This is the Privacy Statement of the GXP Foundation, located in Utrecht, the Netherlands, and listed in the commercial register of the Chamber of Commerce under number 62406264 (hereinafter: “GXP”). GXP constitutes as “data controller” within the meaning of the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens) as far as the processing of personal data of Participants and visitors that are active on the Website is concerned. In this document we explain how we deal with the personal data of Participants that we obtain through the Website, or by other means. Where terms are capitalised, this refers to the terms defined in our General Terms and Conditions. The sole purpose of this Privacy Statement is to inform the Participants, not to conclude an agreement.
1. How GXP processes the personal data of Participants
When you become a Participant, GXP will process your personal data. GXP obtains that personal data as follows:
- from the Website when you enter this data during the registration process, when
- communicating with GXP,
- when participating in specific Surveys that GXP offers to its Participants through the Website on behalf of third parties affiliated with its platform, such as researchers. GXP can also process the personal data of people who visit the Website.
2. Which personal data can be processed by GXP
When someone visits the Website, GXP may process the following data (this data will only be “personal data” when GXP can use the data to identify a natural person):
- IP address
- Information about the device used to visit the Website
- Other identifiers
During registration, GXP processes the following categories of personal data of a Participant:
- Email address
- Address and place of residence
- Telephone number
- Information about the account
- Financial data in order to be able to make a payment, such as IBAN
- Languages spoken
- Occupation and level of education
The registered profile can be completed by the Participant using his/her personal data.
During participation, GXP can process the following personal data of Participants and link this to a
registered profile of a Participant, irrespective of the type, the objective and the scope of the Survey:
- Information on response time
- Time and date of the survey
- Duration of the survey
- Information about numerical understanding
- Information about purchases
- Information about preferences
- Information about agreements
- Information about your eating habits, working pattern, lifestyle and sleeping pattern
- Other survey-specific results
Purposes of the processing
GXP can use the personal data of Participants for the following purposes:
- To manage its Participant database
- To communicate with a Participant
- To make payments
- To aggregate, manage and compile survey results on behalf of third parties affiliated with the
platform of GXP, such as researchers
- To send (new) offers to Participants
- To improve services
- To manage and optimise the Website
- To perform a contract, to which the Participant is party
- To comply with a legal obligation
4. Information, modification and objection
You can contact GXP on firstname.lastname@example.org for the following:
- for more information about the way in which we process personal data;
- if you have any questions about this Privacy Statement;
- to view the personal data that we have processed relating to a Participant;
- to object to GXP using personal data;
- to withdraw the consent for the processing of personal data.
5. Retention period and the safeguarding of personal data
We will only use personal data for the purposes stated in this Privacy Statement and will not retain the data for any longer than necessary. We will implement adequate technical and organisational measures to safeguard personal data. It is, however, never possible to fully safeguard personal data.
We have implemented the following security measures:
- anonymisation of personal data when data are sent to researchers;
- data minimisation;
- security of connections;
- the separation of data into various domains;
- authorisation policy and monitoring of delegated powers;
- automatic logging of access to data and monitoring;
- an approved and implemented security policy;
- physical measures for access security, including organisational monitoring;
- logical access control.
6. Third parties
We will not pass on your personal data to third parties who are not “data processors” of GXP, unless explicit authorisation is given to that end or if GXP is obliged to pass on this data by virtue of the law or a decision of the court.
We may transfer personal data to the following third parties:
- Our suppliers
- Supply chain partners
7. Notification to the Dutch Personal Data Authority
Our processing of personal data is reported to the Dutch Personal Data Authority under registration number [requested – to be announced as soon as number is assigned].
In the unlikely event that, despite the security measures that we have taken, there is a breach of our security and that breach results in (the risk of) serious adverse consequences on the protection of the personal data of Participants, the Dutch Personal Data Authority shall be informed of this.
8. Notification to Participants
You will be informed of any breaches of our security, if the breach will likely have adverse consequences on your privacy.
9. Modification of this Privacy Statement
In the future, GXP may modify the policy outlined in this Privacy Statement. We therefore advise that you consult to our Privacy Statement frequently.