Personal data policy

Waterfront Building believes that all people are entitled to protection and reasonable use of their personal data.

Waterfront Building process a variety of different kinds of personal data, and our adherence to the rules relating to processing of personal data as formulated in both the European General Data Protection Regulation (the GDPR) and the supplementary legislation in the different countries, where we operate, is fundamental for our business.

For each of our services and processes, we evaluate whether or not they will involve the processing of personal data, and if so how the legislation and the interests of the data subjects are best served.

We only collect and process personal data on a lawful and fair basis and for purposes that are specified, explicit and legitimate and all collected personal data has to be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

We make sure to inform the data subjects in a transparent manner about the processing of their personal data and their rights.

If we would like to use the collected personal data for other purposes than the purpose for which they were originally gathered for, we will inform the data subjects and if necessary obtain their consent in regard to the new purpose.

We work to ensure that the processed personal data is accurate, and that inaccurate personal data will either be erased or rectified without delay.

We have implemented technical and organisational security measures concerning confidentiality and data security that protect the personal data against destruction, loss, modification, unauthorised publication and unauthorised access or disclosure. Our employees have received training and instruction in proper processing of personal data. Where personal data is processed on our behalf, the data processor must implement the appropriate security measures and only process the personal data according to our instruction.

We only store personal data in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed.

We do not transfer personal data to or store personal data in countries outside the EU/EEC or an international organisation, unless in accordance with an adequacy decision by the Commission or where there is the appropriate and suitable safeguards.