Introduction

GD Group B.V. respects the privacy of its customers. It is important to us that your personal data is treated confidentially and that the applicable privacy legislation is observed. In this privacy statement we inform you about what we do with your personal data. Additional privacy conditions may apply for certain services or products from GD Group. This statement only concerns the processing of personal data, not business data such as health statuses.

Who is responsible for your personal data?

GD Group is responsible for processing your personal data. The contact details of GD Group are:

GD Group B.V.
PO Box 9
7400 AA Deventer
Phone number: +31(0)8820 25 575
E-mail: info@gd-group.org

When is personal data processed?

GD Group processes the following personal data: name, address, telephone number, e-mail address, bank account number. Which personal data or combination of personal data that GD Group processes may differ for each customer. Your personal data is collected if, for example, you (digitally) complete a form, send a letter or e-mail, make use of our online services, or call our customer service. You also supply us with personal data if you provide personal data at our office or to our employees. Additionally, personal data is collected within the context of a (potential) customer – or business relationship with GD Group. 

For which purposes does GD Group use your personal data?

Your personal data is used for an effective and efficient business operation, delivery of products and services and, among other things, more particularly for carrying out the following activities:

• GD Group processes personal data for implementing agreements and maintaining relationships with (representatives of) customers, suppliers and other parties involved. For example, the name, address details, e-mail address, telephone number, bank account number of a customer or its representatives are recorded and, if necessary, are amended if they change. The processing of personal data is based on an agreement entered into with the business relation, or the legitimate interest of GD Group to maintain relationships because this is necessary within the context of normal business operations.
• GD Group processes the personal data of (potential) business relations, such as name and address details, e-mail addresses and telephone numbers to be able to carry out its marketing activities. Where necessary, personal data is processed within this context on the basis of consent. For direct marketing purposes, the personal data of business relations is processed based on a legitimate interest because these activities are considered to be part of the normal business operations of GD Group.
• GD Group processes personal data, such as name, address details, e-mail addresses, telephone numbers, for communication purposes. Consider, for example, sending information about new products or services and (other) information with regard to animal health via (digital) newsletters or otherwise. Personal data can also be processed with a view to providing information about, for example, conferences, lectures, presentations, workshops or other meetings. Consent will be requested, if necessary, for providing information for newsletters and/or the option will be given to unsubscribe. Processing for other communication purposes is based on the legitimate interests of GD Group because this is carried out within the context of activities that belong to the normal business operations of GD Group.
• When visiting our office, visitors are requested to provide personal data such as name and business contact details with a view to the security of persons, buildings and information. GD Group makes use of camera surveillance on certain parts of the office premises, in the office buildings and in the laboratories. The basis for processing is the legitimate interest that GD Group has with regard to the security of its properties and employees.

Which third parties have access to your personal data?

Within the context of the business operations, GD Group can or must make personal data available to third parties, for example, delivery or collection services, branch organisations, public authorities, ICT service providers. Distribution of personal data does not always take place with a view to processing. Insofar as third parties process personal data, they do this in accordance with instructions given by us and we take appropriate measures to ensure that the personal data is only processed according to the purposes described above. We do not directly give your personal data to non-European countries. It may be that a third party we have engaged passes on personal data to countries outside Europe within the context of its services to us. This only occurs with our prior consent. We make sure that additional measures are taken to protect your personal data. Furthermore, GD Group will provide regulators, fiscal authorities and/or law enforcement agencies with personal data if we are legally required to do so or have obtained prior consent.

How do we protect your personal data?

We think it is important to store your personal data securely. We have therefore taken various technical and organisational measures to prevent unlawful use of your personal data. Among other things, we make use of secured servers, firewalls, encryption and also physical protection of areas where the information is stored. Your personal data is protected by us in the correct manner according to the current standards for information security (ISO 27001) and an information security policy. 

How long do we keep your personal data?

How long your personal data is kept by GD Group depends on the purpose for which it has been obtained and is processed. Important within this context are the expectation that personal data will still be used for the purpose for which it was obtained, the statutory retention period that applies for certain data, and the legitimate interests of GD Group. Your personal data is not kept any longer than is necessary for the purposes described above. When it is no longer necessary to process your personal data, it will be deleted or anonymised.

Requests with regard to inspection, correction, removal, objection and data transfer

If you want to inspect all the personal data that has been collected about you, please submit a request to this end by e-mail or by post to GD Group, PO Box 9, 7400 AA, Deventer. If you want to have your personal data corrected or deleted, object to a processing or make use of the right to data transfer, you can also make use of above-mentioned (e-mail) address. GD Group will respond to your request as soon as possible. 

Questions, comments or complaints

Please contact us using the above-mentioned contact details if you have questions, comments or complaints about the protection of your personal data by GD Group. On the basis of the legislation, you also have the right to submit a complaint to a regulator.

Changes

This privacy statement can be changed without prior notification. You can find the most recent statement on our website. This statement was drawn up on June 27, 2023.