Privacystatement

Dexes B.V.

Here you will find the privacy protocol of Dexes. This document explains how we handle your personal data that is collected by Dexes. It describes how we process both business data and personal data.

00. Introduction

In this privacy statement, you can read everything about the way your personal data is collected and how it is handled. We explain where your data is stored and for which purposes it is processed. This privacy statement is created in accordance with the guidelines of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You will also find all your rights regarding your data and how you can exercise those rights.

This privacy statement may be amended from time to time due to, for example, legislative changes. It is therefore advisable to consult this statement periodically.

01. Dexes

This is the privacy protocol of Dexes.

Personal data is shared with us when we register you and ensure that you can securely exchange data with authorized parties. This occurs when you create an account in one of our SaaS solutions. We process information such as your name, telephone number, or email address—data that can be linked to an identifiable individual.

We consider it important to handle personal data with care. Personal data is therefore processed and protected with the utmost diligence. We comply with all relevant privacy legislation.

02. Types of Personal Data

When contacting Dexes, certain data may be exchanged. This data may include personal data. Below is an overview of all personal data we may process. We do not always process all of this information—this depends on the type of relationship, the specific service, and the consent provided.

  • name
  • company information
  • email address
  • technical measurement data of devices such as IP address, operating system characteristics, and browser type
  • telephone number
  • other personal information submitted via email that we record to answer questions or handle complaints

03. Why Do We Store Personal Data?

We process the above data for one or more of the following purposes (depending on which services or functionalities are used):

  • to comply with legal obligations (e.g., tax requirements, regulatory oversight, or other prescribed rules)
  • to perform an agreement for the provision of our SaaS solutions
  • to handle notifications we receive, including questions, requests, feature wishes, bug reports, compliments, or complaints
  • to send newsletters with updates about our company, products, or services
  • to ensure proper functioning of our SaaS solutions
  • to improve and optimize the discoverability and usability of our SaaS solutions

Personal data is retained only as long as needed for the described purposes and is then securely deleted. We collect only the data necessary for our services. No automated decision-making or profiling based on personal data takes place.

04. Disclosure to Third Parties

When we provide personal data to a third party, we ensure—among other measures—that data is not used for purposes other than those agreed upon (typically through a data processing agreement). In our general terms and conditions, we include requirements related to the security and management of personal data. We also agree that data will be deleted once it is no longer needed.

We maintain a processing register that records what types of Personally Identifiable Information we hold from customers, suppliers, etc. It is important to note that we do not share personal data with other parties unless legally required or permitted.

05. Recipients

The data received and processed by Dexes is managed through:

Google Email
Dexes uses Google to host its email services. Any emails you send to us are stored on Google’s servers.

Google Drive
Files that may contain customer information are stored here in a secure, personnel-restricted environment.

Google Analytics
Dexes’ website and web applications collect data to improve the website. This occurs through Google Analytics. These data are anonymous and not linked to your personal information. Examples include visit duration or pages viewed.

Atlassian Confluence
This web-based document management system contains information from external personnel.

Atlassian Jira Development & Support
This workspace contains processing information related to customer issues (support tickets) and software code.

Git
Our codebase for the Gemeenschappelijke Data Catalogus is stored here.

Hosting and domain registration
Our websites and backups are hosted by various hosting providers. Any information you provide through these websites is securely stored on the servers of these providers.

Domain registration is handled by various domain registrars.

Below is an overview of the registrars and hosting providers per website and SaaS solution:

Website: www.dexes.nl
Domain registrar: Webreus
Hosting provider: Oxilion (NL)

Website: http://opengdc.nl
Domain registrar: Webreus
Hosting provider: GitHub

Website: https://dexes.eu/nl
Domain registrar: Webreus
Hosting provider: TransIP (NL-AMS)

Sites under Dexes.eu
Domain registrar: Webreus
Hosting provider: TransIP (NL-AMS)

Clearing and AR
Domain registrar: Webreus
Hosting provider: Digital Ocean (NL-AMS3)

Ishare and IDP
Domain registrar: DMI domain
Hosting provider: Digital Ocean (NL-AMS3)

06. Data Security

We take appropriate security measures to limit misuse and unauthorized access to personal data. We are currently in the process of obtaining ISO-27001 certification. We ensure that only necessary personnel have access to data, that access is restricted, and that our security measures are regularly reviewed.

No physical copies of your personal data are created. Your data is managed only within the systems and software mentioned earlier. All data managed by Dexes and third parties is accessible solely through these systems and is encrypted and protected with two-factor authentication whenever possible. This authentication generates a code through the software, which is required during login.

Devices accessing your data are protected with a password and/or fingerprint. The number of devices with access is limited to what is strictly necessary. Additionally, your connection to our websites and SaaS solutions is secured through SSL certificates to ensure privacy.

07. Privacy by Design

We attach great importance to the protection of your personal data. Privacy by design is therefore an essential part of our policy. This means that we consider and safeguard your privacy from the earliest stages of designing our systems and processes.

08. Cookies

Upon your first visit to Dexes, you can configure your cookie preferences. You may choose not to enable non-essential cookies. Dexes uses only (required) functional and (optional) analytical cookies.

A cookie is a small text file stored on your computer, tablet, or smartphone upon your first visit. You may disable cookies by configuring your browser settings, and stored cookies can be removed by deleting your browser history.

09. Access, Correction, Modification, or Deletion of Personal Data

Right of access
You have the right to request access to the personal data that Dexes has stored about you. You can submit your request via info@dexes.nl or by contacting Dexes by phone. You will receive an overview of the data we hold.

Right to rectification
If your data is incorrect or outdated, you may request correction. You can adjust your data via the link provided at the bottom of every email.

Right to data portability
If you need your data for a transfer to another provider, you may request that Dexes transfers all your data to that party.

Right to erasure
If you no longer want Dexes to retain your data, you may request deletion.

Right to lodge a complaint
You may lodge a complaint with the Dutch Data Protection Authority if you believe Dexes is not handling your data responsibly. Complaint form: https://autoriteitpersoonsgegevens.nl/nl/meldingsformulier-klachten

Right to object to processing
If you do not want Dexes to use your personal data, you may object. You can exercise these rights by sending an email to info@dexes.nl along with a redacted copy of your ID (photo, MRZ, ID number, and BSN blurred). We aim to respond within one week.

10. Obligations

Dexes processes personal data on the basis of legitimate interest, specifically a commercial interest. This means we can reasonably justify our processing activities, such as relationship management or providing services and products.

Your data will never be sold to third parties.

The required fields we request represent the minimum data needed to deliver our services. If you do not provide the necessary information, Dexes cannot offer the associated service.

Dexes reserves the right to disclose data when legally required or when necessary to comply with legal processes or protect the rights, property, or safety of Dexes. Where possible, we will always safeguard your privacy.

11. Data Breaches

We take the protection of your personal data very seriously and make every effort to prevent data breaches. If a data breach does occur, we act in accordance with legal obligations and our internal protocol.

We have implemented extensive technical and organizational measures to prevent data breaches, including:

  • advanced encryption of data
  • regular security updates and audits (aligned with ISO-27001 guidelines)
  • restricted access to authorized personnel only

In the event of a data breach:

  • The incident will be identified and analyzed as quickly as possible, following the procedures described in our ISO-27001 incident management process.
  • If the Incident Manager classifies the impact as Medium or High, the breach is reported to the Security Officer within 24 hours and escalated to the Dutch Data Protection Authority.
  • If the breach poses a high risk to your rights and freedoms, we will inform you immediately with clear information about what happened and steps you can take to protect yourself.

After the incident, we will take measures to limit further damage and prevent similar incidents in the future.

12. Evaluation and Updates to This Privacy Protocol

We strive to process your personal data in a safe and responsible manner. To ensure this, our privacy policy is regularly reviewed and updated as needed due to new legislation, technological developments, or changes to our services.

We recommend checking our privacy statement regularly to stay informed of any updates. If you have questions or concerns, you may contact us using the details below.

13. Contact Information

If you have questions about this privacy statement, feel free to contact us. We are happy to assist with questions or concerns about the processing of personal data. If we cannot resolve the issue together, you have the right to file a complaint with the Dutch Data Protection Authority.

Dexes B.V.
Vleutensevaart 100
3532 AD Utrecht
The Netherlands

+31 6 4637 4892
info@dexes.nl