Personal data means any information relating to an identified or identifiable natural person. The data concerned include the names and contact details of representatives of a customer (an existing or prospective customer in the form of a company or government organization), as well as other information such as IP addresses, which links a website user has clicked on and the length of time a user spent on a particular page of the website.
The processing of personal data is governed by special statutory provisions. Where we process the personal data of users or customers, we comply with all applicable legislation and regulations, including the General Data Protection Regulation (hereafter: ‘GDPR’).
In accordance with the obligations imposed by the GDPR, we take steps to maintain an adequate level of security in the processing of personal data which is sufficient by current standards to prevent any unauthorised access to or modification, disclosure or loss of personal data.
Eurofiber’s services are certified according to ISO 9001, ISO 27001, NEN 7510. Our services are available with varying levels of security.
Eurofiber processes personal data for different purposes and in doing so performs different roles. These roles are mentioned in the GDPR: controller and processor. The controller is responsible for determining the purposes and means of the processing of personal data. This is subject to a large number of statutory obligations. The processor processes the personal data solely on behalf of another party. This also is subject to statutory obligations, although fewer than in the case of the controller. The reason is that in the latter role, the use of the personal data is largely determined by the controller.
Below we describe for the various types of service we provide what role Eurofiber performs, for which purposes personal data are used and for how long personal data are retained.
Eurofiber needs personal data for providing its services and reaching (future) customers. Eurofiber is the controller within the meaning of the GDPR for the use of these personal data.
We process the personal data of persons with whom we come into contact and to whom we deliver services. We need these personal data to enable us to deliver our services effectively and efficiently as well as to inform (future) customers. We process these data for the following purposes:
For the execution of the agreement:
- in order to provide a service, including matching a service to the needs and wishes of the customer;
To fulfil a statutory obligation:
- in order to comply with legal and regulatory requirements, to deal with disputes and to submit to inspection and auditing, including of a financial nature;
Because we have a legitimate interest with regard to the following:
- in order to facilitate the formation of the agreement;
- in order to conduct market research and compile management information for the purpose of product and service development as well as to assist in defining strategy;
- in order to enable the provision of information, including e.g. newsletter distribution, user information, service communication or other electronic message;
- in order to make a targeted offer, e.g. by e-mail or telephone;
- in order to enable the customer to share information on a website;
- in order to analyse, maintain, optimise and secure the use of a website, including related technologies, partly with a view to countering abuse and fraud;
- in order to facilitate the exchange of personal data between the different companies operating in the Eurofiber group. In this way personal data may, for instance, be combined with other data that have been collected in connection with the use of our products or services (and/or products or services of other group companies). These data enable us to draw up a business customer profile so that we can be of better service to a customer and can match our products and services even more closely to their wishes and needs.
- Eurofiber uses downloaded content to offer its customers and prospective customers by email content which is more relevant to their interests. These persons can also be approached by our sales department with the aim of providing them with more detailed information about Eurofiber’s services.
Based on consent:
- for the purpose of newsletter distribution;
- after acceptance of tracking cookies, Eurofiber uses techniques which ensure that visitors to our website no longer need to enter the same data multiple times when downloading content. The retained data mean that only supplementary information is requested. These data are used for sending commercial content.
In special circumstances we will provide the personal data of users or customers to third parties without consent, for instance in case of a legitimate request by an appropriate competent authority.
Insofar as necessary, we will also provide personal data without consent in connection with the investigation of loss and/or damage or detection of fraud, or the prevention of loss and/or damage or fraud, as well as in order to guarantee the security and continuity of our network and our services.
To assist in the performance of our work and marketing activities we can engage third parties who provide services on Eurofiber’s behalf. These parties will be bound by privacy terms which are included in a data processing agreement.
In order to achieve these purposes Eurofiber needs to collect the following personal data, among other things:
- names and contact details of customers’ representatives; Contact details are generally the contact representative’s business e-mail address and telephone number;
- information shared by the customer’s representative in connection with the preparation for or execution of an agreement;
- information that is collected in connection with the use of our website, such as IP address and navigation history.
We retain these personal data in principle only for as long as is reasonably necessary for the purposes referred to above and in order to comply with statutory and tax data retention obligations.
Eurofiber provides communication services enabling customers to use equipment that is installed and managed by Eurofiber. VPN and WDM services are examples of these communication services. Eurofiber is the processor within the meaning of the General Data Protection Regulation for the use of these personal data.
Where Eurofiber acts as a communication provider with active equipment, certain data are needed to establish the communication. Eurofiber processes personal data in this context for the following purposes:
For the execution of the agreement:
- establishment of the communication;
- management of the infrastructure;
- carrying out necessary repairs;
- implementing digital as well as analogue security measures.
Eurofiber’s customers use these services for their own purposes. Eurofiber does not know what purposes these are and which customer data are transmitted over its network. Personal data may also be included in the customer data. Eurofiber is unable to specify which categories of personal data this may concern.
We advise our customers to encrypt their connections. Personal data which are transmitted in encrypted form via such a connection can no longer be read by Eurofiber or any third party. As a consequence, the transmission of encrypted data does not fall within the definition of the processing of personal data and all parties are able to achieve the purposes listed above while at the same time guaranteeing the security of data subjects’ data and privacy.
We retain data which are processed in connection with the provision of communication services only for as long as is strictly necessary for achieving the purposes.
Eurofiber provides dark fiber connections as a service, with the customer having responsibility for installing the equipment which enables the communication. This service does not involve us processing any personal data, other than as described in connection with our business operations. We also have no access to data that are transmitted over the infrastructure in connection with this service. There is therefore no processing of personal data by us. Eurofiber is neither the controller nor a processer within the meaning of the GDPR in relation to this service.
We place cookies whenever users visit our websites. More information on the processing of data which have been collected through cookies is provided in our cookie statement.
Following a request to access personal data, data may be found to be inaccurate or incomplete. Inaccurate or incomplete data can be corrected or supplemented by contacting Eurofiber as indicated below. The user or customer can also request Eurofiber to erase data. We will comply with a request to erase data provided that there is no statutory obligation or other well-founded reasons requiring us to retain the data.
Any objection to the processing of personal data within Eurofiber’s group companies can also be notified to Eurofiber at any time.
Requests to exercise these rights can be notified via firstname.lastname@example.org or by post to Eurofiber Nederland B.V., attn. Marketing Department, PO Box 7072, 3502 KB Utrecht, The Netherlands, stating ‘personal data’.
We implement measures aimed at preventing data leaks. These include digital and analogue security measures on our infrastructure, careful selection of processors, contractual agreements and continuous employee training.
We also have procedures for the steps to take in case of a data leak. This ensures that swift and effective action can be taken to minimise any loss or damage. The top priority following the discovery of a data leak is to stop the leak.
Where we are the controller and we are legally obliged to do so, we notify the Dutch Data Protection Authority, unless the personal data breach is unlikely to result in a risk to data subjects. Where we are the controller and the data leak is likely to result in a high risk to the privacy of data subjects, we also inform the data subjects. No communication is required where:
- the personal data have been rendered unintelligible to any person who is not authorised to access them, e.g. because encryption has been applied;
- Eurofiber has taken protection measures which ensure that the high risk from the data leak is no longer likely to materialise;
- the communication to the data subjects involves disproportionate effort. In such a case, Eurofiber will make a public communication or similar effective communication of the data leak.
Where we are the processor, we will inform the customer of the data leak in order to enable the customer to comply with its legal obligations. We inform the customer in principle via email.
Company address: Safariweg 25-31, 3605 MA Maarssen
Postal address: PO Box 7072, 3542 KB Utrecht