Beepp Privacy policy

Welcome to the Beepp privacy policy. Beepp is an app (and console, website and services) that gives you employee involvement and with which you can help yourself, your team and your organization improve. This can be achieved by answering questions or by giving feedback. Your privacy is pivotal in this. This privacy policy tells you all about how Beepp deals with this issue.

Definition of terms

What is privacy?

Privacy is a broad concept that is connected to your entire private life, which includes the right to protect your workspace, living space and your family composition. This privacy policy is based on the General Data Protection Regulation (GDPR, or AVG in Dutch), also known as ‘the new European law on privacy’. This regulation (binding agreement), however, doesn’t apply to the privacy of individuals, but only covers the ‘processing of personal data’. Underneath you find an explanation of what is meant by ‘personal data’ and ‘processing’.

What are personal data?

Personal data are data based on which your identity can be established (directly or indirectly). These data include name and address details, email addresses, telephone numbers, location data etc.

What are special personal data?

Apart from ‘personal data’ the regulation also mentions ‘special personal data’. These include information about your health, race, sexual orientation, belief, criminal records etc. It is not allowed to use these data, except when this is done on one of the special grounds mentioned in the regulation. For instance, a church is allowed to register the data of its worshippers. Another exception is when the person involved has given explicit consent.

What is ‘processing?’

When we talk about ‘processing’, this means executing all kinds of operations on data. To be more precise, it comes down to: using, collecting, organizing, recording, owning, correcting, saving, storing, protecting, editing, changing, requesting, consulting, combining or otherwise matching, providing, making available, handing over, spreading, connecting, erasing and destroying personal data. Whether the processing is done by man or by a computer is of no difference to the concept of ‘processing’, as long as the person responsible for the data has some kind of influence over those data. Whether or not he or she really exercises this influence, doesn’t make any difference. Since the word ‘processing’ is such an old-fashioned word, we prefer the verb ‘using’ in this statement.

Employers

When we talk about an employer in this statement, we mean any kind of working relationship in which the Beepp app can be used.

Show me more

Policy

Purpose of this policy

With this privacy policy Beepp informs you and all of its other users about the use of your personal data, as well as the reason and the purpose of their use. We also tell you how we protect the data and who are possible recipients of this information. Additionally, we inform you of your rights and how you can exercise these rights. This includes your right to view your data and the right to have them removed.

It is our highest priority to maintain the privacy of our users. We see it is as our responsibility to protect the privacy of everybody whose data we use – and that includes your privacy – and to determine an honest and transparent policy that takes into consideration your interests. We trust that this statement is an important contribution in reaching our goal in this. If you still have questions and/or remarks after reading this policy, please send us an email: privacy@beepp.nl.

Due diligence

We will treat and protect all the personal data you have given us, with the utmost care and consideration. Beepp complies with all legislation for the use of personal data. This includes, among other things, that we:

  • only use your personal data for the purposes for which you have given us (you can read about the purpose of the use in this statement, as well as what data we use  – if a question is asked in the app and you push the ‘privacy’ button, you immediately see with what intention the question is asked);
  • protect your data as well as we can;
  • do not share your data with others, except when that is necessary for the realization of our app, if we are obliged to do so by law, or if you have given your explicit consent;
  • give you the opportunity to exercise your rights. In this statement we tell you what your rights are and how you can use them.

What does this statement apply to?

This privacy policy applies to the Beepp app, the console and accompanying services, the Beepp website and the use of it. Therefore it applies to all information provided to us by you, your colleagues, the organization you represent and to all information provided by our own employees, possible job candidates, visitors of our website, our suppliers etc. Of course we cannot accept any responsibility for the privacy policies of other organizations, their apps, websites or other sources, whether or not we refer to them in our app or on our website.

Show me more

You have no obligation to share your personal data

It is important for us to inform you that you have no obligation whatsoever to share your personal data with us. If you want to use the Beepp app, you will have to provide us with your name, telephone number and possibly your email address.

Use of the app

Downloading the app

Your employer or the organization you work for may decide to use the Beepp app to start a community within the organization. He or she can subsequently ask you to participate in the community and download the app. It is your voluntary decision whether or not you register and sign in on the app. However, probably you’ve already done so, otherwise you wouldn’t be reading this statement now.

Questions

In the app you find questions on your organization, about upcoming decisions, improvements in your department or other issues that matter to the organization, to you and your employer or client. Of course your employer is not allowed to ask you any questions that he or she cannot ask you in real life either. It is always up to you whether or not you answer a question.

Another advantage of the Beepp app is that it helps your organization get a realistic view of the organization itself. And that for instance it doesn’t only have to rely on the opinion of your new manager, with whom you might not get along all too well. The app helps your employer gain insight in the many compliments you received via the app. Compliments that you can put against the opinion of your new manager. We use your data – and the data of your colleagues and coworkers who also like to participate in this community – for this purpose. Without the use of these data we are unable to offer our services.

You can ask your employer to delete your data. Deleting in this case means: removing the personal data from your profile and seeing to it that data like your answers to questions in the app cannot be traced back to you.

Lawful processing

The use of (regular) personal data is only allowed if you comply with these six basic principles:

1) Purpose

In order to be allowed to use data you must have a specific goal. For example: optimizing your organization. We use your personal data for the following purposes:

  • Improvement of the organization, especially by creating a higher lever of transparency. For instance by asking questions that you – as an employee – can answer;
  • The possibility of giving compliments or tips and filing complaints;
  • Performance management;
  • Improvement of our software and other services.

For the purposes mentioned above Beepp may or may not process the following data:

  • name
  • email address
  • telephone number
  • a picture
  • position and department
  • contract hours

Beepp also collects the following data:

  • about users of the software;
  • about the duration and the use of the software;
  • about the pages you visited
  • which questions you answered and which questionnaires you filled in;
  • which compliments, tips and complaints you received and provided.

As you can see, our software also keeps track of general visitor data, and it can register your username, the time and the duration of your visit. This information can be used for statistic analyses of visitor behavior within our software. Beepp uses these records in order to optimize (the use of) our software. We do our best to anonymize these data as much as possible. We do not provide this information to third parties.

2) Lawfulness

For the use of personal data a lawful basis is needed. In other words: you need a good reason to use someone’s data. So, we’ll use ‘reason’ from now on. The law mentions six reasons:

  1. because someone has given permission to use the data;
  2. because the law demands it (e.g. sharing your social security number with the tax authorities when you accept a new job);
  3. because it is needed to carry out a contract (e.g. your employer who needs your bank account number in order to pay your wages);
  4. because it is necessary for the vital interests of a person (e.g. when it is necessary to protect or save someone’s life in case of severe injury);
  5. because it is needed to perform a public task (e.g. police); or
  6. because you have a legitimate interest in processing personal data. For example an entrepreneur who processes contact details of customers to be able to contact them. If a legitimate interest is the reason for the use of data, one should take into consideration the importance of the data on the one hand, and on the other hand the specific privacy interests of those whose data are used.

Beepp uses reasons 1, 3, and 6. The lawful basis in this is (optimizing) the use of our software and our services based upon the software. The data collected within the Beepp community stay in the organization of your employer. The company formulates its own reasons and goals for the use of your data.

3) Accuracy

The data have to be up-to-date, complete and relevant. For that reason, an information obligation applies. This means that those, of whom personal data are used, must be informed of this in a timely manner. Your employer has to see to it that he enters your data correctly. If for some reason they are incorrect, you can ask your employer to correct or delete them.

Information obligation

In order to comply with our information obligation, we have included this privacy policy in our software.

4) Security

Data have to be secured correctly, and of course we have taken measures to do so. We see to it that the security of your personal data is of the highest level, so that the risk of unlawful use of your data is reduced to a minimum. The same goes for unauthorized access by others, unlawful modification of your data, unlawful publication and/or loss of your data. We have taken these measures to secure your data (among others):

  • All persons who have access to your data on behalf of Beepp, have signed confidentiality agreements;
  • Only employees who need to have access to personal data in order to do their job, are granted access;
  • Beepp only uses personal data for the purposes described in this statement;
  • Wherever possible and/or necessary, we encrypt your data.
  • We test and evaluate our security measures on a regular basis;
  • Our employees are aware of the importance of the protection of your data*;
  • We only work with reliable data processors, with which we have signed solid agreements.

*At our office a privacy policy is in place, of which data protection is the key element. Our policy consists of (a.o.) a clean desk policy, a clean screen policy (this means that no important data can be visible or within reach by unauthorized personnel) and a ban on saving passwords.

Third parties and processors

An important aspect of good security measures is that we cannot just pass your data onto other parties. If we passed your well-protected data to every Tom, Dick, Harry or Barry, we might as well not have protected them at all.

We can only pass the data you have provided us with to other parties if this is necessary for the execution of our services. Occasionally we make use of third parties for:

  • advice on how to (further) develop our software;
  • drawing up our privacy policy;
  • our (financial) administration.

In the law, these third parties are called ‘processors’. Processors are parties who use your data upon our request, for example if that is necessary to use the app properly. If we ask them to provide you with a service, they are only allowed to use your data for that single purpose and only if the use is indeed required. If they provide us with a service that doesn’t require them to use your data, they simply cannot access them. If they do have to use your data, they are not allowed to use them for their own purposes.

The law obliges us to sign contracts with all processors, and of course we have done so.  In these contracts we have determined that processors must abide the law and are thus obliged (among other things) to protect your data in a suitable manner. We do not pass your data to processors with whom we do not have a signed processing agreement. There is, however, one exception: if the law forces us to do so. This can be the case if the police request us to hand over personal data for a criminal investigation. In cases like this we have to cooperate and provide them with this information. To our judgment, the chances that such a situation may occur when using our software are very slim.

5) Rights

People whose personal data we use, have a number of rights that we have to inform you of. A transparent privacy policy is something we take very seriously. That’s why we think it’s important that we inform you of your rights in this statement and that we tell you how you can execute these rights.

Access and copies

You can request access to your personal data from your employer. What’s good to know: the information you see in our software is the only information we use. All information is transparent and accessible for you. It is therefore very unlikely that you’ll find any surprises when you look into your data on our app.

Complete, improve, delete, erase and rectify

If the data are incorrect, you can ask your employer to correct, delete and/or block them. It is however, important to emphasize that you cannot change the answer you gave to a question, a tip, compliment or complaint. You can’t erase the contents of a chat session either.

You also have the right of rectification (to correct any mistakes or errors) and the right to completely erase your data (right to erasure). We will erase data in case they are incorrect, incomplete, if they are not necessary for the purpose we collected them, or if we have used them against the law in any other way. Should you so desire, and if the law allows us to do so, we will completely erase your data, so that you are no longer visible in our system. This means that we adjust your data in such a way that they can no longer be traced back to you.

Limited use and transfer of your data (right to data portability)

You have the right to limit the use of your data. That is: you can request your employer to stop using a part of your personal data and to continue the use of another part. You also have the right to data portability. In this case your employer hands you your compressed data, in a way that allows you to pass it onto someone else easily. You can also ask your employer to pass your data directly to someone else.

Objections

You can object to the use of your data if you believe that your specific privacy interests have more weight than the legitimate interest of your employer to use them. If you do file a complaint against the use of your data, your employer has to weigh your specific interests against his interests in the use of the data. And based on this he or she needs to make an informed decision. If you disagree with that decision, or if for some other reason you think that they do not handle your data well, you can file a complaint at the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can easily file your complaint through their website (autoriteitpersoonsgegevens.nl).

Profiling or automated decision-making

Companies are not allowed to make an automated decision based on a request you made. This means that it always has to be a human being who makes a decision about your request and that your request cannot be granted or rejected by the mere use of software. Profiling in order to sell you a product or service is not allowed either. Beepp doesn’t use profiling, nor does it make any automated decisions.

Other rights

You have the right to start a procedure and you can request for compensation if privacy infringement is proven. You can also start a procedure together with other people. This is called ‘collective actions’.

Complaints

If you have a complaint about the way Beepp uses your personal data, we would appreciate it if you contact us directly. We would regret it enormously, if for some reason we were unable to solve the issue together. In that case you have the right to file a complaint at the Dutch Data Protection Agency (Autoriteit Persoonsgegevens), the supervisory authority for privacy protection.

6) Retention period

Once you no longer need data, you must delete them, unless the law obliges you to store them for a longer time.

When you terminate your employment, your employer has the obligation to erase your data at the shortest possible time after you ended your working relationship; unless the law obliges them to store the information for a longer time.

Show me more

Mandatory notification of data breaches

If personal data fall into the hands of strangers, we speak of a data breach. In actual practice this often means that an employee accidentally loses his or her laptop, telephone and/or usb stick in public transport or in any other public place, or that such a device is stolen. We also speak of data breach when an organization’s data were hacked, if an employee mistakenly sends an email containing personal data to the wrong person, or if computer files or documents were leaked in another way.

We document all (small and large) data incidents. According to the law, a data breach must be reported to the Dutch Data Protection Agency (Autoriteit Persoonsgegevens – AP) if: “it leads to a considerable likelihood of serious adverse effects on the protection of personal data, or if it has serious adverse effects on the protection of personal data.” This means that an incident has to be reported to the AP if many data were lost or if they got into the hands of unauthorized persons. When it concerns very sensitive data, such as medical files, this obligation also applies, regardless of the quantity.

In order to be able to report a data breach in time, Beepp has set up a data breach protocol, to see to it that – in the highly unlikely event of a data breach – this actually is reported in a timely manner. If the breach concerns you in any way, of course we will inform you of this as well.

Show me more

Adjustment of this policy

Beepp reserves the right to change this privacy policy. Once this statement is changed, we will notify you, unless it concerns minor changes, such as apparent errors or spelling mistakes.

The latest version of this privacy policy is dated: 8 October 2019

Questions, feedback and contact

With this privacy policy we aim to give you clarity in the way we handle your data. On a regular basis we check if we still comply with this policy. If you have any questions regarding our privacy policy, you can contact us through: privacy@beepp.nl.