to ensure compliance with applicable terms of use and legislation.

In addition, Aurum processes personal data of job applicants in order to conduct recruitment procedures and assess a candidate’s suitability. We may receive contact details and CVs from recruitment agencies or headhunters.

Visitors to our website may contact us through our online forms. In doing so, they are asked to provide contact details. Aurum uses this information to communicate with the individual regarding their enquiry.

In all of these cases, Aurum acts as the (ultimate) Controller responsible for protecting the relevant personal data.

Aurum may also process personal data on behalf of third parties, for example the data of residents that Aurum processes for customers through the ICT services it provides. In such cases, Aurum acts as the Processor of the relevant personal data. Since Aurum is not the (ultimate) party responsible for protecting the personal data in these situations (this responsibility remains with the Controller), it enters into additional arrangements with the customer in a so-called Data Processing Agreement. This agreement specifies which data Aurum processes and how it will protect that data on behalf of the customer.

3. Is It Mandatory to Provide Personal Data?

In some cases, providing personal data is mandatory, such as a name and other details required to enter into an agreement with a customer or supplier, contact details when completing a contact form, or a name and CV when applying for a position.

We require this information in order to enter into and perform an agreement with you or to comply with legal obligations.

4. What Is the Legal Basis for Processing Data?

Aurum processes personal data on various legal grounds:

• Because it is necessary to take pre-contractual steps at the request of the data subject or to perform an agreement to which the data subject is a party;
• Because it is necessary to comply with legal obligations applicable to Aurum, such as maintaining financial records;
• Because it is necessary for the purposes of the legitimate interests pursued by Aurum or a third party, generally to enable the operation of its business and for the purposes described above;
• Based on the consent of the data subject;
• In exceptional cases, because it is necessary to protect the vital interests of the data subject.

5. Does Aurum Process Special Categories of Personal Data?

Special categories of personal data are particularly sensitive data, such as information relating to health, religion, or ethnic origin.

As a Controller, Aurum does not process special categories of personal data unless it is required to do so by law.

6. What Rights Do You Have Regarding Your Personal Data?

You have the following rights regarding your personal data:

• To request a copy of and access to your data;
• To receive information about how your data is processed;
• To have inaccurate data corrected;
• To have incomplete data completed, taking into account the purposes for which it is processed;
• To have your data erased;
• To have the processing of your data restricted;
• To object to the use (processing) of your data. If we use your data for direct marketing purposes and you ask us to stop, we will cease such use. For example, you may do so by clicking the unsubscribe link in a message;
• If you have given consent for a specific use of your data, to withdraw that consent. Withdrawal will only affect future processing. For example, if consent is required to process a meal preference that may reveal your religious beliefs, we may be unable to process your order without that consent;
• If you have provided the data yourself, or if the data was generated by you and processing is based on your consent or necessary for the performance of an agreement, and the data is processed electronically, you have the right to receive your data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transferred directly to another party at your request;
• To lodge a complaint with the competent data protection authority. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise your rights, please contact us using the details provided under “Where Can I Submit a Question or Complaint?”. In certain circumstances, we may have the right to refuse your request or comply with it only partially.

7. Are Your Personal Data Shared with Other Parties?

We use ICT service providers that process personal data on our behalf as Processors.

As part of our normal business operations, contact details may be shared with other parties, for example through email communications. However, we do not share databases with third parties, nor do we ever sell your personal data.

We may also be required to share personal data in order to comply with legal obligations, for example at the request of tax authorities.

8. Are Your Personal Data Transferred Outside the EEA?

Our servers are located exclusively within the European Economic Area (EEA).

We may also use Processors that process data outside the EEA. If data is transferred to countries that do not provide an adequate level of protection, we will implement appropriate safeguards to ensure your data remains adequately protected.

You may request a copy of these safeguards using the contact details provided under “Where Can I Submit a Question or Complaint?”.

9. Does Aurum Use Cookies?

Aurum uses cookies when providing its online services. Cookies are small text files that may be placed on your computer, tablet, or mobile phone when visiting the Aurum website.

Further information can be found in Aurum’s Cookie Statement, available on our websites.

Aurum uses Google Analytics. Google is certified under the Data Privacy Framework, which means that appropriate safeguards have been implemented to protect your privacy.

We have configured Google Analytics in a privacy-friendly manner. This includes agreements regarding the handling of collected data, including that Google is not permitted to share the data or use the information obtained for other Google services.

For more information, please read Google’s Privacy Policy or opt out completely via Google‘s opt-out service.

10. How Long Do We Retain Your Personal Data?

As a general rule, we apply the following retention periods:

• Data relating to contact persons at suppliers, customers, other business relations, and users of our ICT services is retained for the duration of the relationship and for a period of five years thereafter;
• Data relating to unsuccessful job applicants is retained for up to four weeks after completion of the recruitment process, or up to one year with the applicant’s consent;
• Data relating to individuals who contact us is retained for as long as necessary to complete the communication and for a period of five years thereafter.

11. Where Can I Submit a Question or Complaint?

For questions or complaints regarding the processing of personal data by Aurum Europe B.V. in its capacity as Controller, you may contact Aurum’s Privacy Officer.

E-mail:   privacy@aurumeurope.com

12. Can Aurum Amend This Privacy Statement?

Yes. Aurum may make minor changes to this Privacy Statement from time to time. We will inform you in advance of any significant changes.

The most current version of the Privacy Statement can always be found on our website.