At WEAREREASONABLEPEOPLE we take your privacy seriously. We consider it important to take utmost care in dealing with (your) privacy sensitive data. In this document we explain how we do this, and what we are doing to safeguard your information.
The short version is that we embrace privacy by design, and we only process personal and privacy sensitive data in accordance with GDPR. But if you are no legal professional, that probably does not mean a lot to you. Please keep on reading as we have tried to summarize our policies in words that should be understandable for everyone.
If you contact us (by phone, mail or in person)
Whenever you call us, mail us, contact us through our website or walk by our office, we will likely need to collect some information to help you or get back to you. We will save your name and contact information (mail/phone) to be able to answer any question you might have, or respond to a request to contact you. But, and we are very strict about this, we will not add you to any email list if you have not asked us to do so.
If you visit our website
In order to keep track of and get a better understanding of the origin and behavior of visitors on our site we are using Google analytics. This is done in a way that respects privacy, and complies to the guidelines that are provided through the GDPR. To cut a potentially long story short: data on website visitors is anonymized. Google has written an extensive article on how they do this, please read it on their website
For our existing clients
If you are a client at wearereasonablepeople, we will keep track of your company info as part of our contractual agreement, so we can contact the people that we work with within your organization and so that we can fulfill our obligations. Things we keep track of are name, function, e-mail address and phone number aside from information on the projects we have worked on together or that are up for discussion. As long as you remain a client with us, we will keep this information on file as we will need to have this information handy, so we can reach out. If for whatever reason our collaboration ends, it may be necessary to retain some information for a legally prescribed period of time for instance when information might be related to an invoice, a contract or another legal document. If there is no legitimate interest to retain the information we will delete information at the first possible moment, but ultimately always within 12 months.
For potential or future clients
If you are a potential client at wearereasonablepeople and we are for instance discussing a first project together, we will need to keep track of your company info, so we can contact people within your organization. Once again: things we keep track of are name, function, e-mail address and phone number, alongside details on the project up for discussion. If you become a client with us we will keep this information on file so we can stay in touch. If for whatever reason you do not become a client with us we will delete information as soon as possible, but always within 12 months.
Through job applications from all over the world, we have been able to build our super international team. Thanks a lot for applying with us (if you have). Of course we will hold onto your information when you are in the application process with us, (in light of a potential contract). We store your information safely in GitHub, a US based company that complies to the Privacy Shield guidelines and is therefore GDPR compliant. If somehow we are not able to offer you the job you were looking for, we will keep your information on register for 12 months max, starting to count from the moment that we have communicated that we will not be continuing together.
Your rights as a data subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org
or use the information supplied in the Contact Options section below with your request for exercising your right. We will try to process your request within 4 weeks. Your rights are as follows:
The right of access
You may request insight in the personal data we hold about you free of charge. If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may request us to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to erasure (the right to be forgotten)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data We will take all reasonable steps to ensure erasure.
The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
The accuracy of the personal data is contested
Processing of the personal data is unlawful
We no longer need the personal data for processing but the personal data is required for part of a legal process
The right to object has been exercised and processing is restricted pending a decision on the status of the processing
The right to data portability
You may request a copy of your set of personal data that wearereasonablepeople processes. We will provide the personal data in a commonly used and machine-readable format. This will be personal data that we have processed based on your consent or for fulfilment of a contractual obligation that we have with you.
The right to object
You have the right to object to our processing of your data where
Processing is based on legitimate interest
Processing is for the purpose of direct marketing
Processing involves automated decision-making and profiling.
For each request you make we may ask you to identify yourself. The purpose for this is to confirm who you are so that your personal data is not shared with other persons and to ensure that any data changes are made to the correct records. Withdrawal of your consent You are always able to withdraw your consent to process your personal data. If you wish to revoke your consent, just let us know via one of the communication channels and we will not process your personal data any longer. This is only applicable on the personal data which is processed with consent.
As a software company, we are a quite aware of the many security risks that are looming, and we proactively adapt our ways of working. We always strive to work under the most secure practices, by doing this effort we mitigate the majority of data breach risks. In the unlikely event that a data breach would happen, we will proactively inform all those affected by any breach.
In case you would like to know more about the way we deal with privacy, or if you would like to know what information we have stored about yourself, or members of your organization and potentially have this information updated, removed, transferred to you, please reach out to our email@example.com
account. We will react to your email as soon as we can, but always within 4 weeks upon receipt.
Version of this document
As our company is fast growing and quickly evolving, this document is likely to get updated in the (near) future. For your reference the current version was last updated on December 3 2018. If you have any feedback or comments on this document, please reach us at firstname.lastname@example.org
. Thanks for reading this to the very end :).