This Privacy Notice applies to Personal Data processed by TB Blox BV. and our group companies (“Cevinio”, “We”, “Us” and “Our”). Cevinio, is company established under the Dutch law, with its principal place of business at its Head Quarters, located at Hofplein 20, 30332 AC Rotterdam, The Netherlands.
We recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights.
This applies to personal information that we collect through the Website or when engaging in our relationship or potential relationship with you (or your organization) as a supplier, client, business partner or employee.
Our Privacy Notice may change from time to time, but We will never do so in a manner that compromises Our commitment to respect the privacy of individuals. The most current version of this Privacy Notice governs Our practices for collecting, processing, and disclosing Personal Data. We will provide a more prominent notice (including, for certain services, email notification) of any material modifications to this Privacy Notice.
1. What personal data do we collect and process?
The Personal Data We collect depends on whether the individual is:
1. A visitor to the Cevinio Site, Participant of an Event, Subscriber of a Whitepaper/newsletter, etc; or
2. A Customer and/or user of the Cevinio Software (the “User”), Business partner or Supplier; or
3. A Subject of the accounts payable process/mentioned on an invoice that is processed as part of Services delivered by Cevino; or
4. An Employee, Applicants, emporary staff.
1.1. Visitor Website/Participant/Subscriber
In order to provide certain services and information to you, we may ask that you register and provide us with information about you and/or your company such as contact information. The legal basis for such processing would be ‘Consent’ [Article 6(1)(a) GDPR].
Cevinio will process personal data for the purpose for which it is collected. We will not use your contact information for sending mails about events, whitepapers, newsletters & more unless you have specifically requested to receive product information.
1.2. Customer and/or User/Business partner/Supplier
Of (potential) Customers, Business partners and Suppliers personal data is processed of relevant employees for making an offer, for entering into a contract and for the performance of a contract. Personal Data such as their name, email address, phone number, function and additional details about them and the organization they represent can be processed. The legal basis for such processing would be ‘Legitimate interest’ in accordance with Article 6(1)(f) GDPR.
Of the Users of the Cevinio Software We collect personal data to provide, maintain, protect and improve the Services to develop new ones, and to protect Cevinio and our users.
We collect information in the following ways:
• Information you give us. For example, our services require you to sign up for a Cevinio Account. When you do, we’ll ask for personal information, like your name, email address, telephone number.
• When you contact Our customer support for assistance.
• Information we get from your use of our services. We collect information about the services that you use and how you use them.
• Location information. When you use Cevinio services, we may collect and process information about your actual location.
1.3. Subject of the accounts payable process
Cevino offers services to optimize the accounts payable automation of our Customers. It is possible that we process your personal data if it mentioned on an invoice of our Customers. We process that data on behalf of our Customers according to the data processing agreement (DPA) we have concluded with them. According to the GDPR Cevinio is the Processor and the Customer is the Controller.
For questions about the personal data processed, the purpose, the legal ground, the retention period, your rights, etc. We refer you to the Customer for which Cevinio processes the invoices.
1.4. Employees/Applicants/Temporary Staaff
Cevino processes personal data about her (temporary) employees and applicants like names, contact information, resume, assessments, salary, reviews, employment leave and sickness. Cevino receives this information directly from the employee/applicant or with consent of them. The legal basis for such processing would be ‘Contract’ or ‘Legal obligation’ [Article 6(1)(b) and 6(1)(c) GDPR].
2. To whom do we disclose your personal data?
To fulfill the purposes above, Cevinio may need to disclose to, transfer or otherwise share your personal data within Cevinio or with a select number of thrusted service providers to whom we have outsourced the processing (including storage) of personal data. These service providers are carefully selected and meet high data protection and security standards. We only share personal data with them that is required for the services offered and We contractually bind them to keep any information We share with them as confidential and to process Personal Data only according to Our instructions. The legal basis for such processing would be ‘Legitimate interest’ [Article 6(1)(f) GDPR].
In addition to services providers, other categories of Third Parties may include:
• Vendors/public institutions. To the extent that this is necessary in order to make use of certain services requiring special expertise (such as legal, accounting or auditing services) We may share Personal Data with vendors of such services or public institutions that offer them (e.g. courts). The legal basis of this data processing is ‘Legitimate interest’ [Article 6(1)(f) GDPR].
• Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If We are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then Data may be sold or transferred as part of such a transaction, as permitted by law and/or contract. The legal basis for such processing would be ‘Legitimate interest’ [Article 6(1)(f) GDPR].
Other than the cases mentioned above, We will only transfer Personal Data to Third Parties with explicit consent in accordance with Article 6(1)(a) GDPR or if We are obliged to do so by statutory law or by instruction from a public authority or court.
3. Where do we store your personal data?
We run your data only within the European Union unless requested else by the Customer of the Cevinio Software. We inform you where your data is located and will not change the location without approval.
4. How long do we keep your personal data?
As required by law, We will only hold your personal data as long as necessary to fulfill the purposes for which the data is collected before making it non-identifiable (anonymous) or deleting it. Unless there is a contractual or legal requirement to retain data for a longer period (such as required by trade or tax regulations).
5. What do we do to protect your personal data?
We work hard to protect Cevinio and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
• We encrypt all of our services using SSL.
• We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
• We restrict access to personal information to Cevinio employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
6. What are your rights?
Cevinio is committed to transparently processing your data. If You’re a visitor to Our website/Participant/Subscriber or a Customer and/or user or Business partner of Our Software or an Employee you have the right to request: access to your personal data, rectification/correction, erasure (subject to above-mentioned limitations), and data portability. Under certain conditions, you may also object to the processing of your personal data or restrict the processing. If you have given consent for processing your personal data, you have the right to withdraw your consent.
If you wish to exercise your rights, please send your request by email to firstname.lastname@example.org.
7. How can you file a complaint?
If you have a complaint regarding the manner in which Cevinio processes your personal data, or suspect that a personal data breach has occurred, please contact us at email@example.com and provide sufficient details for us to revert to you. If, in your view, the complaint is not dealt with satisfactory, you may have the right to lodge a complaint with the Dutch Data Protection Supervisory Authority (“Autoriteit Persoonsgegevens).
8. How can you contact us?
Please contact us if you have any questions about our Privacy Notice and/or the manner in which we process your personal data by sending an email to firstname.lastname@example.org.