Privacy policy
Introduction
On 25 May 2018, the General Data Protection Regulation (abbreviated as and hereinafter referred to as “GDPR”) became applicable. We, INSPECT2gether, have conceived our policies to be in accordance with the GDPR. In this Privacy Policy, INSPECT2gether describes the principles it applies when processing personal data. The scope of this Privacy Policy is limited to the processing of personal data in relation to the performance of online services by INSPECT2gether.
Our Objective
INSPECT2gether (www.inspect2gether.com, hereinafter referred to as the “Website”) is an online service platform that facilitates the sharing of auditing activities among manufacturers at a supplier commonly used by these manufacturers for either different or the same purposes (the “Shared Audit”). The objective of this Privacy Policy is to describe the type of personal information and data that we gather from you, being either a customer of INSPECT2gether or a visitor of our Website. We also describe in this Privacy Policy why we process your personal data and based on what legal grounds, with whom we share your personal data and our obligations regarding your personal data that we manage and control.
Who is INSPECT2gether?
INSPECT2gether is the trade name of the Dutch limited liability company Biotech Eureka B.V., having offices at Weidemolen 14 at (2211 PW) Noordwijkerhout, the Netherlands.
INSPECT2gether operates as the ‘Data Controller’ for personal data gathered from and processed on the Website and within our company. If you have questions or wish to raise a complaint with us regarding how we have handled your personal data, you can email our Data Privacy Officer at info@inspect2gether.com, who will respond within 3 business days.
By ‘Data Controller’ we mean that INSPECT2gether determines the purpose and means of the processing of your personal data. INSPECT2gether also determines which party processes personal data on behalf of INSPECT2gether; such a party is referred to as the ‘Processor’.
INSPECT2gether has entered into a data processing agreements with any Processor it involves in its services, as detailed below under the header “Who do we share your personal data with?”, setting out the (mutual) responsibilities of the Processor and INSPECT2gether in the processing of your personal data.
What personal information do we gather from you?
The Website allows users to browse its content and for users to become a member. A membership to INSPECT2gether permits simplification and synchronization of audit-scheduling activities between manufacturers and suppliers (a “Membership”, and each entity / person benefitting from a Membership referred to as “Member”). To become a Member (either as a supplier or a manufacturer), we need to process basic personal data from you, as set out below.
For Manufacturers:
The unique ID, name, address, zip code, city and country in which the manufacturer operates, type of membership you elect, phone number, email address and website.
For Suppliers:
The unique ID, name, address, zip code, city and country in which the supplier operates, phone number, email address and website.
This is information provided by you directly to us during the Membership process. In addition, any forms that you fill out or information provided over the phone or via email, for example, surveys and requests, may contain personal data and this data is gathered by our system and stored by it for processing so as to support the membership processes. If you use our Website, we do capture your IP address. This allows us to provide certain geographical insight.
Why do we process your personal information?
INSPECT2gether only shares your personal data with other Members if such benefits the purpose of Shared Audits. The purpose of Shared Audits is to facilitate and coordinate the scheduling of auditing activities at suppliers that are used by multiple manufacturers. INSPECT2gether shares such personal data that is minimally required to fulfill such purpose.
In practice, this means that INSPECT2gether processes your personal data to:
1. complete the customer Membership application process;
2. undertake the appropriate billing processes;
3. address your questions and follow-up or contact you in case there are issues
with or questions about our service;
4. keep you informed of potential Shared Audits on the basis of audit slots made
available by suppliers;
5. appoint a ‘lead contact’ responsible to schedule the audit agendas;
6. efficiently undertake other services related matters on your behalf like
coordination of a Third Party Auditor who will perform the Shared Audit.
7. Processing your movements within our website so as to better understand how to
optimize our web environment for the future and to make it more user friendly
for you.
We will not process your personal data for other reasons than those listed except for reasons related to public, governmental, compliance-related, statutory, legal claims, medical care, personal emergencies or other legitimate interests or obligations placed on our organization by authorized parties.
The legal basis for processing your personal data is one or more of the following grounds:
- You have provided consent to the processing of your personal data for the purpose to operate Shared Audits (article 6.1 (a) GDPR), but note that you may withdraw such consent any time;
- Processing is necessary for the performance of a contract to which you are a party or in order to take steps prior to entering into a contract upon your request (article 6.1 (b) GDPR), so it is not a statutory requirement and you are of course by no means obliged to conclude such contract;
- Processing is necessary for the legitimate interest of INSPECT2gether, consisting of the operation of its online platform facilitating Shared Audits (article 6.1 (f) GDPR).
Who do we share your personal data with?
INSPECT2gether does not sell or provide in any way any of your personal data to third parties.
We will share your personal data that you provided to us (with your approval as part of the confirmed Shared Audit process) with other Members. These are companies that are trusted and have approved and confirmed membership behavior as set forward in our Service Level Agreement and Non-Disclosure Agreement. They are not allowed to process your information for their own purposes.
We do provide your personal data, upon your approval, to outside companies that we partner with for Third Party Audit support. We also provide the personal information such as email campaigns to you Each of these vendors processes your personal information on our behalf and we have concluded data processing agreements with these parties, requiring appropriate technical and organizational measures to ensure the safety of your personal data.
INSPECT2gether takes privacy and security pledge seriously and so do the companies that we work with in these matters.
Privacy by default
INSPECT2gether bases all data processing activities on the principles of privacy by design and privacy by fault.
Privacy by design means that INSPECT2gether will take into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms and shall both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR.
Privacy by default means that INSPECT2gether, as a Data Controller, shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the Member's intervention to an indefinite number of natural persons.
INSPECT2gether applies the principles of privacy by design and privacy by default as follows.
Data minimization
INSPECT2gether will only process personal data during a Membership in as far as this is necessary based on the goals of the Shared Audit or on a legal obligation to process that personal data. INSPECT2gether will ensure to only process the personal data in as far as there is a legal basis to do so.
Principle of lawfulness, fairness and transparency
INSPECT2gether is transparent about the functions and processing of the personal data of Members for the planning, coordination and scheduling of a Shared Audit and INSPECT2gether provides information about these activities to its Members. INSPECT2gether will also inform its Members about the possibility to contact its ‘Data Privacy Officer’.
Principle of integrity and confidentiality
Access to personal data will be provided on a need-to-know basis. In principle, a minimum in contact details of Members are shared strictly for the purpose of organization, coordination and scheduling of Shared Audits.
Principle of storage limitation
For Members, INSPECT2gether stores and processes its personal data for as long as the Member is a Member and for an additional term of seven years after the date that the Membership has ended, pursuant to registration and tax obligations by law.
Principle of purpose limitation
INSPECT2gether only processes personal data on the lawful bases as described in this Privacy Policy.
Security and Integrity
We have put in place industry standard, appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, disclosed or destroyed. We also work to ensure and maintain the accuracy and reliability of your personal data. INSPECT2gether secures your personal information from unauthorized access, use or disclosure.
INSPECT2gether secures the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
We use security procedures and business systems to limit your personal data to any Processor, who has a business need to know and who is bound by appropriate contractual arrangements. Processor will only process your personal data on our instructions and is subject to a duty of confidentiality.
Likewise, we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. If a personal data breach is likely to result in a high risk to a compromise your rights, we shall communicate the personal data breach to you without undue delay.
If any of our Processors suspects any possible breach in your personal data, such Processor will first notify us within 48 hours after its discovery. A ‘breach’ is (i) any unauthorized or unintended access, modification, deletion or loss, or any kind of unlawful processing of your personal data, or (ii) any breach (or reasonable suspicion thereof) of the security and/or confidentiality that will lead to destruction, loss, modification, unlawful disclosure or access to personal data, or any indication that a breach is likely to occur or has occurred.
Regarding cookies and other web tracking technologies
For details concerning our cookies we refer to our cookies statement.
Is your personal data moved outside of the EU?
INSPECT2gether will not transfer any personal data without your approval or without a business purpose approved by you.
How long do we store your personal data for?
For Members, we will process your personal information in our active systems for as long as you are an active customer plus seven years. This is due to accounting requirements that we are required to adhere to. For those that aren’t Members, we process your personal information, including IP addresses, for three years since your last visit to our site or since your last contact with our company before your information is deleted.
Can you request and change personal information?
Can you request to see what personal information INSPECT2gether stores about you? And can you modify if it is incorrect? Can you ask INSPECT2gether to delete your personal information? Or halt processing of that information about you?
Absolutely. Of course, we have to confirm your identity first prior to providing access to your personal information. Once that confirmation process has been completed, we will be happy to share the information that we have concerning you.
You will receive notice of receipt of your request as soon as possible. You will receive a material response to your request within one month. We may extend this term with one month if needed, provided we have informed you thereof in a timely manner.
What are your rights under law?
You are granted the following under EU law regarding how INSPECT2gether processes your personal information.
Access: you have the right to obtain from INSPECT2gether a confirmation as to whether or not personal information concerning you are being processed, and, when such is the case, access to the personal information and the following information:
1. the purposes of the processing;
2. the categories of personal information concerned;
3. the recipients or categories of recipient to whom the personal information is or will be disclosed, in particular recipients in third countries or international organizations;
4. where applicable, the fact that personal information is to be transferred to third countries;
5. where possible, the envisaged period for which the personal information is or will be stored, or, if not possible, the criteria used to determine that period;
6. the existence of the right to request from the INSPECT2gether rectification or erasure of personal information or restriction of processing of personal information concerning the Data Subject or to object to such processing;
7. the right to lodge a complaint with a supervisory authority, such as the ‘Autoriteit Persoonsgegevens’;
8. in the event that the collected personal information is not originating from you, any available information as to its source;
9. the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Rectification, amendment: You have the right to obtain from INSPECT2gether, without undue delay, the rectification of inaccurate personal information concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal information completed, including by means of providing a supplementary statement.
Deletion: You have the right to obtain from INSPECT2gether the erasure of personal information concerning you without undue delay and INSPECT2gether shall have the obligation to erase personal information without undue delay where one of the following grounds applies:
1. the processing of the personal information is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. you withdraw consent, in case the processing of such is based on your permission, and where there is no other legal ground for the processing;
3. you object to the processing pursuant and there are no overriding legitimate grounds for the processing;
4. the personal information is unlawfully processed;
5. the personal information is to be erased for compliance with a legal obligation in the European Union or a Member State of such Union law to which INSPECT2gether is subject;
6. the personal information has been collected for the performance of a contract to provide services while you are not aged 16 or above.
Right to restriction of processing:
You have the right to obtain restriction of Processing when:
1. you contest the accuracy of the personal information, for a period enabling INSPECT2gether to verify the accuracy of the personal information
2. the processing is unlawful and you oppose the erasure of the personal information and requests the restriction of this use instead;
3. when INSPECT2gether no longer needs the personal information for the purposes of the Processing.
Notification: You have the right to a notification to third parties to whom the personal information has been disclosed, when you have been granted any rectification, erasure, blocking or deletion as stated above, unless such notification proves to be impossible or requires a disproportionate effort from INSPECT2gether.
Data Portability: You have the right to receive the personal information you have provided to INSPECT2gether on your own initiative, in a structured, commonly used and machine-readable format and you have the right to transmit the personal information to another Data Controller.
Objection: Depending on the situation and the personal information that is processed, you have the right to consent or object to the processing of personal information and the conditions under which this processing takes place.
Complaint: You have the right to lodge a complaint with the supervisory authority, such as the ‘Autoriteit Persoonsgegevens’.
Changes to this Statement
We change this Privacy Policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We always indicate the date the last changes were published. If changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).
This Privacy Policy was last modified on 1 May 2019.