CI-IT logo CI·ITRisk Intelligence
Schedule intake
Legal

Privacy Code of Conduct

The legally required code of conduct for private investigation agencies — established by the Dutch Minister of Justice and Security and published in the Government Gazette.

Legal requirement

All private investigation agencies holding a POB license are legally required to comply with the Privacy Code of Conduct for the Private Investigation Agency Sector. This code of conduct has been declared universally binding for all investigation agencies as defined in the Private Security Organizations and Investigation Agencies Act (Wpbr) by decision of the Dutch Minister of Justice and Security.

CI-IT holds POB license number 9012 and is fully bound by this code of conduct.

Official publication

The current code of conduct was published in the Dutch Government Gazette 2022, no. 5003 (February 18, 2022) and is valid from September 22, 2021 until at most September 22, 2026. It was established by:

  • Authority: Minister of Justice and Security, no. 3573121
  • Legal basis: Article 6, opening words and under (i), Private Security Organizations and Investigation Agencies Act
  • Sector: Private investigation agencies (POB)
The full text of the code of conduct is available via the official publication in the Dutch Government Gazette. The code contains guidelines on investigation methods, data processing, GDPR compliance, and the rights of investigated persons.

Core principles

The code of conduct requires private investigation agencies to comply with the following GDPR principles:

  • Lawfulness: data processing only takes place on a valid legal basis (Art. 5(1)(a) and Art. 6(1) GDPR).
  • Purpose limitation: data is collected only for specified, legitimate purposes and not further processed in an incompatible manner (Art. 5(1)(b) GDPR).
  • Data minimization: only data necessary for the investigation purpose is processed (Art. 5(1)(c) GDPR).
  • Accuracy: personal data is accurate and kept up to date where necessary (Art. 5(1)(d) GDPR).
  • Storage limitation: data is not retained longer than necessary (Art. 5(1)(e) GDPR).
  • Integrity and confidentiality: appropriate security of personal data (Art. 5(1)(f) GDPR).

Investigation methods

The code of conduct contains specific standards for the investigation methods that private investigation agencies may use.

Rights of investigated persons

The code of conduct also regulates the rights of investigated persons, including:

  • Notification: when and how the investigated person is informed of the investigation (implementation of Art. 13, 14, and Art. 23 GDPR in conjunction with Art. 41 UAVG).
  • Access and copies: the right to access data processed about them (Art. 15 GDPR).
  • Rectification and erasure: the right to correction or deletion of inaccurate data (Art. 16–18 GDPR).
  • Right to object: the right to object to processing (Art. 21 GDPR).

Disputes and supervision

For complaints about compliance with the code of conduct, you can contact:

For questions about the application of the code of conduct or our working methods, please contact us at info@ci-it.nl.