September 2024
Hypersolid is strongly committed to the protection of personal data of individuals. This Privacy Notice describes in which way Hypersolid processes your personal data as a data controller and your privacy and data protection rights. This Privacy Policy is managed by Simulator Corporate B.V., a private limited liability company organized under the laws of the Netherlands, having its registered office at Keesomstraat 10E, 1821BS Alkmaar, the Netherlands, registered with the Netherlands Chamber of Commerce under number 59790970, and all its affiliated companies globally (hereinafter referred to as: “Hypersolid”, “we”, “us”, “our”).
We strongly recommend you to familiarize yourself with this Privacy Notice, together with any other notices, policies and/or statements we may provide to you in order to be fully aware on how we process your personal data and your privacy and data protection rights. This Privacy Notice supplements any other notices, policies and/or statements and will not overrule them.
This Privacy Notice is not applicable to the provision of goods and/or services of third parties, for which these third parties are responsible for themselves. For information about how these third parties process your personal data, we kindly refer you to the privacy notices and/or other information provided by these third parties.
01 | What information do we collect and for which purpose?
We process various personal data of individuals based on specific legal grounds for processing and for different purposes. For the purpose of this Privacy Notice, the term personal data refers to any information relating to an identified or identifiable natural person as defined in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”). Below you will find an overview of the personal data that we process per category of individuals and the purposes and legal grounds for processing.
- Customer Business Contacts
Categories of individuals: prospects, contact persons of (former) customers, contact persons of clients, partners or vendors of customers, contact persons involved with the provision of services.
Categories of personal data: first and last name, gender, business contact details (e.g. telephone number, email, address, title, employer and website), signature and communication data.
Purpose: approaching, contacting maintaining prospects, maintaining contact with (former) customers, providing services to the customer, (financial) administrative purposes, handling any requests, complaints and disputes, determining, exercising and defending our right and complying with legal obligations.
Legal basis:- contractual obligation. We process personal data of prospects and contact persons of customers in order to offer and provide the services to the customers.
- legitimate interest. Our legitimate interest is to adequately provide services to prospects, customers and former customers in general and to handle any requests, complaints and disputes.
- legal obligation. We process personal data in order to comply with legal obligations, such as compliance with (financial) administrative and retention obligations.
- Suppliers
Categories of individuals: prospects, contact persons of (former) suppliers, contact persons of clients, partners or vendors of suppliers, contact persons involved in the provision of goods and/or services to us.
Categories of personal data: first and last name, gender, business contact details (e.g. telephone number, email, address, title, employer and website), signature and communication data.
Purpose: approaching, contacting maintaining prospects, maintaining contact with (former) suppliers, receiving goods and/or services from the supplier, (financial) administrative purposes, handling any requests, complaints and disputes, determining, exercising and defending our right and complying with legal obligations.
Legal basis:- contractual obligation. We process personal data of prospects and contact persons of suppliers in order to receive goods and/or services from the supplier.
- legitimate interest. Our legitimate interest is to adequately receive goods and/or services from suppliers in general and to handle any requests, complaints and disputes.
- legal obligation. We process personal data in order to comply with legal obligations, such as compliance with (financial) administrative and retention obligations.
- Recruitment
Categories of individuals: job applicants.
Categories of personal data: first and last name, gender, email address, telephone number, address, professional experience, academic background and information, professional qualifications, areas of interest, information retrieved from public resources and social media sites, information retrieved from interviews and assessments, information retrieved from your referrer and/or reference, offer details and pre-employment screening information.
Purpose: attract new talent by means of organizing recruitment events and searching on existing talent pools and publicly available sources, processing, evaluating and managing job applications, maintaining contact with job applicants, scheduling and conducting (online) interviews, making a job offer, conducting a pre-employment screening and complying with legal obligations.
Legal basis:- legitimate interest. Our legitimate interest is to attract, process and manage applications at Hypersolid, including screening, selecting, and hiring successful candidates by making a job offer and conducting a pre-employment screening.
- consent. Your consent is required to optionally keep your application data for a longer period of time.
- legal obligation. We process personal data in order to comply with legal obligations, such as compliance with retention obligations.
- (Marketing) activities
Categories of individuals: website visitors, persons and participants of Hypersolid activities, e.g. meetings, conferences, events and learning sessions.
Categories of personal data: first and last name, gender, location, telephone number, email, address, social media information, title, employer, data about presence (location, time of arrival and departure), information about the visit and communication data.
Purpose: communication, recruitment and selection and marketing, analysis of website visitors, maintenance, administration and security of our website, marketing and business development, investigation, analysis and statistics, internal control and business operations, handling any requests, complaints and disputes, determining, exercising and defending our rights, complying with legal obligations.
Legal basis:- consent. We process your personal data only with your (explicit) consent for marketing and activities related purposes, such as subscription to our newsletters.
- legitimate interest. Our legitimate interest is to offer and optimize the usage of our website and the operation of our events.
- legal obligation. We process personal data in order to comply with legal obligations, such as compliance with retention obligations.
- For more information about the cookies we place on our website, please see our Cookie Policy.
- Office visitors
Categories of individuals: office visitors.
Categories of personal data: first and last name, gender, telephone number, email, address, title, employer, data about presence (location, time of arrival and departure), information about the visit, physical appearance and communication data.
Purpose: offering and optimizing office facilities, security and protection of our office, employees and data, access registration, control and management, network management and security, access badges procedure and complying with legal obligations.
Legal basis:- llegitimate interest. Our legitimate interest is to protect and secure our office, network infrastructure, staff members, property and data.
- legal obligation. We process personal data in order to comply with legal obligations, such as compliance with security and retention obligations.
- Other persons who get in touch with us
Categories of individuals: persons that get in touch with us.
Categories of personal data: first and last name, telephone number, email address, title, employer and communication data.
Purpose: approaching and maintaining contact, handling any requests, complaints and disputes, determining, exercising and defending our rights and complying with legal obligations.
Legal basis:- legitimate interest. Our legitimate interest is to maintain any contact or handle any requests, complaints and disputes.
- legal obligation. We process personal data in order to comply with legal obligations, such as compliance with retention obligations.
Children
We do not intent to process any personal data of children under the age of sixteen (16). In the event a parent or guardian becomes aware that his/her child has provided us their personal data without the consent of its parent or guardian, the parent or guardian should contact us via privacy@hypersolid.com. We will delete such personal data without undue delay and in accordance with the timelines as stated under the sections “04 What are your rights?” and “07 Additional information for individuals in the United States of America”.
Automated decision-making
We do not engage in any automated decision-making processes or conduct any profiling activitiesin relation to your personal data processed by us.
02 | How long do we keep your information?
We retain your personal data for as long as the existence of a legal basis as described in this Privacy Notice or as otherwise required by the applicable law. The length of retention may vary depending upon certain factors. We may retain your personal data for a longer period of time due to retention obligations, legal compliance requirements, the need to resolve inquiries or complaints or for the purpose of freedom of expression and/or information.
The following categories have a limited retention period:
- Recruitment – we keep your personal data for a maximum period of one (1) month after the application process is closed, unless you have provided your consent to retain your personal data for a longer period of time as a result of which we retain your personal data for a maximum period of twelve (12) months.
- Office visitors (CCTV) – we retain your personal data for a maximum period of four (4) weeks. However, in the event the CCTV captured a particular incident, we may keep your personal data for a longer period of time.
We have an internal retention policy in order to safeguard the retention periods of the personal data processed by us. Subsequent to the retention period, we will either erase or de-identify your personal data, or in the event that is not possible, securely isolate by archiving your personal data to prevent any further use until deletion becomes possible.
03 | With whom do we share your information?
We may share your personal data with the following (third) parties:
- Hypersolid affiliated companies – we may share your personal data internally with other Hypersolid entities for e.g. administrative purposes or in order to provide the services to our clients.
- Suppliers – we may share your personal data with our suppliers in order to provide, run and manage our internal organization, such as information technology providers and cloud service providers.
- Clients – we may share your personal data with our client as part of the services we provide to our client.
- Auditors, insurer and professional advisors – we may share your personal data with our external auditor(s) to the extent necessary for audit(s), our insurer in the case of any claim(s) and professional advisors such as law firms in order to establish, exercise or defend our legal right and/or gain advice.
- Law enforcement or governmental and regulatory institutions – we may share your personal data with the law enforcement or governmental and regulatory institutions in accordance with the applicable laws and regulations, such as courts, police, law enforcement agencies, tax-, customs- and excise duty offices and audit regulators.
Processors
The following external parties are engaged when you share your personal data via our website:
- HubSpot Ireland Ltd.
Purpose: sales and marketing software
Location of processing: Germany
- Recruitee B.V.
Purpose: recruitment software
Location of processing: Germany
- Amazon Web Services EMEA SARL
Purpose: hosting the website
Location of processing: worldwide data centers located
- Google LCC (Google Analytics)
Purpose: website analytics
Location of processing: worldwide data centers located
- OneTrust
Purpose: management of cookie consent on the website
Location of processing:Germany
- Mux Inc.
Purpose: streaming of video’s
Location of processing: USA and Germany
We will only share your personal data with (third) parties when we are legally permitted to do so. We put contractual arrangements and security mechanisms in place for appropriate protection of your personal data and in order to comply with privacy and data protection laws and regulations and confidentiality and security standards and practices.
International transfers
We may transfer your personal data outside the European Economic Area, or outside any other applicable jurisdiction, provided that such transfer will only be conducted in the event the European Commission has assessed and declared the data protection laws and regulations of such country as adequate, or by means of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and/or the standard contractual clauses adopted by the European Commission, including the performance of transfer impact assessments where required.
04 | What are your rights?
You have the right to exercise the following individual rights in respect to the personal data we process of you:
- Right to withdraw your consent –you have the right to withdraw your consent in the event we asked for your (explicit) consent for a certain processing activity of your personal data. The withdrawal of your consent does not impact the legitimacy of the processing of your personal data prior to the withdrawal of your consent. The consequence of exercising this right is that we no longer will process your personal data for the purpose that you have provided consent for. It may be however possible that we process your personal data for another purpose, such as in order to comply with a minimum retention period, whereby you will be informed accordingly.
- Right of access – you have the right to obtain insight on whether or not we process personal data of you, and where that is the case, access to the personal data that is processed by us and information related to how we process your personal data, including insight in the appropriate safeguards taken in the event of transfer of your personal data outside the European Economic Area.
- The right to rectification – you have the right to rectify i.e. change or supplement your personal data processed by us in the event your personal data: is factually incorrect; or is incomplete or not related to the purpose it was collected; or is in any other way used in a manner that is in conflict with the applicable law.
- Right of erasure – under certain conditions, you have the right to obtain the erasure of your personal data we process of you. These conditions are: we no longer need your personal data relation to the purpose for which they were processed; or we processed your personal data based on your (explicit) consent, however you withdrew the consent; or you successfully objected the processing of your personal data by us; we processed your personal data unlawful; or we are obligated to erase your personal data in order to comply with a legal obligation; or personal data of an individual younger than sixteen (16) years old is collected through an app or website.
- Right to restriction of processing – you have the right to restrict processing of your personal data by us, whereby this right may be invoked in the following situations: you contest the accuracy of your personal data processed by us, whereby during the period in which we assess your contest we will not process your personal data; or we process your personal data unlawfully and you request the restriction of use instead of erasure; or we may no longer process your personal data, however you do not want us to erase your personal data due to establishment, exercise or defence of legal claims; or you objected against the processing of personal data by us, whereby during the period in which we assess your objection we will not process your personal data.
- Right to data portability – you have the right to receive your personal data in a structured, commonly used and machine-readable format, whereby you have the choice to receive this directly from us or send it to a third party.
- Right to object – you have the right to object the processing of your personal data by us subject to certain conditions. Any objections related to the personal data processed by us of you for direct marketing purposes, will always comply to an objection condition.
How to exercise your rights?
All individual rights can be exercised by means of sending an email to privacy@hypersolid.com or a letter to Simulator Corporate B.V., attn. Legal Department, Keesomstraat 10E, 1821BS Alkmaar, the Netherlands. We request you to include the following information when exercising your individual right: full first and last name and a description of your request.
Upon the submission of a request wherein you exercise your individual right, you will first receive an acknowledgement of receipt from us. Subsequently, we might request additional information in order to identify you and/or respond properly to any individual right exercised. We will handle all individual right exercised without undue delay and in any event within one (1) month of receipt of the request. However, it might be possible that we need more time given the complexity of the individual right exercised. In that event we will inform you, as soon as possible and at least within one (1) month after receipt of your request, that we need up to a maximum of two (2) months of additional time, which results in a response from us within a maximum period of three (3) months after receipt of your request.
Complaint
Lastly, you also have the right to lodge a complaint with the relevant supervisory authority in your country of residence, place of employment or any other jurisdiction in which an alleged infringement of data protection law(s) has occurred within the European Union. The Autoriteit Persoonsgegevens is the supervisory authority in the Netherlands. For further information, please refer to the website of Autoriteit Persoonsgegevens.
05 | Security
We take all reasonable measures to ensure that your personal data is properly secured by means of using appropriate technical and organizational measures in order to safeguard the confidentiality, integrity and availability of your personal data and to protect your personal data against any unauthorized or unlawful use, alteration, access, disclosure, accidental or wrongful destruction and/or loss. We adhere to internationally recognized security standards whereby certain parts of our business is independently certified with the requirements of ISO/IEC 27001:2013. Moreover, we have established policies, procedures and training programs in order to protect the confidentiality, integrity and availability of your personal data within our organization.
06 | Changes to this Privacy Notice
We may from time to time revise this Privacy policy in order to reflect any changes in our operations. Any revisions will be recognizable under “Last Updated” at the top of this Privacy Notice. Prior versions of this Privacy Policy will be kept on our website for your review. We recommend you to occasionally look at this Privacy Notice in order to be aware of any changes in this Privacy Notice. We will ensure to notify you in advance in the event of any fundamental changes to this Privacy Notice by means of adding a prominent notice on the homepage of our website or by sending you an email notification.
07 | Additional information for individuals in the United States of America
This "07 Additional information for individuals in the United States of America" section applies solely with respect to California, Colorado, Connecticut, Utah and Virginia residents. This section should be read together with and explicitly deviates from and/or supplements the other sections in the Privacy Notice. In case of any conflict between this section and the other sections in the Privacy Notice, this section will prevail for California, Colorado, Connecticut, Utah and Virginia residents.
What information do we collect?
For the purpose of this section, the term personal data refers to the terms personal data and personal information as defined in the applicable U.S. state consumer privacy law of California, Colorado, Connecticut, Utah and Virginia (“U.S. privacy laws”). Below you will find an overview of the categories of personal data that we may process of you. We do not process any sensitive personal data as outlined in the U.S. privacy laws. For a more detailed overview, please see section “01 What information do we collect” in the Privacy Notice.
- Identifiers.
- Customer records information.
- Characteristics of certain protected classifications.
- Geolocation data.
- Professional or employment-related information.
- Financial information.
- Internet or other electronic network activity information.
What are the sources of collection?
Your personal data will be collected from the following sources:
- prospects;
- (former) customers;
- (former) suppliers;
- job applicants;
- referrer and reference;
- recruitment agencies;
- publicly available sources, such as social media and the internet;
- our website;
- information provided by you;
- governmental organizations.
Do we sell and/or share your information?
We do not sell, which includes disclosing or making available personal information to a third party, any of your personal data in exchange for monetary or other valuable consideration or share, which includes disclosing or making available personal information to a third party, for cross-context behavioral advertising as defined in the U.S. privacy laws.
What are your rights?
Individuals reside in California, Colorado, Connecticut, Utah and Virginia have in accordance with and depending on the specific the U.S. privacy laws the following rights regarding your personal data processed by us in the prior twelve (12) months:
- Right to know– you have the right to request disclosure and receive a copy of: the categories and/or personal data that we have collected about you; the categories of sources related to the personal data we have collected about you; the purpose for which we use your personal data; the categories of third parties with whom we disclose your personal data; and the categories of personal data that we sell or disclose to third parties. You can invoke this right up to twice (2) a year, free of charge.
- Right to delete – subject to certain exceptions, you have the right to request us to delete your personal data we collected from you, including the third parties to whom we send your personal data.
- Right to correct – you have the right to request us to correct inaccurate personal data that we have about you.
- Right to limit – you have the right to request us to only use and/or disclose your sensitive personal data only to what is necessary and proportionate in order to achieve the purpose required.
- Right to appeal – you have the right to appeal in the event of denial of your above-listed rights.
Individuals may also exercise its individual right by the assistance of an authorized agent.
Exercising any of your individual privacy rights will not result in any discriminatory adverse treatment towards you.
How to exercise your rights?
All individual rights can be exercised by means of sending an email to privacy@hypersolid.com or a letter to Simulator Corporate B.V., attn. Legal Department, Keesomstraat 10E, 1821BS Alkmaar, the Netherlands. We request you to include the following information when exercising your individual right: full first and last name, a description of your request, and if applicable, proof of authorization in the event of any request send by an authorized agent.
Upon the submission of a request wherein you exercise your individual right, you will first receive an acknowledgement of receipt from us within ten (10) business days. Subsequently, we might request additional information in order to identify you and/or respond properly to any individual right exercised. We will handle all individual right exercised under the California Privacy Rights Act without undue delay and in any event within forty-five (45) calendar days of receipt of the request. However, it might be possible that we need more time given the complexity of the individual right exercised. In that event we will inform you, as soon as possible and at least within forty-five (45) calendar days after receipt of your request, that we need up to a maximum of forty-five (45) calendar days of additional time, which results in a response from us within a maximum period of ninety (90) calendar days after receipt of your request. In deviation of the aforementioned sentences, requests made related to the right to limit or the right to know of sensitive personal data will be handled without undue delay and in any event within fifteen (15) business days of receipt of the request.
08 | Contact Us
Should you require any further information in relation to this Privacy Notice, please contact us via privacy@hypersolid.com.