In order to carry out our work correctly, it is often essential for us to process personal details.
We guarantee the lawful, appropriate and transparent processing of your personal details, and we respect everyone’s privacy. For that reason, we comply with the General Data Protection Regulation (GDPR) and the General Data Protection Regulation Implementation Act (UAVG).
In order to process your details honestly and confidentially, we take appropriate measures to prevent misuse, loss, unauthorised access and other undesirable acts relating to personal details. The choice of these measures is based on the available technology, the type of personal details we record and the related risks. Your details are only processed by persons subject to a confidentiality obligation.
We only process those personal details that are strictly necessary for the purpose for which they are processed or for compatible purposes. In this way, we limit the storage of your personal details. With your cooperation, we ensure that we continue to process the correct details. If you have an online account with us, you yourself can access, rectify or erase your personal details.
In addition, VNG International operates a Code of Conduct that all members of staff and external persons who work for us must comply with.
Purpose of processing personal details
- When you visit our website, we (temporarily) process personal details. We refer to the ‘cookie settings’ in the yellow tab on the website.
- We use your email address to send newsletters (if you have subscribed). We only do this if you have subscribed for newsletters and have given us your permission. You can unsubscribe for our newsletters at any time. Do this via the unsubscribe link at the bottom of each newsletter.
- If you register as an expert, we store and process the details you enter on your CV. We can then approach you to enter your CV in project proposals, and to ensure that you are deployed at the right place in our current projects. In addition, we process your details for sending invoices and for communicating about developments. You can rectify and erase your own details, in the online portal.
- For the implementation of our projects, we collect details from data subjects. These include at least your name, contact details and the name of the organisation where you are employed. These details are placed in our relation management system. You can have these details erased at any time. In organising missions, for example for visa applications, it may be necessary for us to request your passport details (or a copy), vaccination records and passport photograph. This information is not stored by us. Your name and any (travel) preferences are stored in a passenger profile by our travel agent. If unused, these details are erased after 6 months.
- Master data of debtors and creditors are used for processing purchase and sales invoices of business relations, with whom a contractual agreement has been entered into.
- For the implementation of our projects according to the contract, we collect and use contact details of data subjects, such as beneficiaries and partners.
- During our activities, photographs and film (picture) material may be produced. We use these photographs and/or film (picture) material for our communication products, reports and publications. If you do not wish to appear on these photographs and/or film (picture) materials, please notify the photographer or filmmaker or the organiser of the event.
Sharing with Third Parties
We only issue your details to third parties if this is necessary for the implementation of our agreement with you or in order to satisfy a statutory obligation, or with your permission. We enter into a processing agreement with organisations that process your details on our behalf, to ensure the same level of security and confidentiality. We remain responsible for all processing.
Responsibility / Information obtained from third parties
We are the ‘responsible’ organisation when it comes to meetings and workshops and acquisition activities we organise ourselves, on our own initiative. In that case, we are the party that determines which personal details are processed, and for what purpose, and how this takes place. If you wish to access these details, or wish to have them rectified or erased, you need to contact us.
Many projects and the related activities are however carried out on behalf of another organisation such as a donor or consortium partner. In that case, the other organisation, as contract awarding party is ‘responsible’ (controller) and according to the GDPR we are the ‘processor’ of the personal details. This means that we process these personal details on behalf of this organisation and as such this organisation also has access to the personal details. If you also wish to access these personal details or have them rectified or erased, we will put you in touch with the organisation. In all cases, we deal with your personal details with due care and ensure appropriate security.
We never store personal details longer than necessary for the purpose to which the details relate. Or for as long as necessary to satisfy a statutory obligation.
Your privacy rights
You have the right to access your personal details, to have them rectified, erased or to limit their processing. If you have any questions about the processing of your personal details, or wish to rectify details or withdraw permission, please contact us via PO.email@example.com.
If necessary, you can contact the Data Protection Officer at VNG via firstname.lastname@example.org, to reach a solution. If you are unable to reach a solution together, you can submit a complaint to the Dutch Data Protection Authority. As a final step, you can take the matter to court.