The content of this page was last modified on: August 27, 2021.
Hyarchis Information Security Management Policy
VDD Iqware B.V., hereinafter referred to as Hyarchis, processes personal data of visitors and users of its website. We do that in order to provide visitors and users with the most effective and prompt service that we can.
2. Who is Hyarchis?
Hyarchis is a software developer in the field of document management and data management based on artificial intelligence.
We develop and deliver our own software to companies in various industries. We also provide support on our software ourselves. Joint success is central to everything we do.
3. What personal data are processed by Hyarchis?
In order to provide you with the most effective and prompt service as a visitor to or user of our website, we process the following categories of personal data. We do not process special or sensitive personal data.
How do we obtain personal data?
We obtain some information automatically when you visit our website. We collect this information via cookies, for instance. In this context, we also refer to our Cookie Statement. We obtain other information if you actively provide it to us. For example, if you are or become our client or if you sign up for newsletters or events.
We also obtain information from third parties, such as personal data from the Trade Register of the Chamber of Commerce, or personal data available on public professional websites. We also obtain information from professional social media sources like LinkedIn.
Categories of personal data
The personal data we process in relation to you are direct personal data and indirect personal data:
Direct personal data
- Personal data provided by you
- contact details and other personal data. These include details such as your first name, surname, sex, address, telephone number, email address, job title(s), company name, email adress and (details of) your identification documents (identification data);
- contact details and other personal data filled in on contact forms or other web forms. The precise content of the data depends on the content of the contact forms and web forms;
- contact details provided during initial meetings, events, seminars, etc. These may include details provided on business cards;
- other personal data that are provided by you to us in any correspondence.
Indirect personal data
- Personal data that give insight into the use of our website or other electronic means of communication. These could include data such as:
- IP address (unique number identifying your device when you connect with the internet), which we use to measure your interest in our website;
- Session ID, type of device (computer, tablet, smartphone, etc.), Internet browser and operating system;
- details of your activities on our website, i.e. your browsing behaviour on the website, including data on your first visit, previous visit and current visit, the visited pages and how you navigate through the website and the kind of device you are using; and
- the opening and reading of a newsletter or commercial email. This also includes clicking behaviour in the email or newsletter.
- Personal data obtained from other sources:
- personal data available on public professional social media platforms such as LinkedIn. These are names and contact details;
- personal data obtained from the Trade Register of the Chamber of Commerce. This could include a Chamber of Commerce number and contact details; and
- personal data available on public professional websites, such as company websites.
4. Lawful basis for processing
We process your personal data only when this is permitted on grounds of one of the legal bases cited in the General Data Protection Regulation (GDPR). We are guided by the following legal bases:
If we have requested and obtained your consent to process your personal data, you have the right to withdraw such consent at any time. You can do this by contacting us ([email protected]);
– Statutory obligation;
– Legitimate interest:
We may also process personal data if we have a legitimate interest and this does not breach your privacy disproportionately. We use your contact details to invite you to seminars and events, for instance.
We also have a legitimate interest if we use your personal data to contact you after you have approached us yourself.
We do not always need permission to contact you. If we obtain your email address as a result of providing services, we can offer you similar services via marketing. In that case, we have a legitimate interest in offering you these services.
Minors – parental permission
We have no intention whatsoever to collect personal data relating to visitors to or users of our website who are less than 16 years of age, unless they have obtained explicit permission from their parent(s) or guardian. In view of the fact that we are unable to verify whether a visitor is over 16 years of age, we would advise parents or guardians to be involved in their children’s online activities.
After all, involvement of that type is capable of preventing data about children being collected without the parents’ permission. If you are convinced that we have collected personal data relating to a minor without parental permission, please contact us via the following email address: [email protected] Once we receive your request, we will delete the information we have collected.
5. Why does Hyarchis process the personal data listed above?
For Hyarchis, personal data are processed for one of three principles or aims. These are as follow:
- to analyse how our website is used (in order to make it more user-friendly)
- to be able contact you as a customer, potential customer or contact (in order to be able to provide our services)
- to be able to provide you with information, as our customer, potential customer or contact (in order to keep you up to date with regard to our business activities, to changes to the products and services we provide or with regard to specific and relevant developments in our specialist area that are applicable to you; whether or not prompted by innovations, statutory obligations or similar)
6. For how long does Hyarchis retain personal data?
Generally speaking, we can state that Hyarchis will not store your personal data for any longer than is necessary in order to achieve the objectives for which the personal data were collected in the first place. Unless, that is, we are subject to a statutory or other urgent obligation. The personal data processed by us is subject to the retention periods listed below.
|Direct personal data||A maximum of 26 months|
|Indirect personal data||A maximum of 26 months|
7. Sharing of personal data
Under no circumstances will Hyarchis sell your personal data to third parties. We will only provide them if that is necessary in connection with the performance of our agreement with you, or in order to fulfil a statutory obligation. In order to be able perform our agreement with you, Hyarchis may engage the services of organisations fulfilling the role of a service-provider.
We conclude processing agreements with those organisations processing your personal data on our behalf, in order to ensure that they are able to guarantee that your personal data receive at least the same level of security and confidentiality that is provided at Hyarchis. Organisations of that type must therefore not be regarded as “third-party recipients”, but as processing companies. For you, as a customer, potential customer or contact of Hyarchis, we remain responsible for the processing work carried out by our service-providers.
At the moment, your personal data is shared by us with the organisations listed below, due to the fact that we make use of the products and services those companies supply.
Our webhosting supplier
- automatically receives data that you, as a visitor to or as a user of the Hyarchis website, leave behind on the webserver(s) in use, for example as a result of navigating through our website or by contacting us using web forms or by e-mail
- data left behind on the webserver(s) are backed up on a periodic basis and those backups are also located on the webserver(s) in use,
Our supplier of analytics software
- automatically receives data that you, as a visitor to or as a user of the Hyarchis website, leave behind on the webserver(s) in use, due to the fact that Hyarchis makes use of analytics software made available by the supplier
- data left behind on the webserver(s) are backed up on a periodic basis and those backups are also located on the webserver(s) in use.
Marketing software supplier
- automatically receives data that you, as a visitor or user of the Hyarchis website, leave behind on the web server(s) in use, for example by navigating through our website. Receive your name and email address if you have subscribed to our email newsletter.
Online marketing partner
- receives data regarding your visit to our website and regarding your questions to Hyarchis.
Transfers personal data to third countries or international organisations
When your personal data are processed, your personal data may be shared with third parties. These parties may be located outside the European Economic Area (EEA). When applicable, we have taken appropriate (security) measures for sharing the personal data. In addition, we take into account the additional requirements that the GDPR sets for transfers outside the EEA.
We can transfer these data if we have your explicit consent or if this is necessary for performance of the contract.
8. Automated decision-making
Hyarchis does not make use of automated data processing to take any decisions on matters that may have (significant) consequences for data subjects as individuals. In this instance, this relates to decisions taken by computer programs or computer systems without human intervention (such as in the form of an Hyarchis employee) being required.
9. Viewing, amending or deleting personal data
As a customer, potential customer or contact of Hyarchis, you have the right to view, rectify or delete personal data about yourself. In addition, you are also entitled to withdraw any consent you may have given for the processing of your personal data by Hyarchis and to object to the processing of your personal data by Hyarchis. You also have a right of data portability.
Data portability means that you can submit a request to us, asking that the personal data we hold about you to be sent to yourself or to another party (an organisation designated by you). The transfer of data may take place by means of an .xlsx (Microsoft Excel) file in digital format.
You can send a request to view, correct, delete or transfer your personal data, a request to withdraw your consent, or an objection to the processing of your personal data to the following email address: [email protected]
In order to be certain that a request relating to personal data has actually been submitted by you, we request that you also send a copy of your proof of identity. When submitting a copy of your proof of identity, please ensure that on the copy itself, your passport photo, the MRZ (Machine Readable Zone – the strip with numbers at the bottom of your passport), your passport number and your Citizen Service Number (BSN) are covered over in black. We ask this in order to protect your privacy. We will then respond to your request as quickly as possible, within no more than four weeks.
We will do our utmost to respect your right to privacy. If you are of the opinion that we are not acting in accordance with the privacy legislation, it goes without saying that we would be grateful if you could inform us of that. In addition, we would like to point out that if desired, you are able to submit a complaint to the national supervisory authority (the Dutch DPA – Autoriteit Persoonsgegevens).
For more information on the rights you can exercise on the basis of the privacy regulations, please see the website of the Dutch DPA. See this webpage for an overview of your rights under the privacy regulations.
11. Cookies (or comparable technologies) used by Hyarchis
On our website, we make use of two types of cookies. A cookie is actually nothing other than a small text file that is saved on your computer, tablet or smartphone when you visit our website. The cookies that we use are necessary for the technical operation of our website and to make the site more convenient for you to use. The types of cookies we use are listed below.
Analytical cookies: this type of cookie does not save any personal data and therefore does not infringe upon your privacy. We only make use of analytical cookies to analyse visitor flows on our website. Using the insights we obtain from analysing visitor flows, we are able to make our website more user-friendly for you.
|_gat_gtag_UA_86940_5||Is used to reduce the number of server requests||1 minute|
|_gid||Is used to distinguish one visitor from another||24 hours|
|_ga||Is used to distinguish one visitor from another||24 months|
|_fbp||Is used for measuring and optimizing the performance of Facebook Ads||3 months|
|bcookie||Is used for measuring and optimizing the performance of LinkedIn Ads||24 months|
Functional cookies – only indirect personal data are saved using this type of cookie. On an individual basis, those data do not form any infringement on your privacy. An example of an item of indirect personal data recorded by us using a functional cookie is the Privacy Cookie Notice. The Privacy Cookie Notice enables us to remember, for the duration of your visit to our site, whether you have, or have not, acknowledged our cookie notice. If we cannot remember your choice, the cookie notification will be displayed to you again each time you visit a different page on our site.
|PHPSESSID||Is used to ensure that your login remains active on the customer portal||A maximum of 24 minutes following the final server request|
|pll_language||Is used to save perfered language||12 months|
If you want to make sure that your internet browser does not store any (or only a limited number of) cookies, you can configure your internet browser that way. What is more, you can delete all information saved in the past on your computer, tablet or smartphone using cookies by adjusting the settings of the internet browser you are using.
Below is an overview of the most frequently used types of internet browsers. If you activate the link belonging to the internet browser you are using, you will be taken to a webpage where you can adjust the settings of your web browser and can delete cookies.
12. How Hyarchis secures your personal data
Hyarchis takes protecting your personal data extremely seriously, which is why we take suitable measures to combat the misuse, loss or accidental disclosure of your personal data or any unauthorised access and unauthorised changes thereto. If you have the impression that we are not being effective in securing your data or you have observed signs of misuse, please contact us as a matter of urgency via the e-mail address: [email protected].
To give you an idea of what we do to secure your data, we have provided an overview below, detailing the measures that we take.
- The Hyarchis webserver contains security software (including a firewall).
- Data transfer with the Hyarchis webserver takes place via an internet connection that is secured in accordance with the TLS protocol (to verify this, check to see that the letters “https” are listed in the web address and look for the green padlock in your address bar).
- We apply DKIM, SPF and DMARC (three internet standards) in order to prevent you receiving e-mails bearing our name that contain viruses, that can be regarded as spam or are intended to harvest personal (login) details.
- DNSSEC is an additional security measure (supplementary to DNS) that is used by Hyarchis in order to convert a domain name to the associated IP address (during conversion, we add a digital signature that prevents you from being diverted to an incorrect IP address).
13. Applicable law
Any legal disputes arising as a result of this privacy statement will be submitted exclusively to the Dutch court under the applicability of Dutch law.