This Privacy Statement was last updated on January 21, 2020.
GRESB B.V. is committed to protecting and respecting your privacy. This statement (together with our Portal Terms & Conditions and any other documents referred to on it) sets out the basis on which any Personal Data (defined below) we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.
1. DATA CONTROLLER
1.1. The entity controlling the processing of your Personal Data is GRESB B.V. We have our registered office at the Barbara Strozzilaan 101 (1083 HN) Amsterdam, the Netherlands. We are registered with the trade register of the chamber of commerce under company number 55416071.
1.2. You may contact us at the above address or at the following email address: firstname.lastname@example.org.
2. PRIVACY OFFICER
2.1. For any questions relating to this statement or to exercise your rights on your Personal Data, including but not limited to provisions of the GDPR, please contact GRESB’s Privacy Officer at the above postal address or at the following e-mail address: email@example.com.
3. INFORMATION WE MAY COLLECT FROM YOU:
3.1. We may collect information about you by the following means:
- Cookies; and
- Forms in the website including but not limited to creation of user accounts.
3.2. We may collect and process the following information about you:
- Information regarding your name, employer name, email address, postal address and telephone number that you provide in connection with the use of our site;
- Information about your computer, including where available your IP address, operating system and browser type, for system administration. (Disclaimer: This is statistical data about our users’ browsing actions and patterns, and typically does not identify any individual, however it may constitute as Personal Data, as defined below.)
3.5. We may also collect, directly or indirectly via google analytics, details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
3.6. We may also keep a record of correspondence, in the event you contact us, and/or complete forms in response to our annual consultation period.
3.7. We may retain details of products and services provided by us to you including details of invoices and receipts, and records of transactions you carry out through our site and of the fulfillment of your orders.
3.8. Any and all of this information may be defined as ‘Personal Data’. Our site includes password-protected areas of our site known by as the GRESB Portal, which may be web pages hosted by our external information technology service providers appointed by us. However, this statement only applies to Personal Data provided in the GRESB Portal and the public website for GRESB. Our website does not include the third party websites described below.
4. PURPOSE AND LEGAL BASIS FOR PROCESSING
4.1. GRESB is committed to protecting the personal data of:
- Clients and prospective clients;
- Subcontractors and consultants;
- Candidates; and
- Visitors to the website https://gresb.com/.
4.2. The Personal Data we collect concerning you are processed in full compliance with European regulations.
4.3. When processing your personal data, the purposes pursued are:
|Purpose A||To get in contact in the context of a selection and recruitment procedure, in order to take steps prior to entering into a contract with you|
|Purpose B||To manage accounting requirements (including but not limited to registration, fee, invoicing process) on the basis of our legitimate interest|
|Purpose C||To manage contacts and relations with all GRESB clients and subcontractors, on the basis of our legitimate interest|
|Purpose D||To provide you with information, products or services that you request from us or which we feel may interest you, or to notify you about changes to our services, on the basis of your explicit consent, or your implicit consent if you are already a client|
|Purpose E||To manage complaints and customer service, on the basis of our legitimate interest|
|Purpose F||To manage customer orders, on the basis of our legitimate interest|
|Purpose G||To ensure that content from our website is presented in the most effective manner for you and for your computer, on the basis of your explicit consent|
|Purpose H||To prepare claims and legal defense, on the basis of our legitimate interest|
|Purpose I||To manage emails accounts (filed or not filed), on the basis of our legitimate interest|
|Purpose J||To manage our IT system, on the basis of our legitimate interest|
When the processing of your personal data is based on your consent only, you have the right to withdraw this consent at any time. We will then erase your personal data and stop processing it. If we do no process your personal data, we will not be able to achieve or fully achieve the purposes mentioned above.
4.4. Where the processing of your Personal Data is based on your consent only, you have the right to withdraw this consent at any time. We will then erase your Personal Data and stop processing it.
5. THE TIME WE KEEP YOUR DATA
Your personal data is kept for the time required for the pursuance of the above purposes as follows:
|Purpose A||1 year from the closing of applications or (if spontaneous application) from the processing of the application (with consent)|
|Purpose B||7 years after accounting|
|Purpose C||3 years from the end of the commercial relationship with you|
|Purpose D||3 years from the end of the relationship with you if you are a client or from the last contact with you if you are a potential client|
|Purpose E||20 years after the occurrence of the concerned event|
|Purpose F||20 years from the order|
|Purpose G||1 year maximum after their first deposit in the terminal equipment of the user or 1 year after the consent (if consent-based)|
|Purpose H||20 years after the data collection|
|Purpose I||6 months after the reception of the email except in cases of legal disputes and investigations|
|Purpose J||The same storage periods that above-mentioned, depending on the initial purpose of the processing stored in our IT system, ranging from 6 months to 20 years|
6.1. The Personal Data that we collect from you may be transferred to, and stored at, outside the European Economic Area (“EEA”), currently limited to the USA, Singapore, or to authorized employees in Canada, USA and Australia.
6.2. It may also be processed by staff operating outside the EEA that work for us or for one of our suppliers, or our parent company based in the United States. Such staff maybe engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services.
6.3. All information you provide to us is stored using a password-protected system managed either by us or by independent contractors appointed by us. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share such passwords with anyone.
7. RECEIPT AND TRANSFER OF YOUR PERSONAL DATA
7.1. We may disclose your Personal Data to any parent, subsidiary or group company that may be located outside the EEA, currently limited to the USA, Singapore, or to authorized employees in Canada, USA and Australia.
7.2. Please note that some of the abovementioned countries are not recognized by the European Commission as ensuring an adequate level of protection of Personal Data. GRESB B.V. implemented appropriate safeguards for the protection of your rights and interests in these countries, by executing standard contractual clauses and binding corporate rules, a copy of which can be requested by contacting the following e-mail address: firstname.lastname@example.org.
7.3. We may disclose your Personal Data to third parties:
- We may disclose your personal data to our subcontractors in order to achieve the various purposes described above in section 4. These categories of subcontractors are the following: IT system provider, complaint management software provider, customer order management software provider, CRM software provider and training providers.
- In the event that we transfer, buy or otherwise deal with any business or assets, such as in a merger or an acquisition, in which case we may disclose your Personal Data to the prospective transacting party or parties of such business or assets;
- If GRESB B.V. or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets;
7.4. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement.
8. YOUR RIGHTS
8.1. You have the right to request from GRESB B.V., among others,
- Access to a number of information concerning your data and the way we are processing them;
- Rectification of inaccurate or incorrect data;
- Erasure or restriction of inaccurate data or data unlawfully processed;
- Oppose and cease to use your Personal Data for any direct marketing purpose;
- To receive your Personal Data in a structured, commonly used and machine-readable format, enabling you to transmit the data to another controller.
To exercise your rights or for more information on the full extent of your rights, please contact our Data Protection Officer by mail or e-mail at the addresses indicated above. Please attach to your request a copy of an official identity document.
8.2. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
9. VOLUNTARY SUBMISSION OF INFORMATION
9.1. For clients of GRESB, Participants and Members of the GRESB Portal and vendors of GRESB, the provision of your personal data is a statutory and/or contractual requirement, and/or a requirement necessary to enter into the contract with GRESB. Not providing them may result in not entering into the contract with GRESB, or not enabling GRESB to perform its services.
9.2. For any other casual browsers, the provision of your Personal Data is purely voluntarily-based. You may use the GRESB website without disclosing personally identifiable information, and we will not obtain such information about you unless you choose to submit it to us. Any information you submit will be used internally only; however, submission of information authorizes such internal use by us and our employees.
9.3. Not providing your Personal Data may only prevent you to receive information on and activities of GRESB B.V.
9.4. Clients of GRESB, Participants and Members completing the Membership Form will be automatically added to GRESB’s Newsletter list. They can unsubscribe from receiving the GRESB Newsletter at any time.
10.1. If you believe your data are unlawfully processed by GRESB B.V., you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
11. CHANGES TO OUR PRIVACY STATEMENT
11.1. Any changes we may make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Changes to the Privacy Statement will be dated and will be effective from the date specified forward.