Privacy statement
Privacy statements
You will find the following privacy statements on this webpage.
- Privacy statement for the website (1)
- Privacy statement for services(2)
1. Privacy statement for the website
We respect your privacy. This privacy statement applies to all personal data that CROP collects or uses when using this website. In this privacy statement, we explain why we collect personal data, what personal data is collected and what rights you have if we collect these personal data.
Who are we?
The controller responsible for processing your personal data is:
CROP registeraccountants
De Brand 40
3823 LL Amersfoort
033 – 46 357 27
Why does CROP process your personal data?
The purpose of processing the personal data you enter is to be able to send information requested by you (such as a newsletter), invite you to an event or handle your query/complaint.
What personal data does CROP collect and use?
Actively
We collect and use the contact information (name, email address and phone number) that you leave in the following places on the website:
- Contact form
- Request for informative article
- Sign up for event
- Subscribe to newsletter
Passively
When you visit our website, CROP collects certain personal data using cookies. Data relating to website visits are processed anonymously and collectively by CROP.
Cookies
When you visit our website, we process personal data using cookies. We use functional, analytical and tracking cookies. Read more about cookies in our cookie statement.
How does CROP obtain your personal data?
We obtain your personal data partly through the use of the website (indirectly) and partly because you actively leave personal data on the website (directly).
Is CROP permitted to process your personal data?
We only process personal data for a reason specified in the GDPR (the basis). The possible bases are listed in Article 6 of the GDPR. The bases on which CROP processes personal data are:
Consent
If you have given your consent, we may process your personal data. This could be us sending you the newsletter if you leave your contact details for this purpose and have confirmed your subscription. You always have the right to withdraw previously given consent.
Legitimate interest
We process personal data in order to (continue to) provide our services to our website visitors as efficiently as possible and to make our website as useful as possible.
CROP processes your personal data only for the purpose for which they were obtained.
Who has access to your personal data?
Only employees charged with or directing the performance of the activities for which your personal data have been received have access to the personal data.
Does CROP use automated decision-making?
We do not use automated decision-making.
How does CROP secure your personal data?
We take both technical and organisational measures to protect your personal data. We follow the applicable legal requirements and guidelines in this context. Examples of a technical measure are secure servers and firewalls. An example of an organisational measure is restricted access to the personal data. A summary of technical and organisational measures can be requested from avg@crop.nl.
How long does CROP keep your personal data?
We do not keep your personal data for longer than is necessary to realise the purposes for which we collect your data.
Does CROP share your personal data with third parties?
We only share your personal data with third parties if it is necessary for realisation of the purposes.
When you ‘order’ a product or service via our website, we may need to transfer your personal data to a third party that provides support for this activity. In such cases, these companies are not entitled to use these data for any other purpose.
If CROP shares your personal data with third parties, we will conclude a (sub)processor agreement with those parties. CROP only engages processors who provide adequate safeguards and take adequate measures to ensure the protection of personal data and the processing thereof is in accordance with applicable laws and regulations. We keep a record of the (sub)processors we engage.
Exceptions to this are bodies that are allowed to request data under laws and regulations. In these cases, CROP is reluctant to share specific personal data unless sharing at the level of the person is a requirement. In that case, the privacy officer is always involved.
What are your rights?
You have the following rights with regard to your personal data:
- Withdraw your consent to processing
- Receive information about what we do with your data and why
- Access to the data we process about you
- Have incorrect data corrected
- Have data that no longer need to be processed by us deleted
- Object to processing
- Have the processing limited
- Have your data transferred to a third party
- Submit a complaint
A more detailed explanation of the various rights can be found on the website of the Dutch Data Protection Authority.
However, these rights are not unlimited. The applicable laws and regulations provide the frameworks within which we may or may not have to honour such requests. This may mean that we are obliged to retain data and therefore cannot cooperate with a deletion request.
Complaint
If you do not agree with how we process your personal data, you can file a complaint with our privacy officer (avg@crop.nl). If your complaint is not resolved to your satisfaction, you can file a complaint with the Dutch Data Protection Authority.
More information
Do you have questions about this privacy statement, want to exercise (one of) your rights or have other questions about how we handle privacy? Then contact our privacy officer, Mr Henk Rompelman (avg@crop.nl).
Other
We reserve the right to amend this privacy statement, for instance, if a change in legislation requires us to do so. We will post any revised versions on this website.
2.Privacy statement for services
We respect your privacy. This privacy statement applies to all personal data collected or used by CROP in the management of business relationships and in the provision of services. In this privacy statement, we explain why we collect personal data, what personal data is collected and what rights data subjects have when we collect this personal data.
Who are we?
The controller responsible for processing the personal data is:
CROP registeraccountants
De Brand 40
3823 LL Amersfoort
033 – 46 357 27
Why does CROP process personal data?
We process personal data to manage our business relationships and in the performance of services. The purposes of this processing are:
Business relationships
– Complying with regulatory requirements and statutory obligations
– Conducting risk analyses and quality assessment
– Preventing conflicts of interest
– (Financial) administrative purposes
Services
– Producing quotes for prospects
– Maintaining contacts with clients and informing them about our services
– Being able to execute the service contract
– Complying with statutory obligations and professional regulations
– Complying with requests from bodies authorised to request data under laws and regulations
– Handling requests/complaints/disputes
From whom does CROP collect personal data?
We collect personal data from:
– Contact persons at business associates
– Prospects
– (Former) clients
– Clients’ customers
– Clients’ employees
– Other data subjects of clients
What personal data does CROP collect and use?
The personal data that may be collected and used for carrying out the purpose of the processing operations includes:
Business relationships
– Name, gender, title, date of birth
– Contact details (address, phone number, e-mail address, website)
– Passport details
– Business details (organisation, job title)
– Financial data (bank account number, amounts)
– Log data
Services
– Clients’ HR and supplier details
– Financial data (income data/wages, expenses, assets, debts, etc.)
– Tax information (identification number, data required for the tax return, etc.)
– Official and personal documents
– Registration numbers of company vehicles
– Information on health and absence
– Information on insurance and (company) pensions
We may process unintended (sensitive) personal data (such as about religion or health) in the context of providing the service. We handle this with the same care as other data.
Minors
In principle, CROP’s services and processing are not aimed at persons under age 16. If such processing is nevertheless necessary, we will take the vulnerability of these individuals into account and CROP will contact the legal representative.
How does CROP obtain personal data?
We obtain personal data in the following ways:
– Directly from the data subject
– Through the client under the service contract
– From third parties e.g. from public records
– Derived from data we already hold
Is CROP permitted to process personal data?
We only process personal data for a reason specified in the GDPR (the basis). The possible bases are listed in Article 6 of the GDPR. The bases on which CROP processes personal data when managing business relationships and providing services are:
Execution of contract
If a contract has been concluded to which the data subject is a party, we process personal data on this basis.
Legitimate interest
We process personal data in providing our services and being able to pursue the purposes described above.
Statutory obligation
If there is a statutory obligation, we do not process personal data on our own initiative, but to comply with this obligation. One example is under the Dutch Money Laundering and Terrorist Financing (Prevention) Act (WWFT), which is aimed at gaining greater insight into illegal money flows.
We only process personal data for the purpose for which it was obtained.
Who has access to the personal data?
Only employees charged with or directing the performance of the activities for which your personal data has been received have access to the personal data.
Does CROP use automated decision-making?
We do not use automated decision-making.
How does CROP secure personal data?
We take both technical and organisational measures to protect personal data. We thereby follow the applicable legal requirements and guidelines. Examples of technical measures are secure servers and firewalls. An example of an organisational measure is restricted access to personal data. A summary of technical and organisational measures can be requested from avg@crop.nl.
How long does CROP retain personal data?
We do not keep personal data for longer than is necessary or required (by law) to realise the purposes for which we collect the personal data. In some cases, the law stipulates how long we may or must keep data. In other cases, we have decided ourselves how long we need personal data.
Does CROP share personal data with third parties?
CROP only shares personal data with third parties if it is necessary to achieve the purposes. In such cases, these companies are not entitled to use this data for any other purpose.
If CROP shares personal data with third parties, we will conclude a (sub)processor agreement with those parties. We only use processors who provide adequate guarantees and take adequate measures to ensure the protection of personal data and the processing thereof is in accordance with applicable laws and regulations. We keep a record of the (sub)processors we use.
Exceptions to this are bodies that are allowed to request data under laws and regulations. In those cases, CROP will be reticent in sharing specific personal data unless sharing at the individual level is a requirement. In that case, the privacy officer will always be involved.
What rights does the data subject have?
The data subject has the following rights with regard to personal data:
– Withdraw permission to process
– Receive information about what we do with data and why
– Access to the data we process
– Have incorrect data corrected
– Have data that no longer needs to be processed by us deleted
– Object to processing
– Have the processing limited
– Have your data transferred to a third party
– Submit a complaint
A more detailed explanation of the various rights can be found on the website of the Dutch Data Protection Authority.
However, these rights are not unlimited. The applicable laws and regulations provide the frameworks within which we may or may not have to honour such requests. This can mean that we are obliged to retain data and therefore cannot cooperate with a deletion request.
Complaint
If you do not agree with how we process personal data, you can submit a complaint to our privacy officer (avg@crop.nl). If your complaint is not resolved to your satisfaction, you can submit a complaint to the Dutch Data Protection Authority.
Further information
If you have questions about this privacy statement, want to exercise (one of) your rights or have other questions about how we handle privacy, please contact our privacy officer, Mr Henk Rompelman (avg@crop.nl).
Other privacy statements
When you visit our website, we process personal data. Read more about the processing of personal data in the website privacy statement (see above) and in our cookie statement.
Other
We reserve the right to amend this privacy statement, for instance if a change in legislation requires us to do so. We will post any revised versions on this website.