Customer Privacy

Last updated on 4 March 2024

How we collect, store, and use the personal information you provided to us

This privacy policy explains how we collect, store, and use the personal information you provided to us. This policy is divided into three sections:

  1. Overview of the data we collect because you are our customer
  2. Overview of the data we collect from support cases
  3. What you may expect from us regarding your data

This privacy policy applies solely to the information we collect from our customers. It does not apply to any other products or services provided by us or any other party.

At NIPO we find the confidentiality and integrity of your data very important. That is why NIPO complies with the EU General Data Protection Regulation (GDPR) and is certified for the ISO 27001:2013 data security standard.

1. Data we collect because you are our customer

When and what personal information do we collect?

We collect your personal data when you complete and submit a contact form, when you send us an email or when you speak to us over the telephone. We collect and use personal data from you as part of maintaining and executing a contract with you.

In particular, NIPO will collect and hold details of your name, company email address, company address, telephone number (including mobile number), fax number, password, and/or any other personal information disclosed by you.

What do we do with your personal information?

The purpose of our collecting your personal data is to manage and improve the commercial relationship we have, to provide you with information that you need to optimally use our services or software products. Such information may include product offers, product launches, invites to seminars or to exhibitions or NIPO software workshops, newsletters, e-newsletters, articles, industry analysis as well as general responses to any other information which you may have requested. In addition, we may occasionally contact you (including by telephone) to notify you about new information or services which we think you may find interesting or valuable.

If you no longer wish to receive our newsletters, you may opt-out either by clicking the unsubscribe button in your customer account or by following the unsubscribe link located at the bottom of each email communication.

With whom do we share your information?

You can be assured that we will protect your privacy. We will not share your data with other parties, unless we use such a third party for the processing of your data, for the purposes specified in this policy. These third parties provide services on our behalf to help with our business activities.

These third parties may store, transfer, or process your personal data, but they are contractually bound to protect the information with security standards and practices that are equivalent to our own. Your personally identifiable information may be transferred if NIPO is involved in a merger, acquisition, or sale of all or a portion of its assets.

Where the personal information you provided to us is transferred across borders or outside the European Economic Area (EEA), we shall put safeguards in place to ensure that the transfer is secure, legitimate and in accordance with all EU data protection laws.

We reserve the right to disclose your personal data in the rare but possible circumstance that the information is subject to disclosure pursuant to judicial or other government subpoenas, warrants, orders or for similar legal or regulatory requirements.

2. Data we collect from support cases

What personal information do we collect?

As our customer, you can make use of our support desk. When you raise ticket per email or by contacting our helpdesk per telephone, you raise a support ticket. With this ticket, we store your contact details and all the information you provide, which might contain information that is considered personal information.

As part of your support, we may need to access your on-premise software. In such case, we will only access it after you have authorized us to do so. While providing support, we will not make copies of any of your files, unless there is a situation where we must make because it is necessary for the support activity. In such case, the copies will be destroyed immediately after we are done providing you with support.

What do we do with your personal information?

All the information you provide us will be logged into our CRM system. The initial and last communication in each ticket will also be available via the support website. We will retain this information for as long as necessary to provide support on the ticket but in any case, no more than 2 years.

With whom do we share your information?

A support ticket may be picked up by any of our support team members and may be handed over from one support team member to another, always observing the most accurate and up-to-date security standards. In cases where third line support is needed, the information you shared with us may be shared with the product management team or development team. In some cases, information may also be shared with your account executive. We will not share information you provide with any external party.

3. What you may expect from us regarding your data

Your data is up to date and accurate

We take all reasonable steps to keep personal information in our possession or control, which is used on an on-going basis, accurate, complete, current, and relevant, based on the most recent information made available to us by you.

We rely on you to help us keep your personal information accurate, complete, and current by answering our questions honestly and you are responsible for ensuring that we are notified of any changes to your personal data.

We store data no longer than necessary

Personal information will be retained only for such period as is appropriate for its intended and lawful use, in this case, we shall retain the data in accordance with our contractual commitment unless otherwise required to do so by law. Personal information that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.

As part of the Company Business Continuity plan and as required by ISO 27001:2013, and in certain circumstances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and the physical media destroyed to ensure the data is erased completely.

Your data is safe

Any personal data you provide to us will be treated with care and respect. Our ISO 27001:2013 certification guarantees you that we take appropriate technological and organizational measures to protect the personal information submitted to us, both during transmission and once we receive it. We follow generally accepted industry standards used to protect personal information.

All our employees are contractually obliged to follow our policies and procedures regarding confidentiality, security, and privacy.

You have rights

Under various data protection laws, you have the right to access, rectify or erase your personal information from our systems, unless we have legitimate interest reasons for continuing to process it.

Please notify us by email to if you:

  • do not want your personal data to be used in a manner described before (we will be grateful if you set your specific objections to any use);
  • want to see the personal data we hold about you;
  • want to change or delete inaccurate, incomplete, or irrelevant data;
  • want to contact our Data protection officer.

Our Data Protection Officer (DPO) is Gillie Abbots-Jones.

We will endeavour to respond to your access request within 30 days of receiving your request. This period may be extended, in which case we will explain why we cannot respond within the given timeframe. Also, we may decide not to honor your request for information, in which case we will also explain why.

Complaints & country specific disclosures

If you have any complaints about how we use your personal data and cannot be resolved with us directly, you have the right to lodge a complaint with a Data Protection Authority. This can be a data protection authority in your country of residence, however, the lead Data Protection Authority for us will be the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”) because our establishment is in the Netherlands. NIPO will work with the authorities and comply with their decisions.

Notification of material changes

We keep our privacy policy under regular review, and it may be amended from time to time. We will always have the most up-to-date policy on this web page. We will record when the policy was last revised. If there are changes in how we use your personal data, we will notify you of these changes by sending you an email.