top of page
Golfachtig gebouwontwerp

Privacy Statement

 

Dufinco
Strawinskylaan 6

1077 XZ AMSTERDAM

info@dufinco.nl

 

Dufinco respects the privacy of data subjects and processes personal data in accordance with the requirements set out in the General Data Protection Regulation (GDPR) and other applicable laws and regulations.

In this privacy statement, we inform you in a transparent manner about how we, as the data controller, process personal data, for which purposes this is done, and what rights you have in this regard.

 

Careful and Controlled Processing of Personal Data

Dufinco supports organizations in matters relating to governance, compliance, and laws and regulations. A careful and controlled approach to personal data forms an integral part of this.

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) and other applicable laws and regulations. In doing so, we apply the principles of lawfulness, purpose limitation, data minimization, and appropriate security.

Personal data may be processed when you contact us, use our services, apply for a position, visit our office, or collaborate with us as a supplier or business partner.

Legal Bases and Obligation to Provide Data

We process personal data solely on the basis of one or more of the following legal grounds as referred to in Article 6 GDPR:

  • performance of a contract or taking steps prior to entering into a contract

  • compliance with a legal obligation

  • legitimate interests of Dufinco, such as professional communication, relationship management, system security, and protection of business interests

  • consent of the data subject, where legally required​

If personal data are necessary for entering into or performing a contract, or for complying with a legal obligation, failure to provide such data may result in us being unable to (fully) provide our services.

Where processing is based on legitimate interests, we conduct a careful balancing test, taking into account the rights and freedoms of data subjects.

Services and Business Contacts

In the context of our services, we process personal data necessary for the professional and diligent execution of assignments. This may include name, job title, business contact details, correspondence, and contract or invoicing data.

 

This processing takes place for the purposes of:

  • performance of contracts

  • professional communication and relationship management

  • invoicing and financial administration

  • compliance with legal obligations

We do not retain personal data longer than necessary for the purposes for which they were collected, taking into account applicable statutory retention periods, including the fiscal retention obligation of seven years.

Recruitment

In the context of recruitment, we process personal data necessary for a careful assessment of suitability and reliability, including CV and contact details.

Rejected applications are retained for a maximum of four weeks, unless consent is obtained to retain the data for a longer period (up to one year) in the context of future opportunities.

Visits to Our Office

Dufinco is located in an office building managed by a landlord or building manager.

The landlord is independently responsible for the processing of personal data in the context of:

  • CCTV surveillance

  • access control

  • parking systems

For these processing activities, we refer to the privacy statement of the relevant building manager.

Where Dufinco independently records appointments for internal organizational purposes, such data are retained for a maximum of three months after the visit.

Disclosure to Third Parties

Dufinco only discloses personal data where this is necessary for the performance of our services or where we are legally obliged to do so. We enter into data processing agreements with external service providers, setting out appropriate security and confidentiality obligations.

If personal data are processed outside the EU/EEA, this will only take place with appropriate safeguards in accordance with the GDPR.

Security

We implement appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or unlawful processing. These measures are aligned with the nature of the data, the risks of processing, and the required level of confidentiality.

Your Rights

Under the GDPR, you have the right to access, rectify, erase, restrict processing, object, and, where applicable, data portability. You may also withdraw your consent at any time.

Requests can be submitted to:
info@dufinco.nl

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Automated Decision-Making

Dufinco does not take decisions based solely on automated processing, including profiling, which produce legal effects concerning data subjects or similarly significantly affect them.

Amendments

Dufinco reserves the right to amend this privacy statement. The most recent version will be published on our website.

For questions about this privacy statement, please contact us at info@dufinco.nl.

bottom of page