Personal data

What are personal data?
Personal data are data that can provide information about a certain person, for example, about his or her characteristics, opinions or behaviour. Even if the name of the person has not been mentioned in detail, personal data may still exist. This can be the case if it concerns someone whose identity can reasonably be established without too much effort.

From whom do we process personal data?
We process personal data from a number of employees of our members, namely the employees who 1.) receive our samples, 2.) receive the report, 3.) act as a contact person, and 4.) work at the financial administration department. In addition, we process the personal data of the board members, the directors of the section boards, the contact persons of the scientific or professional associations linked to the area of interest, of our employees, applicants and speakers, sponsors and other persons that are relevant to our events.

Where do we process such personal data?
We store these data in a secure environment, largely in a self-built CRM-system that we have linked to Oracle database.

Privacy statement

Purpose of this privacy statement
We publish this privacy statement on our website in order to comply with our obligation to provide information.

Who do we inform?
With this privacy statement we inform you as a reader and all other interested parties or stakeholders.

What information do we provide you with?
We inform you about the use of personal data, about the purpose of the processing, about the security of the data and the possible recipients of these data. Before each processing, we will briefly and properly explain which data we process and for what purpose. In addition, we will inform you about your rights as a data subject, such as the right to inspect and delete your personal data.

Careful handling
We will treat and protect the personal data you (have) provided to us with utmost care. We will therefore make every effort to comply with the requirements imposed on us through applicable laws, rules and other regulations, such as the Telecommunications Act and the General Data Protection Regulation, with regard to the processing of personal data. We only use the data for the purposes for which they were provided to us and do not process more data than necessary to fulfil such purposes

Principles of data processing
In order to realize the purpose of our foundation, we process data:
a.) in implementation of a law, or
b.) for the performance of an agreement, and/or
c.) for our objective or for the optimisation of our objective, and/or on the basis of another legitimate interest.

Scope

This privacy policy applies to all activities of SKML and to every visit of our website. It therefore applies to all personal data provided to us by our members and to personal data provided by applicants, employees, visitors of the website, suppliers, speakers, sponsors, staff and visitors of our conference and other events, etc.

Please note that we cannot take responsibility for the privacy policy of other quality organisations and/or associations, and of other companies and/or websites and sources, even if we cooperate with them or refer to them on our website.

Data provider
We receive all personal data from the members, that means either by the person concerned or by his colleague, either by completing the registration form / application form / contact form, or by sending an e-mail, or by entering the information in QBase.

Provision of personal data is not mandatory
SKML would like to emphasize that it is not mandatory for you as a visitor to our website or other involved party to provide us with your personal data. However, if you do not provide them to us, you will not be able to participate in any SKML activity, because we cannot reach you.

Permission
If you have granted us permission for the processing of your personal data, you can withdraw it at all times. We must however register the personal data of at least one of your employees in order for your institution to participate.

Linking data
We do not link data, but only record the information obtained directly.

What data do we process for what purpose and where?

Website

With the term website we refer to every use of our web page under the domain name: https://www.skml.nl, information and pages thereon, hereinafter collectively referred to as: “the website”. We process your personal data to the extent necessary to keep the website and related events available.

What data do we process?
The data you (have) provided us with when filling in the participation form for our conference, when filling in the registration form to become a member and/or when filling in the contact form (e-mail address, membership number and other data). If you order a product through the webshop, you can decide where it should be delivered. We print the data you entered then to be able to send you the product, but do not store this information.

For what purpose do we use the personal data?
Please refer to the heading ‘Conference’ (to fill in the participation form), or the heading ‘participant file’ (to fill in the registration form) for the various purposes. We use the information in the contact form to contact you.

Links
This website may contain links to other websites, to which the stipulations of the scope apply.

Member database

From whom do we process data?
We process the personal data of the contact person(s) of our members, of the person(s) who receive(s) the samples, of the person(s) who receive(s) the report and of the person(s) who receive(s) the invoice. In general, we register an average of five – but sometimes more – contact persons in total per institution.

What data do we process?
We process the name, title, initials, gender, telephone number and e-mail address. We also process the member’s business address.

Where do we process the data?
We process our members’ data in the self-developed SKMLBase. As a participant, you can access your personal data using QBase. You will receive a login name and password to log in.

Who can view my data in the SKMLBase and QBase?
Only employees of the SKML’s Central Facility Office (CFB) can view and/or process the data in the SKMLBase. We send lists with the names of the staff that will receive the samples on behalf of the laboratory to the sample preparation centres. The various sections receive lists of persons who have registered for the user days. Section members can also view the list of directors. In QBase you can
only view your own data and not the information of the other participants.

For what purposes do we use the personal data?
We process the personal data you voluntarily provide to us in order to register the participation of your institution and to record who acts as the contact person, who will receive the samples, who will receive the reports and to whom we can send the invoice. We also use your data to send you your login name and password encrypted by e-mail and to be able to contact you afterwards. Finally, we use the data
for sending the invoice.

To whom do we provide the data?
We provide the name (and business address) of the person who will receive the samples to the suppliers of the sample material to ensure that the material is delivered to the correct address. Apart from that, we do not provide any information to third parties without the express written consent of the person concerned.

Conference

Sponsoring

The conference is financed by sponsors whose data we process in a relationship management database.

From whom do we process data?
In the relationship management database we process the data of the sponsors, speakers, section chairmen and other persons relevant to the conference, such as our employees, contacts of the scientific and professional associations, our suppliers, contacts of the locations, etc. In the participant register we process the data of the participants.

What data do we process?
In the registration form for the conference, we ask you to provide your name and address, your telephone number and your e-mail address. In the relationship management database, we record your name, titles, gender, telephone number and e-mail address.

Where do we process the data?
We process the data in our own database.

For what purposes do we use the personal data?
We use the information in the registration form to record and confirm your attendance at the conference and to create badges and participation certificates, which are required to prove that you have earned your credits. We use the information in the relationship management database to help us organise a subsequent conference (for example, by approaching sponsors, suitable speakers, section chairmen and other relevant persons relevant to the conference).

Events

The various sections organise user days or afternoons/mornings for which they process personal data.

From whom do the sections process these data?
The data of the participants are processed.

What data do the sections process for this purpose?
The sections process name and address, telephone number and e-mail address.

Where do they process the data?
The data is only processed centrally and not stored in a separate database.

For what purposes do they use the personal data?
The sections use the data to record and confirm your attendance at the conference and to create badges and participation certificates, which are required to prove that you have earned your course credits.

E-mail

What data do we process?
We process the data you (have) provided to us in the e-mail. Sometimes we ask you to provide us with more personal data by return e-mail, but only if this is relevant to answering your question or in that situation.

Where do we process the data?
We store the data on our own secured servers.

For what purposes do we use the personal data?
We use the data to answer your question and/or to be able to meet your request(s). We also use the e-mail address to send you relevant information about the circular shipments.

Schemes

For the schemes, only the membership number and the name of the institutes are mentioned on the reports. The membership number can only trace SKML back to you.

What data do we process?
We only process the name of the person to whom we should send the sample materials and of the person to whom we will send the report afterwards.

Where do we process the data?
We record the data in our member database.

For what purposes do we use the personal data?
We use the personal data to enable the circular shipments and to share the results with the members.

Recruitment

What data do we process?
We process the data that the applicant provides to us. In general, applicants provide us with at least their name and address, telephone number, e-mail address, date and place of birth, nationality, level of education, work experience, skills (and languages they speak) and whether or not they hold a driver’s licence. Sometimes they also provide their photo and/or a vlog and/or provide information about their marital status, their family composition, their leisure activities and interests, a link to their LinkedIn profile and their personal website, if applicable.


Where do we process the data?
We store the data in a protected folder, to which only the CFB management team members have access. After completing the application process, we delete the data.


For what purposes do we use the personal data?
In order to assess whether or not candidates are suitable for the vacant position(s) and, in the light of this assessment, to invite them to an interview in order to start an application procedure with the aim of finding a suitable candidate for the vacant position(s).

No other purposes

We do not process or use personal data for purposes other than those set out in this privacy statement, unless we have obtained your prior consent.

Cookies

We only use functional cookies for our website.

Rights of data subjects

As a data subject, you have the right to access your personal data and to request that we correct, supplement, delete or block them. In order to prevent third parties from using your data, our contacts can only access their data if they personally request it, so that we can establish the identity of the person making a request with certainty. You can also ask us to rectify or delete your personal data.

We will delete your information if it is factually inaccurate, incomplete, irrelevant to the purpose for which we have collected it, or if we have used it in any other way in violation of any law. You also have the right to restrict data processing. This means that you can request us to stop part of the data processing and to continue another part. You also have the right to data portability, which means that we will provide you with your data in a compressed manner so that you can easily provide them to a third party or third parties. We can also send this compressed data directly to the third party of your choice, but of course only with your permission and specific order to that end.

You may also object to the data processing if you believe that your specific interests outweigh our legitimate interest in processing them. If you object to the data processing, we will weigh your objections and then make a well-considered decision regarding the data processing to which your objection relates. If you do not agree with that decision or if you object to the way in which we handle your data, you can submit a complaint to the Dutch Data Protection Authority. You can easily submit your complaint via their website.

You also have the right not to be subject to automated decisions, the right to state an effective remedy in court and the right to compensation in the event of a privacy violation. Finally, parties involved now also have the right of collective action.

Profiling

We do not use profiling and do not subject our participants to automated decisions.

Security

We have taken appropriate technical and organisational measures to secure our data, which – given the state of the art – are sufficient to prevent the unlawful processing, unauthorised access, modification, disclosure or loss of your data as much as possible. Only employees who are authorised by virtue of their position have access to the personal data. They are contractually bound by a confidentiality clause. We send the QBase login details encrypted by separate mail to the linked e-mail address of our members.

Our foundation has a privacy policy in which the importance of data protection is the starting point. The employees of the foundation are also bound by this policy. This policy is handed over to all our employees, including freelancers and other contractors whom we employ, trainees and temporary workers. Our privacy policy includes closed cupboards and rooms in a secure building, the prohibition to store passwords and the prohibition to view personal data for private purposes. We have offered training to our employees to increase their awareness of the protection of personal data. We only work with PCs, which means that information stored locally by mistake does not leave our (secured) premises. We also work exclusively with reliable processors with whom we have concluded sound agreements.

Data breach reporting obligation

A data breach protocol applies within SKML.

Data retention period

In principle, we store your data for as long as necessary. This means that we store the details of your contact person(s) for as long as your institution is a member. If your institution withdraws its membership, we will deactivate your data.

We archive a backup of the conference data. We destroy the backup after a maximum period of two years. If you send us a question by e-mail, we will keep your message until the question has been dealt with.

We will keep the data of an applicant for a maximum of two weeks after the application procedure has ended unless we have obtained the candidate’s consent to keep them longer. We do not actively request this permission. We therefore only retain the data longer if the applicant explicitly requests this.

Third parties and processors

We will not share your data with third parties (especially not with advertisers) without your permission.

Amendments

SKML reserves the right to change its privacy statement. If there are any substantial changes to this statement, we will inform you by e-mail. The latest version of this privacy statement dates from 04 January 2024.

Questions, feedback and contact

With this privacy statement and cookie policy we would like to clarify how we handle your data. We regularly check whether we comply with this privacy statement. If you have any questions about this statement, or any other questions or complaints about the use of your information, you can contact us.