March 2020 - We are aware that you trust us. Knowledge, expertise, and trust are important pillars for Forty B.V. Therefore, we see it as our responsibility to protect your privacy and inform you about it. On this page, you will find out what data we collect when you use the Forty B.V. website and/or services (hereafter referred to as “Forty" or “we") and why we collect these data.
Forty is a limited liability company, with registered office and place of business in Utrecht, the Netherlands, registered with the Trade Register of the Chamber of Commerce under number 77600509. You can reach us by phone via 030-2737424 and by e-mail via email@example.com
- Customers/associates of Forty;
- Potential customers/associates whom Forty has contacted, want to contact, or has had contact with;
- Visitors to the Forty website;
- Recipients of the newsletters and e-mails from Forty;
- Any other persons who (intend to) contact Forty;
- Personal data processed (except for employees of Forty).
What personal data does Forty collect and process?
On our website (www.forty.nl), you can find out what services and products we offer, and you can purchase a suitable service/product. Of course, you can also conclude a service at a later time, for example by e-mail or at our office. When you register for one of our services or products, we will ask you to provide the following (personal) data:
- Name and address details;
- Telephone number;
- Email address.
Your company details:
- Legal form;
- Company name;
- Chamber of Commerce number;
- Invoice address;
- Postal code and city;
- E-mail address;
- If applicable, UBO statement (“Ultimate Beneficial Owner" or “ultimate interested party").
- IBAN and ascription.
Personal data you provide:
- Contact data and other personal data required to execute an agreement;
- Contact data and other personal data completed on contact forms or other web forms or provided via email;
- Contact data provided during introductory interviews, events, courses, seminars, etc., such as data mentioned on business cards.
Personal data obtained through or generated by our website, electronic newsletters, emails, or related technologies:
- IP number;
- Your browsing behaviour on the website, such as details of the first visit, previous visit and current visit, the pages viewed and how you navigate on the website;
- Whether you open a newsletter or email and which parts you click on.
Personal data obtained from other sources:
- Personal data available on public business social media platforms such as Facebook and LinkedIn;
- Personal data obtained from the Trade Register of the Chamber of Commerce and the land registry;
- Personal data available on public business websites.
Automatically generated data:
For the website to work optimally, automatically generated information about your use of the website is collected and processed. The optimisation of the services includes technical adjustments, for example for displaying pages properly and securing the website. The information collected consists of the type of device you are using, your IP address, the type of browser, the operating system you are using, and the pages you visit on the website and the items you are viewing.
Hotjar is a technology service that helps us better understand user needs, the experience users have on our website as well as how we can improve this experience and our services in general.
In particular, Hotjar collects:
- IP addresses of devices
- Device screen resolution
- Device type (unique device identifiers)
- Browser information
- Geographic location (country level)
- Preferred language for displaying our website
Through the following opt-out link, users can prevent Hotjar from making a user-profile.
For what purposes and on what legal basis are the collected data used?
Your data will be used for the following purposes and based on the following legal bases:
- To execute an agreement to which you are a party;
- To fulfil with legal obligations;
- To protect the legitimate interests of Forty:
- To send you information about our products and services (marketing purposes).
- To respond to questions and/or complaints you have and to secure, modify and improve the website;
- You have consented to the use or processing of data. This is necessary to comply with a legal obligation incumbent on Forty, such as:
- To provide information about you to third parties if you have given permission to do so or under legislation and/or regulations.
Third-party use :
This allows us to engage third parties to outsource our work. These third parties will only process your personal data on behalf of and for (the purposes of) Forty. In a few incidental cases, the data may be shared internally if this has beneficial consequences for the service provided to the customer. The employees of Forty are obliged to respect the confidentiality of your data. Finally, we may provide your personal data to third parties if Forty is obliged to do so based on legislation and/or regulations.
Hyperlinks from third parties:
How long does Forty retain personal data?
Your personal data will be stored carefully and no longer than is necessary for the purpose for which they were obtained. Unless Forty is required to retain your data for longer under law, Forty will use the statutory retention periods.
Where are your personal data stored?
Your data are stored on a secure third-party server. Forty uses servers in Ede (Bit). We may use service providers ("processors") to process your personal data solely on our behalf. We will conclude a processing agreement with these processors who comply with the requirements of the General Data Protection Regulation (GDPR). For example, we work with service providers who provide software and/or hosting services. Furthermore, there are ICT service providers who offer us support in keeping our systems safe and stable. We also use third-party services to send newsletters and commercial emails. These are parties that are designated as processors as referred to in the General Data Protection Regulation (GDPR). For example, processors within the scope of this Article are Hubspot, Mailchimp, Eventbrite, Homerun, Harvest, Google Gmail, Google Analytics and Google Calendar.
How are your personal data protected?
We have taken appropriate technical and organisational measures to protect your personal data against loss or from any form of unlawful processing. Our website is adequately protected (e.g. https) and we use a professional system of 1Password, with personal passwords that are changed regularly. If applicable, paper files are stored in a cabinet with key lock that can only be accessed by the employee handling the case. For more information about how we set up this security, please contact us at firstname.lastname@example.org.
Access, rectification and transferability of your data
If you would like to access your personal data that we have collected, you can request access. This request can be sent to email@example.com. Forty will respond to your access request within four (4) weeks. If you wish to rectify the data that you have seen as a result of your access request, you can request this at the aforementioned e-mail address. You can request that Forty change, correct, supplement, delete, or block your data. Forty will respond to your request within four (4) weeks. If Forty rejects your request, it will indicate in its response why the request to rectify the data is rejected. You also have the right to obtain the personal data provided by you in a common, structured and readable form and to have them transferred. This request can be sent to firstname.lastname@example.org.
Where to complain?
If you have a complaint about the use of your personal data, please contact us. We will strive to find a mutual solution. If we cannot find a joint solution, you can submit your complaint to the national Court or the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).