Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

 
“Wij hebben ons privacybeleid in het Engels opgesteld, zodat het voor iedereen eenvoudig te begrijpen is.”

We are pleased that you have expressed interest in our company. The protection of data is a top priority for the management at GSM Diemen. Using the internet pages of GSM Diemen is possible without providing any personal information. However, if a user wishes to access specific enterprise services through our website, the processing of personal data may be necessary. In cases where such processing is required and there is no legal basis, we typically seek consent from the individual involved.

The processing of personal data, including the name, address, email address, or telephone number of an individual, will always comply with the General Data Protection Regulation (GDPR) and adhere to country-specific data protection regulations applicable to GSM Diemen. Through this data protection declaration, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Additionally, this declaration informs data subjects of their entitled rights.

As the data controller, GSM Diemen has implemented various technical and organizational measures to ensure the comprehensive protection of personal data processed through this website. However, it is important to note that internet-based data transmissions may, in principle, have security gaps, and absolute protection cannot be guaranteed. Therefore, every data subject is free to choose alternative means, such as by telephone, to transfer personal data to us.

1. Definitions

The data protection declaration of GSM Diemen is crafted based on the terms employed by the European legislator for the enactment of the General Data Protection Regulation (GDPR). Our objective is to make our data protection declaration clear and comprehensible for the general public, as well as our customers and business partners. To achieve this, we would like to provide an explanation of the terminology used.

In this data protection declaration, we utilize, among other terms, the following:

a) Personal data

Personal data refers to any information pertaining to an identified or identifiable natural person (“data subject”). An identifiable natural person is someone who can be directly or indirectly recognized, especially through an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing refers to any operation or set of operations performed on personal data or sets of personal data, whether or not automated. These operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing

The restriction of processing involves marking stored personal data with the goal of limiting their processing in the future. 

e) Profiling

Profiling refers to any automated processing of personal data that involves the use of such data to assess specific personal aspects related to a natural person. This may include analyzing or predicting aspects concerning the individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseuonymisation

Pseudonymisation is a data processing technique under GDPR that involves modifying personal data so that it can’t be directly linked to an individual without additional information. This additional information is kept separately and subject to security measures to prevent re-identification. Pseudonymisation allows for data analysis while safeguarding individuals’ privacy.

g) Controller or controller responsible for the processing

The controller, or controller responsible for processing, is an individual or entity, whether a natural person, legal entity, public authority, or agency. This entity, either independently or in collaboration with others, is responsible for deciding the purposes and methods of processing personal data. In cases where Union or Member State law dictates the purposes and methods of processing, the controller may be designated by Union or Member State law or through specific criteria outlined in such laws.

h) Processor

A processor is an entity, whether an individual or organization, that handles personal data on behalf of and as instructed by the controller. They operate under a data processing agreement and must comply with the terms to ensure lawful and secure data processing.

i) Recipient

A recipient is an individual or entity, including natural or legal persons, public authorities, agencies, or other bodies, to whom personal data is disclosed, whether or not they are a third party. However, public authorities receiving personal data in the context of a specific inquiry, in line with Union or Member State law, are not considered recipients. The processing of such data by these authorities must adhere to applicable data protection rules, aligning with the purposes of the processing.

j) Third party

A third party is anyone, other than the data subject, controller, processor, or those authorized by them, who processes personal data. They may be individuals, organizations, or authorities not directly involved in the immediate processing responsibilities.

k) Consent

The data subject’s consent is a clear, voluntary, specific, and well-informed expression of their wishes, indicating agreement to the processing of their personal data. This agreement can be conveyed through a statement or a distinct affirmative action.

2. Name and Address of the controller

The controller, under GDPR and other EU data protection laws, is the entity, whether a person or organization, responsible for deciding how and why personal data is processed.

GSM Diemen

 
 

3. Cookies

The GSM Diemen’s website utilizes cookies, which are text files stored in a computer system through an Internet browser.

Numerous websites and servers employ cookies, often containing a unique identifier known as a cookie ID. This ID is a distinctive character string enabling Internet pages and servers to associate with the specific browser in which the cookie is saved. This differentiation helps websites and servers recognize an individual’s browser, distinguishing it from others with different cookies. The unique cookie ID facilitates the identification of a specific Internet browser.

By utilizing cookies, GSM Diemen can offer users of its website more user-friendly services that would be challenging to provide without the cookie setting.

Cookies are employed to optimize information and offers on our website for the user. As mentioned earlier, cookies enable us to recognize website users, enhancing their experience. This recognition simplifies website usage, eliminating the need for users to enter access data each time they visit, as the website stores this information in a cookie on the user’s computer system. An illustrative example is a shopping cart cookie in an online store, where the website remembers items placed in the virtual shopping cart by the customer.

Users can block the setting of cookies on our website by adjusting their internet browser settings. Deleting already set cookies is also possible through the browser or other software programs. However, disabling cookies may affect the full functionality of our website, limiting some features.

4. Collection of general data and information

When a user or automated system accesses the GSM Diemen website, general data and information are automatically collected and stored in server log files. This includes details such as (1) browser types and versions, (2) operating system information, (3) the referring website, (4) sub-pages, (5) date and time of access, (6) IP address, (7) Internet service provider, and (8) other data relevant in the event of IT system attacks.

GSM Diemen uses general data and information collected from website visits for specific purposes, including delivering content, optimizing the website and ads, maintaining IT system viability, and providing information for law enforcement in case of cyber-attacks. The analysis is done anonymously to enhance data protection. Server log file data is kept separate from personal data provided by users.

5. Contact possibility via the website

The GSM Diemen website provides information for quick electronic contact with the company, including a general email address. When a data subject contacts the controller via email or a contact form, the voluntarily provided personal data are automatically stored. This data is stored for the purpose of processing and communicating with the data subject, and there is no sharing of this information with third parties.

6. Routine erasure and blocking of personal data

The data controller will process and store the personal data of the data subject only for the duration necessary to fulfill the intended purpose or as permitted by applicable European or other relevant legislation. If the purpose of storage no longer applies or the specified storage period expires, the personal data are routinely blocked or erased in accordance with legal requirements.

7. Rights of the data subject

a) Right of confirmation

Every data subject has the right, as granted by European legislation, to confirm whether their personal data is being processed by the controller. If a data subject wishes to exercise this right, they can contact any employee of the controller at any time.

b) Right of access

European legislation grants every data subject the right to obtain, free of charge, information about their stored personal data and a copy of that information from the controller. Additional details, as outlined in relevant directives and regulations, are also accessible to the data subject.

  1. The purposes of the processing
  2. Categories of personal data involved
  3. Recipients or categories of recipients, especially in third countries
  4. Envisaged storage period or criteria for determination
  5. Right to rectification, erasure, or objection to processing
  6. Right to lodge a complaint with a supervisory authority
  7. Source of personal data if not collected from the data subject
  8. Existence of automated decision-making, including profiling, with relevant details

Additionally, the data subject has the right to know if personal data is transferred to a third country or international organization, along with information about appropriate safeguards. To exercise this right, the data subject can contact any employee of the controller at any time.

c) Right to rectification

Data subjects have the right, under European legislation, to promptly correct inaccurate personal data held by the controller. They can also request the completion of incomplete data by providing additional information, considering the processing purposes.

To exercise the right to rectification, a data subject can contact any employee of the controller at any time.

d) Right to erasure (Right to be forgotten)

Data subjects, under European legislation, have the right to prompt erasure of their personal data from the controller. The controller is obligated to erase the data without undue delay if one of the specified grounds applies and processing is not deemed necessary.

Personal data can be erased without undue delay when:

  1. The data are no longer necessary for the original processing purposes.
  2. The data subject withdraws consent, and there is no other legal basis for processing.
  3. The data subject objects, with no overriding legitimate grounds, or objects under specific circumstances.
  4. The personal data have been unlawfully processed.
  5. Erasure is required for compliance with a legal obligation in Union or Member State law.
  6. The data have been collected in the context of information society services per Article 8(1) of the GDPR.

    If any of the mentioned reasons apply, and a data subject wants to request the erasure of personal data stored by GSM Diemen, they can contact any employee of the controller at any time. An employee of GSM Diemen will promptly ensure that the erasure request is immediately complied with.

    When the controller must erase publicly disclosed personal data, they must inform other controllers about the data subject’s erasure request, taking into account technology and implementation costs. This involves removing links to, or copies of, the personal data, as long as processing is not required. GSM Diemen  employees will handle these measures as needed in individual cases.

    e) Right of restriction of processing

    Data subjects have the right, as granted by the European legislator, to obtain from the controller a restriction of processing in the following cases:

    1. The accuracy of personal data is contested by the data subject, allowing the controller to verify accuracy.
    2. The processing is unlawful, and the data subject opposes erasure, requesting instead the restriction of their use.
    3. The controller no longer needs the personal data, but the data subject requires them for legal claims.
    4. The data subject has objected to processing under Article 21(1) of the GDPR pending verification.

    If any of these conditions are met and a data subject wants to request the restriction of processing by GSM Diemen, they can contact any employee of the controller. GSM Diemen employees will then arrange the restriction of processing.

    f) Right to data portability

    Every data subject, as granted by the European legislator, has the right to receive their personal data provided to a controller in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance, provided the processing is based on consent or a contract and is carried out by automated means, excluding public interest tasks or official authority.

    Additionally, when exercising the right to data portability, the data subject can request direct transmission of personal data from one controller to another, where technically feasible and without adversely affecting the rights and freedoms of others.

    To assert the right to data portability, the data subject can contact any employee of GSM Diemen at any time.

    g) Right to object

    Data subjects, as per European legislation, can object to the processing of their personal data, including profiling, based on Article 6(1)(e) or (f) of the GDPR. GSM Diemen will halt processing unless compelling legitimate grounds override the data subject’s interests or for legal claims.

    For direct marketing purposes, the data subject can object at any time, leading GSM Diemen to cease processing the personal data for such purposes.

    In cases of processing for scientific, historical research, or statistical purposes, the data subject can object unless it’s necessary for reasons of public interest.

    To object, the data subject can contact any GSM Diemen employee. Additionally, for information society services, the data subject can use automated means to exercise their right to object.

    h) Automated individual decision-making, including profiling

    Every data subject has the right, under European legislation, not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects or significantly affects them, except when:

    1. It is necessary for entering into or performing a contract.
    2. Authorized by Union or Member State law with suitable measures to protect rights and freedoms.
    3. Based on the data subject’s explicit consent.

    In cases where it is necessary for a contract or based on explicit consent, GSM Diemen will implement measures to safeguard the data subject’s rights, including the right to human intervention, expressing their point of view, and contesting the decision.

    To exercise these rights, the data subject can contact any GSM Diemen employee at any time.

    i) Right to withdraw data protection consent

    Data subjects, according to European legislation, have the right to withdraw their consent to the processing of personal data at any time. To exercise this right, the data subject can contact any GSM Diemen employee at any time.

    8. Data protection for applications and the application procedures

    The data controller processes personal data from job applicants for the application procedure, including electronic processing for documents submitted via email or web forms. If an employment contract is formed, the data is stored as required by law. If no contract is established, application documents are automatically deleted two months after notifying the applicant, unless other legitimate interests, like evidence for a General Equal Treatment Act (AGG) procedure, justify retention.

    9. Data protection provisions about the application and use of Facebook

    The website includes Facebook components, enabling social networking features. Facebook, Inc. is the operating company, and for users outside the U.S. or Canada, Facebook Ireland Ltd. is the controller. When users access website pages with Facebook components, information is sent to Facebook about their specific activity, especially if they are logged in. Facebook receives data even if the user doesn’t interact with the Facebook component. Users can prevent this by logging out of their Facebook account before visiting the website. Facebook’s data protection guidelines (https://facebook.com/about/privacy/) provide details on data collection and offer privacy settings for users to control data transmission.
     

    10. Data protection provisions about the application and use of Google AdSense

    The website uses Google AdSense, an online service for displaying ads on third-party sites. Operated by Alphabet Inc., AdSense employs an algorithm for targeted ads based on user profiles. AdSense places cookies on users’ devices to analyze website usage and facilitate ad display. This involves data transmission to Alphabet Inc., including IP addresses, for ad collection and analysis. Users can prevent cookie setting through browser adjustments. Tracking pixels embedded in web pages enable visitor and click analysis. Personal data is processed in the U.S., and Alphabet Inc. may share it with third parties. Learn more at https://www.google.com/intl/en/adsense/start/.

     

    11. Data protection provisions about the application and use of Google Analytics (with anonymization function)

    The website utilizes Google Analytics, a web analytics service provided by Google Inc., to analyze visitor behavior and optimize the site. Google Analytics collects data about the website’s traffic, including referrers, sub-pages visited, and duration of views. The IP address is anonymized for users in the EU and EEA member states.

    Google Analytics places a cookie on the user’s device, storing information such as access time, location, and frequency of visits. This data, including the IP address, is transmitted to Google in the U.S., and may be shared with third parties. Users can prevent cookie setting by adjusting their browser settings and may also use a browser add-on to opt-out of data collection by Google Analytics.

    For more details and Google’s privacy policies, visit https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/analytics/terms/us.html. Further information on Google Analytics is available at https://www.google.com/analytics/.

    12. Data protection provisions about the application and use of Google+

    The website includes the Google+ button, a social network component provided by Google Inc. With each visit to a page containing the Google+ button, the browser automatically loads the button, and Google becomes aware of the specific sub-page visited by the user. If the user is logged into Google+, Google identifies the visited sub-pages throughout the visit.

    Clicking the Google+ button enables the user to give a Google+ 1 recommendation, associating it with their Google+ account and storing the data publicly. The recommendation, along with the Google+ account name and stored photo, is processed on various Google services and may be linked to other personal data stored on Google. Google uses this information to enhance its services.

    If users do not wish to transmit personal data to Google, they can prevent this by logging out of their Google+ account before visiting the website. For more details and Google’s privacy policies, visit https://www.google.com/intl/en/policies/privacy/. Additional information about the Google+ 1 button can be found at https://developers.google.com/+/web/buttons-policy.

    13. Data protection provisions about the application and use of Google-AdWords

    The website uses Google AdWords, an Internet advertising service by Google Inc., to display ads on Google search results and its advertising network. Advertisers define keywords, and relevant ads are displayed based on user searches. Google AdWords aims to promote the website by placing ads on third-party sites and in Google search results.

    When a user reaches the website via a Google ad, a conversion cookie is stored on their device for 30 days. This cookie, not used for identification, checks if specific sub-pages, like a shopping cart, were visited, helping track sales generated through AdWords ads. Google utilizes this data to create visit statistics, optimizing future ads’ success. No personally identifiable information is shared with Google or other advertisers.

    The conversion cookie stores information, including visited pages, and transmits personal data, including the IP address, to Google in the United States. Users can prevent cookie setting and delete Google AdWords cookies via browser settings. To opt out of interest-based ads, users can adjust settings at www.google.de/settings/ads.

    For more information and Google’s privacy policies, visit https://www.google.com/intl/en/policies/privacy/.

    14. Data protection provisions about the application and use of Instagram

    The website incorporates components of the Instagram service, allowing users to share photos and videos. Instagram’s operating company is Instagram LLC, located in Menlo Park, CA, USA.

    When a user visits a page with the integrated Instagram component, the browser is prompted to download the Instagram display. Instagram identifies the specific sub-page visited. If the user is logged in on Instagram, the platform tracks their activity on our site, associating it with their Instagram account. Clicking an Instagram button stores this information and associates it with the user’s Instagram account.

    Instagram receives data about the user’s visit to our website if logged in on Instagram, regardless of button interaction. To prevent this, users can log out of their Instagram account before visiting our site.

    For more details and Instagram’s privacy policies, visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

    15.Data protection provisions regarding the application and use of Twitter.

    The website incorporates Twitter components, allowing users to publish and share tweets. Twitter, Inc., located at 1355 Market Street, San Francisco, CA, USA, operates Twitter.

    When a user visits a page with the integrated Twitter component, the browser is prompted to download the Twitter display. Twitter identifies the specific sub-page visited. If the user is logged in on Twitter, the platform tracks their activity on our site, associating it with their Twitter account. Clicking a Twitter button stores this information and associates it with the user’s Twitter account.

    Twitter receives data about the user’s visit to our website if logged in on Twitter, regardless of button interaction. To prevent this, users can log out of their Twitter account before visiting our site.

    For more details and Twitter’s privacy policies, visit https://twitter.com/privacy?lang=en.

    16. The legal basis for the processing

    Article 6(1) lit. a of the GDPR serves as the legal basis for processing operations requiring specific consent. When processing personal data is necessary for a contract, Article 6(1) lit. b is the basis. The same applies to pre-contractual measures, like product inquiries. If legal obligations, such as tax requirements, mandate data processing, Article 6(1) lit. c is the basis. In rare cases, processing may be necessary to protect vital interests, based on Article 6(1) lit. d. Article 6(1) lit. f is used for processing not covered by the above, if it serves legitimate interests, unless overridden by the data subject’s rights and freedoms. This is recognized, especially if the data subject is a client (Recital 47 Sentence 2 GDPR).

    17. The controller’s or a third party’s pursued legitimate interests.

    When processing personal data under Article 6(1) lit. f of the GDPR, our legitimate interest is to operate our business in the best interest of our employees and shareholders.

    18. Specify the duration for which the personal data will be retained.

    Personal data is stored according to legal retention periods and is routinely deleted once these periods expire, unless continued storage is necessary for contract fulfillment or initiation.

    19. Providing personal data is mandatory based on legal or contractual obligations. Failure to do so may prevent entering into a contract, and the responsibility to provide data rests with the data subject, with potential consequences specified in relevant laws or contracts.

    Providing personal data is either legally required (e.g., tax regulations) or contractually necessary (e.g., for contract fulfillment). The data subject must contact an employee to understand if providing data is obligatory, the reasons, and consequences of not providing data before entering a contract.

    20. We do not use automated decision-making processes, including profiling, with legal or significant effects on individuals.

    As a responsible company, we refrain from using automated decision-making or profiling.

     
 
× Whatsapp Ons Direct