The KOMO Foundation PRIVACY STATEMENT
This Privacy Statement defines how the KOMO Foundation (hereinafter referred to as ‘the Foundation’ or ‘we’ / ‘us’) handles personal data belonging to our certificate holders, certification bodies, companies, suppliers and other contacts.
This statement also clarifies the goals and principles of data processing. It also sets out which personal data we process. This statement also describes your personal data rights and who your contact person is within the Foundation.
General measures to protect personal data
The Foundation respects your privacy. All personal data belonging to you and retained by us is treated with care and protected in accordance with the new European privacy legislation, the General Data Protection Regulation (GDPR).
Personal data is information about an identified or identifiable natural person. The type of data the Foundation collects is determined by the purpose for which it is collected. If it is relevant for a specific purpose, we process the following personal data:
d. Telephone number
e. Email address
f. Company name
g. Data relating to your network peripherals, such as an IP address
h. Data about your web surfing behaviour.
How we process personal data
The reasons why we collect your personal data include, for example; because you make it available to us when you sign up for a newsletter; because you enter into an agreement with us; or because you use our website.
Personal data you have given us (for the principle on which this is based, see below in this text)
We process personal data if you:
- Apply for My KOMO (principle A)
- Provide a project description for placement on the KOMO website (principle A)
- Carry out certification for us (principle B)
- Use the registration form to register for the digital newsletter on the website (principles F and A)
- Use the registration form to register for meetings (principle A)
- Use the contact form (principle A).
We acquire personal data when we:
- Enter into an agreement with a supplier (principle B)
- Process, administer and invoice orders (principle B)
- Conduct statistical analyses (principle F).
Principle(s) for the processing and legitimate interests
The Foundation processes personal data according to the principles defined under the General Data Protection Regulation (GDPR).
Data processing is permitted in accordance with the GDPR on the basis of the following principles:
A. The data subject has given permission for processing.
B. The processing is necessary for the implementation of an agreement (e.g., employment contract, but also for a Licensing Agreement or a Service Level Agreement (SLA).
C. The processing is necessary in order to comply with a legal obligation (e.g., the Quality Assurance Act for building).
D. The processing is necessary to protect vital interests (vital: e.g., First Aid).
E. The processing is necessary for performing a general interest task (e.g., government, MOT inspection station).
F. The processing has a legitimate interest for the processing (e.g., marketing/direct mail).