1. BK is a controller
BK Logistics Group B.V., BK Pharma Logistics B.V. and BK Sneltransport B.V. (hereinafter: BK) are, according to the General Data Protection Regulation (GDPR), the controller with regard to all business processes. This means that we determine, among other things, which personal data we process, how we process personal data and what the retention period is. In addition, we also determine who has access to the personal data.
2. Purpose of the processing
Our principals are (business and private) shippers (amongst others pharmacies), who want to have goods transported. We have agreed with the principals that we transport ourselves, but in some cases also engage carriers to have the shipment delivered. The latter requires the personal data of the consignee of the shipment that has been made available by the principal. In addition, we also use the personal data to offer additional services and to improve our service.
3. Personal data
As we have already mentioned above, the personal data is made available by the principal. It concerns the following personal data:
Category personal data
Shipping of a parcel
Principal: shipping address
Consignee: delivery address and possibly telephone number and email address
Delivery of a parcel
Customs clearance import / export
Consignee: invoice data with regard to taxes and duties
Complaints / claim system
Principal: Company data and contact data such as telephone no. / email address
and claim documents so that we can make an assessment of the complaint or claim.
Consignee: Delivery address and possibly telephone number / email address and supporting claim documents so that we can make an assessment of the complaint or claim.
A small text file that a website placed on your computer's hard drive when you visit the site. For further explanation, you can read our banner.
4. Processing and provision personal data
We process the data on secure servers in the Netherlands. These servers are located within the European Economic Area (EEA) unless the principal wishes delivery of a shipment in a country outside the EEA, such as the United Kingdom or Switzerland. Then we must provide the delivery data to the carriers outside the EEA with the aim of delivering shipments on behalf of the principal to the specified address in order to fulfil our contractual obligations with the principal.
In the event that delivery must take place in a country outside the EEA, we are also obliged, pursuant to legal obligations, to provide personal data with Customs. Customs formalities can only take place on the basis of the required data.
Since we also use carriers to deliver the shipment, we must share the delivery address and any contact details of the consignee with the carrier prior to the start of the delivery process, in order to fulfill our contractual obligation. These data are only processed by the carriers via a consignment note and are not provided to the carrier in any other way.
Another group of suppliers to whom we may provide personal data are companies that offer a specific service that is not available within our organization but that are supportive to the purpose. Take, for example, IT companies. Based on this legitimate interest, we can improve and expand our services, but also safeguard business continuity.
We also provide personal data with carriers and insurers in case a parcel is lost or damaged. After the claim of the principal has been accepted and compensation has been paid, we will always try to recover damages from the party that has caused the damage. We therefore have a legitimate interest in addressing the party causing the damage and recovering costs on the basis of a substantiated claim.
If we provide personal data in the above situations, we will, if the supplier is a processor, always specify the special conditions under which personal data are provided and processed by concluding a processor agreement. The latter specifies exactly what the supplier can and can’t do with the personal data and what requirements are necessary for the security of the personal data. In the single case that a supplier is located outside the EEA (the so-called third countries), we will always assure that an adequate level of protection applies. BK will always follow the adequacy decision or the standard provisions of the European Commission, whereby the level of protection corresponds to the level within the EU.
In order to keep a close eye on all processing activities that take place within our organization, we register the processing operations in a processing activities register. This is an overview of, among other things, the type of processing that takes place, the purpose for which it is processed, the category and type of personal data, which supplier may be involved, who has access to the personal data and what ultimately the storage period is.
BK always takes appropriate technical and organizational measures to ensure the security level. We adjust this level to the risk. And in doing so, we take into account technological developments, implementation costs, processing goals and the probability and impact of an infringement. In addition, every employee within BK signs a confidentiality agreement so that the privacy of the personal data is guaranteed. This also applies to third parties, such as a carrier or an IT company.
6. Storage period
We do not want to store personal data longer than necessary. We therefore use a standard storage period of 2 years. Are there legal obligations that require us to store the data longer? Or do we need the data longer because a claim has been submitted? Then we deviate from the two-year term. After the storage period has expired, we will withdraw the personal data from the systems. Not only with us, but also with the supplier. In the overview below, we have listed some important storage periods
Category personal data
Contact person: personal contact data
2 Shipping of a parcel
Principal: shipping address
Consignee: delivery address
GDP required data
Consignee: telephone number and email address
CMR consignment note, name contractor, assignment etc
In agreement with principal
3 Delivery of a parcel
Name, address, signature or initials
4 Customs clearance
Principal and Consignee: customs clearance data
Principal: Name contact person
Principal: Telephone number and email address
Consignee: Name and address
The data above (see previous point: complaint)
Principal and Consignee:
Additional claim documents to substantiate a claim.
7. Access to your personal data
Would you like access to your personal data? Then you can contact us by letter or e-mail. You can use the following information for this:
BK Sneltransport B.V.
To: department Quality & Safety
Pater van den Elsenlaan 8, 5462 GG Veghel
8. Your rights
Are your personal data incorrect and do they need to be corrected? Do you want us to delete your personal data or to restrict the processing of your personal data so that we only use a limited amount of data? Or do you want us to transfer your data to another party? Or have you given permission for the processing of your personal data but do you want to withdraw your permission? Send your request to the email address mentioned above. You can also object to the processing of your data via that email address.
9. Data Protection Officer
BK has appointed a data protection officer (DPO) which is an internal supervisor for the processing of personal data. If you have any questions, you can contact the DPO via email address email@example.com
Are you not satisfied or if you can’t agree with us? Then you can file a complaint with:
2509 AJ Den Haag
BK reserves the right to change the policy as described in this Privacy Statement at any time and at her sole discretion. You can always read the current Privacy Statement on our website.
Date of publication: 11 October 2023