Privacy

On the basis of legitimate interest for marketing activities
Reconi may process personal data on the basis of legitimate interest for marketing activities. This includes sending newsletters, promotional offers and other marketing communications via e-mail. Reconi strives to provide relevant information and offers to its existing customers.

Reconi takes into account the interests, rights and freedoms of data subjects when processing personal data on a legitimate interest basis. If you do not want your personal data to be processed for marketing purposes, you have the right to object to such processing. You can contact us at any time to update your preferences or to object to the processing of your data for marketing purposes.

For what purposes we process personal data
Reconi always processes personal data for a purpose and therefore not without reason. We may process your personal data for the following purposes:

• Administration
• Delivery of products and services
• Identification
• Customer relationship management
• Billing
• Improving products and services
• Preventing and recognizing fraud
• Data security
• Training purposes
• Compliance with laws and regulations
• Marketing purposes

What personal data we process
For eHerkenning (depending on the assurance level):

• Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
• Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
• Identification numbers, such as the citizen service number (BSN) and/or other tax identification numbers.
• Transaction data, such as use of eHerkenning means.
• Device data, such as device type, operating system, browser, IP addresses.
• Correspondence data, such as telephone conversations, chat conversations, email.
• Identity document data, such as copy of the identity document, reading chip, video, document number, document type, period of validity.
• Audiovisual data, such as telephone conversations, video sessions.
• Biometric data, such as facial features for identification.
• Payment details, such as bank account number, account name.

For PKIoverheid:

• Identification data, such as first and last name.
• Identification data, such as first and last name, gender, date of birth, place of birth, nationality, signature.
• Correspondence data, such as telephone conversations, chat conversations, email.
• Payment details, such as bank account number, account name.

For the website reconi.nl:

• Cookies, technical, functional and analytical cookies to provide you with an optimal experience and to collect data to improve our products and services. Cookies are also used for marketing purposes with your consent. A complete overview of the cookie settings can be found in the 'details' tab of our cookie banner, where we explain in detail which cookies are used.
• Device data, such as device type, operating system, browser, IP addresses.
• Personal data that you actively provide via a contact form or chat conversations.

Citizen Service Number (BSN)
According to the AVG, the BSN is not special personal data. However, there must be a legal basis for processing BSN. This is the case for Reconi in relation to eHerkenning with sole proprietorships or European use (eIDAS), where the BSN is the unique identifier. In all other situations, we recommend masking the BSN alongside passport photo and nationality when supplying a copy of an identity document.

Special and/or sensitive personal data we process
Reconi does not capture any special personal data related to a person's racial or ethnic origin, political opinions, religion or belief, trade union membership, genetic or biometric data for the purpose of unique identification, health, sexual life or criminal history, except when absolutely necessary and unavoidable. This is there only in very specific situations, for example, if you request eHerkenning for a denomination or a political party.

How long we keep personal data
Reconi will not retain your personal data for longer than is strictly necessary to fulfill the purposes for which your data is collected. We use the following retention period for all (categories) of personal data: 7 years after termination of agreement. Exceptions to this are for 1) copy of identity document received: maximum 30 days, and 2) audiovisual data for identification: maximum 14 days.

Transfer of personal data
Transfer to countries outside the European Economic Area (EEA) is limited as much as possible. If personal data is processed outside the EEA, Reconi takes the necessary measures and follows the advice of the Personal Data Authority, among others. For the transfer of personal data to the United States, a check is made to see whether the organization participates in the Data Privacy Framework. Reconi closely monitors developments surrounding the adequacy decisions and adjusts its measures accordingly.

Sharing personal data with third parties
Reconi does not sell your data to third parties. We provide personal data to third parties only if necessary for the execution of our agreement with you or to comply with a legal obligation. With companies that process your data on our behalf, we conclude a processing agreement to ensure the same level of security and confidentiality of your data. We share only those personal data necessary to carry out the assignment we give to these companies. Reconi remains responsible for this processing.

View, correct or delete data
You have the right to view, correct or delete your personal data. In addition, you have the right to withdraw your possible consent to data processing or object to the processing of your personal data by Reconi and you have the right to data portability. You can send a request for inspection, correction, deletion, data transfer of your personal data or request to withdraw your consent or object to the processing of your personal data to helpdesk@reconi.nl. We will respond to your request as soon as possible, but within four weeks. Depending on your request, a fee may be charged. We would also like to point out that you have the possibility to file a complaint with the national supervisory authority, the Authority for Personal Data.

How we secure personal data
Reconi takes the protection of your data seriously and takes appropriate measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. For this purpose, among others, Reconi has an ISO 27001 certified information security management system. For the eHerkenning service, Reconi is an approved supplier, see eherkenning.nl. With this recognition, we demonstrate compliance with the Electronic Access Services Agreement System; https://afsprakenstelsel.etoegang.nl/.

If you have the impression that your data is not properly secured or there are indications of abuse, please contact us at helpdesk@reconi.nl or +31 (0)85 4444250.
For reports on vulnerabilities, please refer to our responsible disclosure policy on our website.

Changes to Privacy Statement
We reserve the right to modify this privacy statement. Changes will be published on our websites. We therefore advise you to check this page regularly to see if any changes have been made. The current privacy statement has been updated on November 1, 2023.