Privacy Statement


Your privacy and NMC Bright

At NMC Bright we think it is very important that we give full disclosure on how we deal with your personal data. You can trust that we will handle your personal data with the utmost care and will never share them with third parties. Furthermore, personal data provided to us will always be dealt with confidentially. NMC Bright’s storage and processing of personal data is in line with the regulations as determined by the General Data Protection Regulation (GDPR). In this privacy statement we guide you through our policy.

Personal data?

Personal data includes all data that (in)directly relates to you as a person. Examples of personal data includes: your name, email address, phone number, address, date of birth etc. We refer to the ‘processing’ of personal data whenever an entity uses this data for whatever reason. The legal definition of the concept ‘processing’ includes: gathering, saving, consulting, using and deleting personal data.

Whose personal data do we process?

We process data of: people with whom we (in)directly want to establish a relationship, people we have (had) a relationship with, people who took part in NMC Bright’s research projects, (potential) contacts from organisations we consider to be our clients, suppliers or other business-like relations, people who visit our website and applicants who want to work/intern at NMC Bright.

Who is responsible for the processing of your personal data?

NMC Bright is responsible for the processing of your personal data

To what ends do we use your personal data?

We process your personal data for the down-below presented purposes. A couple of examples are given for each of these purposes:

  1. To establish and maintain a relationship with you. In case you, or the organisation you represent, want(s) to be our customer, we need your personal data. The same applies when you, or the organisation you represent, want(s) to be our supplier, or when you apply to work/intern at NMC Bright.
  2. To conduct research. We need the names and email addresses of our target audience when we send out surveys. During audit-and other visitation programs we gather data of people/organisations in order to give the best advices and deliver the quality work expected from us.
  3. To give tailored advice or execute marketing related activities. In order to provide you, the customer/organisation, with the best possible services and preferred channel of communication, we process your personal data for marketing purposes. This allows us to provide you with updates on our products and services via phone and/or email.

How long do we store your personal data?

NMC Bright processes personal data for the sole purpose of serving the above-stated goals, which means we try to keep the gathering and storage of personal data to a minimum. In relation to this, we do not store your personal data longer than necessary. We store data for the duration of the required period to meet our legal and regulatory obligations. In general, this is a period of two, five or seven years.

With whom do we share your personal data?

We do not share your personal data with third parties and we provide participants of our surveys with information on how we deal with anonymity in conducting research.

How do we guarantee your privacy?

At NMC Bright we care about privacy. That is why we have employed a Privacy Officer who controls/evaluates how NMC Bright complies with privacy regulation and -protection. NMC Bright’s Privacy Officer is the contact person for both the organisation as well as the supervisor. Additionally, NMC Bright employed an expert who is in charge of securing our IT-infrastructure, with a focus on the GDPR specifically. All our employees have signed a confidentiality contract. The only employees who have access to personal data are the ones who need it to carry out their tasks.

Social Media

On our website we published links to our social media channels, like LinkedIn and Twitter. The terms as described in this privacy statement do not apply to these social media accounts. The usage of social media is one’s own responsibility. We would advise to read the privacy statements as enforced by these different media outlets so that you know what happens to your personal data at all times. A lot of social media providers have their head offices outside of the EU, which means they store your personal data outside of the EU. Because your personal data is stored outside the EU the possibility exists that security standards do not comply with the same privacy standards as enforced within the EU.

Research through Checkmarket and Yucan

In conducting our research, we use of Checkmarket and Yucan software. All gathered data, including name and email address, are transferred to these two software applications and then stored in their secured data servers. Checkmarket also complies with the GDPR and has published their privacy policy on their website. Yucan is a software tool developed by Phoinix B.V., h.o.d.n with which they have signed a data processing agreement/contract. Yucan published their privacy-and cookie statement on their website.

E-mail communication via Mailchimp

We use Mailchimp for all of our email communication. More specifically, we use it for sending out newsletters and email messages within the array of services we offer. The gathered information (your email address) is transferred to Mailchimp and they subsequently store this data to their servers in the United States. Mailchimp has committed to comply with the EU-US Privacy Shield-principle and the Swiss-US Privacy Shiel-principle. This means that there is an appropriate level of protection installed in the processing of personal data. Visit for more information about Mailchimp’s privacy statement.

External Links

Our website contains links to other (external) websites. This privacy statement does not apply to these websites. We try to keep these external links up to date to make sure we refer our visitors to the right website. We are not responsible for the content published on these websites and how these websites deal with personal data. We would advise you to always read these website’s privacy statements, so you know how they deal with your personal data.

What rights do you have?

You can always ask us what personal data we are processing. This right is recorded in the GDPR. Within four weeks of this request you will then receive an overview of your personal data as stated in our database. When this overview shows incorrect/outdated information you can ask us to update this data. If you feel like we should completely delete your personal data you can send a request to

Alterations in our privacy statement

We have the right to alter this privacy statement. For example when we are legally obliged or when our own policy changes. We would like to advise you to revisit this page on a regular basis to make sure our policy has not changed.

Last update: 25th of May 2018