What is personal data and what is meant by data processing?
Personal data is data that tells something about you, or that can be associated with you. It concerns data that says something about you as a person. Examples of personal data are your name, your address and your contact details such as e-mail address and telephone number. Your citizen service number (BSN), your date of birth and the IP address of your computer are also personal data. Information that says something about your personality, such as your interests, is also personal data.
The law also recognizes a special category personal data. This is information about you that is extra confidential. Examples of special personal data are data about your medical health, race, sexual orientation, religion and political preference.
Processing is a concept from European privacy legislation (GDPR). Processing includes almost everything that can be done with personal data, from collection to consultation and destruction. The General Data Protection Regulation (GDPR), article 4, describes processing as “collecting, recording, organizing, structuring, storing, updating or changing, retrieving, consulting, using, forwarding, distributing or otherwise making available, aligning (bringing ) or combining, blocking, deleting and destroying data”.
Legal bases for Processing
The primary basis is Execution of the Law, Execution of the Agreement and/or Legitimate interest of Yenlo.
Subsidiary the legal basis is Consent of the Data Subject, if the law requires the Consent of the Data Subject or if the aforementioned primary basis is insufficient. Permission is in any case required (as a legal basis) for the processing by Yenlo (including further sharing in the chain) of Special Data, newsletters, marketing and advertisements (cookies).
The aforementioned does not detract from the fact that on top of that there must be necessity and that the processing does not go beyond what is necessary. Yenlo only processes personal data insofar as this is necessary for the performance of its ICT services and activities. And only in ways that are (derived) compatible with the purposes for which this information was collected or subsequently authorized by you.
When does Yenlo act as an independent Data Controller or as a Data Processor on behalf of another?
See preamble of the Data Processing Agreement (DPA) at https://www.yenlo.com/data-processing-agreement-v5-1/
Regarding the processing of any personal data related to this Website (including any web form and handling thereof) and/or the acquisition of Customers, Suppliers, Partners or prospects and/or in the context of handling the order process for Finance, Sales or Marketing of Yenlo, Yenlo is processing for its own purposes and Yenlo acts in that respect as an independent Data Controller (and not as a Data Processor). This is important because a Data Controller is responsible for correctly and completely informing as well where necessary acquire the consent of Data Subject. Because Data Controller is responsible for all statutory tasks under the GDPR, such as providing for a Processor Agreement (if applicable), confidentiality, adequate security for the entire chain, informing the Data Subject, obtaining the Data Subject’s consent (where necessary), externally reporting a data breach to the privacy Authority and the respective Data Subjects and the handling of any other GDPR rights exercised by a Data Subject (such as inspection, deletion, data portability). And that for the entire supply chain (including all its subcontractors). A Data Processor, on the other hand, is only responsible for providing a Processor Agreement (if applicable), confidentiality and adequate security. But only for its own processing part in the supply chain.
From whom does Yenlo receive personal data?
Yenlo receives data primarily from Yenlo affiliates, Customers, Suppliers, Partners, parties Yenlo works with, and public sources.
With which parties does Yenlo share personal data?
Various parties may be involved in Yenlo’s services. These external parties have been carefully selected. Yenlo requires them to handle privacy-sensitive data just as carefully as Yenlo itself. This applies exhaustively to the following TYPE/KIND of receivers:
• The relevant Customer, Suppliers or Partner concerned
• Affiliated companies belonging to the Yenlo group
• Parties with whom Yenlo cooperates for the implementation of its ICT services and/or activities.
To ensure that Yenlo works as effectively and efficiently as possible, some services are outsourced to other companies. These concerns:
– Datacentres (being Amazon and Microsoft Azure).
– Software providers (including hosting platform providers) (such as WSO2, Apache, AFAS, Boomi, Mulesoft, Azure, InterSystems, Redwood/Cerberus FTP).
This also includes the suppliers of the software packages for the implementation of Yenlo’s own Finance, HR and Sales administration (such as Exact, AFAS, Microsoft, DocuSign/E-sign, Recruitee, My Justiz, EasyCV, Share, Trackadoo, LIFT, Pipedrive, Topdesk Marktplaats, Tableau, WeTransfer, Training Portal).
– Integration partners
– Externally hired software developers and consultants (including web designers)
– The cookie suppliers below.
– Various recruitment-, consultancy and/or marketing agencies.
– Archive managers,
– Debt collection and bailiff agencies, and
– parties that are given access to data in the context of certification processes (such as ISO and NEN).
Which personal data each of the above Type of Recipients (such as External Developers, Integration Partners, Archive Managers) has access to and for what concrete Purpose the above Type of Recipients use the personal data is described below or in Yenlo’s Data Processing Register. A copy of the relevant pages for the Data Processing Agreement will be sent upon request.
• Government agencies and external parties who must be informed due to legal obligations.
These parties only see your personal data if they need it to perform their task and when this is legally permitted. Yenlo never shares medical health data with other parties without your permission, unless there is a legal obligation or court order to do so. If the law is being violated or if there is a suspicion of this, Yenlo can choose to inform government parties.
• In addition, Yenlo may also share information with third parties in the context of scientific, statistical or historical research (including internship assignments). In that context, Yenlo can share information with government agencies (such as CBS) and recognized collective sector organizations in the context of scientific, statistical or historical research for non-commercial purposes in accordance with Article 24 GDPR. The same applies to internship assignments of Yenlo employees. Starting point for this is, in principle, your further consent or that the personal data cannot be traced directly or indirectly to persons in any way.
• Other companies or individuals, if you ask.
Contact persons, such as next of kin or court appointed administrators may request information about you if you have given explicit permission for this. If you wish, Yenlo can exchange information with other parties in specific cases. For example, your new or old employer or a doctor who gives you a second opinion or a lawyer. This only happens if you ask for it and with your explicit permission.
Yenlo expressly points out that the above recipient(s), also after termination of your Yenlo account, insofar as necessary and during the retention period prescribed below by law, may have access to your personal data.
What personal data collect and /or are shared by or with Yenlo with aforementioned recipients?
This varies per Type of Recipient (including per Customer, Supplier, Partner or relation) and even per project within the same Recipient, Customer, Supplier or Partner. In this context, we refer to the relevant Data Processing Agreement of the Customer, Supplier, Partner or Relation or to Yenlo Data Processing Register, which lists per application which personal data we process (for which purposes). A copy of the relevant pages for the Data Processing Agreement will be sent upon request. This mainly includes:
• Contact details: Name, address, place of residence, gender, telephone number, email address,
• Profile data, Performance feedback, IP address/Device and browser.
• E-mail messages.
• Job application: Job profile and profile photo, passport photo, CVs, Employment history and work related data, Comments about Candidates, Marital status, date of birth, place of birth.
• Sensitive: BSN number, passport, financial data.
For what purpose does Yenlo use personal data?
It concerns at least the following possible goals:
• Carrying out legal obligations.
• Execution of the Agreement.
• For the proper functioning and/or improvement of the Website, services and/or company/business operations of Yenlo.
• Carrying out quality tests.
Quality tests are carried out on the basis of ‘legitimate interest’ and, where necessary, ‘explicit consent’. Yenlo carries out quality tests to comply with its duty of care and to maintain the quality of the services offered.
• Recruiting and/or maintaining contacts with Customers, Suppliers, Partners and/or Relations.
• Marketing and advertising.
• Handling any question and/or complaint.
• Telephony and video calling.
In Yenlo’s Data Processing Register, it is further and more concretely determined per application for which concrete and/or further to be achieved Purposes the processing serves. A copy of the relevant pages for the Data Processing Agreement will be sent upon request.
We only process personal data of minors (persons under the age of 16) if written permission has been given by the parent, caregiver or legal representative
Non-Intrusive Necessary Functional Cookies
Non-Intrusive Necessary Functional Cookies help make our Website more usable by enabling basic functions such as page navigation and access to secure areas of the Website. Without these cookies, the Website cannot function properly. These Cookies consist of:
Cookies that ensure that the Website functions
Strictly necessary functional cookies ensure that the Website functions properly. These are cookies that are necessary for the operation of our Website. For example, they contain cookies that enable you to log into secure areas of our Website or use a shopping cart to create an account (such as “session cookies”).
Cookies to improve the performance of the Website.
Information about the use of our Website and the feedback we receive from our visitors helps us to improve and further develop our Website.
Preference cookies enable a Website to remember information that influences the behaviour and design of the Website, such as your preferred language (“language cookies”) or the region in which you live. Preference cookies are used to improve the performance and functionality of the Website. These are small files that are sent to the User’s browser and stored on the User’s PC. Such cookies remember, among other things, the language settings and personal preferences of the User. Such cookies aim to make the Website more user-friendly by tracking User behaviour and storing certain User preferences.
Cookies to analyse Website usage.
Web analytics: Analytical cookies collect information that Yenlo uses to understand how the Website is used and monitor its performance. In addition, these cookies help Yenlo to customize the Website and improve your user experience. We may also use this data to compile reports to help us analyse how the Website is used, what the most common problems are and how we can improve the Website; In short, we use analytical cookies to analyse our Website traffic in an anonymous way, so that we can adjust functionality and effectiveness.
To do this, we use Google Analytics to keep track of how users use the Website and how effective our advertisements are on Google search results pages. Google Analytics also includes interest and demographic reports. The information thus obtained, including the address of your computer (IP address), is transferred to and stored by Google on servers in the United States.
Non-Intrusive necessary functional cookies are, in accordance with the law, exempt from the prior consent of the User. At the request of the User, a full detailed overview of all (necessary functional) cookies will be sent for information. With regard to all Non-Intrusive necessary functional cookies, Yenlo International Holding B.V., established at Beechavenue 16, 1119 PT Schiphol-Rijk, the Netherlands (Chamber of Commerce number 28117017, acts as Data Controller.
Retention period: Non-Intrusive Necessary Functional cookies that are exempt from the consent requirement only have a lifespan directly related to the purpose for which it is used and are set to expire when no longer needed, taking into account the reasonable expectations of the average user. Therefore, these cookies generally expire when the browser session ends or even earlier (including Google Analytics Cookie Collect, _gid, _gat, _gat, _gat_UA-* and_gtag_UA_* ), except that the following cookies are even longer as 24 hours after ending Session retained:
– Google Analytics Cookies: _ga_* and _Ga_ which have a maximum retention period of 1 respectively 2 years, and
– Complianz Cookies which have a maximum retention period of 1 year.
Opt out of Google Analytics: If you do not want Google Analytics to record data about you (even if it is anonymised), you can opt out completely. You need to install a plug-in in the web browser. Click here for an overview of opt-out plug-ins for different browsers. You can also adjust the privacy setting of your browser.
Intrusive Tracking and Marketing Cookies (including third party cookies)
Tracking and marketing cookies (for marketing and social media purposes)
With tracking and marketing cookies your surfing behaviour can be monitored (by Yenlo (as Data Controller) and/or advertising companies (as Data Processor)). We use marketing cookies to track visitors when they visit our Website and to improve our digital marketing campaigns. These type of cookies allow us to recognize repeat visitors to our sites. By matching an anonymous, randomly generated identifier, a tracking cookie tracks where users of our Websites have come from, what search engine they used, what link they clicked, what keywords they used and where they were when they accessed the Website. By tracking this data, we can improve our Website. This allows Yenlo to show you advertisements based on your interest profile and surfing behaviour (for the purpose of remarketing). In addition, these cookies prevent you from constantly seeing the same advertisement. We use track and/or marketing cookies, after your explicit unambiguous consent, to personalize content and advertisements and to provide social media integration on our Website for sharing our content.
Third party cookies (for social media integration)
This Website includes buttons to promote or share pages on social networks with Facebook, LinkedIn and Twitter. These buttons are realized by a code provided by Facebook, LinkedIn, Twitter and YouTube themselves. Among other things, this code places a cookie. These cookies ensure that the content of the Yenlo Website is shared on social media. For more information about the data that social media companies collect, we refer to the relevant privacy and cookie statements of these companies.
|Name intrusive cookie||Maximum retention period||Placed by||Goal|
|Active Campaign ac_enable_tracking prism_||1 month 2 Year||Active Campaign||Storage and trace of interactions|
|As long as the Facebook account is not deactivated||Facebook Ireland||Identify the web browser used to connect to Facebook|
|Google Adsense _gci_au google_adsense_settings||persistent but Google keeps a tracking of days Persistent||Google Ireland Ltd||Placing Advertisements.|
and Google NID (*.google.com) Rc::C Rc::B Rc::A
|Session Session Persistent||Captcha Inc, which is owned by Google.com||The reCAPTCHA uses marketing cookies. These verify that you are a person and not a robot. It also prevents abuse by bots. Anonymously checks whether you are a person to prevent ‘spam bots’ from automatically sending messages or leaving comments, for example. The IP address is abbreviated and therefore made anonymous in countries that are part of the EU. The IP address transmitted by reCAPTCHA is not merged with other Google data. View the Google privacy information. https://measuredcollective.com/gdpr-recaptcha-how-to-stay-compliant-with-gdpr/|
|Google Maps API||expires immediately||Google Ireland Ltd/LLC||Figuring out and navigating your world|
|Leadfeeder _lfa_*||2 years||Leadfeeder||Show which Companies/Users visit the Yenlo Website and what they see.|
|As long as LinkedIn account is not deactivated. Sponsored posts are automatically archived in your Archive folder after 60 days of receipt||Identification and verification of User (account)|
|18 months for log data.||Authentication and security Functionality User preferences Analytics Research and development Personalized content Ads Marketing Personalization across devices|
|Wistia Wistia-Video-Progress-* Wistia||Persistent But Wistia has as policy 24 months, unless otherwise prohibited by the Privacy Laws.||Wistia Inc.||In-depth analytics see how your audience consumes and interacts with your videos. You can get an overall picture of a video’s performance through engagement graphs, or drill down to see how individual viewers view your videos through Wista’s heatmap.|
|YouTube||8 months for YouTube “pref” cookie and 30 minutes for the ‘pm_sess’ browser session cookie||YouTube uses the “PREF” cookie to store information such as your preferred page configuration and playback preferences, such as explicit autoplay choices, shuffle content, and player size. For YouTube Music, these preferences include volume, repeat mode, and autoplay.|
Opt in: intrusive “tracking, marketing cookies and/or cookies from third parties” require further consent from the Data Subject. At least for the use of these sort of cookies, Yenlo will request the further explicit unambiguous prior consent of the User via a cookie pop-up.
Opt out: Even if you have given your consent, you can still block or delete tracking and/or marketing and/or third party cookies at any time by changing your browser settings. How you can block or delete these cookies can be found in the help center of each browser concerned:
In addition to the foregoing, Yenlo will, as far as possible, avoid the use of “third party cookies” that are not requested by the User and that persist after deletion, and if this does happen in exceptional cases, Yenlo will request the further explicit unambiguous prior consent from the User.
If you fill in a web/contact form on our Website, we ask for your name, company name, telephone number and e-mail address. The purpose of this is to contact you or answer your question. The processing of this data is necessary for the proper handling of your request and to take action. The web/contact form will be sent to a mailbox. This mailbox is accessible to employees of Yenlo’s business office and they will then contact you. These web/contact forms are kept for as long as the nature of the relevant web form requires for the complete answering and/or handling thereof and up to a maximum of 6 months after handling for any follow-up questions. The provisions regarding non-intrusive functional cookies apply analogously to this section.
If and insofar as the User has explicitly granted further opt-in permission for this, the web/contact form can also be used for 6 months after the aforementioned processing of the Web/contact form (or much shorter if you use your right to opt out) and/or to approach and attempt to recruit you as a Yenlo prospect, customer, supplier, partner or relation. In that case, the provisions regarding marketing cookies apply analogously to this section.
Sign up for our newsletter and blog notification
If you have subscribed to our newsletter, you can indicate at any time that you no longer wish to receive it. Each newsletter and each offer shows how you can easily unsubscribe from receiving newsletters or offers. Your data will only be shared with selected third parties for sending you offers that may interest you if you have explicitly given your consent.
Retention periods within Yenlo
Yenlo adheres to the legal retention periods. If there is no legal retention period, Yenlo does not store data longer than is necessary for the performance of the task.
Retention periods for Website visitors and cookies
For the retention period of the respective Cookies and the Web/contact form, see above. E-mails are stored for a maximum of 1 year after receipt unless it is necessary to store them for longer.
Other retention periods
Yenlo is legally obliged to keep financial data for 7 years from the end of the calendar year.
For a complete overview of the retention periods used, see https: https://goyenlo.atlassian.net/wiki/spaces/YISO/pages/3516301336/Overview+of+laws+and+retention+periods
The most important information security measures within Yenlo
Yenlo pays a lot of attention to the security of your personal data. Yenlo maintains confidentiality with regard to the information you provide. All data that you exchange with us via our Website is encrypted with TLS security based on the HTTPS protocol.
Data minimization/Minimum collection of personal data
Yenlo only collects the personal data that is necessary to help you as Supplier, Partner, Customer or its end customer as well as possible. The collection of this personal data is purely for the implementation of the ICT services and activities. So no data is collected for other purposes. Yenlo only asks for certain information when it is really necessary for the performance of its tasks.
Risk analyses are carried out on a regular basis and new technological possibilities or threats are examined. There is a continuous improvement process to respond appropriately to current risks, technical possibilities and legal obligations. Our personal data is stored in highly secured data centers. We also test the operation of our information security system. We use and are certified in accordance with the ISO27001 and NEN7510 standard and guidelines for information security. For a more complete overview of all security measures per application, we refer to https://www.yenlo.com/terms-and-conditions/dpa_sec_measurements.
Making use of your rights
Do you want to know what personal data Yenlo has about you? Do you want to have certain data corrected or transferred? If you think that Yenlo has or stores information about you that it should not have, or if you want to withdraw a previously given permission? Or would you like to have parts of your file destroyed or your entire file removed from the administration? If you can and want to exercise your rights, you can send a request to email@example.com or call 0031-20-2700700. Before Yenlo processes your request, it will verify your identity. This can be done by enclosing a copy of your proof of identity (without a readable BSN) with your request. What rights do you have when it comes to the processing of your personal data?
The GDPR describes which rights you have as a person. In short, these are the following rights:
• The right of access. You may request your file and other registrations of your personal data from Yenlo and view it yourself. This means that you can request an electronic copy of the processed personal data that Yenlo has from you free of charge (including the log filing so that you can see with whom the personal data has been shared, or who has had access). Yenlo will comply with your request for a right to an electronic copy, unless the privacy of another person outweighs your right to a copy.
• The right to rectification and addition. Is information incomplete or incorrect? Then you can have this supplemented and/or corrected.
• The right to restriction of processing. This means that Yenlo is (temporarily) not allowed to process your data.
• The right to object. Do you want certain data that Yenlo has from you not to be processed? Then you can object to that.
• The right to data portability. This means that you can receive the personal data you have shared with Yenlo at any time in a machine-readable format, so that you can transfer it to third parties.
• The right to have your file or personal data destroyed (the right to be forgotten). This means that all personal data that you want destroyed will be deleted, as long as this does not conflict with the legal obligations that Yenlo must comply with.
To exercise the aforementioned rights, you must contact the Dat Controller. Insofar as Yenlo acts as a Data Controller, Yenlo is responsible for handling these rights. If Yenlo is not the Data Controller, it will also forward your request internally to the relevant Data Controller.
Complaint or question about Privacy
Do you believe that Yenlo has not handled your personal data correctly? Or do you have a question or complaint towards Yenlo in the field of privacy protection. You can reach our Security Officer by emailing firstname.lastname@example.org or calling 0031-20-2700700. You can also submit a privacy complaint to the Dutch Data Protection Authority. This is only possible after you have first submitted the complaint to Yenlo.
Responsible party in relation to this Website (including Web/contact Form and/or Cookies)
The private limited liability company Yenlo International Holding B.V., established at Beechavenue 16, 1119 PT Schiphol-Rijk, the Netherlands (Chamber of Commerce number 28117017) is operationally responsible for the management of this Website, as the sole and independent Data Controller, and therefore the legal (data controlling) entity to be addressed for any complaints or questions, at least with regard to the use and/or functioning of this Website, any Web/contact Form and/or Cookies or the processing of personal data therein.
The information on this Website is for general information purposes only. The information is provided by Yenlo and selected third parties as we strive to keep the information up to date
Yenlo makes every effort to ensure that the information on this Website is as accurate and up-to-date as possible. It also strives for good accessibility of the site and of the services it offers electronically. Yenlo reserves the right to change the content of the information on this site.
Despite the constant care and attention that Yenlo pays to the composition of the Website, it is possible that the information on the Website is incomplete or incorrect. The information on the Website is regularly updated. Any changes can always be made with immediate effect and without any notice. If, nevertheless, there are inaccuracies in the data or if the information is no longer up to date, we regret this. However, Yenlo accepts no liability.
Yenlo does not guarantee that e-mails or other electronic messages sent to it will be received and processed in a timely manner and accepts no liability for the consequences of not receiving or processing them or processing them too late.
Unfortunately, it cannot be guaranteed that data distributed on or accessible via the internet is 100% secure. Therefore, although Yenlo tries to protect all personal data, Yenlo cannot guarantee that personal data will be completely secure against misuse by hackers or other criminal or criminal activities, or in the event of a failure of computer hardware, software or a telecommunications network.
Yenlo does not guarantee the security of the information/personal data that is sent to Yenlo via the internet or on systems that are not under the control of Yenlo. Yenlo is not responsible for any loss or damage that the Data Subject, User or third parties may suffer as a result of the loss of confidentiality of such information during its transmission over the Internet or through systems beyond Yenlo’s control.
All of the information available on this Website and its composition (texts, graphic material, logos, icons, videos, software, Feedback, databases, data, etc.) are Yenlo’s intellectual property rights (including copyrights, trademark rights, patents). The Visitor of the Website does not obtain any form of license with regard to that information, except to the extent strictly necessary for viewing the Website online. In particular, the Visitor to the Website is not permitted to copy, reproduce, display, modify, transmit, publish, adapt, provide, distribute, license this Website, transfer, sell, on any medium, by any means, or exploit in any way, either in whole or in part, without further express written permission from Yenlo.
Yenlo accepts no responsibility for the content of sites to which or from which reference is made by hyperlink or otherwise
Yenlo does not guarantee that the information, software or references or hyperlinks accessible through this Website are free of viruses or similar harmful components.
Limitation of Liability
Yenlo does not guarantee that the Website will function without errors or interruptions. Yenlo does not guarantee the proper functioning of the Website and cannot be held liable in any way for the malfunctioning or temporary (un)availability of the Website or for any form of damage, direct or indirect, that would result from access to or use of the Website.
Yenlo makes great efforts to ensure that the information made available on the Website is complete, correct, accurate and up-to-date. Despite these efforts, inaccuracies may occur in the information provided. If the information provided contains inaccuracies or if certain information on or via the Website is unavailable, Yenlo will make every effort to rectify this as quickly as possible.
Yenlo is not responsible for any error or omission in the information made available on the Website and accepts no liability in this respect. The information made available on the Website is not intended as a substitute for expert advice. If the visitor / user of the Website uses the information provided without verification or further advice, the visitor to the Website does so at his own expense and risk.
Yenlo cannot be held liable for direct or indirect damage to the Visitor or User of the Website that arises from the use of the information on the Website. Yenlo can at no time to whomever be held liable for any damages resulting from the use of this Website or any other activity (particularly as a result of links or hyperlinks), including, without limitation, any loss, interruption of work, equipment, corruption of computer programs or other data or any other goods or rights of the visitor / user of the Website or third parties. Insofar as not explicitly stated otherwise from the previous liability text or from mandatory law follows otherwise, the limitation of liability in Article 9 of the General Terms and Conditions of Yenlo hereby applies mutatis mutandis to personal data and damage related thereto.
For jurisdiction, reference is made to article 20 of the Yenlo general terms and conditions.