GPA Privacy Statement
The following document expresses our commitments and approach to the management of personal information. It explains what kind of personal data we collect and for which purposes.
We recommend that you read it carefully. If you have any questions regarding the processing of personal data, you can find contact details at the end of the document to enquire further. This policy statement is applicable to all sources controlled or managed by GPA from which Personal Information may be collected.
GPA ORGANIZATIONAL OVERVIEW
GPA B.V. (GPA) is the global parent management entity of a global consortium of affiliated regional audio visual and collaboration technology integration companies. Together, our goal is to provide customers one global source for all their audio, video, and unified communications solutions.
Each GPA Regional Business Unit (RBU)is a separate and stand alone corporate legal entity, however each is approved by GPA to operate within designated geographical region(s) using GPA brand, policies, and infrastructure, and operational models. Within that structure, all RBU’s are governed by and operate within the GPA Data Privacy & Protection Policy.
During the processing of personal data, as an EU (Dutch) registered corporate entity, GPA aligns to the requirements of applicable data protection legislation such as the General Data Protection Regulation (GDPR).
This means we:
- clearly specify our purposes before we process personal data, by using this privacy statement
- limit our collection of personal data to only the personal data needed for legitimate purposes
- first ask for explicit permission to process your personal data in cases where your permission is required
- take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf
- respect your right to access, correct or delete your personal data held by us
DATA PROCESSING AGREEMENTS
As separate legal entities, GPA and GPA RBU’s should be considered separate controllers of personal data. GPA does however maintain a standing sub data processing agreement with, and in turn between, all its RBU’s to ensure global GDPR compliance in the sharing of personal data with and between each and all these independent parties.
Any organization governed by the GDPR, and thereby considered a Data Controller either because of its country of registration or the location of any of its employees, may request the execution of a Data Processor Agreement with either GPA or a GPA RBU. This will allow you to provide us specific instructions related to managing personal data related to individuals within your organization. GPA maintains a templated Data Processor Agreement we can provide upon request.
USE OF PERSONAL DATA: PORTALS & PLATFORMS
GPA maintains various user or customer specific web portals or software platforms within which approved users may be able to access a management environment through which they may undertake activities such as to set, specify, and change settings. If you are a user of such a portal, we may keep track of your activities for proof of use or changes made.
For this purpose, we may use personal information including your name and address details, phone number and email address. We need this data because of our agreement with you. We store this information until our services to you have ended, or you specifically request its deletion.
USE OF PERSONAL DATA: WEBSITE
When visiting our websites, we can use your personal data for the following purposes:
You can use our contact form to ask questions or make any request. For this purpose, we use your name and address details, phone number, email address and the message you wish to send to us. We do this based upon your consent. We store this information until we are sure that you are satisfied with our response, or until you specifically request us to no longer retain your information or communicate with you.
During a user’s interaction with one of GPA’s websites, GPA may use a cookie to collect information anonymously and track user patterns. A cookie is a small text file containing a unique identification number that identifies a user’s browser (but not the user personally) each time a user visits one of the GPA websites. Cookies tell GPA which pages of its websites are visited and how many people visited each web page. This helps GPA understand interests and enhance the on-line experience. Cookies also serve to identify the user’s computer so that preferences can be saved for future visits and to help us with items such as traffic management, research, and analytics.
USE OF PERSONAL DATA: CUSTOMER RELATIONSHIP MANAGEMENT (CRM) OR OTHER INFORMATION MANAGEMENT SYSTEMS OR DATABASES
GPA processes personal data relating to both its business contacts, and those of its RBU’s, using a various software platforms and databases, including a Customer Relationship Management (CRM) system. We initiate the collection of personal data relating to your business in order to provide you with what we believe will be or are relevant products, services, or information, and therefore of legitimate interest to you. We may therefore add that data to our CRM. This personal data may include name, job title, address details, phone number, address, and email address.
GPA and it’s RBU’s use this data because of either an explicit agreement or consent process undertaken with one or more of our organizations, under the basis we believe it serves a legitimate interest, and/or is legally or otherwise necessary for us to do so. We store this information in the CRM until we believe the services we have provided or continue to provide to you have been completed, or any expectation of legitimate interest no longer exists. Certain types of personal data will be retained for a longer period if required by law (e.g., the legal retention period).
As a result of our global RBU footprint, personal data may be visible to (“transferred”) other GPA RBU’s in countries outside the European Union that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection.
PROVIDING DATA TO THIRD PARTIES
Except for the parties necessary to deliver the above-mentioned services, we do not under any circumstance provide your personal data to other companies or organisations, unless we are required to do so by law (for example). Where your data will be provided to a third party, we execute contractual mechanisms such as Data Processing Agreements to clearly define and manage the limitations and requirements under which we are providing such data and how it may and may not be used.
We have taken security measures to reduce misuse of and unauthorized access to personal data. We take responsibility for the security of your personal data. We consistently renew our security measures to ensure safe storage of personal data.
INSPECTION AND MODIFICATION OF YOUR DATA
You can always contact us if you have any questions regarding our privacy statement or wish to review, modify, or delete your personal data.
You have the following rights:
- Right of access: you have the right to see what kind of personal data we process about you.
- Right of rectification: you have the right to rectify any personal data we process about you if this information is (partially) wrong.
- Right to complain: you have the right to file a complain against the processing of your personal data by us.
- Right to be forgotten: you can file a request with us to remove any personal data we have processed of you.
- Right to data portability: if technically possible, you have the right to ask us to transfer your processed personal data to a third party.
- Right to restriction of processing: you can file a request with us to (temporarily) restrict the processing of your personal data.
If you exercise any of the rights mentioned above, we might ask you to identify yourself with a valid ID, to confirm it is your personal data. If so, it is important that you hide your social security number and photo.
We will usually respond to your request within 30 days. This term can be extended if the request is proven to be complex or tied to a specific right. You will be notified about a possible extension of this term.
CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.
INQUIRIES AND COMPLAINTS
If you wish to request the removal of your personal data, or if you wish to file a complaint about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will act promptly, and will investigate and respond to any complaints we receive.
If you think that we are not helping you in the right way, you have the right to file a complaint with the relevant authority. For the Netherlands, this is the Dutch Data Protection Authority (Dutch DPA) Autoriteit Persoonsgegevens.
Contact details of GPA B.V.
De Corridor 19
3621ZA Breukelen, NL