Privacy statement

CCS offers innovative software solutions for the insurance industry. Thanks to the powerful combination of industry knowledge and ICT experience, we help our clients compete in the complex and demanding world of insurance. CCS processes personal data as part of our products and services.

In this privacy statement, we describe which personal data we process and for what purpose. We discuss retention periods and the security of personal data. The sharing of personal data with other parties is also addressed, as well as the use of cookies. Finally, a section follows explaining your rights as a data subject and how to contact CCS if desired.

We believe it is important for you to understand how we handle personal data so that you can trust that your information is in good hands with us. Therefore, we do everything we can to protect your privacy. The rules for protecting your privacy are laid down in the General Data Protection Regulation (hereinafter: GDPR). CCS considers proper implementation of the GDPR to be of great importance.

Certain terms used in this privacy statement require further explanation. Below, you can read what we mean by these terms:

• Personal Data: All data that can be traced back to an individual, known as a data subject. Examples include your name, address, phone number, and bank account number. Sometimes we anonymize your personal data so that you are no longer identifiable as an individual. A data subject can be a customer, an employee of a customer or partner, or another person whose personal data is being processed.
• Processing: Everything that can be done with personal data. For example, collecting, storing, using, and deleting data

The personal data is processed by: Combined Computer Services C.C.S. B.V. – Vijzelmolenlaan 9 – Woerden, Chamber of Commerce 30089418.

We process personal data in various ways:

Via our website (www.ccs.nl):
Information we obtain through your use of or visit to our website: contact details such as name, company name, email address, IP address, phone number, username, and password for the portal account, as well as information from your web browser (such as browser type and language), Internet Service Provider (ISP), operating system, date/time stamp, and clickstream data, including the actions you take on our website (such as viewed web pages and clicked links). We also process your preferences for certain products and services.

In relation to our software and services:
Personal data to which a select number of CCS employees may have access or view in the course of providing these services: name, address, and contact details (NAW), phone number, email address, date of birth, nationality, gender, citizen service number (BSN), IBAN, copy of identity document, employment details (employment status, type of contract, job title, employee number), work history, salary data (SV wage), information related to the Gatekeeper Improvement Act, health data, medical data, benefits history, disability data (WIA), Chamber of Commerce (KvK) data, VAT number, insurance details, financial qualifications, invoice information (such as invoice name and address), partner and children’s details, debts, property valuation (WOZ values), pension data.

Additionally, we receive information about employees of customers who use our software and services, such as name, company name, date of birth, mailing address, email address, IP address, phone number, username, and user password.

In cases where we have access to personal data for the provision of certain services, a data processing agreement is concluded with the customer.

In relation to applicants:
Personal data provided to us for the purpose of a job application, such as name, date of birth, address, phone number, nationality, marital status, and any other personal data mentioned in the application.

We process personal data of individuals with whom we wish to establish, currently have, or have had a relationship. This includes:

• Private leads and prospects of customers (or the customer’s client);
• Private insured individuals and clients of customers;
• Employees of our customers;
• Third parties: those against whom claims are made;
• Visitors to our website;
• Individuals affiliated with a company or organization with which we have a relationship.

We process your personal data for the following purposes:

• To enable the use of our products and to provide our services;
• For marketing and business development activities, such as newsletters, event invitations, and other marketing communications that may be of interest;
• To handle an application or registration;
• For billing and payment purposes;
• To improve our products and services;
• To comply with our legal and regulatory obligations;
• To generate statistics regarding website usage and/or to analyze and improve the website.

We process your personal data based on one or more of the following legal grounds:

• The performance of a contract;
• Compliance with a legal obligation;
• Legitimate interest;
• Your consent.

We do not retain your personal data longer than necessary to achieve the purposes mentioned in this privacy statement or to comply with legal and regulatory requirements.

In cases where personal data is processed and stored by us on behalf of or through our customers, such data will be retained for the duration specified by the relevant customer. In principle, this personal data will be destroyed after the CCS software and services provided by CCS are permanently terminated (without making a copy), unless the customer provides us with different retention instructions.

For the purposes described in this privacy statement, CCS may share your personal data with a company that is part of the CCS group.

Your personal data may also be shared with third parties. We do this only for valid reasons. For certain tasks, we engage third parties. This includes, for example, the hosting provider where our data is stored and maintained. We also use the email marketing services of MailChimp and the web integration services of Zapier. We only use third parties that implement appropriate security measures to protect your personal data. They are not permitted to use your personal data for their own marketing activities. To ensure this, we enter into data processing agreements with these parties. CCS remains responsible for these data processing activities.

These third parties may include:

• Supervisory authorities and other government agencies, in order to comply with legal obligations.
• External suppliers related to the processing of your personal data for the purposes described in this privacy statement, such as ICT providers, communication service providers, or other suppliers to whom we outsource certain support services.

The transfer of your personal data to the above third parties occurs only for the purposes mentioned in this privacy statement and solely based on the legal grounds outlined in this privacy statement.

Your personal data will not be transferred to a recipient in a country outside the European Economic Area (EEA).

We have implemented appropriate technical and organizational measures to secure your personal data against unauthorized or unlawful processing and against loss, destruction, damage, alteration, or disclosure.

If you have any questions about the security of your personal data, or if there are any indications of misuse, please contact us at compliance@ccs.nl.

The rights of data subjects include:

• The right of access: This means you can request access to the personal data we have processed about you. Please note that there may be circumstances in which we are obligated, based on an agreement with our customers, not to fulfill your request directly but instead refer you to that customer for copies of your personal data.
• The right to rectification or correction of your data if it is incorrect or incomplete.
• The right to erasure of your personal data. However, please be aware that there may be circumstances where we are required to retain your data to comply with our legal and regulatory obligations.
• The right to object to or request the restriction of the processing of your personal data. Again, there may be circumstances where we are legally unable to comply with your request.
• The right to withdraw consent that you have previously given. Even in this case, there may be circumstances where we are authorized to continue processing your data, particularly if such processing is necessary to fulfill our legal and regulatory obligations.