zaurus digital consulting rooms logo

Privacy and Cookie Statement Zaurus B.V. – Website

Version 20 October 2021

We have drawn up this privacy and cookie statement to make it clear that we take the privacy of all personal data with which we come into contact within Zaurus very seriously. For that reason, the personal data collected by us is carefully processed and secured. We adhere to the Privacy Regulations Promulgated Pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and to the Privacy Regulations stipulated in the General Data Protection Regulation (GDPR).

In this statement we want to inform you about our privacy and cookie policies. If you have any questions or would like more information, please contact our Data Protection Officer at dpo@zaurus.nl.

Protection of privacy is very important. After all, you do not want your data to just end up on the street. In the European Union, the General Data Protection Regulation (GDPR) applies to protect your and our personal data. Under this regulation, an organization that works with personal data has certain obligations and the person from whom the data originates has certain rights. The regulation speaks of “processing personal data”. This term includes everything that can be done with personal data: from collection to destruction. In addition to this general privacy legislation, specific rules apply to privacy in healthcare. This privacy statement is intended to inform you about your rights and our obligations that apply under the law.

Your privacy is very important for Zaurus B.V. We therefore comply with the privacy law. This means that your data is safe with us and that we always use it properly. In this statement we explain what we do with information that we learn about you through our website and contact forms.

Purposes of the data processing

For each purpose, it is indicated below which data we obtain, for what purpose we process this data and for how long it is stored. If you have any questions or want to know exactly what data we track, please contact us using the details at the bottom of this privacy and cookie statement.

Click behavior and visitor data
When using our website, we obtain general visitor data. This concerns the IP address of your computer, the time of retrieval and data that your browser sends. We use this data for statistical analyzes of visitor and click behavior on the website. We also use this to optimize the functioning of the website.

Google Analytics

We use Google Analytics to keep track of how visitors use our website. We have concluded a processor agreement with Google. It contains strict agreements about what they can keep. We let Google anonymize the IP addresses and have all options for sharing data with Google disabled. Zaurus always uses the “Manual for privacy-friendly setting of Google Analytics” from the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”).

We use this information because of our legitimate interest in monitoring and improving our website. Anonymous data (which no longer contains any personal data) will remain available in Google Analytics and we will keep it for as long as it is relevant to us. Non-anonymized data is stored for a maximum of 26 months and then deleted. Naturally, this information is not provided to third parties.

Hotjar

We use Hotjar in order to better understand our visitor’s needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our visitors’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. We only use Hotjar on our website with regard to the process of ordering Zaurus online via our website.

Cookiebot

We use Cookiebot primarily for the purpose of requesting and recording permission (with regard to the placing of cookies) from website visitors. In addition, we use Cookiebot for monthly cookie reports. These reports allow us to check the cookies on our website on a monthly basis. Cookiebot also provides a monthly revision of the cookie table in this privacy and cookie statement.

HubSpot

HubSpot is used by us as a CRM system. This system stores data from (potential) customers. In addition, HubSpot is used to analyze whether a communication message is used and/or viewed. For example, through a tracking pixel in advertisements that we place via LinkedIn and Google.

Handling an order
When you place an order with us, we use your personal data to handle it properly. We also receive information about your payment from the bank or credit card company. For this we use your name and address details, telephone number, billing address, e-mail address and payment details. We need this because of the contract we conclude with you. We keep this information until the order is completed and for seven more years after that (that is the Dutch legal retention obligation).

If you pay online, we also use the payment information we receive from your payment provider. We use this information on the basis of contractual agreement. We keep this information until we think you are satisfied with our response. If you have placed an order, we will keep the information until the order has been processed and seven years thereafter (the legal retention period).

Submitting online forms and communication via live chat
By means of our contact forms on our website you can, for example:

  • ask us questions;
  • report bugs/malfunctions/incidents;
  • request a demo, quotation or additional information about products;
  • request a new desired functionality;
  • submit a complaint/feedback;
  • make a callback request;
  • place an order;
  • register for a webinar.

For this we use your name, e-mail address and telephone number (optional). We do this on the basis of your permission. We keep this information until we are sure that you are satisfied with our response. After that, your data will be deleted. You can withdraw your consent at any time by sending us an email.

With our live chat option, you can also ask us questions. For this we use your name and e-mail address. We do this on the basis of your permission. We keep these seven days; after that your data will be deleted. You can withdraw your consent at any time by sending us an email.

Registering user feedback and administering support

If you request support with the use of Zaurus, Zaurus will process the following personal data:

  • First and last name;
  • Email address;
  • Organization (optional);
  • Message content.

This data is processed on the basis of our legitimate interest. By means of the feedback we can speak to you and solve any problems. We do not store your personal data longer than necessary. In general, personal data for support and user feedback will only be kept as long as the ticket is active. If the problem has been resolved, your data will be removed from the ticket.

Sending newsletters

You can subscribe to our newsletter. As a result, you will regularly receive an e-mail with information, news and developments regarding Zaurus and you will stay informed about products, services and offers. This subscription can be canceled at any time by means of an unsubscribe link in the newsletter.

Your e-mail address will only be added to the list of subscribers with your explicit permission. The moment you cancel your subscription, we will delete your data. You can withdraw your consent at any time by sending us an e-mail or unsubscribing from the newsletter.

Sending service messages

We may use your e-mail address without your explicit permission to send strictly necessary information about our products and services, without commercial purposes. For example, about malfunctions, maintenance on the communication platform, changes in legal documents (for example: general terms and conditions). You can unsubscribe from these emails, but then you will miss very important information. For this reason, we would like to advise you not to unsubscribe from the service messages you receive from us.

Improving the quality of products and services

Under the motto ‘a little bit better everyday’, Zaurus is working on improving its products and services every day. We may be curious about your experiences with our products and services. We may contact you about this (i.e. quality purposes). We will use your email address or telephone number for this. Information you share with us will be treated confidentially and will not be kept longer than necessary. We do this on the basis of our legitimate interest. If you object to an approach for quality purposes, we will of course respect this. We will not approach you then.

Giving reviews

You have the opportunity to rate our products and services through various options.

Assessment via application or by mail

If you respond to a satisfaction survey via e-mail or via the application (for example by completing an online survey), this information will be processed anonymously and only analyzed and stored for the purpose for which it serves. 

Review via Freshdesk

We process your personal data on the basis of our legitimate interest. The review you leave via Freshdesk is used internally for the purpose of improving the service. The reviews are not shared with third parties. For the purpose of this assessment, we process the following personal data:

  • First and last name;
  • E-mail address;
  • Date;
  • Judgement.

We store your personal data for a maximum of 4 years after you have had your experience as a customer.

Apply for a job with us

On our website we offer the opportunity to apply for one of our open vacancies or to apply by sending an open application. We ask you to provide the necessary information, such as your name, contact details, CV, a motivation letter and any other information you send with your application.

Screening
In order to guarantee the safety of our products and our organization, all new colleagues are tested for integrity. For this you must submit a valid proof of identity, relevant diplomas, and a Certificate of Good Conduct (VOG). We will bear the costs of applying for your VOG.

Another part of the procedure is a social media and internet screening. We may use information found during the application process for further assessment. Performing the screening is necessary to ensure that our image is maintained when hiring new personnel. We therefore do this on the basis of our legitimate interest. We search for your name on Google and any profiles on various social media. This of course insofar as these profiles are public; we will not ask you to grant us access to a restricted social media page or to connect with us. The findings will of course always be discussed with you. We do not reject people solely on the results of a screening. If you object to the social media and internet screening, you can indicate this by e-mail when you apply.

If the screening shows that there are no objections to your appointment, nothing will stand in the way of your appointment.

The grounds for processing your data for the above-mentioned purposes may be: your consent, insofar as it is necessary to ultimately enter into an agreement with you and our legitimate interest in assessing whether we employ you on the basis of your request.

Retention periods
We do not store your data longer than is necessary for the aforementioned purposes. If you are not employed by Zaurus after the application procedure, we will not keep the data for longer than six weeks after the procedure has ended. This way we can still approach you if a previous candidate turns out to be unsuitable on closer inspection. If you have given permission to keep your data longer, we will keep the data for a maximum of one year after the application procedure has ended.

You can withdraw your consent at any time by sending us an email. If you come to work for us, we will store your application data in the personnel file.

When can we share your personal data with third parties?

Zaurus will only share your data with third parties if this is permitted under current legislation. We may provide your personal data to third parties because:

  • we have engaged them to process certain data;
  • necessary to perform the agreement;
  • you give permission for this;
  • we have a legitimate interest in this;
  • we are legally obliged to do so (for example, if the police require this when a crime is suspected).

The parties that process personal data in our or your assignment are:

  • Cookie suppliers (please see our cookie statement);
  • IT suppliers and service providers;
  • Payment service providers (and collection agency).

In order to provide this service, Zaurus can provide your personal data to parties located outside the European Economic Area (EEA). Zaurus only does this if there is an appropriate level of protection for the processing of personal data. This means, for example, that we use a model agreement from the European Commission or make agreements about the handling of personal data (i.e. a processor agreement).

With the exception of the partners mentioned in this overview, we will under no circumstances give your personal data to other companies or institutions, unless we are legally obliged to do so.

Security

The security of personal data is very important to us. To protect your privacy, Zaurus and our contracted third parties take appropriate organizational and technical measures including:

  • physical access control. Zaurus uses measures to prevent unauthorized persons from gaining access to data processing systems in which personal data is processed.
  • access to personal data is protected with a username, password and, where necessary, a login token.
  • using secure connections (TLS) that protects all information between you and our websites and apps when submitting personal data and sharing personal messages.
  • using firewalls, intrusion detection systems, intrusion prevention systems and virus scanners to ensure your data is always safe.
  • data backup.
  • purpose-based access restrictions and data storage within the European Union.

If Zaurus finds out that a high-risk security breach has occurred, we will notify you and, if necessary, ask you to take appropriate action.

Social media buttons

This website includes buttons to follow Zaurus on the social networks Twitter, LinkedIn and YouTube. A connection is only made with the social network in question if you click on the buttons. Read the privacy statement of Twitter, LinkedIn and YouTube (which can change regularly) to see what they do with your personal data when you visit these social networks.

In addition, the buttons on our website only refer directly to the Zaurus pages on these networks – no additional code from the social networks is loaded from our website and no additional cookies are collected. 

Profiling

We may decide to combine your personal data from different sources in order to provide you with the best experience. We also combine this data with the data you have left on or via one of Zaurus’ websites, namely:

  • zaurus.nl
  • support.zaurus.nl

By combining your data, we can make you personalized offers (for example, newsletters) that match your interests. This prevents you from receiving content or offers that are less interesting to you. Based on this profiling, we make selections at group level. However, we will never exclude you from any of our services and/or products on this basis.

Cookie statement

We use cookies from third parties on our website. Cookies are information files that can be automatically stored on or read from the device (such as PC, tablet or smartphone) of the website visitor when visiting a website. This is done via the web browser on the device. We use cookies to:

  • enable functionalities of the website (technical and functional cookies);
  • to analyze the use of the website and to make the website more user-friendly on that basis (analytical cookies).

These cookies collect the following information:

  • IP address;
  • Cookie ID;
  • Application and click behaviour;
  • Referrer URL.

When you visit our website for the first time, we show a message with an explanation about cookies. In so far as we are obliged to do so, we will ask for your consent to the use of cookies.

In the table in Appendix 1 (see further on on this webpage) you will find an overview of the cookies we use.

Enabling and disabling cookies
In your browser you can set that the storage of cookies is only accepted if you agree. For more information, consult the manual of your web browser. Note: many websites do not work optimally if the cookies are disabled.

Retention periods and deletion of cookies
Most cookies have an expiration date. This means that they automatically expire after a certain period and no longer register data from your site visit. You can also choose to manually delete the cookies before the expiration date has passed. For more information about this, you can consult the manual of your browser.

The responsibilities of Zaurus B.V.

Zaurus B.V. is legally responsible for the processing of personal data which takes place within Zaurus B.V. We fulfil the obligations arising from this as follows:

  • Your data is only collected to support the provision of care and is used for the described purposes in this statement;
  • You will be informed of the fact that personal data is processed. This is indicated wherever we request personal data by referring to this privacy statement.
  • All employees of Zaurus B.V. have signed a confidentiality statement;
  • Your personal data is well protected against unauthorized access;
  • Your personal data is not kept longer than is necessary to provide good service and care.

Your rights as a stakeholder

Regarding your personal data you have the following rights:

  • the right to know if your personal data is processed;
  • the right to inspect and ask for a transcript of the data that is processed (insofar as this does not harm the privacy of another);
  • the right to request correction, addition or deletion of your data;
  • the right to block the transfer of your data to third parties (one or more of the aforementioned care providers);
  • the right to request deletion of personal data. This can only be done if the retention of the data is not of significant importance to another and the data does not have to be retained on the basis of (a) statutory regulation(s);
  • the right to oppose the processing of your data.

If you want to exercise your rights, you can contact the Data Protection Officer of Zaurus B.V. who looks after your interests. Your interests can also be represented by a representative appointed by you. Make sure that you always clearly state who you are, so that we can be sure that we do not modify or delete data from the wrong person.

In principle, we will comply with your request within one month. However, this period can be extended by two months for reasons related to the specific privacy rights or the complexity of the request. If we extend this term, we will notify you within the first month.

In addition, you can inform us in writing if you do not want to be contacted with information about our products and services. See the contact details of the Data Protection Officer further on in this document.

To file a complaint

If you have any questions or wish to submit a complaint about the use of your personal data, you can contact us using the contact details at the bottom of this privacy statement. We handle every question and complaint internally and communicate this further with you. However, if you think that we are not helping you in the right way, you can contact the Dutch Data Protection Authority to file a complaint.

For example, the Dutch Data Protection Authority can engage you to mediate in the dispute or to request advice. As a last option, you can lodge an appeal with the civil court.

Amendments to this privacy statement

When our service changes, we must of course also adjust the privacy statement. So always pay attention to the date at the top of this page and check regularly for new versions. We will do our best to announce changes separately.

Data Protection Authority

In case of questions or complaints, you can contact the Data Protection Officer of Zaurus B.V. The Data Protection Officer ensures that personal data is being dealt with in an appropriate manner and data is safe, all the time. The Data Protection Officer guarantees the privacy of users and the service provided.

Zaurus B.V. (# Dutch Chamber of Commerce : 72991941)
Attn. Data Protection Officer
Comeniusstraat 5
1817 MS ALKMAAR (The Netherlands)
Telephone: +31 72 – 202 9123
E-mail: dpo@zaurus.nl
Website: www.zaurus.io

If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervising authority. This is called the Dutch Data Protection Authority (i.e. “Autoriteit Persoonsgegevens”).

Data Protection Authority (Autoriteit Persoonsgegevens)
PO Box 93374, 2509 AJ THE HAGUE (The Netherlands)
Tel: +31 900 – 200 12 01, available on workdays from 09:30 AM to 12:30 PM (€ 0.05 per minute) www.autoriteitpersoonsgegevens.nl

Appendix 1: Cookie declaration from Cookiebot

×
In order to offer you the right products, we would like to know how many employees your organization has.