This privacy statement sets out which personal data Strypes collect from you through our interaction with you and through our services and products, in which way this takes place, the role of cookies, for which we use the personal data, how long we store personal data, how you can view and change the personal data stored by us and how your personal data is protected by us.
Our company details are:
10A Maystor Aleksi Rilets Str.
+31 40 82 00070
Applicability of General Data Protection Regulation (GDPR)
When processing data, the General Data Protection Regulation (GDPR) may apply. We refer to it further as the GDPR. The GDPR applies in the case of the fully or partially automated processing of personal data, but also to the manual processing of personal data included in a file or intended for recording therein.
To determine whether the GDPR applies, the following questions are important:
- Is data processed?
- Is this data personal data?
- Is this data processed automatically fully or partially, or is it included in a file or intended to be included in a file?
- Is the data processing within the scope of the GDPR?
How do we obtain personal data?
Personal data is shared with us by employees, potential employees, customers, prospects, suppliers or if you have contact with us.
We also obtain personal data by entering into agreements or through other business activities. These may be commercial project agreements for products or services, employment contracts, contracts for hiring in freelancers or temporary workers, subscriptions or licenses.
Which personal data is processed by us?
We collect the following personal data:
- name and address
- date of birth and place
- phone number
- e-mail address
- bank account number
- identity card details (passport and citizen service number)
Processing targets: for what purposes do we process personal data?
Strypes uses the data that is processed for:
- business management
- delivery of products and services
- improvement of products and services
- offering events
Strypes works for contractors and supplies professionals to hirers. The legal requirement for such cases is that the contractor or the hirer obtains certain data from the identity card of the professional.
In addition, as an employer Strypes is legally required to collect the information from the identity documents of its personnel in the payroll administration.
The information from the identity card is obtained when an employee starts work at Strypes. The IDs information processed by Strypes is also used for inspections.
Delivery and improvement of Strypes products and services
We collect (personal) data that we receive via websites in order to be able to work effectively and to inform and provide our customers with the best possible information about our products and services.
Furthermore, personal data may also be used for communication with customers and users, for example for providing information about user accounts, security updates and product information.
Recruitment for Strypes
We use personal data for recruitment.
Strypes website and cookies
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout.
How do we store personal data?
Personal data is stored by Strypes in the following databases and companies:
- Admin tool
- STM Nadezhda
- Usit Colours
- Benefit System
This list may be subject to change.
With whom can your personal data be shared?
Personal data is shared with:
- Other ICT group companies
- Customers, for whom Strypes fulfils service and/or management functions
- Clients, suppliers or subcontractors, government agencies and other business relations.
Basis for providing personal data
The provision of personal data is based on:
- a legitimate interest
- legal obligation and/or
- implementing the agreement in accordance with the aforementioned objectives
Strypes deems the following means of communication as permission:
- handing over a business card at an event;
- request for information;
- quotation request;
- execution of an assignment;
- permission for use of data by email.
Processing personal data
We conclude a data processing agreement with data processors of personal data. We record these data processing agreements in a data processing register.
The data processing register includes the following information:
- the name and contact details of the responsible individual;
- the purposes for which personal data is processed;
- the categories of personal data (such as name and address details, contact details, payment details);
- the categories of individuals involved (for example: customers, website visitors, employees);
- the categories of recipients (to whom is the data provided?);
- information about the potential transfer of personal data to countries outside the EU;
- the retention periods of the personal data;
- the ways in which personal data is secured (for example: encryption, access control, pseudonymisation).
Data processing register
With regard to the requirements for a data processing register, Strypes has adapted the following:
Since Strypes has no obligation to appoint a data protection officer, this is not included in the processing register. Strypes has instead included the roles of process owner and an application manager in the processing register. This also stipulates that the owner can never be the same person as an application manager, as a result of which the “two sets of eyes” principle is achieved. The purpose for which the personal data is processed has been translated by Strypes into the process for which the personal data in question is used.
The categories of personal data are based on the categories in the retention period schedule. This enables the storage period to be defined.
Rights of data subjects
Strypes undertakes to:
- provide data subjects with reasonable information about the processing of their personal data
- provide data subjects with a copy of or otherwise provide insight into their processed personal data
- remove, correct, supplement or protect the personal data of data subjects on request, unless a legal (storage) obligation conflicts with this
- provide evidence that personal data of data subjects has been removed or corrected
- enable data subjects to exercise other rights under the applicable legislation.
The retention periods for the standard personal data linked to:
- applicants. The storage period is three years after the application procedure has ended.
- potential employees. The retention period for personal data of potential employees amounts to three years.
- employees. The retention period with regard to personal data of persons who are available to Strypes for secondment is 50 years as per the statutory retention obligation.
- hired persons. The retention period with regard to the personal details of persons hired by ICT is 50 years as per the statutory retention obligation.
- customers. The retention period with regard to personal data of Strypes customers is five years as per the statutory retention obligation.
- suppliers. The retention period with regard to personal data of suppliers of Strypes is five years as per the statutory retention obligation.
Sharing personal data outside of Bulgaria
If personal data is shared outside of Bulgaria, we will only do so if and insofar as this is legally permitted. This means, for example, that processors of our personal data outside the European Union are asked to draw up so-called “Standard/Model Contractual Clauses”.
Obviously, we ask our data processors to store the personal data that is processed on our behalf on servers that are located within the European Union.
How do we protect your personal data?
Strypes does everything necessary to protect your personal data. To this end, Strypes has developed an information security policy based on ISO27001. The Information Security Policy is checked several times a year by an independent authority and an ISO27001 certificate is subsequently issued. Part of this policy includes the performance of a risk analysis for each system where data is collected.
In addition to technical protection, people are also important. All our employees have a confidentiality clause in their labor contract. Strypes also invests significantly in raising employee awareness in the area of information security and data privacy.
Strypes may amend this privacy statement from time to time. You can always view the most recent version via the hyperlink “/privacy-statement” on the Strypes website.