1. The importance of data protection
Paleo acknowledges the importance of proper protection of the data it processes, in particular personal data. On the basis of this policy, Paleo wants to establish at a strategic level how data is protected, which responsibilities have been assigned and which priorities Paleo has determined with regard to data protection.
In particular, Paleo wants to protect the data of users of the website and the personal data they make available against:
- Loss: data is no longer available;
- Leaks: data ends up in the wrong hands;
- Errors: data is incorrect, for example outdated or incomplete;
- Not accessible: when necessary, the data is not accessible;
- Incorrect viewing: viewed by persons who are not authorized to do so;
- Not being able to check who viewed, changed or deleted the data;
- Processing that is not in line with regulations, guidelines and standards.
- In this policy, Paleo wants to appeal to everyone who is involved in electronic and paper processing to ensure that the processing of personal data of our visitors proceeds correctly, based on a common vision and our joint desire to offer quality services.
2. Scope of the data protection policy
This policy applies for the entire lifespan of information within the Paleo website, from obtaining information to the eventual deletion of information within the organization.
- This policy applies to all of Paleo;
- The Paleo office;
- All Paleo employees, both internal and external employees who are employed within Paleo for a definite or indefinite period;
- All assets and information processing systems managed by Paleo as well as systems managed by external parties for information processing for Paleo such as databases, information regardless of its medium, networks, data centers, etc;
- All processing activities, both as controller and processor.
- For certain domains or processes within Paleo, additional guidelines or procedures can be developed that describe in detail what measures are taken to achieve the desired level of data protection.
3. Policy objectives for data protection
Paleo, both in its role as controller and processor:
- Is transparent about the personal data it processes and the processing purpose, both towards the data subject, the customers and the supervisory authorities. The communication conducted is honest, easily accessible and understandable. The transparency principle also applies when the personal data are exchanged.
- Only processes the data that is relevant for the performance of its tasks. Any task involving the processing of personal data is lawful. This is evaluated each time for a new processing purpose, where necessary on the basis of a data protection impact assessment.
- Only processes the personal data that are strictly necessary for the performance of the activities. In this way identifiers associated with the personal data are reduced to a minimum.
- Ensures the integrity of the personal data during the entire processing cycle.
- Does not store data longer than necessary. The necessity has been checked against legal obligations and the rights and freedoms of the person concerned.
- Prevents breaches resulting from the processing of personal data. Information security, data protection by design and privacy-friendly default settings are tools for this. When an infringement occurs, it is reported in accordance with the relevant regulations.
- Is able to exercise all applicable rights of a data subject, such as the right to access, copy and possibly also deletion.
- Actively ensures that when processing personal data for a specific purpose, the rights and freedoms of the data subject are safeguarded.
- Processes data in line with the rights and freedoms that apply in the European Economic Area and checks their application when the data is exchanged outside it.
- Can demonstrate compliance with all policy objectives, in accordance with legal provisions. This accountability is monitored by internal supervision and control and is enforceable according to the legally applicable principles.
4. What personal data do we collect?
We collect different types of personal data:
- Personal data that you give us via web forms: for example your name, email address and telephone number when you use our contact form.
- Personal data that we obtain through your use of the website:
- Log file information: we keep, among other things, the following data in server logs:
- IP address;
- Browser information;
- The external web page from which you come;
- The pages you have visited on our website;
- Time and duration of the pages visited;
- Device data: we can keep track of which device you use to visit our website;
- Local Storage: We may collect and store data locally on your device using mechanisms such as browser web storage and application data caches;
5. What we use the personal data for?
We use the personal data we collect to provide, maintain, protect and improve the right service. Your personal data will only be kept for as long as necessary for the purpose for which we collected it.
We can use your personal data for:
Communication with you, mainly to provide feedback when a question has been asked via the contact form;
We only share your personal data:
For legal reasons: we may have to share your personal data in order to comply with a legal obligation;
With parties that process personal data for us: these parties may only process personal data on behalf of Paleo. These processing operations are recorded in a processing agreement between Paleo and this party.
6. Your rights
You can ask us (for free):
- What data we have about you;
- What is the purpose of a particular processing operation;
- Who processes your personal data.
You have the right (for free):
- To a copy of your personal data that we process for a specific purpose;
- To submit a request to delete your data;
- To ask us to stop processing your personal data (if you have a valid and legal reason for this).
- Under no circumstances will Paleo process personal data relating to political or religious preferences or beliefs, race, or any data relating to your health or sexual orientation.
7. Contact information
If you have additional questions about the processing of personal data, or if you want to submit a request to adjust, view or delete your data, you can send us an email at email@example.com. We ask for proof of identity and process your request within 30 days of receiving your email.