Privacy Statement App4mation B.V.

Effective as of January 1st, 2019

Introduction

Your privacy and the careful handling of the personal data that you share with us is of vital importance to us as not having appropriate measures in place could potentially cause severe negative impact to your organisation or person. This privacy notice contains an overview of the services we offer and the way we deal with any personal data processed by us as part of these services. Please consider this privacy statement carefully and don’t hesitate to contact our privacy and security team.

Who We Are

4mation Group is a leading ServiceNow integration partner. 4mation Group works for multiple enterprise sized multinational clients and its headquarter is in the Netherlands. The address is Arthur van Schendelstraat 650 3511MJ in Utrecht. In case of questions regarding privacy of or GDPR you can contact us via security@app4mation.com.

Privacy

Information Collection

As part of the services that we deliver we get access to the Customer’s ServiceNow environments where client data may be stored. We will not use this data in any way other than explicitly instructed by the customer. – We furthermore do not collect any personal data whatsoever for any purpose other than explicitly instructed by the customer. Examples of PII shared in ServiceNow environments are e-mail addresses, phone numbers, first and last name.

  • Our mobile applications use third party services that temporarily store data for push messaging purposes.
  • In addition to this we store our own employee data on a centralized filing system to which only users get access that need this per business justification (e.g. HR).

Use of Personal Information

As stated in ‘Information Collection’ , we do not process personal data for any other purpose than explicitly instructed by our customers. We do not perform any other activities other than ServiceNow related services at our customers. In addition to implementation and development services that we provide, we also offer support services to some clients. This means we will have access to the ServiceNow environment of the customer. In the support services we occasionally also do account management related services (e.g. create accounts in the ServiceNow platform and add roles). We never use the personal data in the ServiceNow platform in any other way than instructed by the customer. We will always avoid as much as possible to store personal data anywhere else than on the ServiceNow platform (e.g. no local copies of data etc.) to minimise the risk of a data breach.We furthermore maintain our own employee data in a centralized system.

With respect to the services we provide to our customers we have a contractual agreement with our customer that requires us to have access to the customer ServiceNow environment in which personal data may be stored. We furthermore store data of our own employees for which we also have a contractual obligation to do so.

Sharing Personal Data

We do not process personal data for any other purpose than explicitly instructed by our customers. In the occurrence that customer would instruct us to share personal data we will treat this as a confidential transaction. Such transaction will include the following considerations:


The use of a confidential transfer mechanism (i.e. a secure, encrypted transfer of data or properly labelled for paper trace).

4mation Group maintains reasonable physical, administrative and technical safeguards to protect PII from loss, misuse, unauthorized access, disclosure, alteration or destruction. The personnel of 4mation Group are provided access to PII only if they have a need to know the information for a legitimate business purpose.

Storing & Processing of Personal Data

We do not process personal data for any other purpose than explicitly instructed by our customers. In the exceptional case that the customer would instruct us to process and store personal data, we would implement the necessary physical and technical safeguards to protect the sensitive data. For our mobile applications data is stored temporarily in third party services for push messaging services.

Securing Personal Data

4mation Group maintains reasonable physical, administrative and technical safeguards to protect PII from loss, misuse, or unauthorized access, disclosure, alteration or destruction. The personnel of 4mation Group are provided access to PII about you only if they have a need to know the information in connection with a legitimate business purpose.

Duration of Processing

As stated above, we do not process personal data for any other purpose than explicitly instructed by our customers. In the exceptional case we take every reasonable step to ensure that personal data is only processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the retention period for Personal Data is:

– The relation established with our customer and their specific needs
– The duration established with our customer and their specific needs
– The relevance established by our customer

Data Subject Rights

As stated above, we do not process personal data for any other purpose than explicitly instructed by our customers. In the exceptional case that the customer would instruct us to process we will proceed to follow the customers privacy notice and guidance related to the rights subjected to personal data.

Contact Information

In case of questions/complaints regarding privacy or GDPR you can contact us via security@app4mation.com.