Privacy statement

Medical certificate, with a goal of judging the applier fit or not fit Kiwa Register aims to create trust, which is why your privacy is important to us. In this privacy statement, we will explain what kind of personal data we collect, how we collect it and what we use it for.

Kiwa Register offers a wide range of products and services, to all of which this statement applies. This statement is regularly reviewed and updated as our products and services may evolve.

Kiwa Register invests in securing your privacy by enhancing knowledge, professionalism and ethics among its employees and contractors, and takes steps to ensure adequate protection for your personal data. Further in this Privacy Statement will be discussed how you can execute your rights as an individual.

Who are we?

Kiwa Register issues about 100.000 permits and licenses yearly to persons and businesses in aviation, navigation, inland navigation and passenger- and goods transportation. Kiwa Register is part of Kiwa N.V., internationally active in testing, inspection and certification (TIC).

What personal data do we collect?

Kiwa Register collects personal data to enable us to provide you with our products and services. Personal data collected vary with the nature of the product or service we provide or may provide you with. Sensitive information is only processed when explicitly required and within the constraints of the law.

Below you will find a list of personal data that we process:
  • First- and last name;
  • Gender;
  • Date of birth;
  • Birthplace;
  • Address information;
  • Phone number;
  • E-mail address;
  • Other personal data that you actively provide by, for example, creating a profile on our website and in correspondence by e-mail or telephone;
  • Bank account number;
  • Social security number.
Kiwa Register processes the following sensitive personal data:
  • Certificate of conduct, with specific screening profiles 65 or 70;
  • Credit score (Kiwa Register may need to do a credit check with business-related certificates. The credit information could be reduced to personal data);
  • Information from the Dutch Person Registration (BRP);
Occasionally, personal data may be collected as you visit and navigate our website. This data includes information about: locations, IP-addresses, activity on our website, or activity on other websites (for example if these includes an ad network). For further information about the data that is collected during a visit to the Kiwa Register website can be found in the cookie policy.
 
What do we use personal data for?
Kiwa Register has a policy of only collecting personal data that is necessary for processing. We will process your personal data only with your consent or in cases of necessity, such as the execution of a contract, legal obligations, carrying out a task in the public interest or for our own legitimate interests. Below you will find a list of the reasons that Kiwa Register has to process personal data and which legal basis is connected to it. You can find further information about the legal basis on Data Protection Authority.

We need your personal data for one or more of the following purposes:
  • assessment and acceptance of a customer, supplier or business partner;
    • Legal obligation
  • development and improvement of products and/or services;
    • Our own legitimate interests
  • conclusion and execution of agreements with customers, supplier and business partner;
    • Execution of a contract
  • providing information about changes in our services or products;
    • Our own legitimate interests
  • business process execution, internal management and management reporting;
    • Our own legitimate interests
  • health, safety, security and integrity;
    • Vital importance
  • compliance with law;
    • Legal obligations
  • the protection of the vital interests of individuals;
    • Vital importance
If and when the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time.

Where is your personal data stored?

Kiwa Register uses two main way of processing personal data: the datacenter of Kiwa Register and applications (cloud) of especially selected third parties for specific products and services. Kiwa Register operates under a strict security policy as required by the NCSC. We also strictly follow a framework of standards of ETSI 319-401, 319-411-1, 319-411-2 and NETSEC to ensure proper security of your personal data. When we use an application of a third party, we choose to work with industry leaders – or other parties who comply with EU law and who have extensive security and privacy measures in place.

How long is your personal data stored?

Kiwa Register does not store your personal data for a longer period than necessary to reach the goals that the data was stored for. The storage period of your personal data depends on the type of process for which it is needed. For many of our products and services, your personal data are part of a continuous process, which is why your personal data will be stored until that process terminates. Concerning permits and licenses, Kiwa Register legally obligated to store personal data related to these documents during the complete validity of them.

With whom do we share personal data?

It may be necessary that third parties receive your personal data, in order for Kiwa Register to be able to provide services and products. We can share personal data with parties that are affiliated with our services and products. Sensitive personal data will not be shares with anyone, unless there are specific legal exemptions or emergencies that need specific personal data to be resolved. Also, personal data will not be shared with countries outside the EU or EER, unless there are specific legal exemptions, or if the specific country has an appropriate security level of personal data.

Further information about shared personal data and the specific domains can be found in the following documents:

Who can access your data?

Kiwa Register strictly limits accessibility to personal data to only the staff members that need access to perform their tasks, like issuing licenses. Thereby, access is regulated through the principle of ‘least privilege’. Which means that only those who actively process personal data, are allowed to access them. ‘least privilege’ means that only those people that have been explicitly authorized to process personal data, are those that we grant access to the data. The access is also reduced to a minimum, which also counts for suppliers or third parties that work with Kiwa Register. All employees, of Kiwa Register and third parties, sign a nondisclosure agreement on top of that. Also, Kiwa Register wields processor agreements with third party processors.

Your rights as an individual

The General Data Protection Regulation (GDPR) provides you with a set of rights. These individual rights are stated in the GDPR and are respected by Kiwa Register.

These rights include the right to be informed where personal data are collected, the right to access and the right to rectification of your data if and when it is inaccurate. Also, under specific circumstances mentioned in the GDPR, you may request erasure of your personal data or restrict the processing of it. Furthermore, you have the right to object to the processing of your personal data, or to being subject to automated decision making and profiling. Lastly, you have the right to data portability. Further information on your rights as an individual can be found on Data Protection Authority.

One or more of the above mentioned requests can be submitted through e-mail, post or the complaint form. Kiwa Register’s e-mail address and post address can be found at the contact page (in Dutch). In such a request you should clearly mention which request you wish to submit and which personal data is involved. Kiwa Register also offers the opportunity to object every official decision. After such a decision, we will send you a document in which this opportunity is explained. Finally, you can lodge a complaint with Kiwa Register. Information about filing a complaint can be found here: the complaints procedure (in Dutch).

In addition to these rights, you have the right to lodge a complaint with the Data Protection Authority.

About this privacy statement

The version of this Kiwa Register Privacy Statement was created in April 2020.

We will update this privacy statement if any changes apply. If there are any material changes to the statement or in how Kiwa Register will use your personal data, we will either notify you by prominently posting such changes on our website or by directly sending you a notification.

In the event of a conflict between this Kiwa Register privacy statement and the terms of any agreement(s) between a customer and Kiwa Register, the terms of those agreement(s) will control.

Questions about your privacy at Kiwa Register?

If you still have any questions regarding our privacy policy, you can contact our Privacy Officer, Ms L. Stoffer, e-mail: register.security@kiwa.nl.