Last updated on November 2, 2023

1. Introduction

ATG Europe B.V. and its affiliates (“ATG Europe”, “us” or “we”), understand that your privacy is important to you. ATG Europe may process your personal data in its capacity as data controller. We are committed to respecting your privacy and protecting your personal data, which is any information that is capable of identifying you as an individual.

In this Privacy Notice, we inform our business partners about the personal data regarding them that we collect, either directly or indirectly, and how we will use it. Please read this Notice carefully to understand how ATG Europe may collect, use and share your personal data.

2. Information we collect

ATG Europe collects the personal data of different categories of data subjects in the course of its business activities. This privacy notice concerns personal data processed by any means from or concerning our business partners and their contact persons. The data we collect mainly falls to the following categories:

• Contact details, such as names of contact persons with job titles, telephone number, email address, postal address
• Communication data, meaning content and information on personal, telephone or written communication. At the moment of writing, this mostly means processing of emails exchanged with business partners.
• Company/business data: business registration number, registered address etc. (This information we sometimes receive from or verify with publicly available registers.)
• Contract data: information related to the contracts with business partners, such as data concerning the fulfilment of our contractual obligations and pre-contractual measures
• Payment data: payment details, contact addresses for payments, account number, VAT number, invoice information etc.

3. Use of your personal data

We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, such as the legitimate interest of business and management purposes, entering into and managing a contract or business relationship and compliance with our legal obligations. In rare cases, the processing may be based on consent, which may be withdrawn at any time.

We collect and use personal data for legitimate purposes, including the following:

• managing our relationship with business partners
• implementing tasks in preparation of or to perform existing contracts (this category also includes any travel/mission data that may be necessary for us to process)
• tracking our activities (e.g. measuring sales)
• inviting the correct persons to events or meetings, where appropriate
• development and improvement of products and/or services
• preserving ATG Europe’s economic interests and ensuring compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct or fraud, conducting audits and possible dispute resolution)
• maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, and criminal or malicious activities
• managing IT resources, e.g. infrastructure management, data back-up, information systems’ support and service operations for application management, end user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), user accounts creation and management, software licenses assignment and management, security and performance testing and business continuity, monitoring access to systems
• managing quality and insurances
• managing mergers and acquisitions involving our company
• archiving and record keeping
• payments and invoicing
• any other purposes imposed by law and authorities.

4. Data recipients and international data transfers

Business partner data may be shared between our group companies, meaning ATG Europe and its subsidiaries. In addition, we may share personal data with law enforcement authorities or in legal proceedings or in any other situation when required by law. We do not and will not sell personal data to third parties.

We use a variety of processors and recipients for personal data. We only share personal data as necessary. These third parties may only process the personal data on behalf of ATG Europe and for the purposes described in this Privacy Notice.

We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets. These entities are required to maintain the confidentiality of your data and are restricted from using it for any purpose other than the purposes set out in this Policy.

When sharing personal data with third parties, it may be transferred to a country outside the European Economic Area (EEA). We take great care in protecting personal data and have put in place adequate mechanisms to protect it when it is transferred internationally. We will transfer personal data in compliance with applicable data protection laws and will implement suitable safeguards to ensure that data is adequately secured by any third party that will access it (e.g. by contractual arrangements).

5. Security

We have implemented generally accepted standards of technical and operational security to protect personal data from loss, misuse, alteration, or destruction. Only authorized personnel of ATG Europe and of our third-party service providers are provided access to personal data, and these persons are required to treat the data as confidential. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal data.

6. Data Subject Rights

We take reasonable steps that are designed to keep personal data accurate, complete, and up-to-date for the purposes for which it is collected and used. We have also implemented measures that are designed to ensure that our processing of personal data complies with this Privacy Notice and applicable law.

Business partners and their representatives have the right to:

• request access to their personal data for the purposes of reviewing, modifying, or requesting deletion of the data
• request a copy of the personal data we have collected and to have any inaccuracies corrected
• request that we delete or restrict processing their personal data
• object to processing of their personal data
• withdraw consent for processing if it is carried out (only) based on consent
• request portability of their personal data. 

Upon request, ATG Europe can confirm what information we hold and how it is processed. If ATG Europe does hold personal data about business partners and their representatives, they can request the following information:

• Purpose of the processing 
• Categories of personal data 
• Recipient(s) of the information, including recipients in third countries or international organizations and appropriate safeguards for these international transfers 
• How long the personal data will be stored 
• The data subject’s right to request rectification or erasure, restriction or objection, relative to their personal data being processed 
• The right to lodge a complaint with a supervisory authority and a method for doing so 
• Where the personal data are not collected from the data subject, any available information as to their source 
• The existence of automated decision-making (currently there is none taking place at ATG Europe). 

If you would like to make a request related to your personal data, please contact us at datasecurity@atg-europe.com. In order to access personal data, ATG has implemented security measures to sufficiently identify the person making the request based primarily on data we already have.

Any person whose data we process may have the right to lodge a complaint with a competent data protection authority. For more information, if located in the European Economic Area (EEA), please contact the local data protection authority.

7. Retention

The personal data of our business partners will be kept only for the period required to serve the purposes mentioned under section 3 above (and to comply with legal requirements – if any) according to our data retention policies. After the applicable retention period, your personal data will be securely deleted, destroyed or anonymized or, if this is not possible (e.g. because your personal information has been stored in back-up archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. In addition, it may be necessary to retain personal data for the time during which claims can be asserted against us.

Where we process data as part of a business partner database, we aim to communicate with the named contact persons at least every two years to ensure the accuracy of the information we hold or delete the data, as necessary.

8. Contact

If you have any questions about this Privacy Notice or related matters, please contact us at:

ATG Europe B.V.
Huygensstraat 34
2201 DK Noordwijk (ZH) 
The Netherlands 
datasecurity@atg-europe.com.

You may submit inquiries regarding personal data protection, privacy and security matters to our Data Processing Responsible in the email address mentioned directly above.

9. Changes to this Privacy Notice

ATG Europe reserves the right to modify this Privacy Notice. We will post any changes to our Privacy Notice on this page. Please check this page regularly to keep up to date.