Privacy Code of Conduct
The processing of personal data will only be carried out based on an agreement between AAS International and our clients or based on a law or other binding regulations, whether EU or national (Article 28(3) GDPR).
AAS International will process personal data solely based on written instructions from our clients, acting as data controllers unless a law or other binding regulation (EU or national) obliges us to perform (different) processing. In such a case, we will notify our clients prior to the processing, unless the respective law or regulation prohibits us from doing so. Written instructions from our clients will, as a minimum, include the subject, duration, nature, and purpose of the processing, the type of personal data, the categories of data subjects, and the rights and obligations of our clients as data controllers (Article 28(3), Article 28(3)(a) GDPR).
AAS International will not disclose or make available personal data for purposes other than those indicated in the processing agreements between us and our clients acting as data controllers, or based on a law or other binding regulations, whether EU or national (Article 28(3)(b) GDPR).
AAS International will implement appropriate technical and organisational security measures in the processing of personal data, considering what is technically feasible, to protect against risks such as loss, destruction, unauthorised access, unauthorised use, unauthorised changes, and unauthorised disclosure (Article 28(3)(c), Article 32 GDPR).
AAS International will actively provide information regarding our location as well as the locations of processors appointed by us and the reasons why we process personal data.
AAS International will promptly and fully cooperate with requests from any individual for information about personal data we hold about them, which reach us through our clients acting as data controllers. The relevant personal data will be made available to our clients in a factual and easily readable form. If we are unable to comply with such a request, we will provide the reason for non-compliance. We will also fully cooperate with successful requests for rectification and erasure of personal data, restriction of processing, and data portability (Article 28(3)(e) GDPR).
AAS International ensures that it is accountable at all times for how we implement our privacy code of conduct.
AAS International will not store processed personal data for longer than is necessary for the purpose for which the data was collected, as indicated, and explained in the respective processing agreements concluded between us and our clients, unless a relevant law or binding regulation (EU or national) obliges us to maintain a different retention period. In such a case, we will notify our clients prior to entering into the processing agreement unless the respective law or regulation prohibits us from doing so (Article 28(3)(g) GDPR).
After termination of the processing agreement, AAS International will erase all personal data, return it to the respective client, and delete any existing copies, according to the choice of the client, unless we are required to retain such data based on applicable laws or regulations (EU or national) (Article 28(3)(g) GDPR).
AAS International will not transfer personal data to any country, territory, and/or organisation outside the EEA unless the respective country, territory, and/or organisation guarantees adequate protection regarding the rights and freedoms of data subjects in connection with the processing of personal data. This classification will be made exclusively based on Article 45(1) GDPR.
Our privacy code of conduct is an integral part of the AAS International corporate culture and is respected and followed by all employees.
Questions?
Do you have any questions about our Privacy Statement or the way we handle your data? Please send your inquiry to info@aasinternational.nl.