Paragin Group attaches great importance to the protection of personal data and the privacy of users of its products and services. Paragin Group processes personal data exclusively for legitimate purposes and in accordance with the General Data Protection Regulation ("GDPR") and other applicable data protection laws and regulations.
This privacy statement relates to the processing of personal data in connection with the services described in Article 2, paragraph 2.
1. Identity of the Data Controller
Paragin Group Holding B.V., having its registered office in Nijkerk (The Netherlands) and offices at Bunschoterweg 39, 3861 MK Nijkerk, together with its subsidiaries forms the Paragin Group. The Paragin Group includes, among others, the following subsidiaries:
- B3net B.V.
- InnoPhase B.V.
- Paragin B.V.
- Sowiso B.V.
- Xebic Onderwijs B.V.
The processing of personal data as described in this privacy statement is carried out by the relevant subsidiary within the Paragin Group that determines the purposes and means of the processing. This entity acts as the Data Controller within the meaning of the GDPR.
Paragin Group Holding B.V. does not, in principle, act as Data Controller unless explicitly stated otherwise.
2. Processing of Personal Data
Paragin Group processes personal data based on various legal grounds and in different roles, depending on the nature and purpose of the processing.
2.1 Processing in the context of the performance of an agreement
For the use of Paragin applications, an agreement is concluded with the client or partner (hereinafter: client). Within the scope of this agreement, the client acts as the Data Controller and Paragin Group acts as the Data Processor within the meaning of the GDPR.
Paragin Group processes personal data in this context solely on behalf of and in accordance with the instructions of the client, as set out in the applicable Data Processing Agreement and/or contractual arrangements.
Further information about these processes is included in the privacy disclaimer within the applications and the privacy and information documentation.
2.2 Processing of personal data for own purposes
Without prejudice to the processing of personal data in the context of the agreement with the client as referred to in Article 2.1, Paragin Group processes personal data for its own purposes that are not part of the agreed services with the client.
These processing activities take place in the context of operating the organization, maintaining relationships with users and other stakeholders, and ensuring and improving the quality, effectiveness, and continuity of its products, services, and business processes. This may include processing feedback, optimizing communication, performing analyses, and using (automated) tools to support these purposes.
To the extent that Paragin Group does not process this personal data on behalf of a client, it acts as the Data Controller within the meaning of the GDPR.
The processing of personal data under this article is based on one or more of the following legal grounds:
- Consent of the data subject
- Legitimate interest of Paragin Group
- Compliance with a legal obligation
If personal data is processed based on consent, the data subject has the right to withdraw this consent at any time. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.
Paragin Group takes appropriate technical and organizational measures to ensure that personal data is processed carefully and in accordance with applicable laws and regulations. There is no solely automated decision-making that produces legal effects concerning individuals or significantly affects them, unless permitted under the GDPR and appropriate safeguards are in place.
If the provision of personal data is necessary for (parts of) Paragin Group’s services outside the agreement with the client, failure to provide such data or withdrawal of consent may result in the inability to access those parts.
3. Engagement of Third Parties (Processors)
Paragin Group may use third parties (Processors) for the processing activities described in Article 2.2. In such cases, Paragin Group remains responsible for the processing of personal data, unless it acts as a Processor on behalf of the client.
Paragin Group enters into Data Processing Agreements with these third parties, including appropriate safeguards for the protection of personal data, in accordance with GDPR requirements.
Personal data may also be provided to competent authorities if Paragin Group is legally required to do so.
4. Retention Periods
Paragin Group does not retain personal data longer than necessary for the purposes for which it was collected and processed, unless a longer retention period is required or permitted by applicable laws and regulations.
5. Rights of Data Subjects
Data subjects have, where applicable and within the limits of applicable laws and regulations, the following rights:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- The right not to be subject to solely automated decision-making, subject to legal exceptions
Requests can be submitted via support@paragin.com. Paragin Group will handle such requests within the statutory timeframes.
If Paragin Group acts as a Processor on behalf of a client, it will forward requests to the relevant Data Controller, unless it is legally required to act independently.
6. Transfer of Personal Data Outside the EEA
If personal data is transferred, in exceptional cases, to parties outside the European Economic Area (EEA), Paragin Group ensures that such transfers comply with applicable laws and regulations.
Paragin Group implements appropriate safeguards, including the use of standard contractual clauses approved by the European Commission or transfers based on an adequacy decision.
7. Security of Personal Data
Paragin Group takes appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or unlawful processing.
These measures include, among others, access controls, logging and monitoring, security policies, and periodic evaluation of security measures, taking into account the state of the art, the nature of the data, and the risks involved.
In the event of a data breach, Paragin Group acts in accordance with Data Processing Agreements, legal notification obligations, and reporting deadlines.
8. Dutch Data Protection Authority
If you believe that Paragin Group processes personal data in violation of applicable regulations and we are unable to resolve the matter together, you have the right to file a complaint with the Dutch Data Protection Authority via www.autoriteitpersoonsgegevens.nl.