Privacy Policy

Introduction

To perform its activities ETPA B.V. processes personal data from its participants, customers, suppliers, business contacts and employees.

This privacy statement describes which personal data is processed by ETPA, for what reason and for how long it will be stored. It also describes how this data is protected and which rights data subjects whose personal data are processed can claim.

Personal Data protection

Within ETPA, the following principles must be adhered to:

  1. Be processed fairly and lawfully

  2. Be obtained only for specific, lawful purposes

  3. Be adequate, relevant and not excessive

  4. Be accurate and kept up to date

  5. Not be held for any longer than necessary

  6. Processed in accordance with the rights of data subjects

  7. Be protected in appropriate ways

  8. Not be transferred outside the European Economic Area, unless that county or territory also ensures an adequate level of protection

Scope of this Privacy Statement

This privacy statement applies to all:

  • ETPA entities

  • all staff of ETPA

  • All contractors, suppliers and other people working on behalf of ETPA.

This privacy statement applies to all personal data that the company processes. This includes:

  • Names

  • Copies of identification documentation, including Social Security Numbers

  • Postal addresses

  • Email addresses

  • IP addresses

  • Telephone numbers

ETPA processes personal data to comply with various (employment and financial) regulation, and to fulfill its obligations under its agreements. For this reason, participants' personal data is shared with financial institutions.

Storage and security of Personal Data

When personal data is stored on paper, it will be kept in a secured place:

  • When not required, the paper or files will be kept in a locked drawer or filing cabinet

  • ETPA makes sure paper and printouts are not left where unauthorized people can see them (clean desk policy)

  • Personal data printouts will be shredded and disposed of securely when no longer required.

Electronically stored data is protected from unauthorized access, accidental deletion and malicious hacking attempts:

  • Personal data is protected by strong passwords that are changed regularly and never shared between employees.

  • If personal data is stored on removable media, these will be kept locked away securely.

  • Personal data will only be stored on designated drives and servers, and will only be uploaded to an approved cloud computing services.

  • Personal data is backed up frequently. Those backups will be tested regularly, in line with the ETPA's standard backup procedures.

  • Personal data will never be saved directly to laptops or other mobile devices like tablets or smart phones.

  • All servers and computers containing personal data are protected by approved security software and a firewall.

Personal data will be kept for as short as legally permitted:

Administration — Term Financial administration including order and trade reporting — 7 years Personnel files — After end of employment period: 7 years – salary slips and year statements / 5 years – copy of passport / 2 years – other Mailings — 2 years after de-rollment of the mailing Applicant CVs — 4 weeks after the application procedure, or, with the applicant's consent: 1 year.

Data accuracy

It is the responsibility of ETPA to take reasonable steps to ensure all personal data is kept as accurate and up to date as possible. Therefore ETPA:

  • holds personal data in as few places as necessary. ETPA will not create any unnecessary additional data sets.

  • will take every opportunity to ensure personal data is updated. For instance, by confirming a participant's details when they call.

  • will make it easy for data subjects to update the data ETPA holds about them.

  • will update personal data in any case inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it will be removed from the database.

Rights of data subjects

On the basis of the General Data Protection Regulation, data subjects have the following rights with regard to their personal data:

  • Information to be provided where personal data are collected from the data subject

  • Information to be provided where personal data have not been obtained from the data subject

  • Right of access

  • Right of rectification

  • Right of erasure

  • Right to restriction of processing

If data subjects wish to exercise their rights, they can contact ETPA by email: info@etpa.nl.

Disclosing data for other reasons

Under certain circumstances ETPA can be required to disclose data to law enforcement agencies without consent of the data subject under certain circumstances. In such case ETPA is however required to ensure whether the request is legitimate.

In the event of a data leak, ETPA will report the leak to Autoriteit Persoonsgegevens, if required by law.