Code of Conduct

We promise

Safeguarding the privacy of (your) data subjects is of vital importance to us. In everything we do, this security comes first.

That is why we promise to:

  • Only give people who need to have access to the personal data, access to it;
  • Not store personal data for longer than the periods indicated in advance by you and/or statutory periods;
  • Optimally support the correct processing of personal data with our systems;
  • Process all personal data on the basis of documented instructions, whereby we also independently consider the relevant legislation and regulations;
  • Not make personal data available to third parties, unless agreed in advance;
  • Cooperate at all times with the implementation of the rights of the parties involved.

How do we carry out what we promise?

  • The data we process is always based on an agreement;
  • All our data processing operations are recorded in our processing register, which states what type of data we collect and for what purpose;
  • All our data collections are based on the principle of data minimisation, we do not process more data than necessary and we do not process more data than necessary for a longer period of time;
  • Data that is no longer used is destroyed. We do not pseudonymize data;
  • Retired data is strictly protected by means of measures in accordance with ISO 27001 and NEN 7510;
  • The transport of data takes place via encryption / secure data transfer;
  • We do not report any personal data provided to us via a client. For the right to information, the right to change and the right to forget, we refer the data subjects (the persons for whom the data has been collected) to our client;
  • On all our processing – regardless of the degree of privacy sensitivity or the lack thereof – we apply the same highest possible measures for the protection of this data. We adopt a risk-based approach, taking into account privacy by default and privacy by design in software development;
  • An overview of the measures taken to protect personal data is available separately;
  • We have a described data leak procedure;
  • We do not outsource personal data to third countries or international organisations.

Date: 16-05-2018