In what circumstances do we use personal data?
First of all, we use personal data to keep in touch with our (potential) customers: name, telephone numbers, addresses, and email. There is usually no need to provide personal details when you visit our website and pages related to our website. The information on our website and other channels is organized in accordance with article 7.4 of the GDPR, and in such a way that there is no obligation for visitors to pass on personal details in order to see particular pieces of information.
What type of personal data of we process?
We process different categories of personal data.
1. We save and process customer data to be able to carry out the contracts agreed with our customers. For this purpose, we store name, visiting address, billing address, company incorporation details, and information related to the relevant assignment. It goes without saying that we store and process this data safely, in accordance with the regulations set out in the GDPR. To make sure this happens at all times, we have drawn up a binding code of conduct for our employees.
2. If you send us an email or leave a message or contact information via one of your forms, chats, landing pages, or support systems, we store your name, email address, and the contents of your message.
3. In addition, we store and process data about potential customers, to approach them in the context of our marketing and sales activities.
4. Engatta has its own pages on a range of social media websites such as the profile pages on Facebook or Linkedin. When someone likes our Facebook page or shares any of our content on that page, this is communicated to us. If we were to place an advertisement on Facebook, it would in all likelihood be shown first to those people who liked our page.
5. We publish white papers, blogs, and other marketing material on Emerce, FrankWatching, MarketingFacts, and Adformatie. When you download any of our material, you will be asked to leave your contact details, which are passed on to us. As you fill in your details, the website in question has to ask on our behalf if we have your permission to approach you.
6. Finally, we store and process data about our own employees. Our policies regarding co-worker data are available only to them and falls outside the scope of this public document.
We will never collect so-called “special categories of personal data” (as described in article 9 of the GDPR), such as information about race, ethnicity, political conviction, religious beliefs, health, or criminal history. Within our own HR administration, this would only happen if there were a legal imperative.
To what ends do we use personal data?
We process the data listed above for the following purposes:
1. We use your email address, first name, surname, and areas of personal interests to alert you to new content or information (blogs for example) regarding our offerings. We do this by creating targeted mailings in our CRM tool. Based on article 6.1.f (“legitimate interests”) of the GDPR, we believe it is sufficient to seek opt-out consent. This means you may receive an informative mailing from us without having given your express consent, but you can unsubscribe or opt-out at any time.
2. We use your telephone number to give you further information if you have shown an interest in our products and propositions. Based on article 6.1.f (“legitimate interests”) of the GDPR, we believe it is sufficient to seek opt-out consent. This means we may telephone you for this purpose and that you have the possibility to indicate that this is against your wishes. If that is the case, we will no longer contact you by telephone for this purpose.
3. We use your email address, first name, and surname to send you information about events in which Engatta is participating. We do this by creating targeted mailings in our CRM tool. Based on article 6.1.f (“legitimate interests”) of the GDPR, we believe it is sufficient to seek opt-out consent. This means you may receive an informative mailing from us without having given your express consent, but you can unsubscribe or opt-out at any time.
4. We use your email address, first name, and surname to send you information about Engatta events. We do this by creating targeted mailings in our CRM tool. Based on article 6.1.f of the GDPR, we believe it is sufficient to seek opt-out consent. This means you may receive an informative mailing from us without having given your express consent, but you can unsubscribe or opt-out at any time.
6. The profile page on our Customer Portal offers you the possibility to upload a photograph that will then feature on all the correspondence on that portal. This photograph will not be used for any other purpose. If you wish to download a photograph, we first ask for your consent. We need this consent to make it technically possible to place the photo. When you change or delete the photograph, it will immediately be changed/erased from our servers.
7. To prevent fraud or theft. We also use personal data to comply with our legal obligations (in accordance with article 6.1.c of the GDPR), or if we judge in good faith that it is necessary to do so to prevent fraud or to react to fraud, or to protect our websites or our products against attack, or to protect the property and safety of Engatta, our customers or the general public (in accordance with article 32 of the GDPR).
8. We use the email address and telephone number passed on to us by Emerce, FrankWatching, MarketingFacts, and Adformatie to make contact with you after you have downloaded content from us. Consent to use this information (in accordance with article 6.1.a of the GDPR) is requested in a dialogue box on the website where you left your details.
Engatta does not use personal data for any other purposes than those outlined here.
Engatta uses analytical tools to measure the use of its website. In this way, we can determine which parts of the site are the most interesting and user-friendly. The statistics and reports that flow from this analysis cannot be traced back to any individuals. On the grounds of article 21.6 of the GDPR, we believe it is sufficient to seek opt-out consent. This means that your details contribute in principle to the user statistics but that you have the possibility to stop this from happening.
Amendments to the Privacy Statement
Engatta continues to develop and optimize its services. We may in the future add new functionalities to our online channels. If this impacts the way we process your personal data, we will publish an amended Privacy Statement in good time.
Right of access
All our clients, prospects, and other parties in our systems have a right to access the data we record (in accordance with article 15 of the GDPR). Where Engatta is the Controller, we can send you a breakdown of the (personal) data that we hold about you. This record is formatted in ordinary text. We see no reason in our case to also make your personal data available in a machine-readable format. You should submit your request digitally so that we can verify your identity with an email check. We have made the form for such a request available on our Customer Portal.
Are your data incorrect? You can use the same form to pass on your amendments.
For both rights of access and corrections, we will do our utmost to comply with your request within 30 days, in as far as this is feasible, within the scope of the applicable legislation.
On the grounds of the processing agreements in place with our customers and partners, we are not permitted to use or sell on data that we manage on their behalf (in the role of Processor as defined by the GDPR). If you are a client of one of our customers and are seeking information on the data that we process on their behalf, you need to contact the customer in question directly. We will under no circumstance grant access to data we administer on behalf of our customers.
We store the information in accordance with our data retention policy. Personal data are retained for the processing purposes described above, and for the period of time prescribed by law.
As part of the GDPR, we have the role of Processor in relation to our customers. This means that we process personal data at the instruction of our customers. Because under the terms of the GDPR, our customers are legally liable for such processing, we are obliged to register these instructions in a record of processing activities (described in articles 39 and 30 of the GDPR). Engatta has automated this record, so customers need to submit their instructions digitally from our Customer Portal or to CC in our record of processing activities when making such a request.
As well as safeguarding your personal data, we also want to keep them as accurate and up-to-date as possible. Engatta implements all reasonable physical, administrative and technical measures to protect your personal data against loss, theft, misuse as well as unauthorized access, use, and publication. For example, we encrypt sensitive personal data such as user names and passwords when we transmit such information via the internet or store it in our database. We demand that our suppliers for their part also protect such information against unauthorized access, use, or publication.
Storage of data
We monitor that Personal Information is not stored longer than strictly necessary. Engatta implements reasonable administrative and technical safeguards to ensure that the information stored in our systems is not kept for longer than the stated retention period. The retention period is set at 2 years (730 days). If no new digital, non-digital or administrative activities take place during that period, starting after the last (digital, non-digital or administrative) activity, all contact-related information will be deleted. Company data, company related information and data that must be stored or archived in order to comply with the law (such as tax and financial information) are excluded.
Engatta understands and endorses the importance of protecting the privacy of children, especially in an online environment. Our website is not intended or designed for children under 16. It is our policy never knowingly to collect or store the personal data of children under the age of 16. Should Engatta obtain personal information about any person under 16, we will immediately erase this data from our systems.