Last amendment: 13 June 2022
Privacy mission statement
Our Mission: Enable 5CA to navigate a dynamic future in privacy through transparent, ethical and innovative uses of personal data.
5CA Privacy Team is a division of the 5CA Legal and Compliance department.
We strive to be a valued partner and advisor to 5CA community by providing guidance and training on privacy laws, policies and best practices.
Long Term Goals:
- Promulgate privacy by design
- Build trust as a data steward
- Manage privacy risk proactively and pragmatically
- Advocate for the innovative and ethical use of data
- Be a recognized leader in data privacy
Who are we?
5CA B.V., Stationsstraat 154, 3511 EK Utrecht (“5CA”, “we, us, our”), as a controller of your personal data, strives to be transparent and clear. Our goal is to treat the data of our customers, employees, website visitors and other individuals involved in our actions carefully and with respect.
Personal data means any information that can be used, alone or together with other data, to uniquely identify a human being.
Examples of such data are: name, email address, ID numbers or location data.
Which information do we collect and why?
A large part of our Website does not require your personal data. For certain parts of the Website, it is necessary for us to process personal data. Overall, we have a lean Website and you do not need to register to use our Website. Nevertheless, we process some personal data to make the Website work, and to offer you the Website Services.
5CA processes personal data of:
- Website Visitors
- Job applicants who apply for a vacancy via Careers Portal
|Data Source/ Website Service||Personal Data||Purpose/Use|
|Website Visitors (via Cookies and other similar means)||
||To provide certain features of the Website
To enhance your user experience
To understand and save your preferences for future visits
To advertise on other sites
To compile aggregate data about site traffic and site interaction so that we can offer better Website experiences and tools in the future
For statistical analysis and market research
|Website Visitors who use our “Get in Touch”/”Contact Us” contact form||
To get you in touch with our CX specialists
To proceed with your questions and requests and provide you with sufficient information.
||We process personal data of the candidates who have applied for open vacancies in our Careers Portal. When you visit our Careers Portal and apply for a job opening, we collect your personal information to process your application.|
We use essential cookies for our website to operate and we rely on the legitimate interests ground under Article 6(1)(f) GDPR.
We process personal data based on consent according to Art. 6(1)(a) GDPR, which you are free to give or refuse. You’ll see consent options when you visit our website for the first time. You can change your decisions at any time by setting your cookie preferences. If you change your decision, it will not affect the lawfulness of processing based on consent before its withdrawal. For us to process your requests you provide us with your personal information (via “Get in Touch”/”Contact Us” and “Apply for this job” forms). Based on your consent, we collect that personal information and process your request.
Compliance with a legal obligation
To comply with our legal obligation. In case of a violation, alleged unlawful activity or when we need to uphold our Terms, we need to be able to search or share (some of) your personal data.
5CA will save your data for as long as it is necessary for the purpose for which it was provided. We regularly go through our systems to check if your personal data is still necessary for the purposes for which they were provided.
In addition to the above, in some circumstances we may store your personal data for longer periods, for example:
(i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or
(ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or
(iii) if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
Sharing personal data with third parties
5CA only provides personal data to third parties when this is permitted and done carefully. Personal data will only be provided to third parties if you have given permission yourself or if this is permitted under the General Data Protection Regulation or other applicable privacy legislation. Data is provided to parties that help 5CA to perform services for you or to maintain our Website. If you provide your consent for using your data for marketing purposes, we may share your data with third parties for marketing purposes.
These parties may be located in the Netherlands, other countries in the European Economic Area or elsewhere in the world. Where personal data is stored by us outside the EEA, we will ensure an appropriate level of protection for the data transferred. We require service providers and other service providers to take appropriate measures to protect the confidentiality and security of personal data.
Data transfers, storage, and processing globally
How we protect your information?
Ensuring the security of your personal data is very important to us which is why we have taken different technical and organizational measures to ensure this. We want to avoid any personal data from unauthorized access, disclosure, use or alterations. This is why:
- We use regular Malware Scanning.
- Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
- We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal data.
We have implemented commercially-reasonable technical, organizational and security measures designed to protect your personal data. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration intoto our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
If 5CA experience a data breach and your information are affected, 5CA Privacy Team (email@example.com) will inform you if required by applicable law. 5CA may be also legally bound to contact the local data protection authorities.
Which cookies do we use?
Cookies and similar tracking technologies, such as beacons, scripts, web beacons and tags (which together we refer to as “cookies”), are small bits of text, usually stored on a user’s computer hard drive or within a browser. They enable a website (and/or other websites which can recognise a cookie) to remember information about the user’s visit to that website.
Cookies are used to make the website work, or to work more efficiently, as well as to provide information to the owners of the website.
Your privacy rights
- You have a right to lodge a complaint with your local data protection supervisory authority: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority or to seek a remedy through the courts.
- You have the right to object to profiling.
- You have the right to object, to or to request restriction, of the processing: In certain circumstances, you also have the right to object to the processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us.
- You have the right to request that we rectify any personal data.
- You also have a right to request certain details of the basis on which your personal data is transferred outside the European Economic Area.
- You have the right to data portability: You have the right to request that some of your personal data is provided to you, or another data controller, in a commonly used, machine-readable format.
- You have the right to request the erasure/deletion of your personal data: You have the right to [ask/require] us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
- You have a right to access personal data held about you: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
- You have the right to withdraw: If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
You can exercise your rights by submitting a request to firstname.lastname@example.org
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly in accordance with applicable law or inform you if we require further information to fulfil your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honouring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.