The Service Automation Framework Alliance (SAFA) believes it is important to safeguard the privacy and confidentiality of information entrusted to it. For this reason, we process your personal data carefully and securely. This Online Privacy Statement applies to the website of SAFA (based in the Netherlands). In this Online Privacy Statement you can read how we collect, use, share and protect personal data through our website.

Who is responsible for your personal data?

The Service Automation Framework Alliance is responsible for processing your personal data. It usually shares this responsibility with the official examinations institutes for the purpose of processing examination results. The primary partner for exam processing is APMG-International, whose privacy policy is available through this link.

Within the SAFA organisation, our legal department is charged as much as possible with compliance with privacy legislation, including the information obligation and the exercise of rights. If you have questions or complaints about the processing of your personal data, you can also contact our legal department at SAFA.

What types of personal data do we process?

SAFA processes personal data when you visit our website. For example, if you provide your email address and when you register your interests in SAFA’s services. SAFA only collects those personal data that are necessary. Additional personal data are collected only if you give permission for this.

We may process the following (types of) personal data when you visit our website:

  • Name
  • Email address
  • Company name
  • Job title
  • Telephone number
  • IP Address
  • Login details
  • Your interests and preferences
  • Social media name
  • Information on your surfing and viewing behaviour and possible your location and other cookie information

The SAFA website may redirect you to other websites, including those of accredited training organisations (ATOs) abroad. This Online Privacy Statement does not apply to those websites; other privacy statements are applicable there. We recommend that you read the privacy statement of every website you visit so that you always know what happens with your personal data.

For what purposes do we use personal data?

SAFA processes personal data for the following purposes:

  • We use the information you provide about your preferences to personalise your user experience.
  • If you ask us for information about SAFA or if you register to make use of our services, we will use your email address and other information you give to us to respond to your question or registration.
  • If you register for an online SAFA account, your personal data is used to create an online SAFA account.
  • To construct or expand your profile, possibly in combination with data already available on you, after which we may for example approach you as part of of sales.
  • We use your personal data to optimise your visit to our website as far as possible, and to further improve our services.
  • We also use your personal data for exam processing requirements and to keep track of certification results.

Your personal data is not used for other purposes than those for which you initially provided this information. Exceptions are if we have to comply with a statutory obligation, if you have given us permission to process your personal data also for a different purpose, or if further processing is permitted by privacy legislation.

What are the legal bases for processing of personal data?

Privacy legislation, including the General Data Protection Regulation (GDPR), permits companies to process personal data if this happens on one of the legal bases stated in the GDPR. If we process your personal data, we do so based on a legitimate interest, based on your consent or based on a law. Your personal data is processed based on the legitimate interest that SAFA has in the following cases:

  • Acquiring engagements (sales), among others by sending relevant information.
  • Managing existing customers and relationships (customer relationship management and account management).
  • Optimising and/or personalising content. 
  • Optimising our operations, such as standardising processes. 

When invoking this legal basis for processing personal data, we will always weigh your privacy interest against our business interest.

It is also possible that you have specifically and explicitly consented to us processing your personal data for a particular purpose. For example, to send you information by email for marketing purposes, including invitations to events organised by SAFA. You can withdraw your consent at any time using the link included in every email you receive from us, through your online SAFA-account or by sending an email to SAFA on info@serviceautomation.org.

We may also process your personal data if we are required to do so by law.

Who do we share personal data with?

For some activities we engage contractors. For example, for registration for events organised by SAFA. In all such cases we have concluded an appropriate (processing) agreement with the third party, which inter alia safeguards correct and secure data processing.

In addition, SAFA may transfer personal data to our exam institutes or to external companies abroad that we work with or that work on our behalf. SAFA may also process personal data in a different country than your country of residence. Transfer by SAFA of personal data abroad takes place in compliance with European (and Dutch) privacy legislation.

SAFA must also disclose your personal data if we are required to do so by law. Furthermore, personal data may also be necessary for privacy or security audits, or to be able to carry out an investigation due to a complaint or a security threat.

SAFA will not transfer personal data you provide to us to third parties for direct marketing purposes of such third parties.

Where is your personal data stored?

We store your data in various databases. We always maintain strict security measures. It may be that your personal data is transferred to countries outside the European Union and stored there. In this case, we will ensure that your privacy is protected appropriately.

How do we protect your personal data?

SAFA has a security policy and procedures in place to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. We endeavour to strictly limit access to personal data to those who on behalf of SAFA must be involved in processing your personal data and those who are otherwise authorised to do so within the boundaries of the privacy legislation. Persons who have access to personal data are obliged to keep the information confidential. Where necessary, this has been contractually agreed upon.

How long do we keep personal data?

SAFA retains personal data no longer than necessary for its purposes, no longer than is permitted by law or until you ask for your personal data to be erased. SAFA has drawn up an internal retention policy for this that is regularly updated.

Are cookies being used?

SAFA uses cookies, web beacons and other techniques to collect information when you make use of our website. Processing this data enables us to improve and personalise the functioning, usability and effectiveness of the services and to measure the effectiveness of our marketing activities.

A ‘cookie’ is a small piece of text that a website places on your computer, tablet or smartphone by which the website can recognise your device. Cookies are used for various purposes. When we use the term ‘cookies’ in this Online Privacy Statement, we mean cookies, web beacons, pixels and other comparable techniques.

Other instruments or widgets of third parties are also used on our web pages, e.g. the LinkedIn button, in order to provide additional functionality. In such cases a cookie is placed on your device so that you can make use of third party services more easily. If you use third party instruments or widgets, these third parties may also process your personal data. For more information on this, please refer to the third party’s privacy statement.

A so-called cookie banner may appear on our website in which your consent is requested for the use of cookies. If you do not give your consent, we will only place functional cookies (your consent is not required because they do not breach your privacy) and analytical cookies that are set in a privacy-friendly manner (this does not require your consent either). As an additional measure we have also masked the IP address as standard for a number of cookies.

If you do give your consent, we also place other cookies, such as tracking and social media cookies. You can set your internet browser so that you get a warning when you receive a cookie or to refuse cookies. You should realise that if you do not accept cookies, you may not be experiencing the full functionality of the website.

Below is a list of the types of cookies used on our website.

  • Privacy preferences – This cookie keeps track of whether you have given consent.
  • Website preferences – These cookies remember your website preferences (e.g. language setting) or improve the personal experience (e.g. by means of a personalised greeting or content). Our cookies are used on parts of the website that you can access using your own online account.
  • Analytical – We use various (external) cookies to analyse the use of our website. This enables us to improve the quality and content of our website. Information being collected: IP address, number of unique visitors, search terms, visitor’s location (country code), date, duration and frequency of visits, hardware used, browser type, marketing campaign data. In doing so, we can for example make use of cookies and Google scripts to measures how effective our content is and to better respond to your interests.
  • Marketing – In the context of improving our marketing campaigns we use third party services to measure the effectiveness of our advertising and for the purpose of cost control. Reporting is aggregated, and not on an individual level.
  • Social (e.g. Gigya, Google+, Facebook, Twitter) – We use (external) social media widgets and/or buttons to offer visitors the option of sharing information from our websites on social media and via email. In this context the interactions and activities of visitors to our website who use these services are tracked on an aggregate level (i.e. not on an individual level), e.g. the number of times information is shared (social share count)). We recommend that you read the privacy statements of these parties.

What are your rights?

You have the right to access your personal data. You also have the right to rectification, erase and limit the use of your data, object to certain types of processing and to transfer your personal data.

Some of this you can do yourself in your online account. You can also unsubscribe from our newsletter yourself. You can do this by using the link at the bottom of every newsletter.

You can also file a request to exercise your rights described above by contacting info@serviceautomation.org . In this case, we are obliged to check your identity. For this reason, we may ask you for additional information in order to confirm your identity.

Do you have any questions or complaints?

SAFA believes it is important to safeguard the privacy and confidentiality of information that is entrusted to it. If you have a request or a question regarding the processing of your personal data or you wish to object to it, please send your remark, question or objection by email to info@serviceautomation.org.

You also always have the right to file a complaint with the Data Protection Authority.

Changes to this privacy statement

SAFA may change this Online Privacy Statement from time to time. When we make changes to this Online Privacy statement, we will revise the ‘date of last change’ shown at the bottom of the page. In addition, we will give a brief overview of the most important changes compared to the previous version.

Data last changed: 25 March 2019 (updated cookies section).