Privacy Statement

CI-IT B.V., located at Ericssonstraat 2, 5121 ML Rijen, is responsible for the processing of personal data as outlined in this privacy statement.

Contact Information

• Website: www.ci-it.nl
• Address: Ericssonstraat 2, 5121 ML Rijen
• Email: info@ci-it.nl

Processing of Personal Data

CI-IT B.V. processes personal data of clients and data subjects because they utilize our investigative and advisory services, or because data has been obtained in the course of an investigation. We also collect limited analytical data when you visit our website.

Purpose and Legal Basis of Processing

We process personal data to:

• Execute investigative assignments;
• Advise clients on fraud, integrity, and cybersecurity;
• Contact you, send quotations and invoices, and process payments;
• Analyze non-identifiable data to improve our website;
• Comply with legal obligations, such as for tax administration purposes.

Processing is based on one or more of the following legal bases under the GDPR:

1. Consent of the data subject (Article 6(1)(a) GDPR), if required.
2. Necessity for the performance of a contract with the client (Article 6(1)(b)).
3. Compliance with a legal obligation (Article 6(1)(c)).
4. Legitimate interest of CI-IT B.V. or the client (Article 6(1)(f)), where the interests or rights of the data subject are balanced.

Retention Periods

• Investigative data: Minimum 1 year and maximum 3 years after completion of the investigation, unless the law prescribes a longer retention period.
• Financial records: 7 years, in accordance with fiscal retention obligations.
• Criminal records data: Destroyed immediately upon completion of the investigation, unless legal proceedings require otherwise.
• Correspondence and other communication: 1 year after completion of the investigation, unless part of ongoing proceedings.

Sharing of Personal Data

We only share personal data:

• With the client, to the extent relevant to the investigative question;
• With judicial authorities if we are legally required to do so;
• With external experts or specialists who perform specific tasks under confidentiality;
• With attorneys in the context of legal proceedings.

In all cases, data is only shared to the extent necessary and with appropriate security and confidentiality measures. We do not provide personal data to third parties without explicit consent, unless required by law.

Cookies and Website Analytics

CI-IT B.V. uses an analytics tool that does not place cookies. The tool collects anonymized data, such as:

• The country you are in (derived from your system settings);
• Which pages you visit and for how long;
• The type and version of your internet browser and device;
• The screen resolution and language settings of your device.

CI-IT B.V. does not use marketing cookies and does not apply fingerprinting. Your IP address is only encrypted and stored for a short time to generate statistics.

Security of Personal Data

We take appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or unlawful processing:

• SSL encryption during transmission;
• Strong passwords and two-factor authentication;
• Restricted access for authorized personnel only;
• Data breach notifications to the Dutch Data Protection Authority if required.

Your Rights

You have the right to:

• Access, rectification, erasure, or restriction of your data;
• Data portability;
• Object to processing.

Send requests to info@ci-it.nl. To verify your identity, we ask you to include a secure, redacted copy of your government-issued ID (please black out your photo, MRZ, document number, and national identification number/BSN). Response time: one month.

If you are not satisfied with the processing of your personal data, you can use our complaints procedure or contact the Dutch Data Protection Authority.

Changes

CI-IT B.V. reserves the right to amend this statement. The most recent version is available at www.ci-it.nl.