Kiwa aims to create trust, which is why your privacy is important to us. In this privacy statement, we will explain to you what kind of personal data we collect, how we collect it and what we use it for.
Kiwa offers a wide range of products and services, to all of which this statement applies. This statement is regularly reviewed and updated as our products and services may evolve.
Kiwa invests in securing your privacy by enhancing knowledge, professionalism and ethics among its employees and contractors, and takes steps to ensure adequate protection for your personal data.
Who are we?
Kiwa N.V. is the public limited company under Dutch law, registered at the Dutch Chamber of Commerce with number 27039108, hereafter ‘Kiwa’. We are one of the major global players in the TIC market (Testing, Inspection, Certification). Together with you, we would like to create trust, quality and progress.
What personal data do we collect?
Kiwa collects personal data to enable us to provide you with our products and services. Personal data collected vary with the nature of the product or service we provide or may provide you with. Commonly, this includes among others your name, contact data such as email address, phone or mobile phone number, user details, (business) location, your age or date of birth and the country you live in. Sensitive information is only processed when explicitly required and within the constraints of the law.
What do we use personal data for?
Kiwa has a policy of collecting only personal data which are necessary for processing. We will process your personal data only with your consent or in cases of necessity, such as the execution of a contract, legal obligations, carrying out a task in the public interest or for our own legitimate interests.
We need your personal data for one or more of the following purposes:
- the assessment and acceptance of a customer, supplier or business partner;
- the conclusion and execution of agreements with customers, supplier and business partner;
- providing authentication services;
- relationship management and marketing;
- business process execution, internal management and management reporting;
- health, safety, security and integrity;
- the development and improvement of products, services and websites;
- informing customers about new products and services;
- the handling of requests for information; Handling disputes and for the ability to perform an (accounting) audit;
- compliance with law, such as the requirement to keep and retain administrative records.
With respect to the purposes in points 4 till 9 our legitimate interest provides a legal basis for the processing of personal data. Our legitimate interest consists of the generation of statistical data, marketing purposes and internal management.
If and when the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time.
Where is your personal data stored?
Kiwa makes use of three main ways of processing your personal data: on-site by Kiwa in our datacentre, online with major providers, and for specific products and services using applications (cloud) provided by selected third parties. Kiwa has a strict security policy to ensure adequate security of your personal data. When we use an online provider we choose to work with industry leaders – or other parties who comply with EU law and who have extensive security and privacy measures in place.
The storage period of your personal data depends on the type of process for which it is needed. For many of our products and services, your personal data are part of a continuous process, which is why your personal data will be stored until that process terminates. In all other cases, your personal data will be deleted without undue delay when it has served its purpose, unless any kind of legal storage period is applicable.
With whom do we share personal data?
Kiwa generally does not share data with others that collect and use personal data for their own (business) purposes. If needed to provide you with products and services by Kiwa of other Kiwa entities Kiwa may exchange data about you with entities within the Kiwa Group or third parties.
We may share your personal data with others who are related to our products and services. Personal data of a sensitive nature is generally not shared unless the strict exemptions of the law are followed or in case of emergency where your vital interests are best served by sharing relevant information.
Who can access your data?
Kiwa provides limitation of access for Kiwa internally, and we expect third parties to equally limit access to your personal data on a ‘need to know, right to know’ basis. That is, only those who actually actively need to process your data are allowed to do so. Right to know means we only entrust working with personal data to persons we can put trust in, and being entitled to access such data. We extend this towards our suppliers or third-parties we work with.
In the capacity of portal provider Kiwa offers an authentication service which consists of a process of verifying the identity of users. Users may authenticate themselves by using a username/password or (PIN) code. Personal data is processed at the authentication service. With regard to the purposes of the processing of personal data, we make a distinction between the situation the authentication service is part of Kiwa Connect and the situation the authentication is part of a local portal provided by a different entity within the Kiwa Group. See below for more information.
Kiwa is the portal provider of Kiwa Connect. This is a central portal. Kiwa processes personal data for the purpose of authentication and for providing portal services.
Portal providers of local portals are other entities within the Kiwa Group. In this case Kiwa only processes personal data for providing authentication services. In addition, the portal provider processes the personal data for authentication services and providing portal services. See the table for an overview of the information as listed above.
Kiwa + local Kiwa entity
Local Kiwa entity
Your rights as an individual
The General Data Protection Regulation (GDPR) provides you with a set of rights. These individual rights are stated in the GDPR and will be respected by Kiwa.
These rights include the right to be informed where personal data are collected, the right to access and the right to rectification of your data if and when it is inaccurate. Also, under specific circumstances mentioned in the GDPR, you may request erasure of your personal data or restrict the processing of it. Furthermore, you have the right to object to the processing of your personal data, or to being subject to automated decision making and profiling. Lastly, you have the right to data portability.
In addition to these rights, you have the right to lodge a complaint with the Data Protection Authority.
About this privacy statement
The version of this Kiwa privacy statement was created in May, 2022.
We will update this privacy statement if any changes apply. If there are any material changes to the statement or in how Kiwa will use your personal data, we will either notify you by prominently posting such changes on our website or by directly sending you a notification.
In the event of a conflict between this Kiwa privacy statement and the terms of any agreement(s) between a customer and Kiwa, the terms of those agreement(s) will control.
For certain Kiwa entities, a more specific privacy statement may be applicable and will be offered to you in case of personal data processing.