The purpose of this Policy is to inform about how Parcom Capital Management B.V. (Parcom) processes personal data. The processing of personal data means the saving, sharing, sending and other use of such data. Parcom seeks to: (a) ensure the security and confidentiality of personal data; (b) protect against any anticipated threats or hazards to the security or integrity of such personal data; and (c) protect against unauthorized access to or use of such data.
The scope of this policy is limited to personal data. Personal data is any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Examples: address, credit card number, identity document, photos, bank statements, and bank account numbers (not limitative).
1.3 Guidance Principles
Parcom follows the following principles:
Parcom shall maintain the confidentiality of personal data acquired. Parcom shall not disclose this information to other persons inside or outside Parcom, except to persons who have a bona-fide business need to know the information in order to serve the business purposes of Parcom and in accordance with this Policy.
- Collecting personal data
Parcom collects personal information in the course of its business, as part of its business contacts and when a person engages in a (potential) business relationship with Parcom. Personal data may only be collected when a person has given its consent, and for the explicit and legitimate purposes known to the individual involved.
The personal information that Parcom processes includes:
- Basic information, such as (full) name(s), the company a person works for, title or position;
- Contact information, such as postal address, email address and phone number(s);
- Financial information, such as payment-related information;
- Identification and background information provided by a person;
- Any other information which a person may provide to Parcom.
- Processing personal data
Personal data shall only be processed when there are explicit and legitimate purposes for doing so, such as the performance of a contract or compliance with legal and regulatory obligations. Where necessary, personal information may be shared with regulatory authorities, courts, government agencies and law enforcement agencies to comply with legal or regulatory requirements. Parcom will use its reasonable endeavours to notify the individual involved in advance, unless Parcom is legally restricted from doing so.
Parcom does not sell or otherwise make personal information commercially available to any third party.
- Retention and Old data
Personal data are held in accordance with Parcom’s Record Retention Policy, which specifies the appropriate retention period for various categories of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, good practice and Parcom’s business purposes. Personal data that are no longer required to be maintained are shredded.
- Information systems
Parcom’s information systems, including hardware, software and network components and design, are established and maintained in order to protect and preserve personal data from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
- Passwords and access
Personal data are maintained, to the extent possible, in computer files that are protected against access by means of a password system or are otherwise secured against unauthorized access. Access to certain databases and files may be given only to persons who have a bona-fide business need to access such information.
- System failures
Parcom maintains appropriate programs and controls (which may include anti-virus protection and firewalls) to detect, prevent and respond to attacks, intrusions or other systems failures.
- Incident Reporting
In case of any incident regarding personal data, such as identity theft, hacking, loss of personal data or wrongly addressed material e-mails, also referred to as a data leakage (datalek) Parcom and, if legally required, the Authority for the Protection of Personal Data (Autoriteit Persoonsgegevens) and the personal data shall be informed promptly.
- Rights of data subjects
The European Union’s General Data Protection Regulation and other applicable data protection laws provide the following rights for data subjects:
- A person is entitled to request details of the information Parcom holds about him/her and how Parcom processes it;
- A person may also have a right in accordance with applicable data protection law to have its personal information rectified or deleted, to restrict the processing of that information, to stop unauthorised transfers of the personal information to a third party and, in some circumstances, to have personal information transferred to another organisation;
- A person may also have the right to lodge a complaint in relation to Parcom’s processing of a person’s personal information with a local supervisory authority; and
- A person may request Parcom that any personal data that Parcom holds of him/her will be shredded or removed; when this is not possible or when it is unlawful to do so, this will be clearly explained (“right to erasure, right to be forgotten”).
Contact e-mail address: firstname.lastname@example.org