Privacy statement
Privacy statement for business clients
To perform our duties as network manager, we cannot avoid the use of personal data. At the same time, everyone is entitled to privacy. That is why we handle your personal data ethically and with care, while being honest and transparent about hoiw we use your data . In this privacy statement, you can read how we handle your personal data, what personal data we process of our business clients and what we use them for.
This privacy statement was last changed on 3 April 2019.
*Anywhere you read Enexis, this means Enexis Holding N.V.
Statutory Framework
We not only believe that handling your data confidentially is important for moral considerations, but we also ensure that we process your personal data in accordance with privacy legislation. As processor of personal data of business clients, to process these data we must comply with the General Data Protection Regulation (GDPR). The GDPR has been applicable to the entire European Union (EU) since 25 May 2018.
Personal data
According to the General Data Protection Regulation, personal data are all data that relate to an ‘identified or identifiable natural person’. In this case this refers to you, as our business client. The combination of name and date of birth, contact details, passport photo, email address, telephone number, education and number plate are examples of personal data. Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation is defined as special personal data.
Why do we need to have these personal data?
- We process your personal data for the following purposes:
- to maintain contact with you for our regular business operations;
- to answer your questions;
- for research to improve the quality of our services;
- to improve the Enexis websites (we follow visitors to our sites by using cookies);
- to improve our online services (via internet and social media).
- For example, we register your personal data when you:
o visit Enexis branches;
o participate in Enexis innovation projects;
o subscribe to a webcast;
o subscribe to receive a newsletter.
We process your personal data in the situations described below:
|
Type of processing |
What do we use these data for? |
Basis |
| Newsletters | We maintain contact with our clients by means of newsletters. We need your contact details for this (email address) to be able to send you these newsletters. | Consent |
| Customer service (client questions) | Enexis records the questions and comments of clients in order to improve its services and provision of information. | Legitimate interest |
| Tracking of website visits using cookies | Visits to the Enexis website are tracked by means of cookies. This is to improve the quality and convenience of the websites. | Consent |
| Visitor registration | Recording of the visitor's data | Legitimate interest |
| Camera monitoring | To secure its properties, Enexis monitors, among other things, its locations by means of cameras | Legitimate interest |
Optimal protection
In line with the General Data Protection Regulation, we protect your personal data by means of the following staggered approach:
1. EFFICIENT USE
ONLY WHEN NECESSARY
We only process the personal data required for performing our work. Our data processing register states what categories of personal data we process. By means of this register, we regularly assess whether there still is a valid basis for the processing of personal data. In addition, based on this register we assess whether the data are necessary for the purpose of the processing. If they are not, we will stop the processing of that data.
NOT RETAINING FOR LONGER THAN NECESSARY
We will not keep personal data longer than necessary for realising our goals. We also respect the retention period obliged by law. After this period expires, we destroy the personal data or we will store them in such a way that they cannot be traced back to a person.
2. SAFE PLACE OF STORAGE
We keep your personal data in a safe place where they cannot be lost or abused and where no one can access them when they should not.
DIGITAL
Every application is as secure as it should be.
PHYSICAL
In order to prevent unauthorised access to our internal systems, we manage access to our offices and electricity and gas stations. In addition, our paper archives in our offices are also secured where necessary.
3. ONLY AUTHORISED ACCESS
Only authorised persons have access to places where personal data are stored.
ACCESS MANAGEMENT OF OWN EMPLOYEES
Only employees who need the personal data to carry out their work will have direct access to these data. Moreover, they are only allowed to handle these data if this is necessary. We use authorisations and user profiles to define who can access what data and for what purpose, and we regularly assess whether these authorisations are still up to date.
SHARING DATA WITH EXTERNAL PARTIES
At Enexis, we only share data with third parties if this is necessary for our business operations, if we are legally obliged to do so or if this follows from another obligation. We do not sell personal data to third parties for our own commercial purposes. If we have to provide personal data to third parties, we do so in an anonymised or aggregated format where possible, so that they can no longer be traced back to specific persons.
Necessary for business operations
In order to realise our goals efficiently and effectively, we collaborate with external parties such as: IT suppliers of office automation and ERP service providers, and providers of cloud and network services. If we engage another party or agency to process or receive personal data for us, this party will have to sign a processing agreement or mutual arrangement, stating for what purpose they will receive and are allowed to process the personal data and how they must secure these data. This enables us to ensure that external parties handle personal data with the same care as we do.
Statutory obligations
In addition to the obligations under laws and regulations, certain government agencies can also make us provide personal data. For example law enforcement agencies in the case of fraud or criminal investigations.
Geographic protection
Enexis in principle only processes personal data within the EU. The General Data Protection Regulation ensures that all countries of the EU have the same laws and regulations in respect of privacy.
If the provision of certain services cannot be arranged within the EU, we will make contractual agreements with a service provider outside the EU. The level of privacy protection is then comparable to the situation for data processing inside the EU. For example, we can use agreements from the EU-US Privacy Shield. This is an agreement between the United States and the European Union on the way in which personal data are processed and secured.
4. CONFIDENTIALITY
Everyone at Enexis who can access the personal data must handle these with care and is bound by the confidentiality statement, the compliance protocol and the code of conduct of Enexis. The confidentiality statement and the compliance protocol incorporate the agreements that we make with our employees on how they should handle confidential data. The code of conduct contains rules in the area of the confidentiality of data, privacy and compliance.
Finally, we always make agreements with external parties on how personal data should be handled.
5. YOUR RIGHTS
As a data subject of Enexis you are entitled to access, correct, supplement and delete your personal data that are processed by us. You can submit a request for this purpose with klantenservice@enexis.nl. We will always respond to your request within four weeks.
RIGHT OF ACCESS
If you submit a request to access your data, we will show you what data we record about you, how we have obtained these data, who receives them and what we use them for.
RIGHT OF CORRECTION AND SUPPLEMENTATION
If the personal data are incorrect or incomplete, you are entitled to have these amended.
RIGHT OF DELETION
If your personal data are no longer necessary for the purpose for which they were collected, you can ask us to delete them. If we are legally obliged to keep your data (for example for the Tax and Customs Administration), this will not be possible.
RIGHT OF DATA PORTABILITY
At your request, we must transfer the personal data we have about you to you or an organisation of your choice. In legislation there are some restrictions in this matter. We will cooperate in this transfer insofar as this is possible.
DO YOU HAVE ANY QUESTIONS?
You can contact klantenservice@enexis.nl with your questions about our handling of your personal data.
DATA PROTECTION OFFICER
Are they unable to answer your question to a sufficient extent or are you looking for an expert who can act as an intermediary between you and Enexis? For example, because you believe that we did not handle your personal data with care, or because you have requested access to your personal data, but you are not satisfied with our response? In that case, you can contact the Data Protection Officer of Enexis Group. He supervises application of and compliance with the General Data Protection Regulation by Enexis. The Data Protection Officer can be contacted at the following email address: fg@enexis.nl.
DUTCH DATA PROTECTION AGENCY
If the matter is not resolved with the Data Protection Officer, you can contact the Dutch Data Protection Authority. This authority supervises compliance with the statutory rules for the protection of personal data. Like all organisations that process personal data, Enexis falls under the supervision of the Dutch DPA. You can read on www.autoriteitpersoonsgegevens.nl how to contact the Dutch DPA. Fortunately, this is hardly ever necessary, as we will always try to reach a good solution together with you.
WHO IS THIS DOCUMENT INTENDED FOR?
This privacy statement applies to all data subjects who are not employees of Enexis Holding N.V. and all its subsidiaries. The website of Enexis refers to a ‘link’ with a number of other organisations. Those organisations do not fall under the scope of this privacy statement. They have their own ways of handling personal data.
USE OF COOKIES
When offering our services, we use temporary cookies. These are simple, small files that are stored on the hard drive of your computer. We do not collect personal data with these cookies. We only use them to make using our website easier for you. We also use a cookie that ensures that our website can recognise you. These cookies enable us to adjust our site especially to you.
| Visit to our website | Visits to the Enexis website are followed by means of cookies. This is to improve the provision of information to business clients. | Consent |
| Enexis has access to the Facebook details of persons who visit or follow https://www.facebook.com/EnexisBV/ | Consent | |
| Enexis has access to the Twitter details of persons who visit or follow https://twitter.com/enexis | Consent | |
| Enexis has access to the Instagram details of persons who visit or follow Enexis Instagram accounts | Consent | |
| Enexis has access to the LinkedIn details of persons who visit or follow https://www.linkedin.com/company/enexis-b-v-/ | Consent |
Do you prefer not to use cookies?
No problem! You can disable the use of cookies in your browser, and you will still be able to visit our website.
6. AMENDMENTS
Although the basic structure will remain unchanged, we can amend this privacy statement in line with privacy legislation. So be sure to check this page every once in a while, in order to stay informed of our privacy policy.
Changes
Although the outlines will remain unchanged we can, in line with privacy legislation, make changes in this privacy statement. View it occasionally, then you will stay informed about our privacy statement.