- We will only use your personal data for the purposes stated in this privacy statement.
- We do not provide your information to third parties.
- You decide what happens to your data. We respect the choices you make regarding your privacy.
- We inform you about how your data is used and offer you easy ways to view and amend it and the choices you have made regarding your privacy.
- We ensure the appropriate security of the personal data we manage, in line with applicable legal requirements and guidelines.
- We do not retain personal data that we process for longer than is necessary for the purpose of processing the data or on the basis of statutory retention periods.
Overview of processed data, basis and security
RVC is the controller (responsible for the processing) of the following data within the meaning of the General Data Protection Regulation (GDPR). This means that RVC decides which personal data will be processed, for what purpose and in what way. RVC is responsible for ensuring that your personal data is processed in accordance with the GDPR and in a proper and careful manner.
1. (Potential) customer and supplier data
- Personal data: full name, gender, name of organisation, function, department, e-mail address(es), telephone number(s).
- Basis for processing (GDPR art. 6.1 sub b): implementing current agreements and pre-contractual activities with (potential) customers and suppliers.
- How we get your data: through direct contacts within the context of RVC’s regular business activities.
- Security: Appropriate technical and organisational measures are in place to prevent the loss of personal data or its unlawful processing. The data is stored within RVC’s operating systems. Only authorised persons within RVC have access to these systems. Personal authentication is used. In addition, RVC staff sign a confidentiality agreement when signing their employment contract.
- Retention period: as long as necessary for the performance of the contract, including the period of post-contractual obligations.
2 Newsletter addressee data
- Personal data: e-mail address(es)
- Basis for processing (GDPR art. 6.1 sub a): consent / registration (‘opt-in’) for the newsletter.
- How we get your data: through direct contacts within the context of RVC’s regular business activities.
- Security: Appropriate technical and organisational measures are in place to prevent the loss of personal data or its unlawful processing. The data is stored within RVC’s operating systems. Only authorised persons within RVC have access to these systems. Personal authentication is used.
- Retention period: until you unsubscribe from our newsletter (or until you withdraw your consent).
N.B.: it is possible that you unsubscribe (‘opt out’) from the general newsletter, but that RVC continues to process your personal data because you are a customer or supplier (Category 1).
3. Job candidate data
- Personal data: full name, gender, CV including any appendices, e-mail address(es), telephone number(s).
- Basis for processing (GDPR art. 6.1 sub b): implementation of the agreement or justified interest: ‘information exchange for the purposes of a possible new agreement’.
- Security: the data is stored in a shielded part of RVC’s corporate network. Only members of the RVC management team have access to this network. Personal authentication is used.
- Retention period: until the end of the application procedure, unless RVC has requested and received permission to store the data for a longer period. In the latter case, the data will be kept for a maximum of one year (after which the data will be destroyed or permission will be requested again).
4. Staff data
The way in which we process personnel data in accordance with the GDPR is distributed internally to our staff. Staff can read the privacy statement via our internal media channels.
5. Data of visitors to the website: use of cookies, RVC uses cookies.
- We use cookies to make our website more user-friendly and to analyse our web traffic. With the exception of the required cookies, the user can specify which cookies are allowed.
- Required cookies help to make a website more usable by allowing basic functions, such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.
- Preferred cookies allow a website to remember information that affects the behaviour and design of the website, such as your preferred language or the region in which you live.
- Statistical cookies help website owners understand how visitors use their website by collecting and reporting data anonymously.
- Marketing cookies are associated with the use of YouTube and Google Analytics on our website and are used to track visitors when they visit different websites. However, we do not share this data with external parties.
RVC is not the controller of the data below, but it does have obligations based on the GDPR:
- Data that is processed by RVC software
- RVC supplies software to its customers. A very large majority of these customers are hospitals and other healthcare institutions. A small minority of customers are companies and foundations.
RVC’s customers are the controllers of the data processed in our software: our software runs under the responsibility and management of our customers, RVC does not offer hosting. RVC does, however, have the option to log into its software via secure connections. The aim is to carry out work on behalf of its customers, namely project activities and service provision. For the purpose of this access to the customers’ systems, RVC has processing agreements with its customers.
Your privacy rights (if RVC is the controller)
You have the right to access your personal data and the right to request correction or deletion of your personal data. In addition, you can object to the use of your data. You can also unsubscribe from the newsletter and you can set in your browser which cookies may or may not be used.
If you want to know what personal data RVC processes about you, you can submit a request for inspection. RVC will process your request within four weeks. Is your data incorrect, incomplete or irrelevant? If it is, you can make an additional request to have your data changed or supplemented. A request to inspect, correct or delete your personal data or to object to the use of your data can be sent by e-mail to RVC at the following e-mail address: privacy@rvc.nl. Please provide a clear description of your request in your e-mail.
RVC is obliged to check that the person making the request is actually the person to whom the requested data relate. To establish this, we ask you a few questions to verify your identity. This only applies to a request to inspect, change or supplement, not to unsubscribe from the newsletter or to change your cookie settings.