Personal data means any information relating to an identified or identifiable natural person. The data concerned include the names and contact details of representatives of a customer (an existing or prospective customer in the form of a company or government organisation), as well as other information such as IP addresses, which links a website user has clicked on and the length of time a user spent on a particular page of the website.
The processing of personal data is governed by special statutory provisions. Where we process the personal data of users or customers, we comply with all applicable legislation and regulations, including the General Data Protection Regulation (hereafter: ‘GDPR’).
In accordance with the obligations imposed by the GDPR, we take steps to maintain an adequate level of security in the processing of personal data which is sufficient by current standards to prevent any unauthorised access to or modification, disclosure or loss of personal data.
Multiple purposes, different roles
DCspine processes personal data for different purposes and in doing so performs different roles. These roles are mentioned in the GDPR: controller and processor. The controller is responsible for determining the purposes and means of the processing of personal data. This is subject to a large number of statutory obligations. The processor processes the personal data solely on behalf of another party. This also is subject to statutory obligations, although fewer than in the case of the controller. The reason is that in the latter role, the use of the personal data is largely determined by the controller.
Below we describe for the services we provide what role DCspine performs, for which purposes personal data are used and for how long personal data are retained.
Business operations and marketing
DCspine needs personal data for providing its services and reaching (future) customers. DCspine is the controller within the meaning of the GDPR for the use of these personal data.
Purposes of data processing We process the personal data of persons with whom we come into contact and to whom we deliver services. We need these personal data to enable us to deliver our services effectively and efficiently as well as to inform (future) customers. We process these data for the following purposes: For the execution of the agreement:
- in order to provide a service, including matching a service to the needs and wishes of the customer;
To fulfil a statutory obligation:
- in order to comply with legal and regulatory requirements, to deal with disputes and to submit to inspection and auditing, including of a financial nature;
Because we have a legitimate interest with regard to the following:
- in order to facilitate the formation of the agreement;
- in order to conduct market research and compile management information for the purpose of product and service development as well as to assist in defining strategy;
- in order to enable the provision of information, including e.g. newsletter distribution, user information, service communication or other electronic message;
- in order to make a targeted offer, e.g. by e-mail or telephone;
- in order to enable the customer to share information on a website;
- in order to analyse, maintain, optimise and secure the use of a website, including related technologies, partly with a view to countering abuse and fraud;
- in order to facilitate the exchange of personal data between the different companies operating in the Eurofiber group. In this way personal data may, for instance, be combined with other data that have been collected in connection with the use of our products or services (and/or products or services of other group companies). These data enable us to draw up a business customer profile so that we can be of better service to a customer and can match our products and services even more closely to wishes and needs.
Based on consent:
- for the purpose of newsletter distribution.
- after acceptance of tracking cookies, DCspine uses techniques which ensure that visitors to our website no longer need to enter the same data multiple times when downloading content. The retained data mean that only supplementary information is requested. These data are used for sending commercial content.
Sharing and disclosure of personal data
In special circumstances we will provide the personal data of users or customers to third parties without consent, for instance in case of a legitimate request by an appropriate competent authority.
Insofar as necessary, we will also provide personal data without consent in connection with the investigation of loss and/or damage or detection of fraud, or the prevention of loss and/or damage or fraud, as well as in order to guarantee the security and continuity of our network and our services.
After acceptance of tracking cookies, DCspine uses techniques which ensure that visitors to our website no longer need to enter the same data multiple times when downloading content. The retained data mean that only supplementary information is requested. These data are used for sending commercial content.
In order to achieve these purposes DCspine needs to collect the following personal data, among other things:
- names and contact details of customers’ representatives; Contact details are generally the contact representative’s business e-mail address and telephone number;
- information shared by the customer’s representative in connection with the preparation for or execution of an agreement;
- information that is collected in connection with the use of our website, such as IP address and navigation history.
We retain these personal data in principle only for as long as is reasonably necessary for the purposes referred to above and in order to comply with statutory and tax data retention obligations.
DCspine as communication provider with active equipment
DCspine provides communication services based on an ethernet technology enabling customers to use equipment that is installed and managed by DCspine. DCspine is the processor within the meaning of the GDPR for the use of these personal data.
Purposes of data processing Where DCspine acts as a communication provider with active equipment, certain data are needed to establish the communication. DCspine processes personal data in this context for the following purposes: For the execution of the agreement:
- establishment of the communication;
- management of the infrastructure;
- carrying out necessary repairs;
- implementing digital as well as analogue security measures.
DCspine’s customers use these services for their own purposes. DCspine does not know what purposes these are and which customer data are transmitted over its network. Personal data may also be included in the customer data. DCspine is unable to specify which categories of personal data this may concern.
We advise our customers to encrypt their connections. Personal data which are transmitted in encrypted form via such a connection can no longer be read by DCspine or any third party. As a consequence, the transmission of encrypted data does not fall within the definition of the processing of personal data and all parties are able to achieve the purposes listed above while at the same time guaranteeing the security of data subjects’ data and privacy.
We retain data which are processed in connection with the provision of communication services only for as long as is strictly necessary for achieving the purposes.
Rights of Data Subjects
Following a request to access personal data, data may be found to be inaccurate or incomplete. Inaccurate or incomplete data can be corrected or supplemented by contacting DCspine as indicated below. The user or customer can also request DCspine to erase data. We will comply with a request to erase data provided that there is no statutory obligation or other well-founded reasons requiring us to retain the data.
Any objection to the processing of personal data within Eurofiber’s group companies can also be notified to DCspine at any time.
Requests to exercise these rights can be notified via email@example.com or by post, stating ‘personal data’.
Data leak protocol
We implement measures aimed at preventing data leaks. These include digital and analogue security measures on our infrastructure, careful selection of processors, contractual agreements and continuous employee training. We also have procedures for the steps to take in case of a data leak. This ensures that swift and effective action can be taken to minimise any loss or damage. The top priority following the discovery of a data leak is to stop the leak.
Where we are legally obliged to do so, we notify the Dutch Data Protection Authority of the data leak. We will inform the customer of the data leak in order to enable the customer to comply with its legal obligations. We inform the customer in principle via the email address known to us, as registered in our online portal.