Privacy statement Phenox Consultants B.V.


Do you have questions or complaints about this privacy statement or the processing of your personal data by Phenox? We are happy to help you.
Our contact details are:
Telephone number +31 (0) 10 205 35 00
Postal address PO Box 30163, 3001 DD, Rotterdam
E-mail address
Website https://phenoxconsultants.en/contact

Article 1. What is a privacy policy?

1.1. This privacy policy describes the way in which personal data is collected by Phenox Consultants B.V. (hereinafter: Phenox) can be obtained, stored and protected. This takes place under the General Data Protection Regulation (GDPR).
1.2. Phenox respects the privacy of everyone whose personal data is processed by Phenox, such as that of its own employees, its customers, employees of its customers and those of visitors and users of the website
Phenox considers the careful handling of personal data of great importance.
1.3. Phenox takes appropriate technical and organizational measures to protect personal data.
Taking into account the state of the technology and the costs of implementation thereof, these measures guarantee an appropriate level of security in view of the risks entailed by the processing and the nature of the data to be protected.
The measures are also aimed at preventing:
1.3.1. loss of personal data;
1.3.2. unnecessary processing of personal data;
1.3.3. access by unauthorized persons to the personal data;
1.3.4. collecting more data than necessary for the intended purpose;
1.3.5. the processing of unauthorized and / or unlawful data.

Article 2. Collecting and processing personal data

2.1. Phenox only collects personal data for its own purposes:
2.1.1. with regard to its own employees;
2.1.2. for the purpose of sending newsletters;
2.1.3. via the website with regard to requests for information to Phenox in which case only the last name, e-mail address and telephone number are requested. with regard to anonymous visitor statistics.
2.2. Phenox does not collect personal data for its own commercial purposes other than to execute:
• a contact request, whether or not submitted via the website;
• an agreement with Phenox;
• the processing of a request to conclude an agreement with Phenox;
• the registration for a newsletter.
2.3. Phenox only collects de-personalized necessary data in the context of its professional activities, which as a starting point contains as little personal data as possible.
2.4. If the personal data required in the context of an agreement are not provided, Phenox cannot properly execute the agreement concerned.
2.5. Phenox uses the received data exclusively for the purpose for which they are intended, for example to be able to process a contact request or request to conclude an agreement or to execute a concluded agreement.
2.6. In the context of the execution of contracts, Phenox sometimes also processes personal data that does not originate from the data subject himself, for example, the salary, data about the working hours, sex, the date of employment and the month and year of birth of the data subject, which are provided by the client of Phenox.
2.7. Phenox can request necessary personal data in the context of agreements from pension funds, insurance companies and / or PPIs. Where appropriate, this may include the aforementioned information as well as information about the pension entitlements of the employee(s) concerned.
Here too, the said personal data will only be processed insofar as this is necessary for the implementation of the agreement concerned.
2.8. Despite the fact that Phenox does not collect non-necessary personal data, non-necessary personal data can nevertheless be provided. When processing these personal data, Phenox will try to remove unnecessary personal data immediately and as well as possible in accordance with its own guidelines.
2.9. In the case of the newsletters, it is possible to unsubscribe from further receipt of the newsletters in the manner indicated in the relevant newsletters.
2.10. Phenox will under no circumstances sell obtained personal data.
2.11. Only authorized employees of Phenox have access to the personal data and only to the extent necessary to perform the tasks assigned to them by Phenox.
2.12. The persons under the responsibility of Phenox are obliged to respect the confidentiality of personal data.
2.13. Phenox does not store personal data longer than necessary.
Insofar as it is client-related data, agreements about this are made in the processing agreement with the relevant customers.

Article 3. Cookies on the websites

3.1. Phenox uses functional and analytical cookies on the websites. A cookie is a small text file that is stored in the browser of the device when you visit the website.
3.2. Phenox only uses cookies for technical functionality. These ensure that the website works properly and that, for example, the performance of the website is optimized and preferred settings are stored.
3.3. Phenox also collects data for research by means of analytical cookies to gain a better insight into the use of the website by its visitors. Phenox uses Google Analytics for this.
Analytical cookies help analyze how the website is used by collecting log data and visitor behavior on the website in an anonymous form. The data regarding the use of the website (including IP address) is sent to Google. This information is then used to evaluate website usage and prepare statistical reports.
3.4. Google may provide this information to third parties if Google is legally obliged to do so, or insofar as these third parties process the information on behalf of Google.
3.5. Phenox will never use the information provided by Google to collect personally identifiable information from visitors.
3.6. Neither Phenox nor Google will associate an IP address with the identity of the computer user.
3.7. The use of cookies can be prevented or limited by selecting the correct settings in the internet browser. However, if the use of cookies is limited, it is possible that the functionalities of the website cannot be used optimally.

Article 4. Organizational and technical security of personal data

4.1. The (organizational and technical) security of the data takes place as described in the document “Security measures Data Phenox Consultants BV”.
4.2. The office is only accessible with a key during off-office hours. A keycard is also required before 8 a.m. and after 6 p.m. The WTC also has 24/7 physical security and camera surveillance.
4.3. Phenox undertakes to regularly inform its employees about and check on the technical and organizational control measures referred to in paragraph 4.1, including:
4.3.1. receiving personal data securely;
4.3.2. preventing the receipt and / or processing of unnecessary personal data;
4.3.3. the protection of personal data necessary for our work.
4.4. Phenox works without a physical archive. All (personal) data is stored electronically. All organizational and technical control measures referred to in paragraph 4.1 apply to this.

Article 5. Providing personal data to third parties

5.1. The basic principle is that Phenox does not forward personal data to third parties, unless required by law.
Preferably, personal data is in principle only sent to the customer based on the applicable procedure “Security measures Data” (Article 3.1) and the latter is then responsible for any further distribution.
5.2. Personal data is shared by Phenox with third parties if and to the extent necessary:
5.2.1. in the context of a concluded agreement, in exceptional cases and with an explicit written order.
For example, if this is necessary for the implementation of that agreement, which may include insurers or a payroll office in the case of the processing of personal data in the context of the payroll administration for Phenox’s own employees;
5.2.2. to comply with a legal obligation, for example to comply with a government order or to comply with Phenox’s tax obligations;
5.2.3. to promote the legitimate interests of Phenox or of a third party, except when the interests of the individual or fundamental rights and freedoms that require the protection of personal data outweigh those interests.
Legitimate interests include, for example, the detection of (attempted) unlawful and / or criminal behavior against Phenox or third parties. Legitimate interests also include the processing (including the storage) of personal data by the hosting provider of Phenox in order to be able to and operate the Phenox website and e-mail facilities and the sharing of personal data with a payroll office to the extent necessary for the payroll administration of Phenox.

Article 6. Data portability of personal data

6.1. The right of private persons to the right to access, correct, delete and transfer their own data is in the event of:
6.1.1. an employee, based on legal requirements;
6.1.2. an information request via the website, based on the legal requirements;
6.1.3. a customer designed by means of a processor agreement;
Due to the possible consequences for the customer of mutating or deleting the data, Phenox is not authorized to delete this data unilaterally.
The deletion of individual data can only take place based on the processing agreement and on behalf of the customer.

Article 7. Right to withdrawal regarding processing of personal data

7.1. The right of withdrawal is regulated in Article 3 of the processing agreement.
Any deviation from this must take place in consultation, considering legislation, reasonableness and fairness.

Article 8. Automated decision-making

8.1. Phenox does not engage in automated decision-making (computer-controlled processing of personal data without human intervention).

Article 9. Right of objection

9.1. The data subject, being employee, information requestor via the website or private persons whose data has come into our possession through a processing agreement, have the right to ask Phenox to stop using his / her data, and possibly to object to the processing of the personal data.
9.2. Unless there are justified grounds, for example as mentioned in 6.1.3, Phenox will comply with the request.
9.3. In case of disagreement about the justified grounds, the person concerned can submit a complaint to the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”).