Skip to main content

Privacy

The Dutch version of this policy is the legally binding text. The translation below is provided for convenience; the Dutch original at /nl/privacy takes precedence in any dispute.

Privacy policy (under the GDPR, derived from EU Privacy Regulation 2016/679)

Conduction B.V. uses personal data only for the purpose for which it was stored. We do not share personal data with third parties unless that sharing is necessary for the storage purpose. We do not retain personal data longer than the storage purpose requires. We protect personal data against access by unauthorised parties using all available means and measures.

We ask our contacts for consent before storing their personal data. We inform clients of their rights regarding their personal data. We inform our contacts about the purpose of the data processing. We inform contacts when we intend to perform unusual operations on their personal data.

Risk assessment (Data Protection Impact Assessment, DPIA)

The risk we manage against is Conduction B.V. unintentionally altering, leaking, or losing information, causing harm to our external stakeholders.

Against this risk we apply the measures in this privacy policy and our ISMS, execute them, and review their effectiveness. The procedures in the privacy policy and ISMS are subject to continuous review and improvement. All staff are involved in the security procedures, in the ways described in this privacy policy and ISMS.

Risk assessment procedure

Conduction B.V. reduces the risks above by working from its privacy policy and ISMS. Every internal audit and management review includes a data-security risk assessment.

A residual risk remains outside the scope of the privacy policy and ISMS. The known residual risks for Conduction B.V. are analysed in our internal audits and management reviews. Mitigations for those risks are part of the privacy policy and ISMS, and they are managed and executed there. Residual risk consists of extreme changes in circumstances that Conduction B.V. cannot foresee. We consider those risks unavoidable. After an unforeseen incident a fresh risk assessment is performed. Any remedies are folded into the privacy policy and ISMS.

Contact

Questions about this policy or about your personal data go to info@conduction.nl. Office: Lauriergracht 14h, 1016 RR Amsterdam.