The General Data Protection Regulation (GDPR) is the data privacy framework of the European Union. It establishes important rights to the EU citizens and obligations to companies, including the need to demonstrate compliance.
The processing of personal data is not a core part of our business, and our activities don’t create risks for the privacy of individuals. Many of the obligations of the GDPR do not apply to CoThink. However, we do recognize the relevance of the GDPR as an important achievement for our society. It has been always part of our corporate values to commit ourselves to the prevention of the abuse of personal data and any inappropriate interferences with the privacy of our clients.
In practice, we may collect personal data because:
1. We have a legal reason (allowed by law or under contract) to collect the data, or
2. The individual wants us to do so for a specific purpose, such as entering a contract with us, or subscribing to one of our trainings.
In other circumstances we may receive personal data when someone visits our website to subscribe for a training for example, or from third parties including purchase departments, payment agencies and tax authorities. In all situations, the data stored or processed by us is not sold, rented or used for trade in any manner. This data is solely used for our internal business operations. In this information we briefly explain how we protect the personal data collected and/or processed by us.
Technical measures
We have selected IT systems that provide high levels of safety and quality for what we do. (We store our customer contact information in Salesforce and Exact). Access to this information is only available to our authorized personnel, and the accounts are secured by personal login and passwords. In addition to these measures we have a signed “verwerkingsovereenkomst” (Data Processing Addendum) with these system/software providers.
Physical Security
CoThink has an adequate physical security which includes visitor’s identification. Only specific persons within CoThink have access to personal data. Access to areas where personal information is processed or stored is restricted to authorized personnel. It is important to recognize that compliance is a shared responsibility within a wide business ecosystem. We therefore commit ourselves to do our part in this large road towards compliance with the GDPR.