Privacy Policy
Last Updated: September 2024
1. Introduction
At BUS consulting ("we," "us," or "our"), we are committed to protecting and respecting your privacy. This privacy policy outlines how we collect, use, store, and protect personal data when you interact with our services, in compliance with the General Data Protection Regulation (GDPR) and the Dutch Data Protection Act (Wet bescherming persoonsgegevens, Wbp).
By using our services, you agree to the collection and use of your data in accordance with this policy.
2. Data We Collect
We collect the following types of personal data:
- Personal Identification Information: Name, email address, phone number, mailing address, and other contact details.
- Professional Data: Job title, employer, and work-related information (if applicable).
- Demographic Data: Nationality, country of residence, and preferred language.
- Health-related Data (Special Category Data): For expatriates receiving non-medical mental health support, subject to explicit consent.
- Technical Data: IP address, browser type, time zone settings, device information, and cookies.
3. Purpose of Data Processing
We use your data for the following purposes:
- Service Provision: To provide and improve our services to expatriates and corporate partners.
- Communication: To respond to inquiries, send newsletters, and provide updates on services.
- Compliance: To comply with legal obligations under Dutch law and GDPR.
- Analytics and Improvement: To analyze usage patterns, improve our website, and provide better user experiences.
- Support and Counseling Services: To provide expatriates with non-medical support, ensuring well-being during their transition.
4. Legal Basis for Data Processing
Under GDPR, we rely on the following legal bases for processing personal data:
- Contractual Necessity: To perform the services outlined in agreements with our clients and partners.
- Legitimate Interest: To improve our services, ensure the security of our systems, and promote our offerings.
- Consent: For the processing of special categories of personal data (e.g., health data) and sending marketing communications where required.
- Legal Obligation: To comply with applicable Dutch laws and regulations.
5. How We Collect Your Data
We collect data in the following ways:
- Directly from You: When you provide information by filling out forms on our website, during consultations, or via email.
- Automatically: When you use our website, through cookies, analytics tools, and log files.
- From Third Parties: With your consent, we may collect data from third parties, such as your employer, for expatriate services.
6. Data Sharing and Transfers
We may share your personal data in the following circumstances:
- Service Providers: We may share data with trusted third-party providers (e.g., IT service providers) who assist us in delivering our services.
- Corporate Partners: If you are an expatriate, we may share relevant data with your employer, but only with your explicit consent.
- Legal Requirements: When required by law or to protect our rights and safety.
We do not transfer your data outside the European Economic Area (EEA) without ensuring adequate protection under GDPR, such as standard contractual clauses or binding corporate rules.
7. Data Retention
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Health-related data, due to its sensitive nature, is retained only with your explicit consent and will be securely deleted upon your request or after a reasonable period.
8. Your Rights Under GDPR
As a data subject, you have the following rights under GDPR:
- Right to Access: You have the right to request copies of your personal data.
- Right to Rectification: You may request that we correct any inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data under certain conditions.
- Right to Restriction of Processing: You can request that we limit the processing of your data under certain conditions.
- Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format.
- Right to Object: You can object to the processing of your data for direct marketing purposes or based on our legitimate interests.
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at [email address].
9. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience on our website. You may control cookie settings through your browser, and you can learn more in our [Cookie Policy] [insert link].
10. Data Security
We take data security seriously and implement technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes encryption, secure storage solutions, and regular security assessments.
11. Data Breaches
In the event of a data breach, we will promptly notify affected individuals and the relevant authorities in accordance with GDPR requirements, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
12. Children’s Privacy
Our services are not intended for individuals under 18 years of age, and we do not knowingly collect personal data from children.
13. Updates to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any material changes by posting the updated policy on our website or contacting you directly.
14. Contact Us
If you have any questions or concerns regarding this privacy policy or our data protection practices, please contact us at:
BUS consulting
l.stones@bridgeupconsulting.com
You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have violated your rights under GDPR.