Privacy statement IMCS
1. Who is responsible for processing your personal data?
Your personal data is processed by all companies which are part of the IMCS group.
For all privacy-related questions, You can of course contact us at any of the above addresses. In order to provide even better assistance, please contact us at this e-mail address: firstname.lastname@example.org
2. What type of data is subject to IMCS processing?
As regards customers, service providers and business relations, IMCS may process one or more of the following personal data, depending on the service performed by IMCS or the relationship between the person and IMCS:
– Name and first name
– E-mail address
– Telephone and/or mobile number
– Searches and browsing behavior on the IMCS website, IP address, browser type
– Date and place of birth
The data processed by IMCS in relation to employees can be found in the supplementary privacy documents to the employment contract.
The retention period depends on the type of data and is, in most cases, determined by law. More information can be obtained on first request.
3. Why does IMCS process your personal data?
IMCS carefully ensures that Your personal data are processed lawfully and that privacy legislation is respected. Your personal data are therefore only processed on the basis of a number of legal bases.
a) Legal basis
With regard to some data, IMCS is obliged to process and/or retain it on the basis of a certain legal provision of, for example, social, labour or tax nature.
b) Contractual basis
The main reason for processing personal data rests on a contractual basis whereby the processing of Your personal data is necessary for the performance of IMCS’ contractual obligations. This basis includes, for example – but is not limited to – IMCS’ obligations as an employer (employment contract), as a supplier of services (client contract) and as a business partner.
c) Legitimate interests of IMCS
IMCS is also entitled to use certain personal data for research, marketing, improving or expanding its services and sending its own very specific targeted and relevant information messages, newsletters and advertising messages. IMCS does not transfer data to companies outside the group for these purposes. Any transmission based on this justification is preceded by a specific internal exercise of considering all different interests in which the protection of privacy is central.
d) Consent for sensitive data
Where appropriate and needed, IMCS may have to deal with sensitive personal data. In most cases, IMCS will be legally obliged to process these data, for instance in the context of a tax return (national register number, dependent children, …). As privacy is very important to IMCS, where necessary it will also ask for permission to process these sensitive data.
4. What are YOUR rights as a person with personal data processed by IMCS?
In accordance with applicable privacy legislation and, in particular, the AVG/GDPR provisions, You as a data subject have the following rights.
– Right to be informed. You, as a data subject, have the right to be informed about which data IMCS processes and/or stores from You, insofar as this may not already clearly follow from this privacy statement;
– As a data subject, you may request access and inspection of personal data processed by IMCS at any time;
– In case certain data are incorrect or incomplete, You have the right to correct these data;
– If You wish to change data controllers, IMCS will – insofar as it is technically possible – transfer Your data to the new service provider for this purpose when You specifically request it;
– If You are not satisfied with the way IMCS handles Your personal data, You can always submit an internal complaint to IMCS, which will then try to accommodate Your complaints. If this attempt at conciliation does not provide a solution, a complaint can be submitted to the data protection authority;
– Finally, you may object to the processing or retention of certain data after which IMCS will delete the data insofar as it is not legally obliged to retain them for a certain period of time or if IMCS is legally or administratively prevented from deleting this personal data. In this case, the data subject will be informed and the data will only be kept. Invoking this right may imply that IMCS is forced to discontinue the provision of services.
The above requests will only be processed if they are substantiated and submitted in writing by letter or e-mail to email@example.com In order to process your request smoothly, we also ask you to identify yourself by means of a copy or scan of your identity card.
IMCS undertakes to answer and/or handle the above requests as soon as possible, free of charge and in an understandable manner.
IMCS reserves the right to enter into discussions with the data subject before granting the request. IMCS may reject a request when the data subject clearly already has this information himself, when the request is not substantiated, when one does not prove that one is the person concerned or when the request would require an unreasonable effort to provide the requested information, when it is technically not possible to provide it or when it is not possible to comply with one of these requests within the requested time limit.
5. Your personal data and third parties
Your personal data is only communicated to third parties if necessary for IMCS’s services. In order to guarantee the protection of personal data, IMCS has entered into third-party processor agreements following a due-diligence review of these third-party processors, ensuring the protection of Your personal data.
Some third parties to whom data is delivered may be located abroad, in which case IMCS takes extra care to ensure the protection of personal data.
6. Personal data security
IMCS has taken appropriate technical and organizational measures to ensure the security of Your personal data. In doing so, it uses the latest software security which is regularly updated and external IT suppliers who meet high standards.
In addition, IMCS has a strict password policy and all IMCS employees are informed about the dangers of data breaches and how to prevent them.
7. Data breach
A data breach is a personal data security breach that results in an unauthorized or non-legal release, dissemination, loss, alteration or destruction of certain personal data.
Since such incidents always come as a surprise, IMCS has made all reasonable preparations to prevent a data breach from turning into a catastrophe.
IMCS pays due attention to preventing such incidents by training and informing its employees, ensuring the safeguarding criteria with third-party processors and putting together a privacy team that closely monitors all privacy-related questions.
In case an incident does take place, IMCS has developed internal procedures, whether or not in consultation with an external law firm, to quickly get an overview of the problem, conduct an investigation into the severity and extent of the breach and, finally, be able to make a correct assessment for further consequences.
IMCS takes the protection of Your privacy seriously. Nevertheless, it may happen that You still have a question about the protection of Your personal data by IMCS. In that case, please contact our privacy team at firstname.lastname@example.org.