GDPR Compliance Corporate Statement

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.

Heinen & Hopman’s commitment

Heinen & Hopman attaches great value to its role and reputation as a reliable business partner and thus also the guarantee to the right to privacy for you as a customer (or supplier). The past couple of months we have been working hard to make sure that we comply with the GDPR. Heinen & Hopman has put in place processes and procedures to comply with the various provisions of GDPR: data processing agreements are signed, a data deletion procedure is implemented and anonymisation of website usage is increased.

Which steps did we take to prepare for GDPR?

• We have thoroughly investigated what personal data we store and where we store it. We have implemented the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR.
• We have ensured we will always gain consent from you to use and store your personal data and explain you how it is being used.
• We have reviewed our privacy policy and cookie policy to ensure it clearly explains how your personal data is used and what cookies can be used.
• We have developed a cookie configurator and a cookie notification which allows visitors of www.heinenhopman.com to configure which cookies are placed.
• We have appointed a privacy manager, who can be contacted to request deletion of your personal data via privacy@heinenhopman.com.
• An opt-out link is included at the bottom of every promotional email that is sent to our customers.
• We have reviewed for how long we store personal data and when personal data should be deleted from our storages.
• We have concluded processor agreements with third parties that process our data.
• We will communicate our compliance to our stakeholders.

We’ve spent a lot of time with GDPR and have worked with a qualified professional to discuss how GDPR applies specifically to our organization, and how best to ensure compliance.  But the application of GDPR is situational, and not all aspects and interpretations of GDPR are well-settled. We will improve our GDPR procedures as soon as we identify a lack of compliance.