Privacy

Raet uses several different methods to assure the privacy of your data and protect your personal details.

We process personal details in accordance with the applicable Dutch and European privacy legislation and guidelines. Our information security policy is based on the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens) and the European Data Protection Directive (95/46/EC).

The Dutch Personal Data Protection Act identifies Raet as a ‘processor’, since our service provision focuses on processing personal, payroll and related data. The Dutch Personal Data Protection Act imposes requirements on the form and content of agreements with customers and suppliers. Furthermore, this act also stipulates a number of independent obligations and restrictions that apply to Raet in its capacity as processor.

Based on the Dutch Personal Data Protection Act we ensure that:

  • we and our suppliers comply with the law.
  • any data recorded only relates to our service provision.
  • the data recorded has been obtained lawfully and is consistent with the purpose.
  • any provision of data to third parties results from the purpose of recording the data, is necessary in order to comply with statutory obligations or is done with the customer's approval.
  • there are sufficient guarantees as regards technical and organizational security.
  • data that is entrusted to us is kept secret.you, in your capacity as controller, i.e. the party responsible for processing, are able to comply with the obligation to report any data leaks.

The above aspects are part of our framework of standards and our information security policy, which implies that we are able to have them verified on the basis of ISAE3402 and ISO27001 standards.

Customer data

In order to be able to deliver the services agreed, Raet has customer data at its disposal. We do not use any customer data that can be traced back for other purposes, unless you give us explicit permission to do so. We have therefore imposed requirements on how customer data is handled at Raet. 

Testing

Rules and requirements governing handling customer data are laid down in the internal ‘Guideline on using customer data’. This guideline complies with the "Guidelines on personal data security" issued by the Dutch Data Protection Authority (College Bescherming Persoonsgegevens). We only use data of fictitious people to test information systems with personal data.

Returning customer data

When your contract with Raet is terminated, your data will be returned to you according to the contractually agreed procedure. We can make your data available in the form of a widely used data file and on a commonly used medium. Raet normally works with a ‘comma separated’ (.csv) file format on DVD.

Removing customer data

Our standard procedure is that we remove your data from our operational systems when your contract with Raet ends. For technical reasons, it is not possible to remove the data from any backups that have already been stored. However, we can include agreements in the contract about saving data for later retrieval, e.g. for the tax authorities.

MKB software

Obligation to report data leaks

The obligation to report data leaks as stipulated in the Dutch Personal Data Protection Act requires that any data leaks are reported to the Dutch Data Protection Authority. The “Guidelines on the obligation to report data leaks” issued by the Dutch Data Protection Authority provide further information about this. We will inform you, in your capacity as the controller, about relevant incidents in good time, correctly and in full, enabling you, the controller, to comply with the statutory requirements.

Data centers in the Netherlands

We use three locations where data is processed by software and stored:

  • Apeldoorn: production environment and storage location for customer data, development environment and test environment.
  • Aalsmeer: backup environment with replicated customer data and acceptance environment.
  • Lelystad: storage location for backups of encrypted customer data (off-site backup).

Youforce runs on several servers and has various hardware components. The 'Apps' and 'Options' are available to users online. The data is processed in a data center in Apeldoorn in the Netherlands. The systems are protected by means of 'hardening' as laid down in the ICT security guidelines of the Dutch National Cyber Security Center and in other documents. You can find more details about security under 'Security'.

All computer centers and data storage comply with strict Dutch and European legislation.

If an emergency occurs we can switch to our second location in Aalsmeer. In order to minimize the risks of environmental factors, we have deliberately opted for a location at a considerable distance from the town of Apeldoorn. We use replication to continually keep your data in this backup environment identical to the data in the production environment. We use some of the systems in the backup environment for acceptance testing. Of course, we do not use your data for this purpose and the production data is kept physically separate from the test data.

All computer centers and data storage comply with strict Dutch and European legislation on logical and physical access security and continuity.

Suppliers

We use services provided by KPN, one of the largest suppliers of data center services, for our computer centers. The systems and storage space we use are kept physically separate from the services KPN provides to other customers. KPN computer centers are extremely reliable and are certified for quality and information security. All the computer centers used are at least ISO9001 and ISO27001 certified. We test compliance with our requirements for suppliers in the production process every year and we report on this in our ISAE3402 type 2 report.

Viruses

Youforce is protected against misuse by malware and is protected by anti-virus software to prevent any connected users from being infected by viruses. 

We do not check for viruses in the data and any attachments recorded by users, since this data is not run as software programs and cannot therefore harm Youforce. We assume that, in order to protect your own data, you use virus detection and malware protection on your own systems.

Follow us

Can you keep our users happy by keeping our software fast and always available? Apply for our #DevOps #vacancy https://t.co/xZZErq6L7y