Privacy Policy Ghost Diving Foundation

This is the privacy policy of The Ghost Diving Foundation, which applies to the processing of personal data by The Ghost Diving Foundation or affiliated companies and their successors, hereinafter referred to as ‘we/us.’

The Ghost Diving Foundation is the data controller within the meaning of the General Data Protection Regulation (GDPR). This means that The Ghost Diving Foundation decides which personal data are processed, for what purpose, and in what manner. The Ghost Diving Foundation is responsible for ensuring that your personal data are processed in accordance with the GDPR and in a proper and careful manner.

This privacy statement explains how we handle personal data and what organizational and technological measures we take to protect the privacy of all parties involved. If you have any questions or comments, or if you believe there has been a data breach or vulnerability in our security, please contact us via contact@ghostdiving.org.

 

Personal Data

The Ghost Diving Foundation processes personal data within the meaning of the General Data Protection Regulation (GDPR). Personal data are all data that can provide information about an identified or identifiable natural person. Depending on the services and functionalities you use or provide to us, we may process the following personal data from you:

  • Name;
  • Company information;
  • Telephone number; address and email address;
  • Position;
  • Nationality, gender, date of birth, and age;
  • Username and login details;
  • Gender;
  • IBAN bank details;
  • Data in a Certificate of Good Conduct (VOG) or VCA;
  • Data in a residence or work permit;
  • Attendance registration;
  • Contact details of your contact person in case of a medical emergency, and relevant health data for that purpose;
  • Information you fill in yourself, such as in a contact form;
  • Information in applications such as educational level and work experience;
  • Technical measurement data of the equipment such as IP address, MAC address, identifiers in cookies, and your browsing behavior on our websites.

 

Usage of Cookies

Cookies are small text files or pixels placed when you visit a website. They ensure that the site functions optimally and collect data to make the displayed information as relevant as possible.

We use several cookies, with different properties:

  • Functional cookies enhance user convenience. For example, they remember selections and you do not have to log in repeatedly. We use functional cookies.
  • With Monitoring or analytical cookies, we can map (be)havior anonymously and adjust our services accordingly. This way, we can serve you as a (potential) guest even better.
  • These parties offer data protection that complies with the GDPR. Read here how Google does that. We use analytical cookies. Through Google Analytics, we collect anonymous user data which enables us to improve our services.
  • Social media: cookies may also be placed for a connection with social media. Read the privacy statement of Facebook, Twitter, Instagram, and LinkedIn (which may change regularly) to see how they process your personal data.
  • Google, Facebook, Twitter, Instagram, and LinkedIn are members of the Privacy Shield program, meaning there is an adequate level of protection for the processing of any personal data.

Most web browsers automatically accept cookies. However, you can also set your browser to refuse cookies by default or manually delete cookies through the browser settings. More information about enabling and disabling cookies and deleting them can be found in the Help function of your browser, or on this page.

For more information about the cookies we use, visit our cookie page >

 

Legal basis of processing

The Ghost Diving Foundation must be able to base the use of your personal data on one of the legal grounds set out in Article 6 of the GDPR. In this case, the following legal ground(s) apply:

Consent of the data subject. You can always withdraw your consent. The processing of data is necessary for the performance of a contract. The processing of data is necessary for compliance with a legal obligation. The processing of data is necessary for the legitimate interests pursued by The Ghost Diving Foundation.

We process your data (possibly) for one or more of the following purposes (depending on the services or functionalities you use):

  • To perform a contract you have concluded with us;
  • To process your order and inform you about its progress;
  • For offering products or services (marketing), market research, and analysis;
  • For our financial administration and tax returns;
  • For the conclusion of (liability) insurance;
  • To limit our liability based on laws such as the Working Conditions Act, Foreign Nationals Employment Act, Sham Employment Practices Act, and Chain Liability Act;
  • To use all functionalities and services on the websites;
  • To process registrations for newsletters or other services;
  • To process job applications;
  • To process questions or complaints;
  • To improve our websites.

 

Security of personal data

The Ghost Diving Foundation takes the protection of your personal data seriously and takes all reasonable, appropriate, technical, and organizational security measures to prevent misuse, loss, unauthorized access, destruction, unwanted disclosure, and unauthorized alteration of your personal data. The Ghost Diving Foundation ensures that only necessary persons have access to the data and that security measures are regularly checked.

The measures taken include (among others):

Password protection of system and cloud environments;
Data encryption;
Transmission of (personal) data via a secure connection;
Storage and hosting by a reputable hosting party;
Processing agreements have been concluded with subprocessors requiring them to comply with the GDPR;
Processing is carried out exclusively within the EU or by parties outside the EU that apply an equivalent level of protection.

These measures comply with applicable privacy and information security legislation. However, 100% security cannot be guaranteed for any website or software. The Ghost Diving Foundation can not be held responsible or liable for unauthorized, unauthorized, or unwanted access to personal data beyond our control.

If, despite the security measures we have taken, a security incident occurs that is likely to have adverse consequences for your privacy, we will inform you as soon as possible. We will also inform you about the measures we have taken to limit the consequences and prevent recurrence in the future.

 

With whom are personal data shared?

We only share your personal data with third parties if:

  • You have given permission for this;
  • We are obliged to do so on the basis of the law, a court order, or an order from a competent supervisory authority;
  • We or a third party have a legitimate interest that justifies the sharing of the personal data;

We only pass on the data you have provided to third parties if it is necessary to answer your question or complaint, or to deliver or maintain the products you have ordered or services requested by you. These third parties may be, for example, group companies, subcontractors, ICT and telecom providers, postal and mailing companies, banks, and companies providing payment services such as IDEAL, accountants and lawyers, or attorneys;

When we provide your data to a third party, we ensure, among other things (with an agreement), that your data are not used for other purposes. We also agree that your data will be deleted as soon as they are no longer needed, and that these third parties comply with the GDPR;

Furthermore, we will not provide the data you have provided to other parties unless this is legally required or permitted. For example, we may share personal data with third parties such as the tax authorities or SZW Inspection, or the police in the context of fraud investigations. In that case, we are legally obliged to provide this information.

 

Retention period of personal data

The Ghost Diving Foundation therefore retains your data for a standard period of three years. When the maximum legal retention period is shorter, for example for job applications, we use that shorter period. During this time, it may still be necessary for JR Project and Interim Management to have this data, for example, to contact you. When this is legally allowed or required, for example, for tax purposes or for the settlement of (possible) complaints or procedures, data may be retained longer.

No maximum retention period applies to:

  • anonymized data and;
  • data which is only kept for historical, statistical, or scientific purposes. Care is taken to ensure that the processing of this data is only used for those specific purposes.

 

Your privacy rights

You have the right to access your personal data and the right to ask us to change, restrict, transfer, or delete your data. Sometimes we cannot comply with your request, for example, based on a legal obligation resting on us. If you want to know which personal data of you we process, you can make a written request for access. The Ghost Diving Foundation will handle all your requests within a reasonable period, in principle within one month. If your request is complex or if we cannot inform you in a timely manner for other reasons, you will receive a notification.

You can send your requests or complaints to contact@ghostdiving.org.

To prevent abuse, we may ask for identification by including a copy of a valid identity document. Don’t forget to make your number¬† and photo unreadable on the copy. If you are not satisfied with how we handle your question or complaint, you can contact the Dutch Data Protection Authority.

 

Change of this statement

We may change this privacy statement from time to time. Changes will be published on our website. It is advisable to consult this privacy statement regularly so that you are aware of changes.

 

Version February 2024