Privacy Policy

1. Introduction

BRB processes personal data on a daily basis and adheres to the law when doing so. BRB respects the privacy of the persons whose information it receives and processes and treats that information as strictly confidential. In this privacy statement, we explain which personal data BRB processes and the purposes for which it processes that data. We advise you to read this privacy statement carefully.

BRB is the Controller for the purposes of processing and storing your personal data. If you have questions about the contents of the privacy statement, please contact BRB’s Data Protection Officer by sending an e-mail to: dataprotectionofficer@brbbv.com.

2. Personal Data

Performance of purchase and manufacturing agreements
In order to process and deliver your order, we need your name, e-mail address, payment details, and telephone number. We also give these data to third parties, such as delivery services. We only do this if it is necessary to perform the purchase or other agreement to which you are a party.

Provision of services
In order to supply you with services, we need your name, e-mail address, payment details, and telephone number. Having this data enables us to process your request, contact you, supply our services, and update you on the process. We provide your personal data to third parties if we have to do so to supply our services.

Direct Marketing
In order to generate new business, we collect commercially relevant information about companies, such as a company’s market position, its potential further interest in our products, and the persons within the company with whom we are, or would like to be, in contact. From those persons, we collect contact details, information on their visits to trade fairs, notes based on telephone and other discussions, and reports of visits. We collect similar information about current or potential suppliers. This information is carefully organised and stored in a database that can only be accessed by authorised employees. We do this based on our legitimate commercial interest.

Social media
BRB can be found on various social media outlets, such as Facebook and LinkedIn. We can use your personal data when you use functions on these websites and/or apps, such as when you ‘like’ something on Facebook. If you use such a function, we can obtain your personal data – such as your IP address, browser data, and registration details on Facebook and/or LinkedIn – from the social media outlet in question

Application procedure
BRB collects and processes data from applicants through personal contact, by post, by e-mail, and/or by telephone. We collect data such as an applicant’s name, gender, contact details, application letters, education level, and employment history. These data are relevant for completing the application procedure and will be deleted by no later than 4 weeks after that procedure is completed. If you consent, BRB may keep your personal details in its records for a longer period of time so that we may contact you again in the future.

Employees
BRB also processes the personal data of its employees in the context of their employment contracts and based on statutory grounds. Please refer to our personnel policy for information about the processing of employees’ personal data.

3. Recipients

We do not share your personal data with companies, organisations, or individuals outside BRB, except in the following circumstances.

Performance of an agreement
We are permitted to provide your personal data to a third party if this is necessary for us to meet our contractual obligations to you. These obligations include processing and – if applicable – delivering your order.

With your consent
With your consent, we can provide your personal data to other parties. Such consent is only valid if you are clear about what you are consenting to and what the consequences of that consent will be.

For external processing
We provide personal data to our partners so they can process these data for us based on our instructions and in accordance with our privacy policy and other applicable confidentiality and security measures. Our partners include our IT suppliers and the manager of the CRM system.

For legal reasons
We share personal data if we believe we are required to disclose that data to comply with applicable laws and regulations, legal proceedings, or requests from government agencies.

Statutory obligation
We will provide your personal data if we are required to do so by law. That might be the case, for example, if the police request data from us in the context of a fraud investigation. Another example might involve a request from a Tax Inspector, who is entitled, pursuant to Section 47 of the Dutch General Tax Act [Algemene wet inzake rijksbelastingen], to demand all information that could be relevant to the imposition of taxation.

BRB makes agreements with recipients of your personal data to ensure that your personal data are secured and treated as confidential

Retention period
We do not keep your personal data any longer than necessary, unless the law requires us to keep your personal data for a longer period of time. Our basic principle is that we keep personal data only as long as necessary to enable us to supply you with our products and/or services. After this goal is achieved, we will delete your personal data to the extent possible. For example, if you have provided us with your e-mail address so that we can update you on our services, we will retain your data for that purpose.

4. Transfer of personal data outside the EU

BRB may transfer your personal data from the Netherlands to another country. Countries within the European Economic Area (EEA) have same level of personal data protection as the Netherlands. With due observance of the general requirements of privacy laws and regulations, we may transfer your personal data. We may do this within our group, for example, to keep our business operations effective.

We will only transfer your personal data outside the EEA if the country in question offers a suitable level of protection. To that end, BRB uses model contracts approved by the European Commission. Your personal data will primarily be transferred to branches within our group for the purposes of our internal business operations. For example, we maintain branch offices and production facilities in Asia, Singapore, and Malaysia.

5. Your rights

You can assert several statutory rights against us: you are entitled to access, correct or supplement and delete your personal data, and restrict the processing of your personal data, as well as to have digital data transferred to you and to assert an objection. We explain these rights below. We also explain how you can assert these rights against us.

Right of access
At your request, we will notify you in writing about whether we process your personal data. Upon making such a request, you must identify yourself using a copy of your driving licence or an identity document. In our response, we will explain which of your personal data we have processed, or are still processing. We will also explain the purpose for which your data were or are being processed, with whom those data are shared, how long we still expect to store these data, and which rights you can assert.

Correction or supplementation
Once you have examined your personal data, you may request us to correct errors or add information to rectify incomplete data. Our response to your request will contain the reasons for that response. If we implement a correction, you will receive an additional statement from us. Any recipients of your incorrect or incomplete data will also receive that statement.

Deletion of data
You can request us to delete your personal data from our systems in one or more of the following cases:

  • the personal data is no longer needed for the purposes for which we processed it;
  • you revoke your consent to further processing; and there is no other ground for processing the data;
  • you submit an objection, with grounds for that objection, and there are no compelling reasons for not honouring your objection;
  • we have processed the personal data unlawfully;
  • we must delete the data pursuant to a statutory obligation

Restriction of processing
If you have reported an error or deficiency in your personal data to us, you can request us to restrict the processing of your personal data as long as we are processing your request. You may also request us to restrict our processing of your personal data if you believe that we are processing your data unlawfully, if we no longer need that data, or if you have objected to the further processing of your personal data. After receipt of your restriction request, we will only process the data after obtaining your consent or for compelling reasons (such as judicial proceedings).

Transfer of digital data
If you have provided us with personal data in a structured, commonly used digital file format and we have processed your data with your consent or as part of our performance of an agreement with you, you have the right to request a copy of this data from us. In those cases,
you can also request us to forward your data directly to another service provider.

Objection
You may object at any time to the processing of personal data that relates to you. That is particularly true when it comes to profiles we have created based on your personal data. We will cease processing your data after we receive your objection, unless we have compelling, justified interests in continuing processing that outweigh your interests, rights, and freedoms.

If we process your personal data for direct marketing purposes, you can object to such processing at any time, upon which we will immediately cease that processing.

Asserting your rights
If you wish to assert one or more of the rights explained above, please contact us via our email address: dataprotectionofficer@brbbv.com. BRB will decide on your request within four weeks, unless we notify you during that four-week period that we need more time.

Are your personal data being processed based on your consent? You are entitled to revoke that consent. The revocation of your consent will not affect previous processing done based on that consent.

6. Complaints

Do you have a complaint about the use of your personal data? We refer you to the complaints procedure used by the Dutch Data Protection Authority [Autoriteit Persoonsgegevens], which is the agency authorised to address your complaint.

7. Questions?

Do you have any questions? If so, please e-mail them to: dataprotectionofficer@brbbv.com.

This privacy statement accords with the General Data Protection Regulation. We reserve the right to update this privacy statement periodically. The most recent version will be published on this page.

May 2018 version