Skip to content

European partner in rugged mini‑PC solutions

Privacy Policy

Privacy & GDPR

Privacy statement

In this statement, MiniDis outlines how it handles personal data and privacy on a daily basis, and what is legally permissible and impermissible.

Introduction

Privacy plays a significant role in the relationship between MiniDis and its customers. Protecting privacy is complex and becoming increasingly important due to technological advancements, decentralization, safety challenges, and European legislation.

Therefore, MiniDis finds it important to be transparent about how it handles personal data and how privacy protection is ensured.

Legislation and definitions

The General Data Protection Regulation, also known as GDPR, builds on previous Dutch privacy legislation and strengthens privacy rights, while adding responsibilities for organizations.

Data subject The person to whom the personal data relates.
Controller The person or organization that determines the purposes and means of processing.
Processor The person or organization that processes personal data on behalf of another party.
Personal data Any information relating to an identified or identifiable person, such as name, address or contact details.
Special categories of personal data Sensitive data, such as health data, ethnic background, political opinions or citizen service numbers.
DPIA A Data Protection Impact Assessment that evaluates the privacy risks of processing activities.
Processing Any operation performed on personal data, such as collecting, storing, using, sharing or deleting data.

Scope

This privacy statement applies to all personal data processing activities carried out by MiniDis B.V. and its departments.

In other words, it applies to all processing activities within the organization where personal data is involved.

Processing of personal data

Processing personal data includes any operation or set of operations performed on personal data, whether or not by automated means.

  • Collecting, recording and organizing personal data
  • Storing, updating and modifying personal data
  • Retrieving, consulting and using personal data
  • Disclosing personal data by transmission
  • Disseminating or otherwise making personal data available
  • Aligning or combining personal data
  • Restricting, erasing or destroying personal data

Purposes and lawful basis

Purposes

Personal data may only be processed if a purpose has been established. The purpose must be explicitly described and justified. Personal data may not be processed for unrelated purposes.

Lawful basis

Processing of personal data must have a lawful basis. This means that processing may only take place:

  • To comply with a legal obligation
  • For the performance of a contract to which the data subject is a party
  • To combat a serious threat to the health of the data subject
  • For the proper fulfillment of an agreed task
  • When the data subject has given consent for the specific processing

Method of processing

The main rule for processing personal data is that it is only permitted in accordance with the law and must be carried out carefully. Personal data is collected as much as possible from the data subject.

The law assumes subsidiarity, meaning that processing is only allowed when the purpose cannot be achieved in another way. The law also mentions proportionality, meaning that personal data may only be processed if it is proportional to the purpose.

MiniDis ensures that personal data is accurate and complete before it is processed. Personal data is only processed by individuals with a duty of confidentiality. In addition, MiniDis secures personal data to prevent unauthorized access or modification. This is outlined in the information security management system compliant with ISO 27001.

Transfer outside the EEA

MiniDis does not transfer personal data to a country outside the European Economic Area, also known as the EEA, or to an international organization.

Duty to inform

MiniDis informs data subjects about the processing of personal data. When data subjects provide information to MiniDis, they are informed about how the organization handles personal data.

This is done through this privacy statement on the website and through the applicable privacy policy. MiniDis may also make agreements with customers, suppliers or processors regarding the handling of personal data where needed.

Deletion and retention

MiniDis does not retain personal data longer than necessary for the purpose for which it was collected.

When personal data is no longer needed to achieve the purpose, it is deleted as soon as possible. This means that the data is destroyed or altered in such a way that the information can no longer be used to identify someone.

Rights of data subjects

The GDPR defines several rights for individuals whose personal data is being processed. These rights include:

  • Right to information: data subjects can ask MiniDis whether their personal data is being processed.
  • Right of access: data subjects can check whether and how their data is being processed.
  • Right to rectification: data subjects can request correction of incorrect personal data.
  • Right to object: data subjects can object to the processing of their personal data.
  • Right to erasure: data subjects can request deletion of their personal data where applicable.

Submitting a request

To exercise their rights, data subjects can submit a request in writing or by email. MiniDis has four weeks from receipt of the request to assess whether the request is justified.

Within four weeks, MiniDis will inform the data subject of the outcome. If the request is not followed, there is the possibility to appeal to the Security Officer or to file a complaint with the Dutch Data Protection Authority.

Based on a request, MiniDis may request additional information to verify the identity of the data subject. The Security Officer can be reached through the general contact details of MiniDis.

Data Protection Impact Assessment

A Data Protection Impact Assessment assesses the effects and risks of new or existing processing activities on privacy protection.

MiniDis conducts this assessment when there is automated processing, large-scale processing or large-scale monitoring of special categories of data. This is particularly important for processing activities involving new technologies.

English