Privacy

For what purposes we process personal data
Reconi always processes personal data for a purpose and therefore not without reason. We may process your personal data for the following purposes:

• Administration
• Delivery of products and services
• Identification
• Customer relationship management
• Billing
• Improving products and services
• Preventing and recognizing fraud
• Data security
• Training purposes
• Complying with laws and regulations

What personal data we process
For eHerkenning (depending on the assurance level):

• Identifying information, such as first and last name, gender, date of birth, place of birth, nationality, signature.
• Contact information, such as address, residence, phone number, email address.
• Identification numbers, such as citizen service number (BSN) and/or other tax identification number.
• Transaction data, such as usage eHerkenning.
• Device data, such as device type, operating system, browser, IP addresses.
• Correspondence data, such as phone calls, chats, email.
• ID data, such as copy of ID, read chip, video, document number, document type, validity period.
• Audio-visual data, such as phone calls, video sessions.
• Biometric data, such as facial features for identification.
• Payment details, such as bank account number, account name.

For PKIoverheid:

• Identifying information, such as first and last name.
• Contact information, such as address, residence, phone number, email address.
• Correspondence data, such as phone calls, chats, email.
• Payment details, such as bank account number, account name.

For the website reconi.co.uk:

• Cookies, technical, functional and analytical cookies to provide you with an optimal experience and to collect data to improve our products and services.
• Device data, such as type of device, operating system, browser, IP addresses.
• Personal data that you actively provide via a contact form or chat conversations.

Citizen Service Number (BSN)
According to the AVG, the BSN is not special personal data. However, there must be a legal basis for processing BSN. This is the case for Reconi in relation to eHerkenning with sole proprietorships or European use (eIDAS), where the BSN is the unique identifier. In all other situations, we recommend masking the BSN in addition to passport photo and nationality when submitting a copy of an identity document.

Special and/or sensitive personal data we process
Reconi does not capture any special personal data related to a person's racial or ethnic origin, political opinions, religion or belief, trade union membership, genetic or biometric data for the purpose of unique identification, health, sexual life or criminal history, except when absolutely necessary and unavoidable. This is there only in very specific situations, for example, if you request eHerkenning for a denomination or a political party.

How long we keep personal data
Reconi will not retain your personal data for longer than is strictly necessary to fulfill the purposes for which your data is collected. We use the following retention period for all (categories) of personal data: 7 years after termination of agreement. Exceptions to this are for 1) copy of proof of identity received: maximum 30 days, and 2) audiovisual data for identification: maximum 14 days.

Sharing personal data with third parties
Reconi does not sell your data to third parties and there is no transfer of data to countries outside the European Economic Area. We provide personal data to third parties only if necessary for the performance of our agreement with you or to comply with a legal obligation. With companies that process your data on our behalf, we conclude a processing agreement to ensure the same level of security and confidentiality of your data. We share only those personal data necessary to carry out the assignment we give to these companies. Reconi remains responsible for this processing.

View, correct or delete data
Youhave the right to view, correct or delete your personal data. In addition, you have the right to withdraw your possible consent to data processing or object to the processing of your personal data by Reconi and you have the right to data portability. You can send a request for inspection, correction, deletion, data transfer of your personal data or request to withdraw your consent or object to the processing of your personal data to helpdesk@reconi.nl. We will respond to your request as soon as possible, but within four weeks. Depending on your request, a fee may be charged. We would also like to point out that you have the possibility to file a complaint with the national supervisory authority, the Authority for Personal Data.

How we secure personal data
Reconi takes the protection of your data seriously and takes appropriate measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. For this purpose, among others, Reconi has an ISO 27001 certified information security management system. For the eHerkenning service, Reconi is an approved supplier, see eherkenning.nl. With this recognition, we demonstrate compliance with the Electronic Access Services Agreement System; https://afsprakenstelsel.etoegang.nl/.

If you have the impression that your data is not properly secured or there are indications of misuse, please contact us at helpdesk@reconi.nl or +31 (0)85 4444250.
For reports on vulnerabilities, please refer to our responsible disclosure policy on our website.

Changes privacy statement
We reserve the right to modify this privacy statement. Changes will be published on our websites. We therefore recommend that you check this page regularly to see if any changes have been made. The current privacy statement was updated on February 3, 2022.