Privacy Statement Smart Financial Planner
We process personal information within the scope of our services. We could have received this data from yourself, for example through our website, email, phone or app. We could also have acquired your personal information through third parties within the scope of our services. This privacy statement advises how we handle this personal information.
Processing personal information and purposes
Processing Personal Information occurs in accordance with the requirements set by the General Data Protection Regulation (GDPR) and the related laws and regulations.
The personal data we process, depends on the exact service and circumstances. It often involves the following data:
- Name and Address details;
- Function contacts;
- Birth date and place;
- Contact details (email addresses, phone numbers) and name and function of contacts;
- Social Security Number (only if necessary!);
- Passport picture (only if strictly necessary! For example, for personnel file);
- Bank account number;
- Information about your activities on our website, IP address, internet browser and device type.
Purposes and the bases for processing
In some cases, we process the personal information to comply with legal requirement, but usually we do this to be able to implement our services. Some of the data is recorded for practical or efficiency reasons, of which we (may) assume that they might be in your interest as well, such as:
- Communication and information provision;
- Being able to provide our services in the most efficient way possible;
- Improvement of our services;
- Invoicing and collection.
The above also means concretely that we also use your personal information for marketing purposes or to send you advertisement material or messages concerning our services, when we think that these may be of interest to you. It can also be that we contact you for feedback about our services provided by us or for marketing or other research purposes.
It might be that we would need your personal information in certain cases for other reasons than mentioned above, and we will ask your explicit permission for this. Should we need the personal information that we are allowed to use based on your permission for more purposes, we will then ask your permission for this once again.
Finally, we may also use your personal information to protect our rights or property and those of our users, and if necessary, to comply with legal proceedings.
Distribution to third parties
Within the scope of our services, we can make use of the services of third parties, for example if these third parties have special knowledge or resources that we do not have ourselves. These can be the so-called processors or sub-processors, who will process the personal information based on your exact instruction. Other third parties who, strictly speaking, are not processors of the personal information but do have or can have access to them are for example our system administrator, suppliers or hosting parties of online software or advisors whose advise we obtain regarding your assignment. If engaging third parties result in them having access to the personal information or if they record and/or process these themselves, we will agree (in writing) that they will comply with all obligations of the AVG. of course we will only involve third parties whom we may and can assume of that they are reliable parties who deal adequately with personal information and who can and will comply with AVG. This means among other things that these third parties may only process your personal information for the afore mentioned purposes.
It is of course also possible that we need to provide your personal information to third parties in relation with a legal obligation.
We will in no way provide your personal information without your explicit approval to third parties for commercial purposes or charities.
We will not process your personal information longer than necessary for the purpose for which they were given (see the paragraph ‘Purposes and base for processing’). This means that your personal information will stored as long as necessary to achieve the indicated goals. Certain information must be retained longer (mostly 7 years), because we need to comply with the legal retention obligations (for example the fiscal retention obligation) or based on regulations from our professional association.
We have taken appropriate organizational and technical measures for the protection of the personal information insofar as these can reasonably be required from us, taking the interest into account to be protected, the state of the technology and the costs of the relevant security measures.
We require confidentiality from our employees and any third parties who necessarily have access to the personal information. Furthermore, we ensure that our employees have received the correct and complete instructions in relation to handling personal information and that they are sufficiently familiar with the responsibilities and obligations of the AVG. If you appreciate this, we will gladly inform you about how we have designed the protection of personal information.
You have the right to inspect, rectify or delete the personal information that we have of you (except of course if this would interfere with any legal obligations). You can furthermore object to the processing of your personal information (or a part thereof) by us or by one of our processors. You also have the right to have the information provided by you to be transferred by us to you or if you wish to another party.
Incidents with personal information
If there is an incident (a so-called data leak) in relation to the concerning personal information, we will inform you immediately subject to compelling reasons, if there is a real chance on negative consequences for your privacy and the realization thereof. We strive to do this within 48 hours after we have discovered this this data breach or have been informed by our (sub) processors.
Please contact us if you have a complaint in relation to the processing of your personal information. Should this not lead to a satisfactory outcome, you always have the right to file a complaint with the Dutch Data Protection Authority; the supervising authority in the area on privacy.
Processing within the EEA
We will only process the personal information within the European Economic Area, unless we come to other written agreement about this. Exception to this are situations in with we want to map our contact moments through our website and/or social media pages (such as Facebook and LinkedIn). Think for example of visitors numbers and requested webpages. Your information will be stored by third parties outside the EU when using Google Analytics, LinkedIn or Facebook. These parties are ‘EU-US Privacy Shield’ certified, so they have to comply with European privacy regulations. Incidentally, this only concerns a limited number of sensitive personal data, in particular your IP address.