The EU General Data Protection Regulation (GDPR) places a duty of information on the so-called ‘controller’, the person or entity in charge of processing personal data. Anyone whose data is processed must be notified proactively as to what that entails and how they can invoke their right to privacy.
This obligation requires Clermont Hill to explain in a simple, understandable way why and how we process personal data, how we handle privacy and how those affected can exercise their rights. The audience for a privacy statement, therefore, is all those whose personal data may be processed by the organisation: in particular clients, and business partners, but also others who interact with Clermont Hill.
Means of fulfilling the duty of information can include:
a general privacy statement, published on the website; and, specific information associated with a particular action, such as how data obtained when a user visits a website or submits a form is processed.
General privacy statement
The Clermont Hill-wide privacy statement outlines how we as an organisation treat personal data in general terms. This general statement also refers to the more specific ones issued by each unit. They describe in greater detail how the unit deals with the personal data of those involved in its own processes and chains.
This general privacy statement applies to all personal data that Clermont Hill may obtain from you in the fulfilment of our statutory duties. It is reviewed on a regular basis.
What is personal data?
Personal data is information directly related to an individual, or which can be traced back to them. For example, their home address, telephone number and email address.
How do we handle your personal data?
Clermont Hill applies a number of basic safeguarding principles when processing personal data and has comprehensive measures in place to ensure that it is handled reliably, properly and carefully.
If you have any questions about your legal rights, or a complaint, please contact the Dutch Data Protection Authority.