Privacy Statement
Processing of personal data in accordance with the GDPR
1Who are we?
Qteco B.V. (“Qteco”) respects your privacy and processes personal data carefully, securely and in accordance with the General Data Protection Regulation (GDPR).
Qteco B.V. – Hondsruglaan 95, 5628 DB Eindhoven, the Netherlands
Phone: +31 (0)40 303 1500 • E-mail: info@qteco.nl
Qteco is the controller for the processing operations described in this statement. Qteco has appointed a Data Protection Officer (DPO). For privacy matters or questions to the DPO you can contact us via privacy@qteco.nl.
2Scope of this statement
This statement covers the personal data Qteco processes as controller, such as data of website visitors, contacts of clients and suppliers, applicants and relations.
Where Qteco processes personal data on behalf of a client – for example data within an IT environment managed by Qteco – Qteco acts as a processor. Such processing is governed by the data processing agreement concluded between Qteco and the relevant client, and the client is the controller.
3Which personal data do we process?
Depending on our relationship with you, we may process the following personal data, among others:
Contact details
- first and last name;
- company name;
- job title;
- e-mail address;
- telephone number;
- address details.
Client and contract data
- customer number;
- invoice details;
- payment details;
- contract information;
- correspondence.
Website data
- IP address;
- browser data;
- device data;
- cookies;
- visit and click behaviour.
Support and service desk data
- tickets;
- log files;
- user accounts;
- system information;
- incident reports.
Security and monitoring data
- login activities;
- security events;
- network data;
- endpoint information;
- audit logs.
4Why do we process personal data?
We process personal data for the following purposes:
- performing agreements;
- providing Managed Services;
- managing cloud environments;
- providing support and service desk services;
- securing systems and networks;
- invoicing and administration;
- communication with clients and suppliers;
- compliance with statutory obligations;
- improving our services;
- marketing activities for which consent has been given or on the basis of legitimate interest towards existing clients;
- preventing fraud, misuse and security incidents.
5On what legal basis do we process personal data?
We process personal data only on a valid legal basis under the GDPR:
- the performance of an agreement;
- compliance with a legal obligation;
- a legitimate interest;
- your consent;
- the protection of vital interests.
Where we rely on a legitimate interest, this includes: efficient business operations, the security of network and information systems (compare recital 49 GDPR), fraud prevention and detection, and direct marketing towards existing business clients. We always balance our interests against your rights and freedoms, and you may object to this processing.
6Artificial Intelligence (AI)
Within its services, Qteco may use Artificial Intelligence (AI), automation and machine learning technologies, including for the analysis of security incidents, process automation, service desk support, reporting, knowledge management and productivity improvement.
Where personal data forms part of such processes, this takes place only within applicable privacy legislation and with appropriate security measures. We do not use your personal data to train AI models without a valid legal basis.
Automated analyses support human decision-making and do not by themselves lead to decisions with legal effects or similarly significant effects on data subjects, as referred to in Article 22 GDPR. Further arrangements are set out in our AI & Security Addendum.
7With whom do we share personal data?
Qteco shares personal data only where necessary for its services or on the basis of a statutory obligation. We may share personal data with:
- Microsoft, Google and Amazon Web Services (AWS);
- telecom, hosting and cloud providers;
- security and backup suppliers;
- accountants and debt-collection parties;
- government authorities where legally required.
With parties that process personal data on our behalf, we conclude data processing agreements.
Where personal data is processed outside the European Economic Area, we ensure appropriate safeguards in accordance with Chapter V GDPR, such as an adequacy decision, standard contractual clauses (SCCs) or – for certified US parties – the EU-US Data Privacy Framework.
8How long do we retain personal data?
We do not retain personal data longer than necessary. As a general guide, we apply:
- contact requests: up to 24 months;
- client data: for the contract period plus statutory retention periods;
- invoice data: 7 years (statutory tax retention obligation);
- security and audit logs: up to 24 months, unless statutory obligations require otherwise;
- application data: up to 4 weeks after completion of the procedure, or 1 year with consent.
9Security
Qteco takes appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access or unlawful processing, including:
- Multi-Factor Authentication (MFA);
- access management on a least-privilege basis;
- encryption where appropriate;
- logging and monitoring;
- network security;
- vulnerability management;
- periodic security reviews.
Despite these measures, absolute security cannot be guaranteed.
10Cookies
Qteco uses cookies and similar techniques for:
- the functioning of the website;
- analysis of website use;
- improvement of the user experience;
- marketing purposes where consent has been given.
More information is set out in our Cookie Statement.
11Source of the data
We receive most personal data directly from you. In addition, we may receive data from your employer or organisation, from public sources (such as the Commercial Register), or – in the context of our management services – from the systems we manage for our clients.
12Your rights
Under the GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent.
You can address requests to privacy@qteco.nl. To protect your data, we may ask you to confirm your identity. We respond in principle within one month; for complex requests this period may be extended by two months, of which we will inform you in good time.
13Complaints
If you have a complaint about the processing of your personal data, please first contact us. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, www.autoriteitpersoonsgegevens.nl).
14Changes
Qteco reserves the right to amend this privacy statement. The most current version is always published on www.qteco.nl.
15Contact
For questions about privacy or data processing you can contact us via:
Qteco B.V. – Hondsruglaan 95, 5628 DB Eindhoven, the Netherlands
E-mail: privacy@qteco.nl • Phone: +31 (0)40 303 1500
Chamber of Commerce: 58100466 • VAT: NL852873748B01