This Privacy- and cookie statement was last changed on monday November 27th 2023.
Certwell B.V. (Certwell) provides an application that allows individuals, organisations and certifying bodies to record and monitor certificates of identified individuals for compliance. As part of the services we offer and when using our website (www.certwell.com), we process personal data. This privacy and cookie statement tells you which personal data we process about you and what we do with them. Certwell is part of the ORIBI Group; more information about the relationships between the entities and the impact these have on the processing of your data can be found later in this statement.
Our privacy and cookie statement in a nutshell
Your privacy is very important to us. We therefore adhere to the General Data Protection Regulation (GDPR). This means that we:- Clearly define our purposes before we process your personal data, by means of this privacy and cookie statement.
- Store as few personal data as possible and only those data that are necessary for our purposes.
- Obtain explicit consent for the processing of your personal data, if consent is required.
- Take necessary security measures, to protect your personal data. We also impose these obligations on parties who process personal data for us.
- Respect your rights like the right to access, correct or delete your personal data processed by us.
For what purposes do we use your personal data?
We obtain various personal data from you. For each purpose, we indicate which data we obtain from you, for what purpose we process them and for how long they are kept. If you have any questions or want to know exactly what we retain about you, please contact us. Our contact information is at the bottom of this privacy and cookie statement.
Website
Contact and complaint handling
When you send us an email, fill out the contact form on the website, contact us by phone, or contact us in any other way, you accept our offer to engage with us (performance of the agreement).
For this purpose, we process the following personal data:
- Name
- Business information (if you are making contact through a business)
- Contact details (email address and phone number)
- Any information you yourself enter as part of a message
We store these contact moments, along with the personal data you have provided, for the purpose of the contact and for handling any complaint you might have. We keep this information as long as is necessary for this contact or for a maximum of 2 years after we last had contact with you, because we want to make sure that we have handled your question or complaint properly.
Visiting our Location
When you visit one of our offices by appointment, we record your personal data for an appointment.
For this purpose, we process the following personal data:
- Name
- Contact details
- Appointment details
These data will remain in the diary for a maximum of 2 years.
Working at Certwell
If you have responded to one of our job openings or submitted an unsolicited application, then we will process your personal data in order to process your application, and to prepare for the possible conclusion of an employment contract.
For this purpose, we process the following personal data:
- Name and address details
- Contact details (email address and phone number)
- Curriculum Vitae
- Cover letter
- Passport photo
- Salary indication
- References
- Any other information you send with your application
We will retain your application data for a maximum of 6 weeks after the position is filled. We keep these data so that we can contact you if the position becomes vacant again within the probationary period. If we cannot offer you a position at this time, we may - with your consent - keep the application data for an additional year. You may withdraw your consent at any time by sending us an email. If you come to work for us, we will keep your application data in the personnel file. This file will be kept for as long as is necessary and, with respect to application data, for a maximum of 2 years after your employment commenced.
A social media and internet search may form part of the application process. This is necessary to ensure that when hiring new staff, our image is maintained. We therefore do so based on our legitimate interest. To do this, we search your name through Google, and your profile, if any, on various social media. Of course, we only do so to the extent that these profiles are public; we will not ask you to grant us access to a protected social media page or to link up with us. The results of the search will be discussed with you. If you object to this, please indicate this at the time of your application.
Application
Registering via our App
In addition to the website, we also have an application: the Certwell App, which can be found in the various app stores. You can use this app to register to create a certification passport. You can then use this account to access the Certwell App and upload your certificates.
For this purpose, we process the following personal data:
- First and last name
- Email address
- Date of birth
We process account data based on your consent. We keep these data for as long as the service is used.
Adding certificates
In the Certwell App, you can add and remove your certificates. When you have added a certificate, the certificate will be visible in the overview of your certificates in the app. When adding a certificate, we ask you to fill in some information.
For this purpose, we process the following personal data:
- Certificate name and number
- The organisation from which the certificate was obtained
- Date of certification
- Date the certificate expires
- Images of the certificate
We process the certificates based on your consent. Certificates will not be retained once the service is no longer used.
Validating identity
In order to validate your identity for your certification passport, we ask you to have your ID card, passport or driver's licence scanned by our app.
For this purpose, we process the following personal data:
- Type of document
- First and last name
- Date of birth
- Date of issue
- Gender
- Document number
- Nationality
- Country of issue
We process these identity data based on your consent. These data will not be retained once the service is no longer used.
Paired devices
Your certification passport is linked to your device on which you use the Certwell App. We use these device data to determine which devices you use your certification passport on.
For this purpose, we process the following personal data:
- Device name
- Operating system
We process device data based on your consent. We do not retain these data once the service is no longer used.
When may we share your personal data with third parties?
Certwell only shares your data with third parties when it is permitted to do so under current law. We may provide your personal data to third parties because:
- We have engaged them to process certain data;
- We have a legal basis for doing so;
- We are required to do so by law (for example, if the police require them in the case of a suspected crime).
The parties that process personal data on our or your behalf are:
- IT suppliers and service providers
- Hosting parties
- Telecoms suppliers
- Cookie service providers
- Payment service providers and collection agencies
- Mail order companies
- Marketing companies
- Review parties
- Partners
- External consultants and intermediaries
- Healthcare insurers
- Healthcare organisations
- Government agencies (including the Dutch Tax and Customs Administration, municipalities)
We may use third parties based in a country outside the European Economic Area (EEA) to provide our services. We only use such parties if one of the following situations applies:
- This recipient is located in a third country identified by the European Commission as providing an adequate level of data protection (an adequacy decision).
- The recipient of the personal data provides appropriate safeguards (e.g. by using EU standard contractual clauses).
- We have obtained your express permission to do so.
Certwell is part of the ORIBI Group. Some of the services are provided by other entities within the ORIBI Group. These include, for example, administrative tasks carried out centrally within the group. It could also be, for example, that a support worker from another entity may be able to help you in a better way with a particular problem. Data are only shared in this case if we have a legitimate interest in doing so or if we are required to do so by law.
This privacy and cookie statement applies exclusively to the services of Certwell and the ORIBI Group. We are not responsible for the privacy policy of other websites that can be accessed via a link on our website.
Cookies
On our website, we use our own cookies and those of third parties. Cookies are information files that can be automatically stored on or read from the visitor's device (like a PC, tablet or smartphone) when a website is visited. This is done through the web browser on the device.
We use the following types of cookies:
- Functional cookies: these cookies have a functional role within the website. They ensure that the website functions properly.
- Analytical cookies: these cookies give us insight into how our website is used. Based on this information, we can make our website more user-friendly.
- Marketing cookies: these cookies allow us to show you personalised advertisements (via our advertising partners).
Cookies may, among other things, collect the following data about you:
- Name
- Login information
- Screen display options
- IP address
- Cookie ID
- Website and clicking behaviour
- Referrer URL
- Behaviour within the application
When you first visit our website, we display a message explaining cookies. In doing so we will ask you for your consent to the use of cookies, to the extent we are required to do this.
the list is an overview of the cookies we use:
functional cookies:
- Cookie: Miscellaneous: First-party cookies with strictly functional purposes.
- Purpose: These cookies enable necessary functionalities of the application, like remembering the chosen language and whether consent has been given for cookies, displaying the cookie banner, etc.
- Retention period: Maximum of 2 years
analytical cookies:
- Cookie: Google Analytics
Entiteit: Google LLC, Verenigde Staten
waarborgen: Privacy- and cookie statement - Purpose: These cookies are placed to gain insight into user behaviour and to improve the user experience based on this information. We have set these cookies to be privacy-friendly.
This means that we:
- have entered into a data processing agreement with Google;
- only give Google masked IP addresses;
- do not otherwise share data with Google; and
- do not use other Google services in conjunction with analytics.
- Retention period: Maximum of 2 years
Enabling and disabling cookies
You can set your web browser to accept the storage of cookies only if you consent to them. Please consult your browser manual for more information on this. Please note that many websites do not work optimally when cookies are disabled.
Deleting cookies
Most cookies have an expiration date. If an expiration date has been set, the cookie is automatically deleted when the expiration date passes. You can also choose to delete cookies manually before their expiration date. Please refer to your browser manual for this. Below, per browser, you will find a link to the provider's website that gives a step-by-step guide on how to block or delete cookies.
Clicking behaviour and visiting data
The website retains general visiting data. In this context, the IP address, the time of retrieval and data sent by the browser, in particular, may be recorded and used for statistical analyses of visiting and clicking behaviour on the website. This allows us to optimise the operation of the website.
Google Analytics
We use Google Analytics to track how users use the website. The information, including the address of your computer (IP address), is transmitted to Google and stored by it on servers in the United States. Google uses this information to track how our website is used, to provide reports on the website to us and to provide its advertisers with information on the effectiveness of their campaigns. Google may provide this information to third parties if Google is legally required to do so, or to the extent that these third parties process the information on Google's behalf. We have no control over this. We have not allowed Google to use the information obtained for other Google services.
Social media buttons
On our website we use social media buttons, which redirect you to the social media platforms. This gives you the option to follow us and share content within the network. The buttons work because of pieces of code that come from the social media networks. If you want to know what the social media platforms do with your personal data, please read the privacy and cookie statement of the respective network:
- LinkedIn(privacy- and cookie statement)
- Vimeo(privacy- and cookie statement)
Google Maps
You can use Google Maps on our website, for example, to find the location of our office. Your location data are processed to find out where you are and determine your route. For this service, we use Google's navigation and location software. We have no control over what Google does with your personal data. So please always read its privacy and cookie statement as well. More information on Google's data processing can be found in Google's privacy- and cookie statement.
How are your personal data secured?
Personal data security is of great importance to us. Accordingly, we take appropriate technical and organisational measures with respect to the personal data processing that is to be performed, against loss or against any form of unlawful processing (like unauthorised access, deterioration, alteration or disclosure of the personal data). We are always adjusting our security and we pay close attention to what can go wrong.
Which privacy rights do you have?
- Right of access: you have the right to inspect the personal data we process about you.
- Right to rectification: ou have the right to correct or supplement the personal data we process about you if they are inaccurate or incomplete.
- Right to object: you can object to the processing of your personal data, including direct marketing.
- Right to erasure: you can ask us to erase your personal data.
- Right to withdraw your consent: if you have given us your consent to process personal data, you may withdraw this consent at any time.
- Right to data portability: if it is technically possible, you have the right to have the personal data we process about you transferred to a third party.
- Right to restriction of processing: n some cases, you may ask us to restrict (temporarily or otherwise) the processing of your personal data.
Once you have made your request, we may ask you to identify yourself. We request data for this purpose to ensure that you are actually the person to whom the personal data belong.
We will, in principle, comply with your request within 30 days. However, this deadline may be extended for reasons relating to the specific privacy rights or the complexity of the request. If we extend this deadline, we will notify you of this in a timely manner.
If you would like to exercise any of your rights, you can notify us of this via privacy@oribi-groep.nl.
The ORIBI Group also has a data protection officer (DPO). This officer can be contacted via privacy@oribi-groep.nl or mailto:fg@oribi-groep.nl fg@oribi-groep.nl.
Changes to the privacy and cookie statement
When our services change, we naturally have to update the privacy and cookie statement as well. So always note the date at the top of this document and check regularly for new versions.
Submitting questions or complaints
If you have any questions, or if you would like to make a complaint about the use of your personal data, please send an email to privacy@oribi-groep.nl. We will address each question and complaint internally and communicate with you about this. If you feel that we are not helping you in the right way, you have the right to file a complaint with the regulator. The regulator is the Dutch Data Protection Authority