Privacy Statement

Redemp B.V. attaches great importance to the protection of your personal data. In this statement we explain which data we collect, why we do so, how we protect it and which rights you have.

This is an English translation provided for your convenience. The Dutch version of this privacy statement is legally binding.

Illustration of data protection and privacy

This statement applies to the use of our website, to contact with us as a (potential) customer or supplier, and to job applications.

For personal data that we process on behalf of our customers, for example data of their employees or clients, we act as a processor within the meaning of the GDPR. Those processing activities are laid down in a data processing agreement between Redemp and the relevant customer.

Last updated: 07-01-2026

Article 1: Who we are

Redemp B.V.
Deltazijde 16m, 1261 ZM Blaricum
Telephone: +31 85 104 52 82
E-mail: contact@redemp.nl
Chamber of Commerce: 67561829 · VAT: NL857077855B01

Redemp B.V. is the controller for the personal data described in this statement.

Article 2: Which personal data we process

Website visitors

When you visit our website, we automatically process:

  • IP address
  • Date and time of your visit
  • Pages visited
  • Type of browser, device and operating system
  • Referring website (if available)

We use this data to keep the website functioning properly, for security and to compile anonymised visitor statistics.

Contact persons at customers and prospects

When you contact us by telephone, e-mail, via our self-service portal or in another way, we process:

  • First and last name
  • Job title and organisation
  • E-mail address
  • Telephone number
  • Correspondence with us
  • Tickets, notifications and the history of contact moments in our service desk system
  • In the case of a quotation request via our website: company name, name, e-mail address, telephone number, any address and Chamber of Commerce number, and the quantities you have chosen. We use this data to draw up the quotation in our administration system (legal basis: pre-contractual phase)
  • In the case of an introductory request via our website: company name, name, e-mail address, telephone number and any message. We only process this data to contact you. It is sent to us by e-mail and is not stored on the website server (legal basis: your consent and the pre-contractual phase)
  • In the case of a data breach report via our website: your name, telephone number, optionally your organisation, e-mail address and a description of the incident. Because of the urgency, we send this report straight to us by e-mail and a WhatsApp notification so we can call you back with priority. The data is not stored on the website server (legal basis: legitimate interest in responding quickly to security incidents)

Article 3: Why we process personal data

  • Performance of the agreement with our customers: invoicing, communicating, resolving tickets, implementing services
  • Contact with prospects: answering questions, drawing up quotations, introductory meetings
  • Marketing and newsletters: only if you have explicitly given consent for this
  • Improvement of our services: analysing service desk tickets for quality improvement, of course anonymised
  • Security: detecting and handling misuse of our systems
  • Legal obligations: tax retention obligation for invoicing, GDPR obligations
  • Recruitment and selection: in the case of job applications

Article 4: Legal basis for the processing

We only process personal data if there is a legal basis for it:

  • Performance of an agreement: if you are a customer or supplier
  • Legitimate interest: for business operations, prospect contact, security and improving our services
  • Consent: for newsletters or marketing communications (revocable via the opt-out in every mailing)
  • Legal obligation: tax and administrative retention obligation

Article 5: How long we retain data

We do not retain personal data longer than necessary for the purposes for which we collected it. As a guideline we apply:

  • Customer data and correspondence: up to 7 years after termination of the agreement (tax retention obligation)
  • Prospect data: up to 2 years after the last contact moment, unless the prospect still becomes a customer
  • Website log files: a maximum of 12 months
  • Job application data: up to 4 weeks after completion of the application procedure, or up to 1 year with your consent

Article 6: With whom we share data

We only share your personal data with third parties if this is necessary for the provision of our services or if we are legally obliged to do so. Parties with whom we may share data:

  • Microsoft: for Microsoft 365 and Azure services
  • Hornetsecurity: for backup services
  • Moneybird: for quotations and invoicing
  • Printix (Tungsten Automation): for print management
  • Our ticketing and administration software suppliers
  • Our bookkeeper and accountant
  • Government: where there is a legal obligation to do so

We have concluded a data processing agreement with all processors that process personal data on our behalf.

Transfer outside the EU

Some of our suppliers (in particular Microsoft) are established outside the European Economic Area. The appropriate safeguards of the GDPR apply to this transfer, such as the EU standard contractual clauses.

Article 7: Security of personal data

We take appropriate technical and organisational measures to protect personal data against loss, unauthorised access, publication and unlawful processing. Our measures include, among others:

  • Multi-factor authentication on all internal accounts
  • Encryption of data at rest and in transit
  • Access policy based on the "least privilege" principle
  • Regular updates and security patches
  • Logging and monitoring of access
  • Awareness training for employees
  • An internal data breach policy

As a Microsoft licence supplier and IT service provider for the healthcare sector, we work as much as possible in accordance with the principles of NEN 7510 and ISO 27001.

Article 8: Cookies

Our website does not place any cookies. We do not use tracking or advertising cookies and no analytics that track your behaviour. The only thing we store is a functional preference in your own browser, for example that you have dismissed a notification. This functional storage falls under the statutory exception and does not require consent. You can always erase this storage via the settings of your browser. Because we do not place any cookies that require consent, we also deliberately do not display a cookie banner.

On our contact page you can load a Google Maps map. This map does not load automatically: only when you click "Load map" yourself is the map retrieved by Google and can Google process data such as your IP address. If you do not click, nothing happens and your visit remains entirely cookie-free.

Article 9: Your rights

Under the GDPR you have the following rights with regard to your personal data:

  • Right of access: you can request which data we hold about you
  • Right to rectification: you can have incorrect data corrected
  • Right to erasure: in certain cases you can request erasure of your data
  • Right to restriction: you can request that the processing be temporarily restricted
  • Right to data portability: you can request your data in a structured format
  • Right to object: you can object to processing based on legitimate interest
  • Right to withdraw consent: if you have given consent, you can always withdraw it

To exercise your rights, send an e-mail to contact@redemp.nl. We respond within 4 weeks. To be sure that the request has been made by you, we may ask for additional identification.

Article 10: Complaints

Do you have a complaint about how we handle your personal data? We would be glad to hear it: send an e-mail to contact@redemp.nl. We take every complaint seriously and try to resolve it together. If you are not satisfied with our response, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) via autoriteitpersoonsgegevens.nl.

Article 11: Reporting a data breach

Do you notice a data breach or a possible security incident with one of our systems? Report this as soon as possible: call +31 85 104 52 82 and clearly indicate that it concerns a data breach. We handle this as a matter of priority.

Are you a customer and do you work with your own privacy officer? Always report the data breach to them as well; they determine the steps towards the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

Article 12: Changes

We may change this privacy statement from time to time, for example due to amended legislation or new working methods. The most recent version is always on this page, with the date of the last change at the top.

Contact about privacy

Do you have questions about this privacy statement or about the processing of your personal data by Redemp?

Redemp B.V.
For the attention of: Management
Deltazijde 16m, 1261 ZM Blaricum
Telephone: +31 85 104 52 82 · E-mail: contact@redemp.nl