Privacy Statement Suppliers

This privacy statement applies to the processing of personal data suppliers for KeesdeBoekhouder B.V. and/or its subsidiaries, including Founders Finance B.V., Backseat Surfer B.V. and KeesdeBoekhouder Office B.V. (hereinafter jointly referred to as “KeesdeBoekhouder”).

The protection of your privacy is very important to KeesdeBoekhouder. We therefore take our responsibility to protect your personal data very seriously. That is why, among other things, KeesdeBoekhouder has drawn up this privacy statement for suppliers.

The purpose of this privacy statement is to be transparent about the manner in which KeesdeBoekhouder collects, uses and protects your personal data. We will also explain how we comply with privacy legislation, such as the GDPR. Please read this statement carefully in order to gain an understanding of how we handle your personal data.

We use the personal data only for the purpose for which we have obtained these data. We inform the suppliers we work with about this privacy statement by publishing it on our website, including it in our contracts and referring our contacts at our Suppliers to this privacy statement.

What are personal data?
The General Data Protection Regulation (GDPR) stipulates that personal data means any information relating to an identified or identifiable natural person. This means that information either concerns someone directly or can be traced back to this person.

About us
KeesdeBoekhouder, with its registered office at Nieuwe Teertuinen 25a in (1013 LV) Amsterdam, the Netherlands. is the controller within the meaning of the GDPR of the data we receive from you because you are our contact at one of KeesdeBoekhouder’s suppliers.

The purposes for processing your personal data
We process your personal data only for carefully established purposes. Below you will find more information about the various purposes.

1. For the completion of orders and contracts (day-to-day business operations)

What does this purpose entail?
In order to carry out and complete our orders and contracts with you as a Supplier – the performance of our day-to-day business operations – we process the personal data of, for example, our contacts at your business. These data help us supply you with the correct information for placing an order or entering into a contract. We may also process personal data to handle the financial aspects of our relationship. This would be the case, for example, if you trade via a partnership. The legal basis for the processing of personal data for this purpose is the conclusion or performance of an agreement (Article 6(1)(f) GDPR).

Which personal data do we process for this purpose?
Name, title, job title, telephone number, chamber of commerce number, employer, e-mail address, address details, account and VAT numbers and other relevant information that is provided during the performance of an agreement.

2. To maintain a sound relationship

What does this purpose entail?
We appreciate that you supply us with goods or services. We process a portion of your personal data so that we can send you small tokens of our appreciation on important occasions, as well as for Christmas or New Year’s. If you do not wish us to process your data for this purpose, you can always inform us of that fact via: [e-mail address or telephone number]. The basis is our legitimate interest in effective supplier relations (Article 6(1)(f) GDPR).

Which personal data do we process for this purpose?
Name, title, address details and information about the personal circumstances and preferences that are relevant for this purpose that have been provided by you or our contact at your business during our relationship with you as a Supplier.

3. Communication purposes

What does this purpose entail?
You are a supplier we enjoy working with and/or you supply us with certain goods or services. We process data so that we can contact you and to ensure that we can provide you with relevant information.

Which personal data do we process for this purpose?
Name, address details, telephone number, e-mail address, and possibly your job title.

Your rights
You have the right to be well informed about what we do with your data and why we need your data. We are informing you by means of this privacy statement. In addition to the right to be informed in a transparent manner, you have the following rights:

• Right to access (if you want to know which data we collect from you);
• Right to rectification (we will gladly modify any data that are no longer correct);
• Right to erasure (in some cases you can request that we delete your data);
• Right to restriction of processing (in some cases you can request that we restrict the processing of your personal data);
• Right to data portability (if you want to we can pass on your data to another party or give you a copy of your data);
• Right to object (in some cases you may object to the use of your personal data).

If you wish to exercise any of your rights, please contact us by sending an e-mail to support@keesdeboekhouder.nl. We always respond to your request within a month.

Who do we share the data with and where do we store them?
In a number of cases we provide your data to third parties. To processors who help us process your personal data, for example. It the context of the performance of our work we will also provide these data to any partners we work with. However, we will never sell your data to another party.

Processors who help us process your personal data may only use your data on our instructions and for the performance of the relevant services they provide to us. They are not allowed to use or pass on your data independently.

KeesdeBoekhouder has a statutory obligation to share certain personal data with government bodies, such as the Tax and Customs Administration. It may also be necessary for KeesdeBoekhouder to transfer your personal data in order to protect KeesdeBoekhouder’s statutory rights, once again in accordance with relevant legislation.

In addition, personal data may be shared with:

• An accounting firm. For the purpose of performing our annual audit.
• ICT service providers. They may require limited access to various personal data when maintaining, administering and supporting our systems and applications. We will always be consulted in advance.
• Advisers or legal advisers. We might, if applicable, have to provide them with your data in the context of a possible transaction or when seeking legal or other advice.

We work with various applications to process certain data. In order to protect your privacy, we choose our suppliers carefully and these applications are subject to strict rules. Most data are stored within the European Union.

For data processed outside of the EU we only work with parties that offer sufficient protection according to European rules. If we process your data outside of the EU – possibly via our external service providers – we make sure that your personal data are adequately protected. We guarantee this, for example, by using special contracts (such as EU model contract clauses).

How long do we retain your data?
We retain your data for as long as this is necessary for the purpose for which we use your data and/or for as long as the law requires us to retain the data. How long this is, exactly, is different for each case. This ranges from several months to many years, for example because this is required for our bookkeeping.

How do we protect your data?
Pursuant to Article 32 GDPR, we are obliged to implement suitable technical and organisational measures to prevent the loss or unlawful processing of personal data. We properly secure your personal data by means of physical, administrative, organisational and technical measures.

Only employees who have been given authorisation for this purpose have access to the data. They have also signed a confidentiality statement. As a result, we have an appropriate level of protection in place. We also periodically adjust this level of protection if necessary.

Our organisation is structured in such a way that we do everything to prevent breaches of security, i.e. “data breaches”. If there is a data breach, we will act in accordance with the Data Breach Protocol.

Contact and complaints
If you have any questions about this privacy statement or your rights as a data subject, please contact us via support@keesdeboekhouder.nl.

If you have any complaints about the manner in which we use your personal data or how we respond to privacy-related questions, you can submit a complaint with the Dutch Data Protection Authority.

Amsterdam, June 2022