Privacy Statement — CI-IT Risk Intelligence

CI-IT B.V., registered at Ericssonstraat 2, 5121 ML Rijen, the Netherlands, is responsible for the processing of personal data as described in this privacy statement.

Contact details

Website: www.ci-it.nl
Address: Ericssonstraat 2, 5121 ML Rijen, the Netherlands
Email: info@ci-it.nl

Processing of personal data

CI-IT B.V. processes personal data of clients and subjects because they use our investigation and advisory services, or because the data was obtained in the context of an investigation. We also collect limited analytics data when you visit our website.

Purpose and legal basis for processing

We process personal data to:

carry out investigation assignments;
advise clients on fraud, integrity, and cybersecurity;
contact you, send quotes and invoices, and process payments;
analyze non-identifiable data to improve our website;
comply with legal obligations, for example for tax administration purposes.

Processing is based on one or more of the following legal grounds under the GDPR:

Consent of the data subject (Article 6(1)(a) GDPR), where required.
Necessity for the performance of a contract with the client (Article 6(1)(b)).
Compliance with a legal obligation (Article 6(1)(c)).
Legitimate interest of CI-IT B.V. or the client (Article 6(1)(f)), weighing the interests or rights of the data subject.

Retention periods

Investigation data: minimum 1 year and maximum 3 years after completion of the investigation, unless the law requires a longer retention period.
Financial records: 7 years, in accordance with the statutory retention obligation.
Criminal data: destroyed immediately upon completion of the investigation, unless a legal proceeding requires otherwise.
Correspondence and other communication: 1 year after completion of the investigation, unless part of an ongoing proceeding.

Sharing personal data

We share personal data exclusively:

with the client, to the extent relevant to the investigation question;
with judicial authorities if we are legally required to do so;
with external experts or specialists who perform specific tasks under a confidentiality obligation;
with attorneys in the context of legal proceedings.

In all cases, data is shared only to the extent necessary and with appropriate security and confidentiality measures. We do not provide personal data to third parties without explicit consent, unless a legal obligation requires this.

Cookies and website analytics

CI-IT B.V. collects anonymized website statistics. The tool collects, among other things:

the country you are in (derived from your system settings);
which pages you visit and for how long;
the type and version of your internet browser and device;
the screen resolution and language setting of your device.

CI-IT B.V. does not use marketing cookies and does not apply fingerprinting. Your IP address is only stored in encrypted form and for a short period to generate the statistics. See also our Cookie Policy for more information.

Security of personal data

We take appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or unlawful processing:

SSL encryption during transmission;
Strong passwords and two-factor authentication;
Restricted access for authorized employees;
Data breach notifications to the Dutch Data Protection Authority where required.

Your rights

You have the right to:

Access, rectification, erasure, or restriction of your data;
Data portability;
Object to processing.

Send requests to info@ci-it.nl. To verify your identity, we ask you to include a secure copy of an identity document (make your photo, MRZ, document number, and citizen service number illegible). Response time: four weeks.

If you are not satisfied with how we handle your personal data, you may use our complaints procedure or contact the Dutch Data Protection Authority.

Changes

CI-IT B.V. reserves the right to amend this statement. The most recent version is available at www.ci-it.nl.