PRIVACY AND COOKIE STATEMENT DIGITAL TRUST SOLUTIONS
This Privacy and Cookie Statement was last amended on 4 January 2022.
The services and websites of Digital Trust Solutions | Trust Tester b.v. (‘DTS’) involve the processing of privacy-sensitive data known as personal data. The careful handling of personal data is of great importance to DTS. Accordingly, we process and protect personal data with the greatest possible care.
We adhere to privacy law requirements when processing data. This means, among other things, that we:
- state clearly for which purposes we process personal data through the Privacy and Cookie Statement;
- try to limit the collection of personal data to data required for legitimate purposes; - ask you for your express consent before processing your personal data in those cases in which your consent is required;
- take appropriate security measures to protect your personal data and require parties who process data on our behalf to do the same;
- respect your right to inspect, correct or delete your personal data upon request.
We are the controller in the data processing operations detailed below. In this Privacy and Cookie Statement, we explain which personal data we collect and use in our capacity as controller, and for what purpose. We recommend that you read this statement carefully.
The various roles of DTS as ‘processor’ and ‘controller’
As briefly mentioned above, this Privacy and Cookie Statement applies in situations in which DTS can be considered the ‘controller’, i.e. situations in which DTS determines the purposes and means of the data processing
There are many situations in which DTS, as a cloud service provider, takes on the role of ‘processor’. In that role, DTS processes personal data on the instructions of its customers. In this case, it is the customers of the services concerned who decide that their personal data are to be processed and instruct DTS as a supplier to do that. DTS then carries out the instruction; it does not take any independent decisions with regard to these personal data. DTS is expressly not a controller with regard to these personal data. In cases such as these, you will have to be informed of the data processing by the organisation from which you have purchased the service.
It is also possible that we, as a supplier of our cloud services, still have to take on the role of 'controller'. In this case, you will be informed in advance, before you start using our cloud services, that we process the data as an independent organization for you as a customer.
Use of personal data
In using our website or service, you deposit certain details with us, which may include personal data. We collect and process these data solely for the purpose for which you provide them to us. Personal data may only be processed for specific, explicitly defined and legitimate purposes. These purposes are detailed below.
In addition, the collection and processing of your personal data is always based on one of the following legal grounds:
- You have consented to the processing of your personal data.
- Processing is necessary for the performance of an agreement and our services or the services of our client.
- We have a legitimate interest in the processing of your data.
- We are under a legal obligation to process your data.
Below, for each purpose we will describe the legal basis for processing your data and provide more information about our processing operations.
The purposes for which we process your personal data are explained in more detail below.
Requesting via the website of a quotation
You can request a quotation via our website or other communication channels without obligation. For this purpose, we will ask you to provide your company name, first and last name, email address and telephone number. We use that information to prepare and send the quotation, and to communicate about the quotation and the services.
We process the above data as part of our preparations for concluding the agreement between you and DTS.
Provision of data to third parties We register your data in our CRM application and online accounting package. In addition, we store the signed quotations within our IT supplier’s cloud environment.
Product-specific requirements for the purchase of services
In certain cases DTS is obliged by law, or pursuant to obligations imposed by its suppliers, to obtain additional information from you.
As regards the delivery of iDIN, this type of service falls within the scope of the Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft) and DTS is obliged to retain certain data of the UBO (Ultimate Beneficial Owners) and the duly authorised representative. UBO data to be retained are the first and last name, company name, date of birth and nationality. Duly authorised representatives must verify themselves via iDIN, which involves the processing of their first and last name, address, postcode, email address, signature, IP address and date of birth. Pursuant to the Wwft, these data must be recorded in the context of client screening to prevent money laundering and terrorist financing.
We process the above data in order to comply with our legal obligations.
Provision of data to third parties The above data are stored within our IT service provider’s cloud environment and will only be provided to them on request.
Requesting an online demo, API information
You can request an appointment via the website for an online demo. To schedule the appointment for the online demo, you will have to give us your name, email address and telephone number.
To request API information, you will need to provide your company name, name, email address and telephone number.
We will process the above data on the basis of the agreement for the provision of requesting a quotation or API information.
Provision of data to third parties We will include your information in our CRM application. Your data will also be processed within the cloud environment of our IT service provider.
Handling your orders and provision of services
If you place an order with us you agree with our offer, we will use your personal data to be able to handle the transaction properly. We will use your personal data for the provision of the services, such as informing you about the status of the services, but also to arrange the logging procedure, provide backups, create your account and perform management and support tasks.
For these purposes, we will use your name and address details, telephone number, email address and company name.
Provision of data to third parties In this processing operation your data will be made available to the supplier of our CRM application.
DTS provides support in various ways, for example by email, telephone and through our chat module. For the options available to register your questions and/or incidents see the Service Level Agreement (SLA) you have concluded with us. For example, you can start a chat via our website or within the online environment, send an email to our support desk or ask your questions by telephone. If you send an email, a ticket will be created internally and your question will be forwarded to the relevant department.
Via our ticketing system, customers who have purchased an SLA have their own environment in which we can view details such as the status of the tickets linked to their organisation.
Depending on the method chosen, we will ask you to share certain information with us. This may be your name and address details, and possibly your email address, telephone number, customer number and any information you provide yourself. In certain cases, we process internal notes in connection with your request for support. You can also, upon request, share a document containing the details of signatories.
We will process these data under the terms of our agreement with you.
Provision of data to third parties For communication via email, contact form or chat we use the services of IT service providers, such as a ticketing system, a chat module and a support tool. Finally, your data may be entered in our CRM system.
Requesting a white paper
You can request white papers via our website. The white paper will be sent to you after you have entered your company name and email. We use these data to send you the white paper and to follow up on it, for example to ask you whether the information is clear, and to invite you to a meeting or to subscribe to our newsletter.
We will process the above data on the basis of your consent.
Provision of data to third parties Your data will be provided to the email service provider we use when sending emails. In addition, your data will be processed in our CRM application.
Communication via the contact form or by chat, telephone, email or video conference
You have the option to ask questions, submit a complaint or report a possible security incident, via a contact form on the website. In order to be able to process your request, complaint or report, you must fill in your name, company name, e-mail address and telephone number.
If you have a question, you can also contact DTS by telephone. In certain cases we will ask for your name, telephone number and company name, for example to be able to call you back later.
Using the chat function via the website
Our website also has chat functionality. In principle, you do not need to share any data to be able to use the chat. During the chat session, however, we may ask you to share some information, such as your company name, email address and telephone number, so that we can contact you again later.
Asking questions by email
You can also ask your questions by email, in which case we will process, as a minimum, your (business) email address and name, and any other data that you share with us.
Finally, we can make an appointment with you for a video conference call. In such a case we will process, as a minimum, your email address to be able to send you the invitation. You then have the choice to participate in the conference call, give a user name and join with or without video functionality.
We use these data to answer your questions, communicate with you and send you the necessary information. If you are a customer, we will process these data under the terms of our agreement with you.
If you are not a customer, will we process these data on the basis of our legitimate interest in answering your questions.
Provision of data to third parties
For communication via email, contact form or chat, we use the services of IT service providers, such as a ticketing system, a chat module and a video conference tool. The suppliers of these services may become aware of your data. In addition, we process part of your data in our CRM application.
If you purchase services from DTS, this will be subject to a fee. In order to collect this fee, we need certain information from you, for example to be able to execute the direct debit mandate or to send you an invoice.
If you are our supplier and we purchase services from you, we will process certain data in order to process and pay your invoice.
For these purposes, we will process your name and address details, payment details, email address, telephone number, Chamber of Commerce number, tax data, invoices, contact name, position and company name.
We will process these data under the terms of our agreement with you.
Provision of data to third parties Your data will be recorded in our ticketing tool, CRM application and invoicing tool and by the accounting firm that handles our administration.
When DTS engages suppliers, it will include specific contact information in its systems for payment and invoicing purposes, for communication purposes and with a view to the services provided by the supplier concerned. In such cases, DTS will process the names, address details, email address, telephone number, company name and payment and invoicing details.
We will process the above data under the terms of our agreement with you.
Provision of data to third parties We register your data in our CRM application and online accounting package. The suppliers of these services process your data on the instructions of DTS.
Applying for a job at DTS
Our website allows you to respond to vacancies or send an open application. You can also submit your application via other communication channels of DTS, such as the contact page or by email. We may ask you to provide necessary information, such as your name and address details, telephone number, CV, certificate of conduct, lists of marks, diplomas, motivation letter and any references.
We will keep your data during the application procedure and for no more than twelve weeks after the end of that procedure. However, with your consent we may retain this information for up to one year, so as to be able to approach you should a relevant vacancy become available in the future.
We will process the above data on the basis of our legitimate interest in, for example, assessing whether we will engage you on the strength of your application and, in certain cases, on the basis of your consent as required to ultimately conclude an agreement.
Provision of data to third parties In certain cases, we may need the help of an external recruitment services company. In such a case, we may send your data to them in the context of your application. In addition, certain data are processed within our IT service provider’s cloud environment, for example to schedule an online appointment.
Improving our services and informing you about service-related developments
In the context of product management, DTS registers possible new functionality suggested by its customers and users. In doing so, DTS only processes the company name and, in certain cases, the name of the contact person.
In addition, through the account environment DTS will inform you about new functionality, maintenance work, possible malfunctions and any other matters relevant to the services you purchase from us. In doing so, we will only process your account data to ensure that the message reaches you.
We will process these data under the terms of our agreement with you.
Provision of data to third parties We use the email services of a third party to send the newsletters. We use an external registration tool to register new product features.
We keep statistics on the use of our services and the website. The statistics cannot be traced back to any individual.
We will process these data based on the consent you have granted via the cookie banner and on the grounds of our legitimate interest with regard to these general statistics.
We will not retain the data for the aforementioned purposes longer than is necessary. This means that we will retain your data for as long as is necessary, for example, to provide our services to you, to perform the agreement, or until we are sure that you are satisfied with our services, until we have answered all your questions.We may need to keep your data for a longer period in connection with a statutory retention obligation, for example the obligation to retain tax records.
Provision of data to third parties
Apart from the provision of your personal data to third parties as described above, we will not share your information with other parties without your consent, unless we are required to do so by law.
We enter into strict agreements with the parties that receive your data that clearly state which personal data are shared and why. We will ensure that your data are not used for any other purposes. We will also ensure that these third parties protect and destroy your data as soon as they no longer need them.
A pop-up indicating that clicking the ‘agree’ button on our website denotes acceptance of the cookies is displayed the first time that you visit our website. By clicking this button, you allow us to use all cookies and plug-ins as set out in the pop-up and in this Privacy and Cookie Statement. You are free to disable cookies in your browser. Please note that doing so could mean that our website will no longer function optimally.
We have no control over what parties themselves do with the cookies. Cookies have a shelf-life date: some are session cookies and others are subject to a different, specific retention. If you wish you can remove cookies earlier. This is a manual operation; please consult the instruction guide for your browser.
We take security measures to minimise the risk of misuse of and unauthorised access to personal data. As described in our ISMS.
This statement does not apply to third-party websites that are connected to our website through links. We cannot guarantee that these parties will treat your personal data in a reliable or secure manner. We therefore recommend that you read the privacy statements relating to these websites before using them.
Transfer outside the EEA
Our suppliers may store information in and transmit information to the United States. We are aware of the ruling of the European Court of Justice of 16 July 2020, which has implications for the transfer of personal data. Our servers and storage are only located in Europe. We do not have to transmit information to the United States. If you have any questions about the processing of your personal data, please contact us using the contact details in this privacy statement.
Changes to this Privacy and Cookie Statement
We reserve the right to amend this statement. New versions will be published on this website and we will make sure that old versions remain available. We recommend that you check this statement regularly, to ensure that you are aware of these changes.
You can contact us at any time if you have any questions or wish to know which of your personal data we hold. Please send your request to firstname.lastname@example.org
You have the following rights:
- to receive an explanation of what personal data we have collected about you and how we use that data;
- to inspect the specific personal data that we have collected;
- to have errors corrected and have your personal data supplemented if they are incorrect or incomplete; to have personal data deleted;
- to withdraw your consent; to limit specific processing operations;
- to object to a particular use (for example, a processing operation based on a legitimate interest or for direct marketing purposes).
In the interests of preventing misuse and fraud, we may ask that you provide proper identification. In principle, we will comply with your request within one month. However, this term may be extended for reasons relating to the specific rights of data subjects or the complexity of the request. If we extend this term, we will inform you of that in due time.
Needless to say, we will be happy to help should you have any complaints about the processing of your personal data. Under privacy law, you are also entitled to lodge a complaint with the Dutch Data Protection Agency against the processing of your personal data.
If you have any questions regarding your privacy and our Privacy and Cookie Statement, please send an email using the following contact details:
Digital Trust Solutions Kobaltstraat 11C 1411 AM Naarden
+31 (0)85 401 4929