Privacy policy.
Table of Contents
Introduction
Workplace Consultant (“Workplace”, “we”, “us”, or “our”) cares about your privacy and thinks it's important to be transparent about how your personal data is handled. We collect your personal information, but we want you to know that we respect your choices and rights about your data. To ensure this, we have carefully drafted this policy. We aim to help you understand what we do with your data and how we handle it. When you use any of Workplace's services, you confirm that you have agreed to the Terms and Conditions↗︎ and that you have read and understood this Privacy Policy and Cookie Policy. Therefore, it is recommended that you read this policy carefully and contact Workplace if you have questions or concerns.
About Workplace
Workplace Consultant is the controller of your data and legally registered as:
Holding company of 'Workplace Consultant'
KvK: 91103207
BTW: NL865552381B01
Locatie: Amsterdam, Nederland
Trading as 'Workplace Consultant'
KvK: 91105382
BTW: NL865553117B01
Locatie: Amsterdam, Nederland
The entities mentioned above are collectively referred to as "Workplace". Unless stated otherwise, this Privacy Policy applies to all of Workplace's externally facing apps, services, tools, websites, and other Data processing activities where Workplace is responsible for Data processing (or any local equivalent) discussed in this Privacy Policy. Workplace is the first contact for the Data subject to comply with the legal requirements of the General Data Protection Regulation (GDPR).
Data Collection Methods
Workplace gathers and handles data in various ways. You may have given us data directly, or when you use Workplace's services, share Workplace's content on social media, post a comment, complete a customer survey, submit data via a web form, or browse our website with your browser's cookies enabled. We may combine such information with information we may already have about you.
Data Retention Policy
Workplace is committed to safeguarding your personal data and will only retain it for as long as necessary. Specific records management and retention policies and procedures e.g. will determine the retention period;
-
Your data will be retained as long as there is an ongoing relationship between you and Workplace.
-
The data will only be kept for as long as it is required to provide Workplace's services.
-
Moreover, Workplace will retain your data for as long as necessary to comply with legal or contractual obligations.
Usage of Your Data
We want to outline how we use your personal data. The purposes for which we process your data have been divided into categories, and we have also included the data that we use for each specific purpose, the legal basis for this processing, and how long we will keep your data.
IP Address Handling
To maintain the security of our services and for diagnostic purposes, we collect your IP address. This helps us to prevent unauthorised access to your account, identify and troubleshoot potential server malfunctions, and establish a connection to our website, ensuring you can receive the content you request quickly and reliably.
Below, you will find a breakdown that should help you to understand how Workplace is using your data:
Financial Information
In this section, we detail how we handle and process financial information, such as transaction data and billing details, necessary for the smooth operation of our services.
| Data | Name and address of the seller and the buyer, tax identification numbers, the signatory data, if any, and other data included in invoices and other accounting documents. |
| Source of Collection | This information is typically collected directly from you when engaging in a contractual agreement or transaction with Workplace, as detailed in the 'How do we obtain your personal data?' section. |
| Legal Basis | The processing is carried out to perform the legal obligations incumbent on Workplace (keeping accounting records) and to implement Workplace's legitimate interests (possible investigation or protection against claims, payment for services) under points (c) and (f) of Article 6(1) of GDPR. |
| Retention | Maximum 7 years - due to the applicable tax regulations and the periods of limitation of claims. |
Service Provision
Here, we describe the collection and use of data essential for providing and improving our services, including your home address, email, and other service-related information.
| Data | Home address, E-mail, Customer file Data, Financial Data, Data necessary to provide the service, and Data generated by the service. |
| Source of Collection | Collected when you sign up for or use Workplace’s services, as elaborated in the 'How do we obtain your personal data?' section. |
| Legal Basis | Necessary for the performance of a contract with Workplace. |
| Retention | Maximum seven years: This period aligns with standard business practices and legal requirements for financial record-keeping in many jurisdictions. It's a reasonable period for retaining data necessary for contract performance and dispute resolution. |
Communications
This contains data that could be collected during online communication, including email and Microsoft Teams conversations and phone numbers for telecommunication purposes.
| Data | E-mail address, first and last name, and any other data provided in e-mail correspondence. |
| Source of Collection | As outlined in the 'How do we obtain your personal data?' section, this information is collected when you subscribe to our newsletter, fill in a contact form, or engage in email communications with us. |
| Legal Basis | The processing is carried out to implement Workplace's legitimate interests – i.e., maintaining e-mail correspondence under point (f) of Article 6(1) of GDPR. |
| Retention | Maximum 7 years - due to the applicable tax regulations and the periods of limitation of claims. The retention period complies with legal obligations for record-keeping and limitation periods for potential legal claims. |
Analytics Use
This part explains our practices around collecting and analysing data to enhance website functionality and user experience, focusing on how we use analytics tools and data.
| Data | Name, E-mail, and the content of the submission or review. |
| Source of Collection | Obtained when interacting with our website forms, as explained in the 'How do we obtain your personal data?' section. |
| Legal Basis | Legitimate interest; consent is explicitly given through the web form; we collect the Data (name, e-mail address, and content message) requested in the web form to track and respond to your submissions. |
| Retention | Maximum 5 years: This duration is appropriate for analytics purposes, allowing for trend analysis over a significant period while not retaining data longer than necessary. |
Forms and Feedback
In this category, we outline our approach to the data collected through various forms and user reviews on our website, emphasising the importance of this feedback in improving our services.
| Data | Name, E-mail, and the content of the submission or review. |
| Source of Collection | This is provided by you when you fill out forms or leave reviews on our website, as referenced in the 'How do we obtain your personal data?' section. |
| Legal Basis | Legitimate interest; consent is explicitly given through web form; we collect the Data (name, e-mail address, and content message) requested in the web form to track and respond to your submissions. |
| Retention | Maximum 5 years: Similar to Analytics, this period is reasonable for the purpose of tracking customer feedback and history of interactions. |
User Engagement
You can engage with this website's content differently. For instance, you can share our content and show appreciation using ‘simple likes’ and -/or post comments on our blog posts. When you use any of these features, the website gathers the following data:
| Data | Your IP address, network and device details, and information about the web page or content you intend to share using our share functionality. Additionally, when you post a comment, we collect your name, email address (optional), and website URL (optional). |
| Source of Collection | Gathered when you interact with our website’s engagement features, such as sharing content or commenting, as described in the 'How do we obtain your personal data?' section. |
| Legal Basis | Consent is based on the cookie banner, but consent can also be withdrawn. Furthermore, this data is required to provide the service (engagement functionality); for instance, it collects data to prevent the same person from liking the same post multiple times during a visit. |
| Retention | Maximum 3 years: engagement data (like likes or comments) generally does not require long-term retention and to balance user privacy with business needs. |
Styling & Font Usage
This website serves font files and renders fonts using Google and Adobe. To correctly display this site, these third parties may receive personal data about you.
| Data | Data about your browser, network, or device based on I.P. address; Data about this site and the page you view. |
| Source of Collection | Data is collected automatically by third-party font services such as Google Fonts and Adobe Fonts when you visit our website to ensure text is displayed properly, as highlighted in the 'How do we obtain your personal data?' section. |
|
Legal Basis |
Consent: the processing of this data is based on your consent to cookie use, as mentioned in our cookie policy. |
| Retention | Data retained only for the session: As this data is typically used for real-time rendering and not stored long-term, retaining it only for the session's duration aligns with the minimal data retention principles of GDPR. |
Data Transfer Procedures
For technical and operational reasons, transferring your personal data to various recipients may be necessary. These recipients fall into specific categories:
-
Affiliates of Workplace: For internal administrative purposes, data may be shared with our affiliates located outside the European Economic Area (EEA).
-
Third-Party Service Providers: We utilise services from third-party providers, including but not limited to:
-
Google Fonts: For website typography enhancement. Privacy and Data Collection↗︎
-
Adobe Fonts: For providing diverse font options on our website. Adobe Fonts Privacy Policy↗︎
-
Squarespace: Our hosting platform. Squarespace Privacy Policy↗︎
-
Google Analytics: For website analytics. Data Privacy and Security↗︎
-
Microsoft: For cloud services and operational tools. Microsoft Trust Center↗︎
-
In cases where privacy protection regulations in the recipient country may not offer the same level of protection as within the EEA, we ensure the safeguarding of your personal data through the implementation of EU Model Clauses. If this is not feasible, we will seek your explicit consent to transfer your personal data to countries with different data protection standards, and you have the right to withdraw your consent at any time.
Your Privacy Rights
Workplace wants to ensure you fully know your Data protection rights. Under the European General Data Protection Regulation, you have several rights regarding your data and its processing.
| Rights | Explanation |
|---|---|
| The Right of Access | You can request Workplace copies of your personal data. We may charge you a small fee for this service. |
| The Right to Rectification | You have the right to request that Workplace correct or complete any Data you believe is inaccurate or incomplete. |
| The Right to Erasure | You can request that Workplace erase your personal data under certain conditions. |
| The Right to Data Portability | You have the right to request that Workplace transfers the data we have collected to another organisation or directly to you under certain conditions. |
| The Right to Restrict Processing | You have the right to object to Workplace's processing of your personal data under certain conditions. |
If you want to request any of the above rights, please get in touch with Workplace. Workplace will aim to fulfil your request within one month of receipt. A clear explanation will accompany any declination.
Cookie Policy
What are Cookies?
Cookies are small text files our website stores on your computer or mobile device. They capture information about your interactions with our site, enabling us to remember your preferences, understand your usage patterns, and enhance your overall browsing experience. By remembering your settings and keeping you logged in, cookies help make our content more relevant and accessible to you. They also play a crucial role in monitoring and improving our website's performance.
How Are Cookies Used?
Cookies perform several key functions:
-
Preference Cookies: These remember your settings and preferences, like your username and language choice, making your site visits more personalised and streamlined.
-
First-Party Cookies: Set directly by our website, these cookies are essential for basic site functionality and navigation, ensuring a smooth and secure user experience.
-
Third-Party Cookies: Used by external services integrated into our website, these cookies track browsing behaviours for analytics and advertising, thereby enhancing content relevance and effectiveness.
Our website uses both first-party and third-party cookies. For specific details on the cookies we employ, please see our Squarespace Cookie Usage↗︎ section.
Types of Cookies Used
We use analytics and performance cookies to monitor site traffic, user activity, and other important metrics. Functional and required cookies, necessary for the secure operation of our site provided by Squarespace, are always active. We activate analytics and performance cookies only upon your acknowledgement of our cookie banner.
Managing Cookies
You have control over the cookies stored on your device. Clearing your browser's history will remove cookies from all websites you've visited. Modern browsers allow you to modify settings to manage cookie placement on your device, and the 'Do Not Track' feature can prevent online activity tracking. Adjusting these preferences might require manual changes each time you visit a website. For managing cookies in specific browsers, refer to their respective privacy and cookie settings:
Note: Disabling cookies may affect certain website functionalities, such as logging into your profile.
Data Security Measures
At Workplace Consultants B.V., we take the security of your data seriously and implement appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. If you feel that your data is not adequately protected or if there are indications of abuse, please get in touch with us or email us at hello@workplaceconsultant.com. We have implemented the following measures to secure your personal data:
-
Security Software: We use antivirus software and firewalls to protect our systems from external threats.
-
TLS (formerly SSL): Your data is transmitted using a secure internet connection. This is visible through the 'https' in the address bar and the padlock icon.
-
Email Security (DKIM, SPF, DMARC): These three internet standards are used to prevent you from receiving emails in our name that contain viruses, are spam, or are designed to obtain personal login information.
-
DNSSEC: This additional layer of security on top of DNS ensures the conversion of a domain name to its associated IP address is authenticated with a digital signature, preventing redirection to a false IP address.
Additionally, we have implemented the following measures:
-
Regular Software Updates and Patches: To ensure the latest security features are in place, we regularly update our software and apply necessary security patches.
-
Data Encryption: Personal data stored in our databases is encrypted to prevent unauthorised access.
-
Employee Training: Staff and people in direct cooperation with access to systems receive elaborate briefing on data privacy and security to ensure they are aware of the best practices and the importance of protecting customer data.
-
Access Controls: Strict access controls are in place to ensure that only authorised people have access to personal data.
-
Regular Security Audits: We conduct regular security audits to assess and improve our security measures.
Privacy Commitment
Workplace Consultants B.V. securely stores your personal data. As a subsidiary of Amstel ICT-beheer Holding B.V., we ensure the safety and confidentiality of your information. Both entities, with respective KVK Numbers 91105382 and 91103207, are processing controllers under the GDPR and have made additional agreements regarding the division of responsibility and security of personal data.
What We Need to Know About You
-
Title, initials, first and last name
-
Gender
-
Date of birth
-
Address details
-
Contact details
-
Communications regarding registration (email, voice log or chat, IP and timestamp)
-
IBAN bank account number
Reporting Vulnerabilities
We would like to hear from you if you find a vulnerability in our services, such as a weak spot in our systems. Please send your findings to hello@workplaceconsultant.com and include:
-
What exactly you found
-
The IP addresses used
-
The steps that led to the vulnerability
If you have screenshots or a video of your findings, please send them along.
Investigation Process
We will thoroughly investigate your report. During our investigation, we ask that you do not share information with others or exploit the vulnerability, as this could have unpleasant consequences for everyone. We will keep you informed of our progress. Thank you!
Concluding Notes
Remember, our website contains links to external sites with their own privacy policies. We encourage you to review these when visiting such sites. Our Privacy Policy may undergo updates, with the latest revision in December 2023. If you have any questions or concerns regarding how we process your personal data, or if you suspect a GDPR breach, please get in touch with Workplace. For unresolved issues, you may approach the Dutch Data Protection Authority.