Privacy policy Intracare BV

The privacy policy applies to the processing of personal data by Intracare B.V. (Chamber of Commerce number 11053848) hereinafter referred to as Intracare.

Where the word 'you' is used in the text, this means:

• Customer of Intracare
• Employee of a customer of Intracare

Processing of personal data by Intracare

The protection of personal data is very important to Intracare. We are aware that you place your trust in us. Intracare believes it is important to inform you clearly and transparently about this.

Intracare respects your privacy and ensures that your personal data is always handled in confidence and in accordance with the applicable privacy legislation in order to protect your privacy.

Purposes of the processing

Intracare processes your personal data for the following purposes:

• Executing the agreement(s) entered into with you;
• Performing administrative tasks, as well as other internal management-related activities;
• Calculating, recording and collecting amounts due, including utilising the services of a debt collection agency;
• To enable us to get in touch with you and to respond to the questions that you have asked;
• To inform you about Intracare's new products and/or services and offers;
• To deal with your request for information;
• To enable us to send digital newsletters, which are sent by email;
• To improve the website and services
• To comply with legal obligations, such as the requirement to keep accounting records and the data retention requirement.

Legal foundation for the processing

The legal foundation for the purposes of processing mentioned above is based on:

• The consent that you provide (article 6 paragraph 1 under a of the General Data Protection Regulation (Algemene Verordening Gegevensbescherming) (hereinafter: ‘GDPR’);
• At your request, taking pre-contractual measures and/or execution of the agreement(s) entered into with you (article 6 paragraph 1 under b of the GDPR);
• Compliance with legal obligations (article 6 paragraph 1 under c of the GDPR);
• Protecting vital interests of yourself or others (article 6 paragraph 1 under d of the GDPR);
• The performance of a task carried out in the public interest or in the exercise of public authority (article 6 paragraph 1 under e of the GDPR);
• The representation of legitimate interests of Intracare or of a third party (article 6 paragraph 1 under f of the GDPR).

Mandatory provision

When we ask you for personal data, for each situation we will state whether the provision of the data is necessary or mandatory and outline the (potential) consequences of this data not being provided. The basic principle here is that Intracare will not process more personal data than required for the purposes outlined above.

Passing on data to third parties

Intracare will also never pass on personal data to third parties that will use the data for their own purposes. The foregoing does not apply when:

• You have provided your prior consent for the provision of the data, or
• Intracare is required by law to provide data.

Automated decision-making and profiling

Intracare does not use automated decision-making and/or profiling.

Retention period

Pursuant to the GDPR, data may not be retained for any longer than the purpose for which they are processed. The retention period of your data is determined according to the following criteria: applicable legislation concerning the retention periods. Once the retention period has expired, the personal data will be digitally removed from the systems by Intracare and confidential paperwork will be destroyed by a company certified to do so. Your data will be retained in accordance with the statutory retention periods, recorded in (amongst others):

Once the retention period has expired, the personal data will be destroyed by Intracare through a company certified to do so.

Protection of personal data

Intracare will take suitable technical and organisational measures (or arrange for these to be taken) to protect personal data against loss or against any form of unlawful processing. In that respect, various measures have been taken, including encryption of data, encrypted communication and handling of the data considered to be confidential.

Statutory rules in respect of processing personal data

When processing personal data, Intracare is bound, inter alia, by the following legislation:

General Data Protection Regulation (GDPR);

Directives and codes in relation to the processing of personal data

In principle, as part of their working procedures, Intracare employees act in accordance with the GDPR. They also observe the moral ethics and values arising from their professional ethics and they comply with the statutory privacy rules.

Your rights

You have various rights under the law which are listed below.

Right of access

You have the right to access the personal data processed by Intracare.

The right to correction and deletion

You have the right to have data amended or even deleted if the data is incorrect or no longer correct, or if the processing is not or is no longer justified.

Right of objection

The right of objection means that, based on your specific situation, you can object to certain processing of personal data. You have this right in respect of all forms of processing that are not based on:

Your consent;

• Pre-contractual measures being taken at your request and/or the execution of the agreement(s) entered into with you;
• Fulfilment of legal requirements, or
• Protection of vital interests, of yourself or others.

If you object to the use of your personal data to inform you about Intracare's activities and similar ('direct marketing') activities, we will always honour this objection. Your data will then no longer be used for direct marketing purposes.

If you object to other forms of processing of your personal data, we will assess whether we can accommodate your objection. In that case, Intracare must demonstrate that, despite your objection, we nevertheless have a legitimate interest in continuing to process your personal data. If the balance of interests are in your favour, we will discontinue processing your personal data.

Right to restriction

Under certain circumstances, you also have the right to restrict the processing of your data. In short, this means that Intracare temporarily 'freezes' the processing of the data. You can invoke this right in four situations:

• In anticipation of the assessment of a request for correction;
• If data should actually be deleted but you do not want the data to be erased;
• If Intracare no longer needs the data, whilst you do need the data (to prepare) for a court case, and
• in anticipation of the assessment of an objection.

Right to data portability

You have the right to receive (back) the data with which you have provided Intracare, in a commonly used file format. This right only applies to the personal data that we process on the basis of your consent or on the basis of an agreement entered into with you. The right furthermore only applies to the data that we already process in a digital form (i.e. not to analogue processing). You are free to then pass on those data to another party.

Should there be a link between our systems and the systems of the third party to which you wish to pass on the data (directly or indirectly), we could perhaps pass on that data directly on your behalf. Please ask about the possibilities.

Exercising rights

You can exercise your rights free of charge, apart from in the event of misappropriation. You can exercise your rights by using the contact details provided below.

Terms

In principle, we will answer your questions or respond to your requests within one (1) month. In the unlikely event that it takes us more time to answer your question or respond to your request, we will inform you of this within one (1) month. It may be the case that, due to the complexity of the requests and/or the number of requests, it may take up to three (3) months for us to respond to your request.

Identification

Before responding to any questions/requests, we may ask for further proof of your identity. We do this in order to avoid passing on personal data to the wrong party, or making incorrect changes when processing personal data. To ensure that your request can be handled as smoothly as possible, we ask that you include a copy of your identity document along with your request.

Individual assessment of every request

We would like to point out that the rights outlined above are not absolute rights. There may be circumstances that mean we are unable to respond to a specific request. We will assess every request on its own merits. If we do not or are unable to respond to a specific request, we will of course inform you of this along with an explanation, in which case, you can subsequently take legal action.

The right to object to the use of data for direct marketing purposes is, however, an absolute right. Cancellations of subscriptions to our commercial communications will therefore, in any event, be honoured.

Cookies

We collect data for research in order to gain a better understanding of our customers, which allows us to tailor our services to these findings.

This website uses 'cookies' (text files that are placed on your computer) which help the website to analyse how users use the website. The information generated by the cookie about your use of the website can be transferred to secured servers. We use this information to track how you use the website, to prepare reports on website activity and to offer other services regarding website activity and internet use.

Disabling cookies

Most browsers are set up as standard to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is sent. It is, however, possible that some functions and services, on our and other websites, do not function correctly if cookies are disabled in your browser.

Camera surveillance

Security cameras with sound recording function are present at Intracare. You will be informed of this when entering the premises and the cameras are clearly visible. We use the camera images and the sound recordings to guarantee the safety of our customers and our staff, to protect our buildings and machines and to record incidents. In the event of incidents, the images and sound recordings may be passed on to the police and the courts. The camera images will be recorded over after 2 weeks.

The rationale behind this processing is to protect the legitimate interest of Intracare and customers/staff and to prevent or to minimise incidents. We will not utilise facial recognition or other methods which enable individuals to be identified electronically.

Security

Intracare pays the required attention to and takes great care in respect of the technical and organisational forms of security for camera surveillance.

Privacy contact person

Intracare has appointed a privacy contact person. The privacy contact person supervises compliance with privacy legislation.

The privacy contact person reports directly to the managing director of Intracare.

The privacy contact person is also the contact person for all questions related to privacy and AVG, both for you as for the privacy supervisor.

You will find the contact details of the contact person at the bottom of this privacy statement.

Complaints mechanism

Intracare attaches high importance to satisfied associates and that is why we work continuously on the quality of our services. However, whenever work is carried out, mistakes can be made and misunderstandings can arise. If you are dissatisfied with our service, one of our employees or with any aspect of our organisation, we explicitly invite you to inform us of that as soon as possible. We will take your remarks very seriously and, where appropriate, together we will look for a suitable solution. We can be informed of any complaints in various ways:

a) By email, by emailing us on info@intracare.nl or

b) By telephone, by contacting us on +31 41 35 4105 or

c) In writing, by sending the complaint to Intracare B.V. Voltaweg 4, 5466 AZ Veghel.

Intracare's complaints procedure can be requested at any time or can be downloaded from Intracare's website www.intracare.nl.

Regulatory body

You always have the option of submitting a complaint to the regulatory body. The regulatory body of the privacy legislation is the Personal Data Authority (Autoriteit Persoonsgegevens). You will find the contact details of the Personal Data Authority on the website www.autoriteitpersoonsgegevens.nl

Questions

You also always have the option of asking questions about the personal data that we have processed. If you have any questions about privacy, please contact us using the contact details below.

Amendments

This privacy statement can be amended by Intracare. These changes will be announced on Intracare's website (www.intracare.nl).

Intracare can process your personal data for new purposes that are not yet mentioned in this privacy statement. In that case, we will contact you prior to using your data for these new purposes, to inform you of the changes to our privacy statement for the protection of personal data and to give you the opportunity to refuse your participation.

Contact details

If you have any questions about this privacy statement or our privacy policy or if you wish to invoke one (1) of your statutory rights, please contact us using the details below:

T: +31 (0)413 354 105

E: info@intracare.nl

W: www.intracare.nl