Home
Domains
Privacy
Information Security
Awareness
Compliance audit
Customer Stories
Inspire
Blogs
Whitepaper
About us
About Audittrailgroup
Partners
FAQ
NL
Contact
Home
Domains
Privacy
Information Security
Awareness
Compliance audit
Customer Stories
Inspire
Blogs
Whitepaper
About us
About Audittrailgroup
Partners
FAQ
NL
Contact

Privacy Statement

Audittrail Professionals B.V. (hereafter Audittrail) audits and advises in the fields of information security, privacy, GRC and quality. It goes without saying that we take privacy very seriously. Yet we cannot avoid processing some personal data, such as names, email addresses and phone numbers, which may include yours.

We obtain personal data when, for example, you fill out the form to receive our newsletter, when you request a quotation or send us a message, or call us. In addition, we naturally have (business) contact data of our customers (or employees of customers), if they are relevant to our work. Also, when you visit our website, you provide us with personal data via cookies.

We apply the following principles with respect to privacy:

  • we treat your privacy as we treat our own;
  • we treat your personal information with care. This means, among other things, that we will not use or share your personal data beyond what is strictly necessary and will also treat all personal data internally as confidential;
  • we take all reasonable precautions to secure your personal data and ensure that our suppliers do the same;
  • we strictly adhere to the General Data Protection Regulation (AVG) and other laws and regulations governing the processing of personal data.

In this privacy statement you can read how we handle your personal data. We reserve the right to change this privacy statement. To stay informed about the way we handle your personal data, we advise you to read this statement from time to time. You will be actively informed of major changes. This privacy statement was last amended on 22 May 2025.

If you have any questions or comments in response to this privacy statement, please contact our privacy officer at .mail@audittrail.nl


Audittrail
Sisalbaan 5a
2352 AZ Leiderdorp
P.O. Box 263

On what bases does Audittrail process data?


We will only process your data to the extent permitted by law. This means that we will identify a basis for each processing operation. The bases we use are:

  • the agreement: all data necessary for coming to or being able to perform an agreement with us;
  • legal obligation: data that we are obliged to pass on to, for example, the Tax Office, police and other government agencies;
  • legitimate interest: data we need for internal management, representation of our interests and security, balancing the weight of Audittrail's interest against the invasion of your privacy;
  • vital importance: in the (hopefully very rare) case of life-threatening or emergency situations;

and if we have none of the above bases, we ask your:

  • unambiguous consent: it may be revoked at any time.


Why does Audittrail collect my personal data?

Audittrail uses your personal data, to the extent we need it, for the following purposes:

  • Entering into contracts with customers and partners and providing services and/or products;
  • making payments and collecting invoices (including assigning claims, if necessary);
  • marketing activities, relationship management and product development;
  • internal operations.

What personal data does Audittrail use from me?


From our contacts at clients and suppliers, we collect the following personal data:

  • name;
  • sex;
  • phone number;
  • email address;
  • function;
  • Information you voluntarily provide to us, such as in a survey or in a contact form;
  • information you voluntarily provide to us by accepting cookies on our website (see further "What about Audittrail's website" and our "Cookie Statement.").


What about Audittrail's newsletter?

We send our newsletter through ActiveCampaign, an American party. You receive the newsletter only if you have signed up for it. Newsletters contain trackers, including ours. This allows us to see who opened the newsletter and who clicked on which link when. We use this information to make our newsletter and articles even better.

Would you like to receive our monthly newsletter? Sign up here.

What about Audittrail's website?

Audittrail collects and uses your personal information on its website primarily to provide its (web) services to you and to communicate with you. In addition, your information is used for research and analysis purposes in order to improve our services and our website.

To that end, Audittrail processes the following data from you on its website:

  • When you sign up for our newsletter:
    • Name;
    • email address;
  • sector.
  • If you want to become our client (and who doesn't?) and fill out our contact form:
    • name;
    • email address;
    • phone number (optional).
  • Information about your visit to the website:
  • we use this information to improve your visitor experience, as well as for Marketing Automation. Want to know more about this? Then read what cookies we use on our website here.

How does your data processing with processors and third parties fare?

Audittrail uses several processors; these are suppliers to whom we have outsourced our data processing. We enter into processor agreements with all of our processors to ensure privacy protection. If you have any questions about these or other processors, please contact our privacy officer at mail@audittrail.nl.

Below is an overview of our main processors:

  • ActiveCampaign
  • Pro Contact
  • Exact online
  • Team Leader
  • Microsoft 365
  • Phishingtest.co.uk
  • Wind Right
  • Atlassian

Audittrail only provides your data to third parties who are necessarily involved in the outsourced activities. This could be a specialized auditor or IT specialist. Audittrail has taken the required contractual and organizational measures to ensure that your data is only used by the third party for the above purposes.

Audittrail is, according to the relevant law, in some cases obliged to provide personal data to third parties. An example of a situation is the provision of data to competent authorities as part of a criminal investigation.

In cases other than those described above, we will always seek your permission first.

Use of Atlassian (PRISM).

For our PRISM service, we use Atlassian's JIRA, a project and issue management platform. In this system, we process project data and contact information.

All personal data we process through Atlassian is stored and processed within the European Economic Area (EEA), with the exception of login accounts and product analysis data. All content data such as questions, comments, attachments, search data and comments sent via PRISM remain in the EEA. This is contractually defined in our agreement with Atlassian, so data transfers to countries outside the EEA, such as the United States, do not occur. Additional terms and conditions (SCCs) apply to account and product analysis data. You can read Atlassian's privacy policy here.

Within Atlassian, cookies and similar technologies are used for functional purposes, such as session management and user preferences. These cookies are essential for the operation of the platform and do not collect personal data for marketing purposes. You have the option to adjust your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of Atlassian. For more information about these cookies, please refer to Atlassian'cookie statements.

How does Audittrail secure data?

As you would expect from us, the security of your personal data has great attention at Audittrail. Your data stored with us is therefore protected by us using technical and organizational measures to effectively prevent loss or misuse by third parties.

Our employees who process this personal data are obliged to keep your data confidential. Furthermore, only those employees who actually need access to your personal data for the purpose of their work are granted access. Technical security measures for the protection of your data are regularly checked and, if necessary, adapted to the latest technology. These principles also apply to organizations that process and use data on our behalf and according to our instructions.

Within what time periods does Audittrail retain data?

Audittrail does not retain your data for longer than permitted by law and necessary for the fulfillment of the purposes for which the data was processed. How long certain data are kept depends on the type of personal data and the purposes for which they are processed.

Once the deadlines have passed, your personal data will be securely deleted and destroyed by us. We believe it is important that even the destruction of data is done with care.

What are my rights as a data subject?

As a data subject, you have rights regarding your own personal data. These include the following rights:


Right to information

You have the right to receive information in clear language about how and why data is processed. This applies both in the event that personal data is collected from yourself and when it is done through others.


Right to inspect and copy

You have the right to request your own personal data known to us, to ask for what purposes that data is used and with whom that personal data is shared. You also have the right to receive a copy thereof. If personal data of a third party is included in the file you wish to inspect, this personal data will be protected.


Right to correct and supplement

You have the right to have data corrected or completed if the data is incorrect or incomplete.


Right to data erasure

You have the right to request Audittrail to delete data about you (data erasure). This request must be granted in the following cases, among others:

  • the personal data are no longer needed for the purposes for which they were collected;
  • the personal data were processed unlawfully;
  • you withdraw your consent (if the processing is based on it).


Right of limitation

You have the right to request that the processing of your personal data be (temporarily) restricted (stop the use of the data), if any of the following applies:

  • you dispute the accuracy of the personal data; processing is restricted for the period of time we need to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request instead that its use be restricted;
  • we no longer need the personal data for processing purposes, but you need it for the establishment, exercise or support of a legal claim;
  • you have objected to the processing and are awaiting an answer as to whether Audittrail's legitimate grounds outweigh yours.


Right to data portability

You have the right to data portability, also known as data portability. That is, you have the right to obtain your personal data, which you have provided to Audittrail, in a structured and common digital file. In addition, you have the right to transfer that personal data to another organization, without being hindered by us.


Right to object

The right to object is also known as the right to oppose. You can ask us to stop using your personal data in the case of:

  • direct marketing;
  • If you object to processing because of a specific personal situation.


You may submit your request regarding the above rights in writing to the Privacy Officer at mail@audittrail.nl. We will process your request within one month (at the latest).

Edit page Dashboard Settings Website Design Page cached on Sat. 5 Jul 21:27
Renew cache