Privacy Conditions - NDIX


These are the Privacy Conditions applicable to the processing of personal data by Nederlands-Duitse Internet Exchange B.V. (hereinafter “NDIX” or “we”).

Personal data

Personal data is any information about an identified or identifiable natural person. This includes, for example, the names and contact details of representatives of a customer (an existing or potential customer in the form of a company or government organisation), but also information such as IP addresses, which links a user of the website has clicked on, and how long a user has been on a particular page of the website.

The processing of personal data is subject to special legal requirements. When we process personal data of users or customers, we comply with the applicable laws and regulations, including the General Data Protection Regulation (hereinafter: ‘GDPR’).

Security measures

In accordance with the obligations under the GDPR, we strive to maintain an adequate level of security when processing personal data that is sufficient, given the state of the art, to prevent unauthorised access to, modification, disclosure or loss of personal data.

Multiple purposes, different roles

NDIX processes personal data for different purposes, fulfilling different roles. These roles are listed in the GDPR, namely data controller and data processor. The controller is the one who determines the purpose and means of processing personal data. This is subject to a large number of legal obligations. The processor only processes personal data on behalf of another person. This is also subject to legal obligations, but these are fewer. The reason is that in the latter role, the use of personal data is largely determined by the controller.

Below we indicate for the different types of services which role NDIX fulfils, for which purposes personal data are used and how long personal data are kept.

Operations and marketing

In order to provide services and reach (future) customers, NDIX needs personal data. For the use of this personal data, NDIX is data controller within the meaning of the GDPR.

Purposes of processing

We process personal data of persons with whom we come into contact and to whom we provide services. We need this personal data to be able to deliver our services properly and to inform (future) customers. In doing so, we process information for the following purposes:

For the performance of the agreement:

  • To provide a service, including the customer’s needs and wishes to customise a service;

To comply with a legal obligation:

  • In the context of complying with laws and regulations, for handling disputes and having audits, including financial;

Because we have a legitimate interest in doing so:

  • the formation of the agreement;
  • performing market research and compiling management information for product and service development, as well as for determining strategy;
  • providing information, including, for example, sending a newsletter, user information, service message or other electronic message;
  • making a targeted offer, for example by e-mail or telephone;
  • analysing, maintaining, optimising and securing the use of a website, including the associated technology, partly to prevent abuse and fraud;
  • giving the customer the opportunity to share information on a website;
  • based on downloaded content, NDIX offers more relevant content to its customers and those interested in NDIX’s services via e-mail. These individuals may also be contacted by the sales department to inform them more extensively about NDIX’s services.

Based on consent:

  • sending a newsletter;
  • after accepting tracking cookies, NDIX uses techniques that prevent the website visitor from having to leave the same data repeatedly when downloading content. Based on the stored data, only additional information is requested.

Sharing and provision of personal data

In special circumstances, we make users or customers personal data available to third parties without consent, for example in the event of a lawful request by a mandated authority.

To the extent necessary, we also make personal data available without consent in the context of detecting or preventing damage or fraud as well as to ensure the security and continuity of our network and services.

In the performance of our work and marketing activities, we may engage third parties to provide services on behalf of NDIX. These parties will be bound by privacy terms set out in a processor agreement.

Personal data

In order to achieve these purposes, NDIX requires, among other things, the following personal data:

  • name and contact details of customer representatives. Contact data are mainly the business e-mail address and telephone number of the contact person;
  • information, which the customer representative shares in connection with the preparation or execution of a contract;
  • information, collected in connection with the use of the website, such as IP addresses and click behaviour.


We store these personal data in principle as long as reasonably necessary for the above-mentioned purposes and to comply with legal and tax retention obligations.

NDIX as communication provider

NDIX offers communication services whereby it enables customers to use equipment placed and managed by NDIX. These are, for example, the VLAN, WDM or Dark Fiber services. For the use of this personal data, NDIX is a processor within the meaning of the General Data Protection Regulation.

Purposes of processing

When NDIX acts as a communication provider, certain data are needed to establish and maintain the service. In doing so, NDIX processes personal data for the following purposes:

For the performance of the contract:

  • the establishment of the communication;
  • the management of the infrastructure, including possible adjustments;
  • the execution of necessary repairs;
  • applying security measures, both digital and analogue.

Personal data

NDIX customers use this service for their own purposes. NDIX does not know what these purposes are and what data of customers are transported through its network. It is possible that this may include personal data. NDIX cannot name which categories of personal data this then concerns.


We store data, processed in connection with the provision of communication services, only for as long as is strictly necessary to achieve the purposes.


We place cookies when users use our websites. For more information on the processing of information collected by cookies, please see our cookie statement.

Rights of data subjects

After requesting access to personal data, data may prove to be incorrect or incomplete. Incorrect or incomplete data can be corrected or completed by contacting NDIX in the ways listed below. The user or customer may also request NDIX to delete data. We will comply with a data erasure request if there is no legal obligation or other legitimate reasons that require us to retain the data.

Requests to exercise these rights may be registered at or by mail to NDIX Nederland B.V. attn. the Marketing Department, Postbus 804, 7500 AV Enschede, with reference to ‘personal data’.

Data breach protocol

We take measures relating to the prevention of data leaks. These include digital and analogue security measures on our infrastructure, careful selection of processors, contractual agreements and continuous training of employees.

There are also procedures in place for the steps to be taken in the event of a data breach. This ensures that quick and effective action can be taken to minimise the damage. The highest priority after discovering a data breach is to ‘plug the leak’.

If we are a data controller and we are legally obliged to do so, we make a notification to the Personal Data Authority, unless the data breach is unlikely to pose a risk to data subjects. If we are a data controller and the data breach is likely to pose a high risk to data subjects’ privacy, we also notify data subjects. No notification needs to be made if:

  • the personal data have been rendered unintelligible to unauthorised persons, for example because encryption has been applied;
  • NDIX has taken protective measures that mean that the high risk of the data breach is unlikely to recur;
  • reporting to the data subjects requires disproportionate efforts. In this case, NDIX will make a public announcement or similar effective notification of the data breach.

In case we are processors, we will inform the client about the data breach so that the client can comply with legal obligations. In principle, we will inform the client via e-mail.


Should you have any questions about these privacy terms and conditions or NDIX’s processing of personal data, please contact us at We can also be reached by post: NDIX B.V., attn. the Marketing Department, Postbus 804, 7500 AV Enschede, quoting ‘personal data’. These contact details also apply to requests to exercise the rights of data subjects.


Visiting address: Zuiderval 64, 7543 EZ Enschede
Postal address: Postbus 804, 7500 AV Enschede



We reserve the right to change these Privacy Conditions. The current version of these Privacy Conditions is always easily accessible on the website. NDIX therefore advises you to regularly check this page for changes.


These Privacy Conditions were last amended on 15 November 2022.