Privacy

Privacy Statement

Reconi B.V. (Reconi) is responsible for the secure processing of personal data. In doing so, we adhere to the General Data Protection Regulation (GDPR). This privacy statement informs what personal data we process, for what purpose and how we secure it.

About Reconi and contact details
Reconi is a provider of eHerkenning and PKIoverheid, registered with the Chamber of Commerce under Chamber of Commerce number 34142387. For questions about this privacy statement, please use the contact information below.

Mail: Zuiddijk 384C, 1505HE Zaandam
Phone: +31 (0)85 4444250
Email general: helpdesk@reconi.nl
Email Data Protection Officer (FG): privacy@reconi.nl

1. What personal data we process
For eHerkenning (depending on the assurance level):

  • Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
  • Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
  • Cookies, technical, functional and analytical cookies to provide you with an optimal experience and to collect data to improve our products and services.
  • Transaction data, such as use of eHerkenning means.
  • Device data, such as device type, operating system, browser, IP addresses.
  • Correspondence data, such as telephone conversations, chat conversations, email.
  • ID data, such as copy of ID, read chip, document number, document type, validity period.
  • Audiovisual data, such as telephone conversations, video sessions.
  • Biometric data, such as facial features for identification.
  • Payment details, such as bank account number, account name.

For PKIoverheid:

  • Identification data, such as first and last name.
  • Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
  • Correspondence data, such as telephone conversations, chat conversations, email.
  • Payment details, such as bank account number, account name.

For the website reconi.nl and subdomains thereof:

  • Cookies, technical, functional and analytical cookies to provide you with an optimal experience and to collect data to improve our products and services. Cookies are also used for marketing purposes with your consent. A complete overview of the cookie settings can be found in the 'details' tab of our cookie banner, where we explain in detail which cookies are used.
  • Device data, such as device type, operating system, browser, IP addresses.
  • Personal data that you actively provide via a contact form or chat conversations.

2. Sensitive processing of personal data
Below we will explain some specific processing of personal data that, due to their nature or sensitivity, deserve additional explanation.

2.1 Citizen Service Number (BSN)
According to the AVG, the BSN is not special personal data. However, there must be a legal basis for processing BSN. This is the case for Reconi in relation to eHerkenning with sole proprietorships or European use (eIDAS), where the BSN is the unique identifier. In all other situations, we recommend masking the BSN alongside passport photo and nationality when supplying a copy of an identity document.

2.2 Biometric data
For your personal identification, you can use an identification app on your smartphone. When using this identification app, we process your biometric data, namely the physical characteristics of your face. We do this via a photo (selfie) or video, which we compare with the (passport) photo on the identity card presented. In addition, we check whether the images are authentic, mainly to exclude fraudulent or pre-recorded images. Via the identification app, we always ask for your explicit permission (consent) to process your biometric data. The biometric and audiovisual data obtained in the process are processed only during the identification process and are deleted no later than two weeks after completion. The use of the identification app is optional; you can also opt for physical identification on site.

2.3 Other sensitive personal data we process
Reconi does not capture personal data relating to a person's racial or ethnic origin, political opinions, religion or belief, trade union membership, genetic or biometric data for the purpose of unique identification, health, sexual life or criminal record, except where absolutely necessary and unavoidable. This is there only in very specific situations, such as when you apply eHerkenning for a denomination or a political party.

3. Use of AI and algorithms
Where Reconi uses Artificial Intelligence (AI) and/or algorithms, there will be no automated decision-making that could significantly affect individuals and we will adhere to the rules of the AVG when using AI or algorithms.

4. For what purposes we process personal data
Reconi always processes personal data for a purpose and therefore not without reason. We may process your personal data for the following purposes:

  • Administration: For maintaining customer records and internal business processes.
  • Delivery of products and services: To deliver our services such as eHerkenning and PKIoverheid to you.
  • Identification: For verification and validation processes and meeting identification requirements.
  • Customer Relationship Management: For communication and support with inquiries or requests.
  • Invoicing: For processing payments and preparing invoices.
  • To improve products and services: To optimize our services based on feedback and usage analysis.
  • Preventing and recognizing fraud: To identify and prevent abuse.
  • Data Security: To ensure the security of systems and personal data.
  • Training purposes: For internal training and development of our employees.
  • Complying with laws and regulations: such as the AVG.
  • Marketing purposes: To inform customers about our products and services only with your consent or based on legitimate interest.
  • Answering customer inquiries: To provide support through our customer service solutions.

5. Based on which legal basis we process personal data
Reconi processes personal data in accordance with applicable laws and regulations based on different bases. Below is an overview of these bases and their application:

  • Performance of a contract: The processing is necessary for entering into and performing a contract, e.g. to obtain eHerkenning.
  • Legal obligation: The processing is necessary to comply with a legal obligation. This may include, for example, sharing information with enforcement agencies such as the police.
  • Consent: You have consented to the processing of your personal data for one or more specific purposes, such as receiving newsletters or providing specific personal data to service providers through eHerkenning. We seek your consent explicitly and informed. This consent can be withdrawn at any time.
  • Legitimate interest: Processing is carried out in the legitimate interest of Reconi, for example to inform existing customers about similar, proprietary products or services after a purchase. We ensure that these processing operations do not have a disproportionate impact on your privacy.

5.1 Legitimate interest
When processing based on legitimate interest, Reconi takes into account your interests, rights and freedoms. For such processing operations, we perform a balancing of interests to ensure that our legitimate interests do not outweigh your privacy rights. This balancing is aimed at protecting your privacy and ensuring that the processing is proportionate and necessary. You always have the right to object to processing based on legitimate interest, such as marketing purposes. To do so, please contact us via customer service to update your preferences or object to the processing of your data.

6. How we secure personal data
Reconi takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. For this purpose, among others, Reconi has an ISO 27001 certified information security management system. For the eHerkenning service, Reconi is an approved supplier, see eherkenning.nl. With this accreditation, we demonstrate compliance with the Electronic Access Services Agreement System; https://afsprakenstelsel.etoegang.nl.

6.1 Reporting security problems
If you have the impression that your data is not properly secured or there are indications of misuse, please contact us at helpdesk@reconi.nl or +31 (0)85 4444250. For reports about vulnerabilities, please refer to our responsible disclosure policy on website reconi.nl.

7. How long we keep personal data
Reconi will not retain your personal data for longer than is strictly necessary to fulfill the purposes for which your data is collected. We use the following retention period for all (categories) of personal data: 7 years after termination of agreement. Exceptions to this are for 1) copy of ID received: maximum 30 days, 2) audiovisual data for identification: maximum 14 days and, 3) requests that do not lead to a delivery: after 60 days, these requests are deleted from our systems.

8. Sharing personal data with third parties
Reconi does not sell your data to third parties. We provide personal data to third parties only if necessary for the execution of our agreement with you or to comply with a legal obligation. With companies that process your data on our behalf, we conclude a processing agreement to ensure the same level of security and confidentiality of your data. We share only those personal data necessary to carry out the assignment we give to these companies. Reconi remains responsible for this processing.

8.1 Mobile phone
No mobile information is shared with third parties/affiliates for marketing/promotional purposes. All of the above categories exclude sign-in data and consent from the creator of text messages; this information is not shared with third parties.

9. Transfer of personal data
Transfer to countries outside the European Economic Area (EEA) is limited as much as possible. If personal data is processed outside the EEA, Reconi takes the necessary measures and follows the advice of the Personal Data Authority, among others. This includes:

  • Data Privacy Framework: For transfers to the United States, we verify that the relevant organization is certified under the EU-US Data Privacy Framework.
  • European Commission Model Contract Provisions: We use standard contracts approved by the European Commission to ensure a high level of protection.

Reconi closely monitors developments around international data protection and adjusts our measures if necessary.

10. Your rights as a data subject
You have the right to access, correct or delete your personal data. In addition, you have the right to withdraw your possible consent to data processing or object to the processing of your personal data by Reconi and you have the right to data portability. You can send a request for inspection, correction, deletion, data transfer of your personal data or request to withdraw your consent or object to the processing of your personal data to helpdesk@reconi.nl. We will respond to your request as soon as possible, but within four weeks. Depending on your request, a fee may be charged. We would also like to point out that you have the possibility to file a complaint with the national supervisory authority, the Authority for Personal Data.

Changes privacy statement
Reconi reserves the right to modify this privacy statement from time to time, for example due to changes in laws and regulations or adjustments in our services. We advise you to consult our privacy statement regularly to inform yourself of any changes.

The current version of this privacy statement was updated on December 13, 2024.

Privacy Statement

Reconi B.V. (Reconi) is responsible for the secure processing of personal data. In doing so, we adhere to the General Data Protection Regulation (GDPR). This privacy statement informs what personal data we process, for what purpose and how we secure it.

About Reconi and contact details.
Reconi is a supplier of eHerkenning and PKIoverheid. Reconi is registered with the Chamber of Commerce under number 34142387. For questions about this privacy statement, please use the contact details below.

Mail: Zuiddijk 384C, 1505HE Zaandam
Phone: +31 (0)85 4444250
Email general: helpdesk@reconi.nl
Email FG: privacy@reconi.nl

Based on which legal basis we process personal data
Reconi processes personal data in accordance with applicable laws and regulations based on various bases.

  • The processing is necessary for the performance of an agreement; for example to obtain eHerkenning.
  • The processing is necessary to comply with a legal obligation; for example, sharing information with law enforcement agencies such as the police.
  • The data subject has given consent to the processing of his personal data for one or more specific purposes; for example a newsletter or the passing on of specific personal data to service providers via eHerkenning. This permission can be withdrawn at any time.
  • The processing is carried out in the legitimate interest of Reconi, for example to inform existing customers about similar, proprietary products or services after a purchase.

Based on legitimate interest for marketing activities
Reconi may process personal data based on legitimate interest for marketing activities. This includes sending newsletters, promotional offers and other marketing communications via e-mail. Reconi strives to provide relevant information and offers to its existing customers.

Reconi takes into account the interests, rights and freedoms of data subjects when processing personal data on a legitimate interest basis. If you do not want your personal data to be processed for marketing purposes, you have the right to object to such processing. You can contact us at any time to update your preferences or to object to the processing of your data for marketing purposes.

For what purposes we process personal data
Reconi always processes personal data for a purpose and therefore not without reason. We may process your personal data for the following purposes:

  • Administration
  • Delivery of products and services
  • Identification
  • Customer relationship management
  • Billing
  • Improving products and services
  • Preventing and recognizing fraud
  • Data security
  • Training purposes
  • Compliance with laws and regulations
  • Marketing purposes

What personal data we process
For eHerkenning (depending on the assurance level):

  • Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
  • Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
  • Identification numbers, such as the citizen service number (BSN) and/or other tax identification numbers.
  • Transaction data, such as use of eHerkenning means.
  • Device data, such as device type, operating system, browser, IP addresses.
  • Correspondence data, such as telephone conversations, chat conversations, email.
  • Identity document data, such as copy of the identity document, reading chip, video, document number, document type, period of validity.
  • Audiovisual data, such as telephone conversations, video sessions.
  • Biometric data, such as facial features for identification.
  • Payment details, such as bank account number, account name.

For PKIoverheid:

  • Identification data, such as first and last name.
  • Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
  • Correspondence data, such as telephone conversations, chat conversations, email.
  • Payment details, such as bank account number, account name.

For the website reconi.nl:

  • Cookies, technical, functional and analytical cookies to provide you with an optimal experience and to collect data to improve our products and services. Cookies are also used for marketing purposes with your consent. A complete overview of the cookie settings can be found in the 'details' tab of our cookie banner, where we explain in detail which cookies are used.
  • Device data, such as device type, operating system, browser, IP addresses.
  • Personal data that you actively provide via a contact form or chat conversations.

Citizen Service Number (BSN)
According to the GDPR, the BSN is not special personal data. However, there must be a legal basis for processing BSN. This is the case for Reconi in relation to eHerkenning with sole proprietorships or European use (eIDAS), where the BSN is the unique identifier. In all other situations, we recommend masking the BSN alongside passport photo and nationality when supplying a copy of an identity document.

Special and/or sensitive personal data we process
Reconi does not capture any special personal data related to a person's racial or ethnic origin, political opinions, religion or belief, trade union membership, genetic or biometric data for the purpose of unique identification, health, sexual life or criminal history, except when absolutely necessary and unavoidable. This is there only in very specific situations, for example, if you request eHerkenning for a denomination or a political party.

How long we keep personal data
Reconi will not retain your personal data for longer than is strictly necessary to fulfill the purposes for which your data is collected. We use the following retention period for all (categories) of personal data: 7 years after termination of agreement. Exceptions to this are for 1) copy of identity document received: maximum 30 days, and 2) audiovisual data for identification: maximum 14 days.

Transfer of personal data
Transfer to countries outside the European Economic Area (EEA) is limited as much as possible. If personal data is processed outside the EEA, Reconi takes the necessary measures and follows the advice of the Personal Data Authority, among others. For the transfer of personal data to the United States, a check is made to see whether the organization participates in the Data Privacy Framework. Reconi closely monitors developments surrounding the adequacy decisions and adjusts its measures accordingly.

Sharing personal data with third parties
Reconi does not sell your data to third parties. We provide personal data to third parties only if necessary for the execution of our agreement with you or to comply with a legal obligation. With companies that process your data on our behalf, we conclude a processing agreement to ensure the same level of security and confidentiality of your data. We share only those personal data necessary to carry out the assignment we give to these companies. Reconi remains responsible for this processing.

Mobile phone
No mobile information is shared with third parties/affiliates for marketing/promotional purposes. All of the above categories exclude text message maker sign-in information and consent; this information is not shared with third parties.

View, correct or delete data
You have the right to view, correct or delete your personal data. In addition, you have the right to withdraw your possible consent to data processing or object to the processing of your personal data by Reconi and you have the right to data portability. You can send a request for inspection, correction, deletion, data transfer of your personal data or request to withdraw your consent or object to the processing of your personal data to helpdesk@reconi.nl. We will respond to your request as soon as possible, but within four weeks. Depending on your request, a fee may be charged. We would also like to point out that you have the possibility to file a complaint with the national supervisory authority, the Authority for Personal Data.

How we secure personal data
Reconi takes the protection of your data seriously and takes appropriate measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. For this purpose, among others, Reconi has an ISO 27001 certified information security management system. For the eHerkenning service, Reconi is an approved supplier, see eherkenning.nl. With this recognition, we demonstrate compliance with the Electronic Access Services Agreement System; https://afsprakenstelsel.etoegang.nl/.

If you have the impression that your data is not properly secured or there are indications of abuse, please contact us at helpdesk@reconi.nl or +31 (0)85 4444250.
For reports on vulnerabilities, please refer to our responsible disclosure policy on our website.

Changes privacy statement
We reserve the right to modify this privacy statement. Changes will be published on our websites. We therefore recommend that you check this page regularly to see if any changes have been made. The current privacy statement has been updated on March 29, 2024.