Thank you for choosing Greenfield Business Centre to offer you workspace options in the Netherlands!
The terms and expressions in capital letters used in the Policy have the meanings set forth below. Words in the singular include the plural and vice versa. These terms and expressions shall always be interpreted according to applicable data protection rules including, but not limited to, the General Data Protection Regulation (European Union Regulation 2016/679) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and together with all implementing laws and any other applicable data protection, privacy laws or privacy regulations (the “Data Protection Legislation”).
“Agreement”: means any written contract, any written statement of work, or any other written binding agreement, including any annexes thereto, between Greenfield and the Client; including but not limited to Rental Agreement, Terms and Conditions, and Authorizations for use of data.
“Client”: means the counterparty to the Agreement, including Rental Agreement with Greenfield;
“Client Affiliate”: means any legal entity affiliated to the Client;
“Data Controller”: the natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. The Data Controller in this Policy is Greenfield Netherlands, a Stichting formed under the laws of the Netherlands with registered office address at Laanzichtweg 60-B, 4748SJ Teteringen, the Netherlands, and registered within the Chamber of Commerce of the Netherlands under the number 64494667. The terms "we", “our” or "us" in this Policy refer to Greenfield;
“Data Processor”: means the party, which Processes Personal Data on behalf of the Controller;
“Data Subjects”: means natural persons whose personal data is being processed by Greenfield, as further described below under Article 3(a);
“Personal Data”: means any information allowing the direct or indirect identification of a natural person/individual;
“Processing” means any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Services”: means services and / or facilties Greenfield provides to the Client under any Agreement here under concluded.
“Technical and Organizational Security Measures” means measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of Personal Data over a network, and against all other unlawful forms of processing.
3. Collection of Personal Data
a) When does Greenfield collect your Personal Data?
Greenfield collects and stores Personal Data relating to Data Subjects having interactions with Greenfield in accordance with Data Protection Legislation. This Policy shall apply between Greenfield and the Data Subjects.
Data Subjects may include, but are not limited to, the following categories of individuals:
representatives, employees, contact persons and any other related individuals of Greenfield, suppliers, third-party providers and subcontractors; and
Former and current employees, shareholders, investors, officers, directors, board members, signatories, contact persons, representatives, direct and ultimate beneficial owners and any other related individuals of prospective or current Clients and Client Affiliates.
b) Types of Personal Data.
Personal Data collected and stored by Greenfield may include, but are not limited to, the following types of data:
Identification data, such as name, family name, date and place of birth, gender;
Government identification numbers, such as social security numbers, tax number, ID card number and passport number, taxpayer identification number.
Copies of identity documents, such as passport, national ID card, driver’s license, employee certificate;;
Contact information, such as phone and fax numbers, home and professional address, email address, country of (tax) residence, and any other contact details you provide to us;
Other relevant personal details, such as nationality and citizenship, employment details, education, marital status, family or personal circumstances, utility bills, tax residency and interests, where relevant;
Types of services or facilities received/provided or of products bought/sold and your objectives in procuring such services and / or facilities from Greenfield
Financial and banking information, such as bank account number, the source of wealth, bank statements, details of shareholdings and other assets which are legally or beneficially owned by the Data Subject.
Communication data, any requests and complaints the Data Subjects disclose to Greenfield during the course of the contractual relationship with Greenfield, either voluntarily or upon request;
Any other Personal Data reasonably related to the conduct of Greenfield’s business and facilities offered, and in particular whether you may represent a politically exposed person or money laundering risk;
Details of people and organizations which may be connected to the Data Subject (by family or otherwise), if Greenfield has reason to believe there may be risk of illegal activity;
To comply with our legal obligations on Know-Your-Client (KYC), we also collect the following information from the Ultimate Beneficial Owners(UBOs) of our Clients: first and family name, copy of ID and passport, nationalities, tax residence, private/residential address, phone number, email address, date of birth, marital status, profession and actual function, range of annual income, range of estimated wealth, the source of wealth and (where applicable) an U.S. or other Taxpayer Identification Number.
Please note that the list is not exhaustive and that Greenfield may collect and process Personal Data to the extent that is useful or necessary for the provision of our Services and / or facilities or for in compliance with legal or regulatory obligations.
Most of the Personal Data we process is information that is knowingly provided to us by Data Subjects in a sales process, via telephone calls, via submitted forms, emails or business events. However, please note that in some instances, we may process Personal Data received from publicly accessible sources such as the internet, social networks, World-Check or commercial registers. Furthermore, we may receive Personal Data from third parties as part of the Services and / or Facilities we provide to the (prospective) Client or to people which are connected to the (prospective) Client (including but not limited to in which the Client having a shareholding or by which the Client are employed) or in connection with legal requirements that are applicable to us.
This Policy does not apply to corporate company information if no personal data from individuals can be derived from such corporate information.
c) Purpose of the processing of Personal Data.
Greenfield collects and uses the Data Subjects’ Personal Data for the purposes below and on a lawful basis. Insofar as we already hold information about you, we may use that information for the same purposes.
For the performance of any contractual obligations towards the Data Subjects, including but not limited to, relationship management, managing accounts and providing or receiving products, services, facilities from Greenfield. In this respect, we use your personal data for the following:
The use is necessary to execute an agreement in which you are one of the parties.
Complying with legal obligations. Processing the information is necessary for the representation of the justified interests of Greenfield in the client’s role as tenant.
To send you information about our own products and services and / or facilities (marketing purposes); to respond to questions and/or complaints you have and to secure, adjust and improve the website.
To prepare a proposal for you regarding the services / facilities we offer;
To provide you with the services / facilities as set out in our rental agreement and other agreements concluded with you or as otherwise agreed with you from time to time;
To contact necessary personnel in pursuance of your legal obligations;
To handle any request and any complaints or feedback you may have;
For any other purpose for which you provide us with your personal data;
In this respect, we may share your personal data with or transfer it to your agents, advisers, banks, intermediaries, and custodians of your assets who you tell us about; third parties whom we engage to assist in delivering the services and / or facilities to you, including other companies that Greenfield is publicly included in the corporate structure of, our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, auditors, IT or public relations advisers; and our data storage providers. We will keep you clearly informed of the data sharing and ask for your consent, if requested by the Netherlands.
For compliance with legal obligations, including but not limited to, compliance with applicable commercial law, laws applicable to regulated companies of the financial and accounting sectors and laws on anti-money laundering (AML) and counter terrorist financing (CTF), tax identification and reporting (where appropriate), as well as compliance with requests from or requirements of regulatory and enforcement authorities. This implies that we will use your personal data to meet our compliance and regulatory obligations, such as maintaining appropriate business records, in compliance with anti-money laundering and counter-terrorism financing laws, and as required by law to conduct “Know-Your-Client” (KYC) identification procedures. Also as required by tax authorities or any competent court or legal authority, and we may share your personal data with our advisers where it is necessary for us to obtain their advice or assistance, or our auditors where it is necessary as part of their auditing functions, as well as third parties who assist us in conducting background checks, and with any relevant regulators or law enforcement agencies where we are required to do so.
For the purposes of the legitimate interests pursued by us or by a third party that are necessary, for instance, for Greenfield to carry out its daily activities, for fraud and other criminal activity prevention, identification, payment verification, to implement changes in our corporate structure or ownership, to create statistics and tests, to manage risk, litigation (including disputes and collections), accounting, audits, tax returns, for training our staff or monitoring their performance, as well as for direct marketing purposes relating to Greenfield products, facilities and services, including the development of commercial offers by Greenfield aimed at the Data Subject and in accordance with applicable law applicable to the sending of commercial communications for prospective Data Subjects.
Use of information based on explicit consent: Greenfield may use provided Personal Data to send prospective and current Clients marketing communications (such as newsletters, promotions, news or service updates) via email or other electronic means or via telephone, but we will only do so after we have received the explicit consent to do so. Data Subjects can withdraw the consent at any time. If you no longer want to receive emails from Greenfield, you can make this clear by sending an email to firstname.lastname@example.org. You can also unsubscribe from the emails we send at all times, via a link for unsubscription.
For Greenfield’s legitimate commercial interests:
We may use Clients’ Personal Data for client administration purposes, such as client Services / Rental agreements administration, internal administration of work done under client Services / Rental agreements;
We may use Clients’ Personal Data for analyzing and improving the quality of our Services and/ or Facilities and to understand the Client as a customer (customer optimization). This enables us to assess what may interest the Clients, to measure or understand the effectiveness of advertising we serve to the Clients and others and to deliver relevant advertising. In addition, based on Clients’ historical use of our Services and / or Facilities we may target Clients with advertisement or other marketing materials that are customized to Clients’ personal preferences and experiences; We may use the existing clients’ Personal Data (both on aggregated and on individual basis), such as contact details and electronic identification data for the purpose of advertising our Services that may be of the Clients’ interests (based on the previously used Services), making contact with the Clients for marketing or other commercial purposes; the Data Subjects can inform us of the unwilling to receive advertisement or other marketing materials from at any time;
We may use Clients’ Personal Data for our other legitimate commercial interests such as, to operate and expand our business activities, to develop and improve or modify our Services and / or Facilities, to generate aggregated statistics about the users of our Services and / or Facilities; to assist in security and fraud prevention; to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes;
We may also use your Personal Data for system integrity purposes (for example the prevention of hacking, spamming etc.); to facilitate our business operations, to operate company policies and procedures; to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of Greenfield’s assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.
Greenfield makes sure that only the Personal Data that are necessary to achieve the above-listed purposes are processed.
d) Update of Personal Data.
Greenfield will endeavor to keep the Personal Data in our possession or control accurately. Individuals providing Personal Data are therefore responsible for promptly informing Greenfield of any change to their Personal Data.
4. Disclosure or share of Personal Data
Personal Data will not be shared with third parties, except as provided below.
a) Disclosure of Personal Data.
We may disclose Personal Data to the following categories of recipients:
Services providers or processor, such as IT service providers, internal or external data processors, and professionals providing Greenfield with Technical and Organizational Security Measures;
Affiliated companies of Greenfield and companies within the corporate structure of which Greenfield is a part (including the offices within and outside or Europe);
Business partners and professional advisors, such as business centers; law, tax and audit firms, including subcontractors which are engaged to perform (part of) the Services and / or Facilities under client Service Agreement OR Rental Agreement
Public authorities and administrations;
Marketing and advertising companies that carry out marketing activities on our behalf;
Analytics and search engine providers that assist us in the improvement and optimization of our website, such as Google Analytics
Greenfield may disclose Personal Data in the following circumstances:
in the event of a legal request and/or investigation when, in our opinion, such disclosure is necessary to prevent crime or fraud, or to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction;
if we outsource some or all of the operations of our business to third party service providers, as we do from time to time. In such cases, it may be necessary for us to disclose Personal Data to those service providers. Sometimes the service providers may process some Personal Data on behalf of and under the instructions of Greenfield. We restrict how such service providers may access, use, disclose, and protect that data; In providing their services, they will access, receive, maintain or otherwise process Personal Data on our behalf. Our agreements with these service providers do not permit the use of your Personal Data for their own (marketing) purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your Personal Data and only process it in accordance with our instructions;
in case of business transfers or corporate transactions, in the event of the sale or acquisition of companies, subsidiaries, or business units. In such transactions, Personal Data may be part of the transferred business assets but remain subject to the protections in any pre-existing privacy statement;
when we believe release is appropriate or necessary to conduct Greenfield’s business, comply with the law, enforce or apply our policies and other agreements, or protect the rights, property or safety of Greenfield, our employees if any, or others;
To creditors, and third parties of the Data Subject if required by law, on provision of proof that said third party is entitled to certain information, and to protect Greenfield’s reputation and business. In such cases, Personal Data will only be shared after reasonable measures have been taken to obtain the exact assent of the client or appropriate information to be passed.
On Data Subject’s instruction, where the Data Subject has explicitly consented or requested Greenfield to disclose Personal Data to any third party.
In such circumstances, Greenfield ensures that Personal Data is kept secure from unauthorized access and disclosure.
b) International Transfer of Personal Data.
Due to the global presence of our business operations, Greenfield may transfer Clients’ Personal Data to other countries. Data Subjects are informed that certain data recipients may be located outside the territory of the European Union in countries that do not offer a level of protection equivalent to the one granted in the European Union (“Third Countries”). Data transfers to third parties located in Third Countries will be, depending on the nature of the transfer:
covered by appropriate safeguards such as standard contractual clauses approved by the European Commission, in which case the Data Subject may obtain a copy of such safeguards by contacting us. In this respect, you are informed that some Personal Data may be transferred to entities within the corporate structure of which Greenfield Netherlands forms a part, located in a Third Country such as (but not limited to) in Mauritius, Singapore, Hong Kong with such appropriate safeguards; or
otherwise authorised under the Data Protection Legislation, as the case may be, as such transfer is consented to by the Data Subject or is necessary for the performance or execution of a contract concluded in the Data Subject’s interest or for the establishment, exercise or defense of legal claims or for the performance of a contract between the Data Subject and Greenfield.
For data that is transferred to third parties in Third Countries, Greenfield will enter into legally required agreements with these third parties, including standard contractual clauses as approved by the European Commission or other supervisory authority where required.
6. Data Subjects’ rights in relation to the processing of their Personal Data
a) Rights granted to Data Subjects.
In accordance with applicable law, Data Subjects are granted the following rights with regards to the processing of their Personal Data:
the right to request access to their Personal Data stored by Greenfield;
the right to update, review or correct any of their Personal Data, if the Personal Data is incorrect or incomplete;
the right to oppose the processing of their Personal Data, on grounds related to their particular situation;
the right to request Greenfield to delete or erase their Personal Data, to the extent such Personal Data (i) are no longer necessary in relation to the initial purpose(s) for which they were collected, (ii) consent, where applicable, has been withdrawn and there are no other means of legitimating the processing of Personal Data, (iii) the Data Subject objects to the processing of the Personal Data, (iv) the Personal Data is unlawfully processed;
the right to request the restriction of the processing of Personal Data, if such Personal Data is found to be inaccurate or unlawful, is no longer needed for the purposes of the processing, or should a court decision on a complaint lodged by a Data Subject be pending;
the right to data portability; the right to request receive an electronic copy of such personal data for purposes of transmitting it to another company;
the right to withdraw any consent given in the context of this Policy;
in the event of a dispute between the Data Subject and Greenfield regarding the processing of Personal Data which failed to be resolved by the parties in an amicable manner, the right to lodge a complaint with the Netherlands Data Protection Authority (Autoriteit Persoonsgegevens, AP). Data Subjects not residing in the Netherlands can contact their local Data Protection Authority.
Greenfield will respond to individual complaints and questions relating to privacy and will investigate and attempt to resolve all complaints. Greenfield will only be able to answer favorably to any of the above requests related to the right to oppose, right of erasure and right of restriction provided that it does not interfere with or contradict a legal obligations of Greenfield (e.g. a legal obligation to keep the related Personal Data for a certain period) or due to any other impediment that would justify that Greenfield would not be able to grant such requests.
Greenfield undertakes to handle each request by a Data Subject free of charge and within a reasonable timeframe.
b) How to exercise such rights.
Data Subjects can exercise the rights mentioned above or challenge compliance with this Policy, by contacting Greenfield by email at the following address; email@example.com.
7. Data retention
Greenfield undertakes not to use the Personal Data for purposes other than those for which it has been collected.
Greenfield will process the Personal Data for as long as it provides services and / or facilities to the Client and will not store the Personal Data for a period longer than necessary for the realization of legitimate business purposes or for bona fide complying with legal obligations.
Retention periods shall, in any case, be compliant with any applicable law and proportionate to the purposes of the processing.
Clients may instruct Greenfield to delete or return Personal Data at the end of the period during which Greenfield will hold and process such Personal Data under Article 5 (a) of this Policy. Greenfield shall be authorized to keep a copy to the extent required for legal, regulatory or bona fide compliance purposes, as well as the exercise or defense of legal claims for as long as is legally required for such purposes. Greenfield will delete such Personal Data at the end of such a compliance period.
8. Technical and Organizational Security Measures
Ensuring that Personal Data is appropriately protected from data breaches is a high priority for Greenfield.
Greenfield implements adequate Technical and Organizational Security Measures, such as, depending on the equipment, password protection, encryption, physical locks, etc., to ensure a level of security appropriate to the risks represented by the processing and the nature of the Personal Data to be protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Policy. Furthermore, we contractually ensure that any third party processing your Personal Data equally provide for the confidentiality and integrity of your data in a secure way.
9. Data Breach Incident
Greenfield will without undue delay notify the Client whenever Greenfield becomes aware that there has been a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data held or processed by Greenfield in the context of this Policy that is likely to result in high risk to the rights and freedoms of a Data Subject (Data Breach Incident). Greenfield will investigate the Data Breach Incident, and take the necessary steps to eliminate or contain the impact of the Data Breach Incident.
Greenfield shall maintain written procedures which enable it to provide an immediate response to the Client about a Data Breach Incident.
10. Internal training program
All Greenfield employees having access to Personal Data are provided with specific training programs in order to improve their practical skills and knowledge that relate to data protection issues. Privacy training programs are an integral part of professional development within Greenfield.
Greenfield reserves the right to change, supplement and/or amend this Policy at any time. In such case, notification will be given by email, or any other methods allowed by the Data Protection Legislation.
If a fundamental change to the nature of the use of your personal data is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you well in advance of the change actually taking effect.
12. Applicable Law and Jurisdiction
This Policy is governed by the applicable law of the attached terms and conditions and any dispute in respect of this Policy or execution thereof shall be submitted to the competent court as defined in the Service Agreement.
13. Contact us
Greenfield has appointed a Data Protection Officer in order to manage and monitor our compliance with data protection obligations. You may contact Greenfield Data Protection Officer for any question or queries you may have regarding this Policy, or if have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us by email at firstname.lastname@example.org or by post to;
Data Protection Officer