By means of this Privacy Statement, Management Drives wishes to inform all parties that come into contact with Management Drives or with the MD System about the way in which Management Drives handles the personal data of individuals, hereinafter referred to as: the ‘Data Subjects’, which data are processed by Management Drives in its capacity as Processor or Controller within the meaning of the GDPR.
Management Drives sets out the following in this Privacy Statement:
Name and contact details Management Drives:
Management Drives International B.V., Herenlaan 2, 3701 AT Zeist
Info@managementdrives.com, +31 30 635 54 00
Name en contact details Subprocessors:
1. Bitlibre B.V., Prins Mauritslaan 25, 1171 LP Badhoevedorp
2. Amazon Web Services (Frankfurt am Main)
Management Drives obtains the personal data from the Data Subjects, whether or not via an authorised third party, by the Data Subject:
Management Drives processes the personal data for the following purposes:
Management Drives is the provider of the MD System with the associated applications. Management Drives processes the personal data of Data Subjects in order to enter into or perform the agreement which is concluded, directly or indirectly, with Data Subjects. Management Drives also processes personal data if required to do so by law, because it has a legitimate interest in doing so or if permission has been given.
If a Data Subject has given Management Drives permission to process his or her personal data for certain purposes, the Data Subject may revoke this permission at any time in the same manner as it was provided by him or her.
If Management Drives collects personal data on the basis of its legitimate interest, it will ensure by means of pseudonymisation or anonymisation that the personal data cannot be traced back to the Data Subject.
In the event that Management Drives processes personal data on the grounds of its legitimate interest, the Data Subject has the right not to complete these data or to object free of charge to the processing.
Management Drives will process the following categories of personal data for the purposes described above:
Special personal data will not be processed.
If Management Drives acts as a Processor, it will apply the same retention period as the Controller, with the proviso that Management Drives has instructed the Controllers to apply a retention period of 10 years.
In the case of processing where Management Drives acts as a Controller, it will not retain the data longer than necessary for the purpose for which they were collected. Management Drives applies a retention period of 10 years in this respect. After this period the data will be destroyed by Management Drives, unless it is required to retain the data for a longer period of time in order to comply with a statutory obligation.
If the agreement between an authorised third party and the Data Subject ends, Management Drives will take over the role of Controller as data controller. From that moment, Data Subjects should address Management Drives directly. In that case, Management Drives will retain the personal data and profile reports of the Data Subjects, using the above mentioned retention period. Management Drives will take appropriate organisational and technical measures to protect the personal data of the Data Subjects.
Data of job applicants will be retained for a maximum of one month after completion of a selection procedure, unless the Data Subject has given permission for the data to be retained for a longer period or the job application results in an employment contract. In that case, the data will be deleted at the latest after 10 years, unless a statutory obligation obliges Management Drives to retain the data for a longer period of time.
Management Drives uses the following subprocessors for hosting and maintaining the MD System:
Bitlibre is a hosting provider and software developer. Management Drives uses Bitlibre’s services to manage, maintain and develop the MD system. Bitlibre is ISO 27001 certified. The data from the MD System is stored by Bitlibre in the Netherlands.
Amazon is a cloud provider that provides storage services. Management Drives uses Amazon’s services to store data from the MD System. The data from the MD System is stored by Amazon in the data centre of Amazon in Frankfurt am Main.
Amazon is committed to privacy. An overview of all privacy measures taken can be found at: https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/. In addition, Management Drives has signed a subprocessor agreement with Amazon. The subprocessor agreement between Management Drives and Amazon can be found at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf. Finally, Amazon in turn uses processors. An overview of all the processors used by Amazon can be found at: https://aws.amazon.com/compliance/sub-processors/. The agreements may be amended from time to time. Management Drives therefore recommends to check the above websites regularly.
Management Drives is a Dutch company that also operates internationally. All data processed by Management Drives, whether or not via the MD System, are processed and stored only in the data centres of its subprocessors and only in the European Economic Area (EEA).
In addition, Management Drives may share the data of Data Subjects with third parties engaged by Management Drives, such as printing firms and email and mail processors. This data is shared solely for the purpose of meeting Management Drives’ contractual obligations or for direct or indirect marketing purposes.
The following measures are taken by Management Drives to ensure the ‘availability’, ‘integrity’ and ‘confidentiality’ of the MD System in order to prevent a personal data breach.
Only authorised employees of Management Drives responsible for managing the database have access to the personal data. Employees will only have access to personal data if they have signed a non-disclosure agreement and comply with the other security regulations applied by Management Drives. Employees of Management Drives are aware of the security risks and their obligations with regard to the protection of personal data.
Management Drives works with a Clean Desk Policy which means that all papers and notes are cleared from the desks at the end of the working day. In addition, the rooms in which servers or computers with stored personal data are located can be locked.
In order to safeguard the privacy of Data Subjects, Management Drives enters into processing and other agreements with third parties who, whether or not on behalf of Management Drives, process personal data of Data Subjects.
Management Drives ensures that both internal and external audits are carried out on a frequent basis in order to demonstrate that the obligations under the GDPR are being met.
Under the GDPR, the Data Subject has the following rights:
(This is the Data Subject’s right to receive personal data and to transmit the data unhindered to another Controller or the right to request that personal data be transmitted directly to another Controller);
(This is the Data Subject’s right to be ‘forgotten’ in the MD System);
(This is the Data Subject’s right to access the personal data concerning them which are being processed);
(This is the Data Subject’s right to modify or supplement the Data Subject’s personal data which are being processed);
(This is the Data Subject’s right to have less of his or her data processed);
(This is the Data Subject’s right to human intervention in automatic decisions with legal effect);
Management Drives has adjusted its systems, processes and internal organisation to these rights so that it can respond properly, whether or not via an authorised third party, to the requests of Data Subjects.
In the event of complaints relating to the manner in which Management Drives processes personal data, the party concerned must first contact Management Drives (see above under 1. ‘General contact information’). In addition, the parties concerned have the right to submit a complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via its website: https://autoriteitpersoonsgegevens.nl/en.
Some functions on the Management Drives website are only accessible if the cookies are accepted. To the extent that cookies contain identifiable information (which means that they can be traced back to a person), the Privacy Statement of Management Drives also applies to them.
The Management Drives website and the software applications of the MD System use technical cookies. These cookies are necessary for the website and/or the MD System to operate, for example to create an account or to log in.
The Management Drives website and the MD System use functional cookies. These are used to remember personal preferences regarding whether or not to allow cookies, the country from where the Management Drives website or the MD System is visited and/or consulted, the choice of language, etc. These cookies can be used to make the use of the website and system easier.
The Management Drives website and the MD App and MD Pro App of the MD System use analytical cookies via Google Analytics. These cookies collect anonymous information about the manner in which the website and/or the MD System are used. For example, visitor statistics are collected, it is possible to see how a visitor enters the Management Drives website and see how a visitor uses the website and/or the MD System, to enable Management Drives to gain a better insight into their operation.
Management Drives has adjusted its settings in Google Analytics such that collected data is treated in a privacy-friendly manner. The identity of the visitor cannot be derived from the data collected. Google Analytics can be deactivated by downloading a tool from Google via the following link: https://tools.google.com/dlpage/gaoptout?hl=en/ .
Some cookies are automatically deleted when the web browser is closed. In some cases, the cookies must be actively deleted if they are not or no longer desired. It is possible that if cookies are deleted, certain functions or parts of the websites will no longer be accessible or functional. An explanation by the Dutch Consumers’ Association (Consumentenbond) about the removal of cookies can be found via the following link: https://www.consumentenbond.nl/internet-privacy/cookies-verwijderen.