Discover what Drives you during the MD Experience

Privacy Statement MD app

(hereinafter referred to as: ‘Privacy Statement‘)

Effective from: 2022-06-28

I.     Privacy Statement

The Management Drives group, hereinafter referred to as: ‘Management Drives’, is the supplier of the Management Drives App, hereinafter referred to as: ‘MD App. MD is a mobile application developed by Management Drives. *Management Drives has authorized AppInChina to publish and provide maintenance to the app in Mainland China. Management Drives respects the privacy of all its customers and processes all personal data processed by it in accordance with the General Data Protection Regulation, hereinafter referred to as: the ‘GDPR’, the Privacy Statement and all other applicable legislation and regulations.

By means of this Privacy Statement, Management Drives wishes to inform all parties that come into contact with the MD App about the way in which Management Drives handles the personal data of individuals, hereinafter referred to as: the ‘Data Subjects’, which data are processed by Management Drives in its capacity as Processor or Controller within the meaning of the GDPR.

Management Drives sets out the following in this Privacy Statement:

  • General contact information;
  • Collecting personal data;
  • Purpose of processing personal data;
  • Basis for processing personal data;
  • Categories and types of personal data;
  • Retention periods;
  • Sub-processors;
  • Sharing personal data;
  • General information about security measures taken; and
  • Rights of data subjects.

1.   General (contact) information

Name and contact details Management Drives:

Management Drives International B.V., Herenlaan 2, 3701 AT Zeist

Info@managementdrives.com, +31 30 635 54 00

Name and contact details Sub-processors:

  • Centric Netherlands B.V. Business Unit: Solution Engineering
  • Amazon Web Services (Frankfurt am Main)

2.   Collecting personal data

Management Drives obtains the personal data from the Data Subjects, whether or not via an authorised third party, because the Data Subject is using or is intending to use the services of Management Drives because the Data Subject completed a questionnaire and is using the MD App.

Most of the data are provided by the Data Subject, whether or not through an authorised third party.

3. Purpose of processing personal data

Management Drives processes the personal data for the following purposes:

  • Maintaining the data collection in the MD App;
  • Logging into and securing the MD App;
  • Visually displaying Management Drives individual or team profiles in the MD App;
  • Making the MD App and the texts therein user-friendly;
  • Communication;

4. Principles governing the processing of personal data

Management Drives is the provider of the MD App. Management Drives processes the personal data of Data Subjects in order to enter into or perform the agreement which is concluded, directly or indirectly, with Data Subjects. Management Drives also processes personal data if required to do so by law, because it has a legitimate interest in doing so or if permission has been given.

If a Data Subject has given Management Drives permission to process their personal data for certain purposes, the Data Subject may revoke this permission at any time in the same manner as it was provided by him or her.

If Management Drives collects personal data on the basis of its legitimate interest, it will ensure by means of pseudonymisation or anonymisation that the personal data cannot be traced back to the Data Subject. In the event that Management Drives processes personal data on the grounds of its legitimate interest, the Data Subject has the right not to complete these data or to object free of charge to the processing.

5. Categories and types of personal data

Management Drives will process the following categories of personal data for the purposes described below:

  • Login details and passwords;

Used for app functionality to login and identify the user. An account must be created in order to use the MD App, otherwise a user will not get access.

  • Email address;

Used for app functionality to login and identify the user and communication. The results of the questionnaire is linked to the email address of the user. The email address is required to create an account and communicate.

  • First and last name;

Used for app functionality and to identify a user. Users can be found on their first and last name in order to share their profile. A first and last name is required for the database and search functionality to work.

  • The results of the questionnaires completed by the Data Subjects to create a Management Drives profile;

Used for displaying the MD Profile that is linked to the email address. The MD Profile is retrieved when creating an account in the MD App.

  • An administration number that is linked and does not contain any other information than the data described above;

Used for app functionality and to identify a user. The administration number is created upon registration for the MD App.

Special category data is not processed.

6. Permissions

The MD App might request access to following functionalities on your device.

Device permission Corresponding business function Description of function and scenario Whether to be turned off
Pictures Edit user or team information Upload picture to set as profile picture. Yes. When it’s turned off only corresponding functions will be affected, instead of other functions in the app

7. Retention period

If Management Drives acts as a Processor, it will apply the same retention period as the Controller, with the proviso that Management Drives has instructed the Controllers to apply a retention period of 10 years.

In the case of processing where Management Drives acts as a Controller, it will not retain the data longer than necessary for the purpose for which they were collected. Management Drives applies a retention period of 10 years in this respect. After this period the data will be destroyed by Management Drives, unless it is required to retain the data for a longer period of time in order to comply with a statutory obligation.

8. Sub processors

Management Drives uses the following sub processors for hosting and maintaining the MD App:

Centric Netherlands B.V. Business Unit: Solution Engineering:

Centric Netherlands B.V. Business Unit: Solution Engineering is a hosting provider and software developer. Management Drives uses Centric’s services to manage, maintain and develop the MD App. The data from the MD App is stored by Centric Netherlands B.V. in the Netherlands. Centric Netherlands B.V. Business Unit: Solution Engineering is ISO 27001 certified. Centric Netherland B.V. and Management Drives have concluded a processor agreement that complies with the GDPR.

Amazon Web Services Frankfurt am Main:

Amazon Web Services is a cloud provider that provides storage services. Management Drives uses Amazon’s services to store data from the MD App. The data from the MD App is stored by Amazon Web Services in the data centre of Amazon in Frankfurt am Main. Amazon Web Services is ISO 27001 certified. Amazon Web Services and Management Drives have concluded a processor agreement that complies with the GDPR.

9. Sharing personal data

Management Drives is a Dutch company that also operates internationally. All data processed by Management Drives, are processed and stored only in the data centres of its sub processors and only in the European Economic Area (EEA).

10. General information about the security measures taken

The following measures are taken by Management Drives to ensure the ‘availability’, ‘integrity’ and ‘confidentiality’ of the MD App in order to prevent a personal data breach.

Access

Only authorised employees of Management Drives responsible for managing the database have access to the personal data. Employees will only have access to personal data if they have signed a non-disclosure agreement and comply with the other security regulations applied by Management Drives. Employees of Management Drives are aware of the security risks and their obligations with regard to the protection of personal data.

Security measures

  • The data originating from the MD App are stored in encrypted form, with the copy of this data being stored at another, also physically and electronically highly secure location;
  • Management Drives has drawn up a protocol which it uses in the event of an actual or possible data breach;
  • Management Drives has deployed and instructed sufficient personnel and resources within its organisation to protect personal data from loss, unauthorised access or unauthorised use;
  • Access to the database and all other electronic systems is password protected so that only authorised persons have access;
  • Personal data is only shared with third parties via a secure connection.

Audits

Management Drives ensures that both internal and external audits are carried out on a frequent basis in order to demonstrate that the obligations under the GDPR are being met.

11. Rights of Data Subjects

Under the GDPR, the Data Subject has the following rights:

  • The right to data portability.

(This is the Data Subject’s right to receive personal data and to transmit the data unhindered to another Controller or the right to request that personal data be transmitted directly to another Controller);

  • The right to be forgotten.

(This is the Data Subject’s right to be ‘forgotten’ in the MD App);

  • Right of access.

(This is the Data Subject’s right to access the personal data concerning them which are being processed);

  • The right to rectification and supplementation.

(This is the Data Subject’s right to modify or supplement the Data Subject’s personal data which are being processed);

  • The right to restriction of processing.

(This is the Data Subject’s right to have less of his or her data processed);

  • The right with regard to automated decision-making and profiling.

(This is the Data Subject’s right to human intervention in automatic decisions with legal effect);

  • The right to object to the data processing.

Management Drives has adjusted its app, processes and internal organisation to these rights so that it can respond properly, whether or not via an authorised third party, to the requests of Data Subjects.

In the event of complaints relating to the manner in which Management Drives processes personal data, the party concerned must first contact Management Drives (see above under 1. ‘General contact information’). In addition, the parties concerned have the right to submit a complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via its website: https://autoriteitpersoonsgegevens.nl/en.

12. Amendments

Management Drives reserves the right to amend its Privacy Statement. At the time of the amendment, the new policy will automatically be in force and replace the previous version. Since amendments may be made, Management Drives advises all parties that come into contact with Management Drives or the MD App to regularly review the Privacy Statement. This statement was last amended on June 28 2022.

13. Contact details

For questions and/or comments about this Privacy Statement, please contact info@managementdrives.com.

14. Terminate MD App account

If you would like to terminate your account and erase all your personal information and data, go to Settings-Delete account in the MD App. Or contact us at info@managementdrives.com, we will process it within 15 working days.