Model privacy statement: and JP de Jong Parts. (version May 22, 2018)  




  We process personal data in the context of our services. We may have received this information from you, for example via our store, website, email, telephone or app.  

In addition, we may obtain your personal data in the context of our services via third parties (for example your employer). With this privacy statement we inform you about how we handle this personal data.  


 Personal data to be processed 


    Which personal data we process depends on the precise service and circumstances. This often concerns the following data: 

 Name and address details; 

 Function of contact persons; 

 Date and place of birth; 

 Gender; 

 Contact details (email addresses, telephone numbers) and name and position of     contact persons; 

 Copy of identity documents; 

 Citizen service number (only if necessary!); 

 Age; 

 Bank account number; 

 Information about your activities on our website, IP address, internet browser and device type.


    Purposes and bases for the processing:




In a number of cases we process personal data in order to comply with a legal obligation, but we usually do this in order to provide our services. Some data is recorded for practical or efficiency reasons, which we (may) assume are also in your interest, such as: 

 Communication and information provision; 

 To be able to provide our services as efficiently as possible; 

 The improvement of our services; 

 Billing and collection.




The above specifically means that we do not use your personal data for marketing purposes or to send you advertising materials or messages about our services, if we believe that these may not be of interest to you. 


We may contact you to request feedback on services provided by us or for market or other research purposes. In appropriate cases, we may want to process personal data for reasons other than the above and we will ask you for explicit permission to do so. 

If we ever want to process personal data that we are allowed to process based on your consent for other or more purposes, we will first ask you for permission again.



Finally, we may also use your personal data to protect our own and our users' rights or property and, if necessary, to comply with legal process.


Provision to third parties In the context of our services, we may use the services of third parties, for example if these third parties have specialist knowledge or resources that we do not have in-house. These may be so-called processors or sub-processors, who will process the personal data based on your exact instructions. 


Other third parties who, strictly speaking, are not processors of the personal data, but who do or may have access to them, are for example our system administrator, suppliers or hosting parties of online software, or advisors whose advice we obtain regarding your assignment.




 If engaging third parties means that they have access to the personal data or that they record and/or otherwise process themselves, we will agree (in writing) with those third parties that they will comply with all obligations of the GDPR. Naturally, we will only engage third parties from whom we can and may assume that they are reliable parties that handle personal data adequately and can and will comply with the GDPR legislation. 


This means, among other things, that these third parties may only process your personal data for the purposes mentioned above.

Of course, we may also have to provide your personal data to third parties in connection with a legal obligation such as the tax authorities and the judiciary.   


Under no circumstances will we provide your personal data to third parties for commercial or charitable purposes without your explicit consent. 


                                                         Retention periods: 


    We will not process your personal data for longer than is useful for the purpose for which it was provided (see the section 'Purposes and bases for processing'). This means that your personal data will be kept for as long as it is necessary to achieve the relevant goals.  

Certain data must be kept for a longer period (usually 7 years), because we have to comply with legal retention obligations (for example the tax retention obligation) or in connection with regulations from our professional association. 




We have taken appropriate organizational and technical measures to protect personal data to the extent that they can reasonably be expected of us, taking into account the interest to be protected, the state of the art and the costs of the relevant security measures. 


We oblige our employees and any third parties who necessarily have access to the personal data to maintain confidentiality. We also ensure that our employees have received correct and complete instructions about the handling of personal data and that they are sufficiently familiar with the responsibilities and obligations of the GDPR. 


If you wish, we will be happy to provide you with further information about how we have designed the protection of personal data.


    Your rights: 


You have the right to inspect, rectify or delete the personal data we have about you (except, of course, if this conflicts with any legal obligations). You can also object to the processing of your personal data (or part thereof) by us or by one of our processors. 

You also have the right to have us transfer the data you provide to yourself or directly to another party.                                             

Incidents with personal data: 


If there is an incident (a so-called data breach) regarding the personal data in question, we will inform you without delay, unless there are compelling reasons, if there is a concrete risk of negative consequences for your privacy and the realization thereof. 

We aim to do this within 48 hours after we have discovered this data breach or have been informed about it by our (sub)processors.




If you have a complaint about the processing of your personal data, we ask you to contact us. If this does not lead to a satisfactory outcome, you always have the right to file a complaint with the Dutch Data Protection Authority; the supervisory authority in the field of privacy. 


    Processing within the EEA:


We will only process the personal data within the European Economic Area, unless you agree to other written agreements with us. Exceptions to this are situations in which we want to map contact moments via our website and/or social media pages (such as Facebook and LinkedIn). 


Consider, for example, visitor numbers and requested web pages. Your data is stored by third parties outside the EU when Google Analytics, LinkedIn or Facebook are used. These parties are 'EU-US Privacy Shield' certified, so they must comply with European privacy regulations. However, this only concerns a limited number of sensitive personal data, such as your IP address in particular. 




Undoubtedly, our privacy policy will be changed from time to time. The most recent version of the privacy statement is logically the legally applicable version according to the GDPR law and can be found on this website. 




We hope that this privacy statement has given you a clear picture of our privacy policy. However, if you have any questions about how we handle personal data, we would like to hear from you.



    The first point of contact for privacy aspects at our organization is: 

  Jan de Jong and/or Fini van Breugel, 0031 416-336261, .