Privacy statement

The privacy statement tells what Peregrion does with your personal data, how Peregrion protects it and how you can exercise your GDPR rights.

What is personal data?

Personal data is information that can be traced back to you as a person. Examples of personal data are your name, home address and email address. You will find more information about personal data and privacy legislation on the website of the Dutch Data Protection Authority.

Why does Peregrion use your personal data?

Peregrion can use your data for various purposes. Below you will find an overview of the most common processing purposes of Peregrion and the personal data involved.

Data processingCategory of personal data
Peregrion websitesContact details
Peregrion Newsletter and email marketingPeregrion collects and processes personal data for targeted e-mailings such as newsletters, white papers and invitations to webinars after completing registration forms. We record data such as name, e-mail address, company name, position, and telephone number.
You can also request, change and/or delete data from us. This can be done via the contact form or unsubscribe link at the bottom of emails.
Customer and supplier managementContact details, (digital) signature, sex, date of birth or age; payment details, correspondence.
Customer satisfaction surveysContact details (name, telephone number, email address), project evaluation.
ProcurementContact details, ID details, financial data, sex, date of birth or age.
Access control to Peregrion location (visitor registration)Contact details; sex; date of birth or age; ID-card details.
Recruitment and selection of personnelContact details, CV details, correspondence content, provided information through submitted attachments (references, diploma’s, certificates etc.).
Legal proceedings (private law, administrative law and complaints)Contact details, sex; date of birth or age, ID card details, financial details, substantive procedural details.
Screening against (inter)national sanctions- and export controls regulationsContact details, sex, date of birth or age, place of birth, identification data

How long does Peregrion keep your personal data?

Peregrion does not process your personal data longer than necessary for the purpose of the data processing. The retention period depends on a number of circumstances:

  1. applicable laws and regulations,
  2. type of relationship with you as a data subject, for example customer relationship, job applicant or research participant;
  3. the necessity to keep data in connection with (future) legal proceedings.

Recruitment: legitimate ground and purposes of data processing

Peregrion uses your personal data to facilitate a responsible, effective and efficient recruitment and selection process. The legitimate ground for processing these data lies in the legitimate interest of Peregrion in recruiting and selecting potential candidates for job vacancies. Peregrion has taken appropriate technical and organizing measures to protect the data against any form of unlawful processing, such as loss, theft, misuse, unauthorized access, undesired disclosure, improper amendment or distribution.

Peregrion collects and processes personal data from both open applications and applications for existing job vacancies. Peregrion will only process personal data for recruitment purposes. Peregrion’s recruitment purposes are: comparing the applicant’s data with current vacancies, communicating recruitment and selection procedures, contacting applicants to plan interviews, testing applicants and informing applicants of other relevant vacancies. ‘Processing’ means collecting, registering, storing, organizing, transferring, adapting, modifying, retrieving, consulting, using, limiting, disclosing (via transmission, dissemination or another method), comparing, blocking, destroying and deleting recruitment information.

Retention periods

Peregrion retains the data of applicants during the recruitment and selection procedure. Following the end of the recruitment and selection procedure, Peregrion retains the data of applicants for one year after which the data will be removed. Peregrion retains personal data if there is a ‘business need’ to retain these data, e.g. retaining an applicant’s CV in case a suitable vacancy arises. Data can also be stored and used for analysis and reports aimed at improving the recruitment process.

GDPR rights

The GDPR grants people certain rights in order to check if the data processing is in accordance with the law. Most important rights relating to the recruitment process are your right to access, amend and delete your data. You can exercise your rights by contacting Peregrion.

No use of data by third parties

Peregrion will not make your data provided in the recruitment process available to third parties unless with your explicit approval, nor will your data be sold.

How does Peregrion secure your personal data?

Peregrion considers it very important that the personal data you provide is treated and secured with the greatest possible care. In order to optimally protect your personal data against loss, theft, unauthorized access or incorrect use, Peregrion takes appropriate technical and organizational measures to protect your personal data. These measures include measures to ensure the confidentiality, integrity and availability of personal data through physical, technical (access) controls.

Does Peregrion give personal data to other organizations?

Peregrion may share your personal data with other persons or organizations during normal operation of its business.

There are also situations in which Peregrion is legally obliged to provide personal data to others. This always concerns special circumstances such as compliance with applicable laws and regulations or legal proceedings.

Peregrion uses IT systems that are not hosted by Peregrion. Your data will then be processed in these systems on behalf of Peregrion. Peregrion ensures that contracted IT vendors use IT systems that offer an appropriate level of data protection.

Below you will find the main categories of recipients who may process your personal data.

  • IT-services, web and data hosting parties
  • Payment processors
  • Legal advisers and accountants
  • Courts
  • Governmental agencies

What are your privacy rights?

Based on GDPR, you have various rights to check if Peregrion collects and uses your personal data in accordance with the law. You can request access to your data, check if Peregrion has used the data lawfully or object against the processing of your personal data.

If you want to exercise your privacy rights, you can complete an online form. After you have submitted the completed form, you will receive an automatic confirmation by email. In response to your request, Peregrion may ask for identification.

You can also send your request to:

Peregrion BV
Zernikedreef 9
2333 CK Leiden

Incidents (data breach)

In spite of our precautionary measures designed to give personal data the best possible protection, it remains possible that an incident may occur in which personal data are involved. An incident of this type is called a data breach. If you believe that a data breach is occurring at Peregrion, always get in touch with us.

The following information should be supplied when reporting a data breach:

  • your name and contact details;
  • the nature of the incident;
  • which personal data are involved;
  • which systems are involved in the incident; and
  • when and how you discovered the incident.

Questions and complaints

If you have any questions about this privacy statement, please contact Peregrion. You can also send a letter to:

Peregrion BV
Zernikedreef 9
2333 CK Leiden

If you have a complaint, you can contact us in the same way. In addition, you are always entitled to submit a complaint to the Dutch Data Protection Authority.

You can also download the privacy statement via this link.

Changes

This privacy statement may be changed at any time by Peregrion without prior announcement. Changes come into effect as soon as they are published on this website.