Privacy Policy

1. General information

OLD AMSTERDAM BV (including its wholly and partially owned subsidiaries) (hereinafter referred as “OABV“, “we“, “our” , “us” , “data controller” or the “Company“, and their cognates) respects the privacy of its customers, employees, co-workers, members and followers, and is committed to protecting the personal information that its data subjects share with it. We are transparent about our practices regarding the information we may collect and use when you use the Services, apply for a position, are employed by us, visit our office sites, visit our websites or otherwise engage with us, and describe our practices in this policy and notice.

OABV provides open work spaces, private offices and related office services at its facility locations (hereinafter referred as the “Services“).

A User may be either an entity, for example an employer which has executed an agreement with OABV (“Customer“) or a Customer’s users, for example a Customer’s employees, of the Services (“End User(s)“) (Customer and End User and any others with respect to whom we collect personal data,  shall collectively be referred to as “Users” or “you” or “Data Subjects”).

This Policy (the “Privacy Policy“) explains the types of information we may collect from Users or that Users may provide when using the Services, and which may likewise be collected from site visitors, website visitors, employment candidates and others. This Policy also describes OABV’s practices for collecting, using, maintaining and processing information, including through the OABV Website. 

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.


Data Controller and Data Processor:  Old Amsterdam Business Centers B.V

Website: https://oldamsterdam.space/

Address: 1e Dorpsstraat 20, 3701HB Zeist, the Netherlands

Data Protection Officer (DPO): Mykola Zaika, Aleksandar Gacevski

Direct DPO Contact: dpo@oldamsterdam.space


The terms of this Privacy Policy will govern the use of the services, websites and application, and any information collected in connection with them. OABV may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will be available at: https://oldamsterdam.space/

2. Applicable regulation and supervisory authority

Applicable regulation:

  • The General Data Protection Regulation, EU 2016/679 (GDPR)

OABV continually strives to follow the principles of GDPR that are based on legitimate processing of personal data, processing that has a definite purpose, avoiding over-processing/excessive processing, whilst maintaining integrity of personal data and ensure their secrecy and disclosure to unauthorized persons.

Supervisory authority:

Autoriteit Persoonsgegevens, Address: PO Box 93374, 2509 AJ, DEN HAAG

Website: https://autoriteitpersoonsgegevens.nl/ , Email: info@autoriteitpersoonsgegevens.nl

Phone number: +31708888500

3. Why are we processing personal data?

Under GDPR, there are six different legal bases under which personal data can be processed. OABV uses a few of them, and these are briefly described below:

Consent
OABV will collect and process personal data with statement of consent of data subjects. This consent can be revoked at any time. Please note, we will try not to use your consent as legal grounds, whenever we can.

Performance of a Contract
In case personal data is required to fulfil a legal contract with the data subject or to take necessary steps at the request of those concerned prior to entering into the contract, the explicit consent is not required.

We will use personal data to provide and improve the Services and meet our contractual, ethical and legal obligations, including for example:

  • carrying out our obligations arising from any contracts entered into between you and OABV and/or any contracts entered into between a Customer and OABV and to provide you with the information, products and Services that you request from OABV;
  • administering your account with OABV including to identify and authenticate your access to the parts of the Services that you are authorized to access. 
  • verifying and carry out financial transactions in relation to payments you make in connection with the Service;
  • contacting you to inform you of additional services and locations which may be of interest to you;
  • compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution in so far as it relates to our staff, members, facilities etc; 
  • for security purposes and to identify and authenticate your access to the parts of the Services and our application that you are authorized to access.
  • notifying you about changes to our Service;
  • contacting you for the purpose of providing you with technical assistance and other related information about the Service;
  • replying to your queries, troubleshooting problems, detect and protect against error, fraud or other criminal activity;
  • contacting you to give you information about events or promotions or additional Services offered by OABV, including in other locations; 
  • soliciting feedback in connection with your use of the Services;
  • tracking use of OABV facilities and services to enable us to optimize and improve our services;

4. Data registries and storage

We aim to minimize the amount of processed personal data and to process only to the extent necessary to perform the operations that might require the following categories of personal data:

  • Name, surname, contact information like email or phone, business area.

How we collect personal data?
The data may be collected via online forms or legal contracts with the Users.

OABV also collects Personal Data through the use of CCTV cameras and members’ site access cards. This may consist of video images of you in the public spaces at OABV offices, as well as records of your entrances and exits of the OABV buildings and office floors.

OABV may not be aware of the nature of the information collected through the Services (for example, through CCTV), and such information may include sensitive or special categories of Personal Data, but we do not knowingly collect such data about our Users, members, site visitors etc (“Sensitive Information”).

Data Storage:
The User’s personal data may be stored both on paper documents and digitally on internal servers or cloud services like Microsoft O365.

Minors Personal Data:
We do not knowingly collect or solicit information or data from children under the age of 16 or knowingly allow children under the age of 16 to register for OABV services. If you are under 16, do not register or attempt to register for any of the OABV Service or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data or from a child under the age of 16, we will delete that Personal Data as soon as reasonably practicable without any liability to OABV. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at dpo@oldamsterdam.space , as soon as possible.

5. Security and breach notification

We take a great care in implementing, enforcing and maintaining the security of the personal data we process. OABV implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we may encrypt data. Likewise, we take industry standard steps to ensure our website and application are safe.

Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur. 

Within OABV, we limit access to personal data to those of our personnel who: require access in order for OABV to fulfil its obligations under this Privacy Policy and its agreements and have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Data are under confidentiality obligations as required under applicable law. OABV takes steps to ensure that its staff who have access to personal data are honest, reliable, competent and trained.

OABV shall act in accordance with its policies to promptly notify the relevant authorities and data subjects in the event that any personal data processed by OABV is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. OABV shall promptly take reasonable remedial measures.

In case of a security incident linked to the compromise, loss or disclosure of personal data to unauthorized persons, OABV, if owns contact details of the data subjects involved in the breach, shall inform the data subjects and/or other concerned parties about the incident.

In case the compromised personal data is from the Controller, OABV shall inform the Controller about the breach not than 72 hours after OABV was aware of the existence of the incident.

If it is a large-scale data breach, OABV shall notify by a public announcement or an appropriate posting on its website or other public media, not later than 72 hours after OABV was aware of the existence of the incident.

This obligation is included in the DPAs signed between OABV and the Controllers / Processors.

6. Transfer of personal data to third countries

Personal Data may be transferred to, and stored and used at, a destination outside the European Economic Area (EEA) that may not be subject to equivalent Data protection laws to those of the EU. Where your Data is transferred outside of the EEA, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, and that it is treated securely and in accordance with this privacy policy. OABV transfers data from its various locations and jurisdictions to other jurisdictions as follows: UA, MK, PL

We may transfer your personal data outside of the EU/EEA, in order to:

  • Store or backup the information;
  • Enable us to provide you with the Services and fulfil our contract with you;
  • Fulfill any legal, audit or compliance obligations which require us to make that transfer;
  • Facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
  • To serve our customers across multiple jurisdictions; and
  • To operate parent company, subsidiaries and affiliates in an efficient and optimal manner.

7. Data Retention

Upon fulfillment of the purpose of processing or after the expiry of data retention of personal data where OABV is in the role of Controller, they shall be destroyed in accordance with the Data Retention Policy that is being previously defined by authorized persons in OABV in a manner that does not allow them to be further use or reconstruct. This applies not only to personal data stored in digital/electronic form but also to PD stored as hard copy documents.

Only authorized persons of OABV may process data registries obtained from other Controllers and Processors.

8. Data subject rights

Data subjects have rights under the GDPR and local laws, including, in different circumstances, rights to data portability, rights to access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that where personal data is provided by a customer being the data subject’s employer, such data subject rights will have to be effected through that customer. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of OABV employees and staff, with OABV proprietary rights, and third party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects may have a right to withdraw their consent

If, for any reason, a data subject wishes to modify, delete or retrieve their Personal Data, they may do so by contacting OABV at dpo@oldamsterdam.space .Note that OABV may have to undertake a process to identify a data subject exercising their rights. OABV may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by OABV.

9. Profiling, machine learning and automated decision making

OABV does not perform profiling, machine learning nor automated decision making on data subjects for any purpose.

10. Direct marketing

OABV may conduct direct marketing only to persons who have signed a Statement of Consent for Direct Marketing in accordance with the Applicable Regulation.

11. Cookies

Cookies are small text files placed on your device by our web server via your browser. Cookies may stay on your computer after you finish browsing our page, close your browser or shut down your computer.  

All web browsers can be configured to decline cookies or clear them upon request. This will not affect your browsing experience (since we are not using them to personalize your experience, track your shopping or involve you in any marketing-related activities). 

OABV uses cookies to ensure that we give you the best experience on our website. OABV records and stores information to recognize your repeat visits and preferences, as well as to measure the effectiveness of marketing campaigns. By clicking “I accept” or using our website, you consent to the use of cookies, unless you have disabled them.