Introduction

We are committed to safeguarding the privacy of our clients, contacts, and website visitors. This policy applies where we are acting as a data controller with respect to the personal data of our clients, contacts, and website visitors; in other words, where we determine the purposes and means of the processing of that personal data.

This Privacy Policy does not apply to the collection and use of Personal Data in market research studies that we conduct. In these cases, kindly direct your privacy-related inquiries to our team that is conducting such specific project research. We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.

In this policy, “we”, “us” and “our” refer to SKIM Group. For more information about us, see “our details” section.

What information we collect
How we use your personal data
Providing your personal data to others
International transfers of your personal data
Retaining and deleting personal data
Your rights
Third party websites
Personal data of children
Our details
Amendments

What information we collect

In this section we have set out:

  • the information that we may collect;
  • in the case of information that we did not obtain directly from you, the source of that data.

We collect the personal data that you give us when you’re contacting us, meeting us in person, or through form submissions on our website. It may include, but not limited to:

  • Profile data such as first and last name, company name, job title, country, email address and phone number,
  • Preference data such as when you opt in to our marketing communication and select topics of interests, as well as when you opt in to blog subscription,
  • Correspondence data such as inquiry types and messages.

We also collect payment data when you are commissioning a research project to us. The payment data may include, but not limited to:

  • bank details,
  • company name,
  • company address,
  • VAT number,
  • payment terms, and
  • where applicable: vendor code.

On top of personal data that you give to us, we also automatically collect other data when you visit our website through our analytics tracking system, namely Google Analytics with anonymized IP (see here for their Privacy Policy) and HubSpot (see here for their Privacy Policy). It may include, but not limited to:

  • anonymized IP address,
  • browser type and version,
  • operating system,
  • referral source,
  • length of visit,
  • page views, and
  • website navigation paths.

How we use your personal data

In this section we have set out:

  • the personal data that we may process;
  • the purposes for which we may process personal data; and
  • the legal bases of the processing.

Profile and correspondence data

We may process your profile data; and where applicable correspondence data. The profile data and correspondence data may be processed for the purposes of:

  • communicating with you, and
  • enabling and monitoring your use of our website.

The legal basis for this processing is legitimate interest.

Website usage data

We may process data about your use of our website. This usage data may be processed for the purposes of analyzing the use of the website. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website.

Preference data

We may process your preference data such as your marketing communication subscription. These data may be processed for the purposes of sending you the relevant email communication. The legal basis for this processing is consent.

You can always opt out of this communication by clicking on the “Manage your subscription preferences here” at the bottom of our marketing emails or contacting us using the details set out here.

Other use cases

We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our compliance with legal obligation, namely the protection and assertion of our legal rights, your legal rights, and the legal rights of others.

We may also process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

In addition to the specific purposes for which we may process your personal data set out in this “How we use your personal data section”, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Please do not supply any other person’s personal data to us, unless we prompt you to do so.

Providing your personal data to others

We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

International transfers of your personal data

In this section, we provide information about the circumstances in which your personal data may be stored, processed, and transferred to any country where we have facilities.

To facilitate our global operations, we transfer information between the different SKIM entities and allow access to that information from countries in which the SKIM affiliated entities have operations for the purposes described in this policy. Our headquarters is located in the Netherlands and we have offices in the United Kingdom, Berlin, the United States, Brazil, Costa Rica, and Singapore.

We have taken appropriate safeguards to require that your Personal Information will remain protected. When we share information about you within and among SKIM’s affiliated entities, we make use of standard contractual data protection clauses, which have been approved by the European Commission, and we rely on the EU-U.S. Privacy Shield Framework to safeguard the transfer of information we collect from the European Economic Area. Please see our Privacy Shield notice below for more information.

EU-US Privacy Shield Framework

SKIM Group complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. SKIM Group has certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

In the context of an onward transfer SKIM Group has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The SKIM Group shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/welcome

In compliance with the Privacy Shield Principles, SKIM Group commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us using the information provided at “Our details” section.

SKIM Group has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Personal data submitted through this website resides on servers of our Marketing Partner HubSpot, Inc, in both the United States and Germany. Transfers to the US will be protected by appropriate safeguards, namely the EU-US Privacy Shield, in which HubSpot, Inc. has participated.

Retaining and deleting personal data

This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

Personal data that we store and process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes unless a longer retention period is required or allowed by law.

Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Your rights

You may exercise any of your rights in relation to your personal data by written notice to us. Please use our details for this purpose. You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity.

Note that in many cases, your rights are not absolute and we may not be required to comply with your request for reasons further explained below.

Your principal rights under data protection law are:

  • the right to access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object to processing;
  • the rights relating to automated decision-making;
  • the right to data portability;
  • the right to complain to a supervisory authority; and
  • the right to withdraw consent.

The right to access

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data we hold about you. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

The right to rectification

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

The right to restrict processing

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

The right to object to processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

The rights relating to automated decision-making

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

The right to data portability

In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to a third party of your choice.

The right to complain to a supervisory authority

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

The right to withdraw consent

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Third party websites

Our website includes hyperlinks to third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.

Personal data of children

Our website is not targeted at children below 16 years of age and we have no intention to collect personal data from children. If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.

Our details

This website is owned and operated by SKIM Group B.V.

Questions regarding this policy, complaints about our practices and access requests should be directed to the SKIM Privacy Officer:

  • via e-mail: dataprotection@skimgroup.com
  • via mail: SKIM Europe B.V. att: Data protection officer, PO box 29044, 3001 GA, Rotterdam, The Netherlands.

Please reference the subject of your request where applicable. We will investigate all complaints and attempt to resolve those that we find are justified. If necessary, we will amend our policies and procedures to ensure that other individuals do not experience the same problem.

If you would like to lodge a complaint against us, you may contact your local supervisory authority.

Amendments

We may update this policy from time to time by publishing a new version on our website.
Last updated: 13 Mar 2020