Privacy Policy

INTRODUCTION

We understand the importance of handling your personal data with care when we, DIANA FEA B.V. (DIANA FEA or we) process it while providing our services including the provision of the DIANA software. In this privacy statement, we will set out in general terms how we process your personal data. In this context, personal data mean any data that directly or indirectly identifies a natural person. Should it be necessary to inform you specifically of any issues, we will do so with reference to this privacy statement.

Controller

We are responsible for the processing activities described in this privacy statement. Indeed, for these activities, we determine the purposes and means of processing. We always process personal data in accordance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR).

Categories of people

We process the personal data of the following categories of individuals:

  1. Customers – persons who are (potential) customers and persons employed by (potential) customers.
  2. Suppliers – persons from whom we purchase products or services and persons employed by (potential) suppliers.
  3. Website visitors – individuals who visit the website https://dianafea.com
  4. Applicants – individuals who are looking for a job or individuals who actually apply for a job at DIANA FEA.
  5. Employees – individuals who work or have worked at DIANA FEA.
  6. Third parties – persons whose personal data appears in our files; other persons with whom we have contact.

Minors

In general, we do not provide our services to persons under 18 years of age and do not knowingly process personal data of these minors. If we become aware that we have (inadvertently) processed the personal data of minors, we will take appropriate measures, such as requesting permission from parents or guardians or deleting the data immediately.

Categories of personal data

Customers

From customers we process – as far as reasonably necessary – the following data:

  1. Contact details: name, address, gender, e-mail address, signature, job title, title, telephone number, Chamber of Commerce number, VAT number, bank account number, unique identification number (case number) and nationality.
  2. Details of the services: information about the services.
  3. Invoicing data: data for the purpose of calculating and recording fees, income and/or expenses, collecting and making payments and collecting claims.
  4. Other data: data whose processing is required by applicable laws or regulations or data that customers provide us with on their own initiative, such as the field of business and expertise.

Suppliers

From suppliers we process – as far as reasonably necessary – the following data:

  1. Contact details: name, address, gender, e-mail address, signatures, job title, title, telephone number, Chamber of Commerce number, VAT number, bank account number, unique identification number (case number) and nationality.
  2. Order data: data about our suppliers’ services such as order data, data for the purpose of calculating and recording fees, income and/or expenses, collecting and making payments and collecting claims.
  3. Other data: (in some cases) certificate of good conduct and identity card data, data whose processing is required by applicable laws or regulations or data that suppliers provide us with on their own initiative.

Website visitors

From website visitors we process – as far as reasonably necessary – the following data:

  1. Communication data: data from the equipment used to visit the website, such as the IP address and the software used.
  2. Technical data: data for the purpose of identifying and communicating with website visitors or data recorded to keep track of our website visitor statistics.

Applicants

From job applicants we process – as far as reasonably necessary – the following data:

  1. Contact details: name, address, e-mail address, job title, title, telephone number, nationality, date of birth, place of birth and gender.
  2. Background information: CV/Resume, academic and professional qualifications and history (including courses, internships, experience and previous employment), education, (in some cases) certificate of good conduct and application date.
  3. Other data: data that we collect from a public source, data whose processing is required by applicable laws or regulations or data that applic

Employees

From employees we process – as far as reasonably necessary – the following data:

  1. Contact details: name, address, e-mail address, job title, title, signature, telephone number, nationality, date of birth, place of birth and gender, photo, copy passport, emergency contact details and unique identification number.
  2. Background information: CV/Resume, academic and professional qualifications and history (including courses, internships, experience and previous employment), education, (in some cases) certificate of good conduct and hiring date.
  3. Payroll (and fiscal) data: salary related information, payslips, bank account number including a copy of a bank card, social security number and wage tax form.
  4. Other data: data that we collect from a public source, data whose processing is required by applicable laws or regulations or data that emplo

Third parties

From third parties, we process – as far as reasonably necessary – the following data:

  1. Contact details: name, address, gender, e-mail address, job title, title, telephone number, Chamber of Commerce number, VAT number, bank account number, unique identification number, and nationality.
  2. Other data: data that we receive from customers or third parties or collect from a public source, data whose processing is required by applicable laws or regulations, or data that third parties provide to us on their own initiative.

Obtaining personal data

We may obtain your personal data in three ways.

  1. From you or your employer. We use data that you or your employer actively provide to us, for example, when you contact us to obtain information about our services.
  2. Automatically obtained. We obtain some information about you in an automated way. For example, when you visit our website, we automatically obtain information about you via cookies.
  3. Third-party sources. We also obtain information about you from third parties. For example, we may request information about you or your company from public sources, such as the Chamber of Commerce Trade Register, or through social media platforms

Lawful basis and purposes

There are six possible lawful bases to process your personal data.

  1. Performance of a contract. If it is necessary for the performance of a contract with you, we may process your personal data for this purpose.
  2. Legal obligation. If it is necessary to comply with a legal obligation, we may process your personal data for this purpose.
  3. Legitimate interest. If it is necessary to process personal data about you for our or other legitimate interests, and those interests outweigh your interests or fundamental rights, we may process your personal data.
  4. Vital interest. If it is necessary to process personal data about you to protect your vital interest, we may process your personal data.
  5. Public interest. If it is necessary to process personal data about you for the performance of a task carried out in the public interest, we may process your personal data.
  6. Consent. In principle, if the aforementioned bases do not apply, we may only process your data if you have given us your consent.

 

Of the six possible lawful bases, we generally process your personal data on four bases (i.e. performance of a contract, legal obligation, legitimate interest and consent).

Customer

If you are a customer of ours, we may process your personal data for the following purposes:

Purpose

Performance of a contract to provide services.

Basis

Performance of a contract

Calculating and recording income and/or expenses, collecting and / or making payments.

Performance of a contract / Legitimate interest

Improving our products and services

Legitimate interest

Enforcing our rights and risk management.

Legitimate interest

Complying with our legal and regulatory obligations.

Legal obligation

Supplier

If you are a supplier to us, we may process your personal data for the following purposes:

Purpose

Making orders or purchasing services.

Basis

Performance of a contract/ Legitimate interest

Calculating and recording income and/or expenses, collecting and / or making payments.

Performance of a contract / Legitimate interest

Maintaining contacts.

Legitimate interest

Enforcing our rights and risk management.

Legitimate interest

Complying with our legal and regulatory obligations.

Legal obligation

Website visitor

If you are a website visitor, we may process your personal data for the following purposes:

Purpose

Keeping our website functioning.

Basis

Legitimate interest

Marketing activities such as sending newsletters and invitations to events.

Consent

Offering relevant information.

Legitimate interest/ Consent

Complying with our legal and regulatory obligations.

Legal obligation

Applicant

If you are an applicant for employment, we may process your personal data for the following purposes:

Purpose

Assessing applicant’s suitability for available position or open application.

Basis

Performance of a contract/ Legal obligation/ Legitimate interest

Retaining application documentation for longer  than 4 weeks and verifying references.

Consent

Complying with our legal and regulatory obligations.

Legal obligation

Employee

If you are an employee we may process your personal data for the following purposes:

Purpose

Fulfilling our obligations as employer

Basis

Performance of a contract/ Legal obligation/ Legitimate interest

Enforcing our rights and risk management.

Legitimate interest

Complying with our legal and regulatory obligations.

Legal obligation

Third party

 If you are a third party, we may process your personal data for the following purposes:

Purpose

Allowing access to our office.

Basis

Legitimate interest

Marketing activities such as sending newsletters and invitations to events.

Consent

Offering relevant information.

Legitimate interest/ Consent

Organising events.

Legitimate interest/ Consent

Enforcing our rights and risk management.

Legitimate interest

Complying with our legal and regulatory obligations.

Legal obligation

Sharing of personal data

We will only share your personal data with trusted third parties if they need this personal data to provide their services. We will ensure that your data is only used in a manner similar to, or for a purpose similar to, the purpose for which it was collected, and only in accordance with this privacy statement and any legal obligations.

We may share your personal data with the following parties:

  1. Persons working for us, either directly or indirectly, and involved in the processing.

  2. Persons working for any of our suppliers (incl. subcontractors or service providers) involved in the processing, such as hosting and payment providers.

  3. Persons working for the customer who has engaged our services.

  4. Persons working for competent authorities, if required by law, such as supervisory authorities,

    enforcement agencies and courts.

Security

We use various appropriate technical and organisational measures to ensure data security, including protection against a breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, such data. In doing so, we take into account the state of the art, implementation costs, the nature, scope, context and purposes of the processing, as well as the risks the processing poses to you. The persons working for us are, of course, bound by confidentiality and must comply with our instructions aimed at protecting your personal data.

Cookies on our website

Cookies are small text files placed on your computer, laptop, tablet, smartphone or other internet- enabled device. These cookies can be stored and read through your web browser. After a cookie is placed, your device can be recognised as long as you use the same web browser and as long as the cookie is not deleted. This makes it possible, for example, to click back to the previously visited web page. Cookies can also be used to analyse browsing behaviour. Besides cookies, similar techniques may also be used, such as web beacons (also called “tags”), HTML5 Local Storage and Local Shared Objects (LSOs, also called “flash cookies”), and embedded scripts (also called “Javascripts”).
We have a cookie banner on our website informing you about our cookies and allowing you to select your cookies preferences.

Necessary cookies
Necessary cookies are required to enable the basic features of this site, such as providing secure log- in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.


Analytical cookies
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance
Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

Transfer to countries outside the EEA

We may transfer your personal data to parties processing your personal data outside the European Economic Area (EEA). Transfer of your personal data to a country outside the EEA can be legitimised primarily on the basis of a so-called adequacy decision. This is a decision in which the European Commission declares that, for example, a certain country provides a comparable level of data protection to the GDPR.

If and to the extent we share personal data with parties in countries outside the EEA to which no adequacy decision applies, we will only transfer your personal data if the recipient provides appropriate safeguards and you have enforceable rights and effective remedies.

Storage of personal data

In principle, we do not store your personal data for longer than necessary to fulfil the purposes described in this privacy statement.

However, we may need to keep your personal data for longer because it is necessary to comply with a legal obligation. For example, we need to keep certain personal data for a period of at least 7 years after the end of a fiscal year.

Privacy rights

In certain cases, you have the right to view and change the personal data that we have collected from you. You have, in certain cases, also the right to object to the processing of your personal data and you can also ask us to limit the processing of your personal data, delete your data or transfer your
data to another party. In order to exercise any of your privacy rights as to personal data controlled by us, please send a request to us and indicate that it concerns a personal data request.

Exercising the above privacy rights is in principle free of charge and can be done by e-mail, post or telephone using the contact details provided below. We will provide you with information on the action taken on your request without undue delay and, in principle, within one month of receiving the request. If the exercise of a privacy right is clearly unfounded or excessive, in particular due to its repetitive nature, we will charge you a reasonable fee or refuse to comply with the request. We may also ask you for certain additional information to help us confirm your identity before complying with such a request.

Right to make a complaint

You have the right to make a complaint with a supervisory authority at any time. We refer you to this webpage for an overview of the supervisory authorities and their contact details. In the Netherlands, this is the Personal Data Authority. We prefer to deal with your complaint ourselves first before referring you to the supervisory authority. Therefore, please contact us, in particular if you have a complaint about the way we handle your personal data, so that we can try to resolve the issue.

Contact details

DIANA FEA B.V.
info@dianafea.com
Thijsseweg 11
2629 JA Delft
The Netherlands

Other

If we refer to websites, whether or not via hyperlinks from other parties, we are not responsible for the content of those websites or the services of those parties, or how they process your personal data.
Please note that we may make changes to this privacy notice from time to time. Where appropriate, we will notify you of such updates. The current version is always available on our website https://dianafea.com. This privacy notice was last amended on 06-09-2023.