These are the Privacy Conditions applicable to the processing of personal data by Nederlands-Duitse Internet Exchange B.V. (hereinafter “NDIX” or “we”).
Personal data is any information about an identified or identifiable natural person. This includes, for example, the names and contact details of representatives of a customer (an existing or potential customer in the form of a company or government organisation), but also information such as IP addresses, which links a user of the website has clicked on, and how long a user has been on a particular page of the website.
The processing of personal data is subject to special legal requirements. When we process personal data of users or customers, we comply with the applicable laws and regulations, including the General Data Protection Regulation (hereinafter: ‘GDPR’).
In accordance with the obligations under the GDPR, we strive to maintain an adequate level of security when processing personal data that is sufficient, given the state of the art, to prevent unauthorised access to, modification, disclosure or loss of personal data.
NDIX processes personal data for different purposes, fulfilling different roles. These roles are listed in the GDPR, namely data controller and data processor. The controller is the one who determines the purpose and means of processing personal data. This is subject to a large number of legal obligations. The processor only processes personal data on behalf of another person. This is also subject to legal obligations, but these are fewer. The reason is that in the latter role, the use of personal data is largely determined by the controller.
Below we indicate for the different types of services which role NDIX fulfils, for which purposes personal data are used and how long personal data are kept.
In order to provide services and reach (future) customers, NDIX needs personal data. For the use of this personal data, NDIX is data controller within the meaning of the GDPR.
We process personal data of persons with whom we come into contact and to whom we provide services. We need this personal data to be able to deliver our services properly and to inform (future) customers. In doing so, we process information for the following purposes:
For the performance of the agreement:
To comply with a legal obligation:
Because we have a legitimate interest in doing so:
Based on consent:
In special circumstances, we make users or customers personal data available to third parties without consent, for example in the event of a lawful request by a mandated authority.
To the extent necessary, we also make personal data available without consent in the context of detecting or preventing damage or fraud as well as to ensure the security and continuity of our network and services.
In the performance of our work and marketing activities, we may engage third parties to provide services on behalf of NDIX. These parties will be bound by privacy terms set out in a processor agreement.
In order to achieve these purposes, NDIX requires, among other things, the following personal data:
We store these personal data in principle as long as reasonably necessary for the above-mentioned purposes and to comply with legal and tax retention obligations.
NDIX offers communication services whereby it enables customers to use equipment placed and managed by NDIX. These are, for example, the VLAN, WDM or Dark Fiber services. For the use of this personal data, NDIX is a processor within the meaning of the General Data Protection Regulation.
When NDIX acts as a communication provider, certain data are needed to establish and maintain the service. In doing so, NDIX processes personal data for the following purposes:
For the performance of the contract:
NDIX customers use this service for their own purposes. NDIX does not know what these purposes are and what data of customers are transported through its network. It is possible that this may include personal data. NDIX cannot name which categories of personal data this then concerns.
We store data, processed in connection with the provision of communication services, only for as long as is strictly necessary to achieve the purposes.
We place cookies when users use our websites. For more information on the processing of information collected by cookies, please see our cookie statement.
After requesting access to personal data, data may prove to be incorrect or incomplete. Incorrect or incomplete data can be corrected or completed by contacting NDIX in the ways listed below. The user or customer may also request NDIX to delete data. We will comply with a data erasure request if there is no legal obligation or other legitimate reasons that require us to retain the data.
Requests to exercise these rights may be registered at firstname.lastname@example.org or by mail to NDIX Nederland B.V. attn. the Marketing Department, Postbus 804, 7500 AV Enschede, with reference to ‘personal data’.
We take measures relating to the prevention of data leaks. These include digital and analogue security measures on our infrastructure, careful selection of processors, contractual agreements and continuous training of employees.
There are also procedures in place for the steps to be taken in the event of a data breach. This ensures that quick and effective action can be taken to minimise the damage. The highest priority after discovering a data breach is to ‘plug the leak’.
If we are a data controller and we are legally obliged to do so, we make a notification to the Personal Data Authority, unless the data breach is unlikely to pose a risk to data subjects. If we are a data controller and the data breach is likely to pose a high risk to data subjects’ privacy, we also notify data subjects. No notification needs to be made if:
In case we are processors, we will inform the client about the data breach so that the client can comply with legal obligations. In principle, we will inform the client via e-mail.
Should you have any questions about these privacy terms and conditions or NDIX’s processing of personal data, please contact us at email@example.com. We can also be reached by post: NDIX B.V., attn. the Marketing Department, Postbus 804, 7500 AV Enschede, quoting ‘personal data’. These contact details also apply to requests to exercise the rights of data subjects.
Visiting address: Zuiderval 64, 7543 EZ Enschede
Postal address: Postbus 804, 7500 AV Enschede
We reserve the right to change these Privacy Conditions. The current version of these Privacy Conditions is always easily accessible on the website. NDIX therefore advises you to regularly check this page for changes.
These Privacy Conditions were last amended on 15 November 2022.