When we refer to ‘we’ or ‘Caase’ in this policy we are referring to Caase Services B.V. and as a part of the Insight group, it also refers to Insight Enterprises, Inc. and its affiliates. You can find out details of all of Insight’s affiliates by visiting Insight website here.
Information We May Collect
Categories of data subjects from whom we may collect data:
• employees and former employees including volunteers, agents, individual contractors, temporary or casual workers;
• applicants who have applied for employment;
• relatives, guardians or associates of employees, former employees or applicants;
• contractors, agents, consultants and suppliers both past and present and their individual employees or representative;
• customers and former customers and their employees or representatives, which may include clients of our customers and former customers;
• individuals and representatives of organizations who have registered with us to obtain information on products and/or services offered; and
• individuals and representatives of organizations who have visited the website.
Information may include:
• browser and device information;
• server log file information;
• information collected through cookies and other technologies;
• demographic information and other information provided by you;
• financial details;
• complaints or grievances;
• contact details, being corporate contact details where appropriate, including email, postal address, telephone and facsimile numbers;
• purchasing habits and customers;
• customer preferences;
• in addition, with respect to employees, former employees and applicants the additional categories of data may include:
o Personal details
o Family, lifestyle and social circumstances
o Employment details
o Financial details
o Complaints or grievances
o Email and postal addresses
o Telephone and facsimile numbers
o Limited sensitive data such as racial or ethnic origin, physical or mental health or condition, religious observance, issues notified under whistleblower policies, criminal records and disciplinary records, collected in the ordinary course of the employment relationship.
How We May Collect the Information
We may collect information in a variety of ways, including:
• From you directly.
• Through this site: we may collect information through the website when you visit.
• Through business interaction: We may collect information through your or your employer’s business interaction with our employees or offices.
• From other sources: We may receive information from other sources, such as public databases; joint marketing partners; social media platforms; or other third parties.
How We May Use Information
• Data storage and administration;
• Data security;
• Customer and user administration, including the processing of orders, enquires and client reporting;
• Employee administration;
• Advertising, marketing and public relations activities;
• Maintenance of accounts and records;
• Analysis of trends and statistical data;
• Crime prevention and prosecution of offenders; and
• Maintenance and development of our website including tailoring for specific visitors.
We will process your information for the purposes of operating our website and services and communicating with you as necessary to provide our Services to you and in our legitimate commercial interests, for instance, when responding to your queries, undertaking marketing activities, improving our website and services or for the purposes of detecting or preventing illegal activities.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details below.
Caase, its service providers or other third parties will not set any cookies for your web browser when you visit our website www.caase.com.
The information you provide for surveys will be used to support your relationship with Caase. Caase may use online surveys to ask visitors/customers for contact information (like their email address). We use contact data from our surveys to send the survey taker information about our company and promotional material on behalf of our partners. We may combine survey information with other data we hold about you.
The information you provide during contests and giveaways will be used to support your customer relationship with Caase. Caase may ask for contact information (like your email address). We use contact data from these events to send users information about our company and promotional material from some of our partners. The contact information is also used to contact the visitor when necessary. We may combine this information with other data we hold about you.
If you use the website to apply to work with us, the information you provide will be used to evaluate your candidacy for job opportunities with Caase and to monitor recruitment statistics. We provide electronic applications on our site in which we ask job candidates for contact information (like their email address) and information regarding work history and education. We use third parties to help us to do that. We use contact data from our applications to contact those individuals whose backgrounds most closely meet our requirements to schedule a personal interview. As a global business, we may transfer your details outside of your home country and to other Insight affiliated entities. Personal information about unsuccessful candidates will be held after the recruitment exercise has been completed and may be reconsidered should an appropriate position become available. Caase will follow the applicable law as to destruction and deletion of such personal information. We may retain de-personalized statistical information about applicants to help inform our recruitment activities, but individuals should not be identifiable from that data. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage, we will give more details about how we hold employee data.
Caase will not give or sell any information regarding you or your order and the products you purchase to any outside organization for its use in marketing or solicitation without your consent, save for the limited circumstances outlined in this policy. If you do not want Caase to send you email or post mail you can opt out at any time by contacting us by email at: firstname.lastname@example.org. Your information may be shared with group companies, agents, contractors or vendors of Caase who provide data processing services to us or who otherwise process personal data for the purpose of performing services for you or us or for the purpose notified to you when we collected your personal data. We may release personal data (including personally identifiable information) when required to by law if we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, in response to a lawful request by public authorities, a court order or legal process served on us.
We may also share your personal data with a potential or actual buyer (and its agents and advisers) in connection with any proposed or actual purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Notice, as well as any other person with your consent to the disclosure.
We may also disclose your information if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of the business or assets. If we or substantially all of our assets are acquired by a third party, personal data held may be one of the transferred assets. Any third party who acquires assets from us may acquire all or part of our business. They may not be in the same line of business as we are. Similarly, your personal information may be passed on to a successor in interest in the event of a reconstruction, liquidation or administration.
While Caase uses all reasonable efforts to safeguard your personal data, no security program is impenetrable, and criminals have been adept at circumventing widely adopted security safeguards. Accordingly you acknowledge that the use of the internet is not entirely secure and that you provide personal information to us at your own risk. Caase cannot therefore guarantee the security or integrity of any personal data that are transferred from you or via the internet. Any user or third party accessing Caase’s website or services is responsible for its own use of the website and the services. Caase is not responsible for any third party’s actions or its security controls with respect to information that third parties may collect or process via the website, services or otherwise.
We use what we consider to be reasonable and appropriate organizational, technical and administrative measures to protect information under our control. This site has security measures in place to protect the loss, misuse and alteration of the information under our control. All account information you use or supply on our website when ordering or tracking products is held on a system which is designed to be secure. We use reputable advanced encryption technology which the aim to protect you from unauthorized use of information supplied on our website. In addition, we may use your IP address to help diagnose problems with our server, and to administer our website. Your IP address is used to help identify you and your shopping cart and to gather broad demographic information.
Social Media Features
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or our online ordering facility, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Please make sure this password is unique and that you do not use this password for any other purpose. If you use another account (such as a social media account) to log on to a secure part of the Caase website, then please make sure that you keep that password secure as well. If you think that any of your passwords have been compromised, please notify us so that we can look after the security of your details on our website.
Links to Third-Party Websites and Services
Retention of Personal Data
We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
You have the following data protection rights:
– you have the right to opt-out of receiving marketing communications from us and on behalf of our partners;
– you have the right to access, correct, and request deletion of your personal data;
– you have the right to object to processing of your personal data, ask us to restrict said processing, and/or request portability of your personal data;
– you may also have the right to restrict, be forgotten, (although all of the foregoing rights are subject to some conditions and exceptions);
– similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
– you have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
You must be able to provide your name and email address or other information sufficient to allow us to identify you. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
If you would like to exercise your rights please get in touch as follows:
You can contact the Data Protection Officer (DPO): by emailing DPO@Insight.com
Privacy Shield and Data Transfer
Caase as part of the Insight is a global business. As a result, the data that we may collect from you may be transferred to, and stored at, any of our locations which may be inside or outside the European Economic Area (“EEA”). Data may also be processed by people around the world who work for use or for one of our suppliers/vendors. These people may be engaged in, among other things, the fulfillment of your information requests, meeting your orders and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
We have put in place a number of measures designed to protect data which is transferred from Europe to the US, including appropriate security measures to safeguard your personal data. Our group maintains a network of specific agreements to require contracting parties to observe data protection legislation. We have additionally signed up to the EU-U.S. Privacy Shield Framework. You can find out more about Privacy Shield and view Insight’s certification here https://www.privacyshield.gov/Program-Overview. Our group adheres to the Privacy Shield Framework and Principles regarding the collection, use, and retention of personal information from the EEA. We have certified that it adheres to the Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. We are committed to following the Privacy Shield Principles.
If you believe we maintain your personal data within the scope of the Privacy Shield Framework, you may direct any of your inquiries or concerns concerning our Privacy Shield compliance to email@example.com. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. Individuals in the European Union (EU) with inquiries or complaints regarding our Privacy Shield policy should first contact firstname.lastname@example.org. We will respond within 30 days. In the unlikely event that we fail to respond within 30 days, or if our response does not address your concern, we will undertake to refer the concern to our Global Compliance Officer who will investigate the matter and communicate with you within 14 days.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. You can also follow that link for a description of the range of potential remedies. There are more details on the arbitration requirements of the Privacy Shield Framework at https://www.privacyshield.gov/.
If you do not find the proposed solution satisfactory, we will resolve the dispute under dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) to resolve disputes pursuant to the Privacy Shield Principles. We additionally commits to co-operate with EU DPAs and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. The EU DPAs may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/bodies/index_en.htm.
Under certain and limited conditions, you may have the possibility to invoke last resort binding arbitration by a “Privacy Shield Panel” composed of at least 20 arbitrators designated by the U.S. Department of Commerce and the European Commission.
Our group is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, our group is potentially liable. We will continue to adhere to the Privacy Shield Principles for as long as it retains your personal information.
Insight Enterprises, Inc. and Insight North America, Inc. have also signed up to the Swiss-U.S. Safe Harbor scheme details of which can be found at https://safeharbor.export.gov/swisslist.aspx. You can also use the Privacy Shield procedures outlined above where you believe your data has been transferred under Safe Harbor.
Last Updated May 2018