Privacy

Based on legitimate interest for marketing activities
Reconi may process personal data based on legitimate interest for marketing activities. This includes sending newsletters, promotional offers and other marketing communications via e-mail. Reconi strives to provide relevant information and offers to its existing customers.

Reconi takes into account the interests, rights and freedoms of data subjects when processing personal data on a legitimate interest basis. If you do not want your personal data to be processed for marketing purposes, you have the right to object to such processing. You can contact us at any time to update your preferences or to object to the processing of your data for marketing purposes.

For what purposes we process personal data
Reconi always processes personal data for a purpose and therefore not without reason. We may process your personal data for the following purposes:

• Administration
• Delivery of products and services
• Identification
• Customer relationship management
• Billing
• Improving products and services
• Preventing and recognizing fraud
• Data security
• Training purposes
• Compliance with laws and regulations
• Marketing purposes

Which personal data we process
For eHerkenning (depending on the assurance level):

• Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
• Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
• Identification numbers, such as the citizen service number (BSN) and/or other tax identification numbers.
• Transaction data, such as use of eHerkenning means.
• Device data, such as device type, operating system, browser, IP addresses.
• Correspondence data, such as telephone conversations, chat conversations, email.
• Identity document data, such as copy of the identity document, reading chip, video, document number, document type, period of validity.
• Audiovisual data, such as telephone conversations, video sessions.
• Biometric data, such as facial features for identification.
• Payment details, such as bank account number, account name.

For PKIoverheid:

• Identification data, such as first and last name.
• Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
• Correspondence data, such as telephone conversations, chat conversations, email.
• Payment details, such as bank account number, account name.

For the website reconi.nl:

• Cookies, technical, functional and analytical cookies to provide you with an optimal experience and to collect data to improve our products and services. Cookies are also used for marketing purposes with your consent. A complete overview of the cookie settings can be found in the 'details' tab of our cookie banner, where we explain in detail which cookies are used.
• Device data, such as device type, operating system, browser, IP addresses.
• Personal data that you actively provide via a contact form or chat conversations.

Citizen Service Number (BSN)
According to the GDPR, the BSN is not special personal data. However, there must be a legal basis for processing BSN. For Reconi, this is the case in relation to eHerkenning for sole proprietorships or European use (eIDAS), where the BSN is the unique identifying feature. In all other situations, we advise you to shield the BSN when submitting a copy of your ID, in addition to your passport photo and nationality.

Special and/or sensitive personal data we process
Reconi does not record special personal data related to someone's race or ethnic origin, political opinions, religion or belief, trade union membership, genetic or biometric data for unique identification, health, sexual life or criminal history, except if this absolutely necessary and unavoidable. This is only available in very specific situations, for example if you are applying for eHerkenning for a religious denomination or a political party.

How long we keep personal data
Reconi will not retain your personal data for longer than is strictly necessary to achieve the purposes for which your data is collected. We use the following retention period for all (categories) of personal data: 7 years after termination of the agreement. There are exceptions to this for 1) received copy of proof of identity: maximum 30 days, and 2) audiovisual data for identification: maximum 14 days.

Transfer of personal data
Transfer to countries outside the European Economic Area (EEA) is limited as much as possible. If personal data is processed outside the EEA, Reconi takes the necessary measures and follows the advice of the Personal Data Authority, among others. For the transfer of personal data to the United States, a check is made to see whether the organization participates in the Data Privacy Framework. Reconi closely monitors developments surrounding the adequacy decisions and adjusts its measures accordingly.

Sharing personal data with third parties
Reconi does not sell your data to third parties. We provide personal data to third parties only if necessary for the execution of our agreement with you or to comply with a legal obligation. With companies that process your data on our behalf, we conclude a processing agreement to ensure the same level of security and confidentiality of your data. We share only those personal data necessary to carry out the assignment we give to these companies. Reconi remains responsible for this processing.

Mobile phone
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All of the above categories exclude text message maker sign-in information and consent; this information is not shared with third parties.

View, correct or delete data
You have the right to view, correct or delete your personal data. You also have the right to withdraw your consent to the data processing or to object to the processing of your personal data by Reconi and you have the right to data portability. You can send a request for access, correction, deletion, data transfer of your personal data or request for withdrawal of your consent or objection to the processing of your personal data to helpdesk@reconi.nl. We will respond to your request as quickly as possible, but within four weeks. Depending on your request, a fee may be charged. We would also like to point out that you have the option of submitting a complaint to the national supervisory authority, the Dutch Data Protection Authority.

How we secure personal data
Reconi takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. Reconi has an ISO 27001 certified management system for information security for this purpose. Reconi is a recognized supplier for the eHerkenning service, see eherkenning.nl. For the eHerkenning service, Reconi is an approved supplier, see eherkenning.nl. With this recognition, we demonstrate compliance with the Electronic Access Services Agreement System; https://afsprakenstelsel.etoegang.nl/.

If you have the impression that your data is not properly secured or if there are indications of abuse, please contact us via helpdesk@reconi.nl or +31 (0)85 4444250. For reports of vulnerabilities, please refer to our responsible disclosure policy on our website.

Changes privacy statement
We reserve the right to modify this privacy statement. Changes will be published on our websites. We therefore recommend that you check this page regularly to see if any changes have been made. The current privacy statement was updated on March 29, 2024.