Privacy policy

At the Dutch Accreditation Council (NCI B.V.), personal data and other data are processed in accordance with the applicable legislation. We process personal data in audit reports, via our website and in our DMS system. This Privacy Statement explains show how we record your personal data.

The Dutch Accreditation Council (NCI B.V.) is an independent certifying body of various management systems. Personal data is only collected for certification according to the relevant standard(s). Examples include the submission of diplomas, names of interviewees and (business) contact details of you as a contact person. NCI B.V. handles this personal data with due care. We have the appropriate technical and organisational measures in place to properly secure the necessary processes.

We think it is important that you are aware of at least the following:

We are transparent and sincere about the data we collect from you and why we do this.
The manner in which we handle your data and keep it safe is entirely in accordance with European law.
We respect that your data belongs to you. You can, therefore, tell us when you want to withdraw your permission for having your data processed by us unless the standard for which you are audited requires that this data must retained.
We only exchange your data with a third party if this is necessary. For example, with your advisor or an external auditor who has a contract with NCI and who will be conducting your audit.
We retain records containing personal data in our secure system for a period of 6 years.

Request for an offer

You can request an offer from us via our website, by telephone and/or by e-mail. The personal data that we need for this includes your name, (business) e-mail address, telephone number and job title. After receipt of the offer form, your data is stored in our secure DMS system. The offer you requested will be sent to your (business) e-mail address within a few days. If an advisor is known, we will cc his/her e-mail address. We will retain your data in our DMS system until you withdraw your permission.

Audit/ rapports
When we carry out an on-site audit according to the relevant standard(s), which you consented to by signing the offer, we need to process some personal data in the report on account of the requirements stipulated by the standard. Personal data that we need for this includes employee diplomas and qualifications that have been obtained and the names of interviewed employees. These data is recorded in the report(s). The report(s) is (are) stored in our secure DMS system. After completion, we will send the report to you by e-mail and if known, to your advisor. The reports will be destroyed after six years.

You can contact us for questions and/or comments via our website. On the contact form, we ask you to enter your name and (business) e-mail address in order to deal with your question as quickly as possible. If necessary, your contact details will be stored in our DMS system, where they will be stored until you withdraw your permission.


NCI B.V. uses functional cookies and analytical cookies on its website at Functional cookies are necessary in order for the NCI B.V. website to function properly. These cookies are stored automatically and ensure that you remain logged in during your visit to our website. Analytical cookies are closely related to the functional cookies. Analytical cookies measure visits to our website. Analytical cookies map out your behaviour on our website and also show how you ended up on our website. This allows us to measure the performance of our website and optimise it where necessary, in order to make the website as user-friendly as possible.

You can subscribe to our newsletter via the website. Existing or potential customers are added to our mailing list automatically. Your personal details are used by NCI B.V. to inform you of our services and of recent developments within the certification industry. We only store your name and (business) e-mail address for the newsletter. This personal data is stored until you unsubscribe. The option to unsubscribe is given at the bottom of each newsletter.

Social media
NCI B.V. uses social media to keep you informed of our services and of the latest developments. You can follow us on Facebook and LinkedIn. NCI B.V. does not attach any conditions to the use of social media. You need to agree with the conditions of the social media platform.
We will save your message and account name if you ask us a question via social media. This allows us to respond to your message.
Wij bewaren uw bericht en accountnaam als u via social media een vraag aan ons stelt. Hierdoor kunnen wij op uw bericht reageren.

Application procedure

If you apply for a position at NCI B.V., we ask you to share information with us, including your name and address details, gender, date of birth, e-mail address, telephone number, motivation letter and curriculum vitae (CV). This personal data will be stored until after the application procedure has been completed unless we have requested your explicit permission to retain this data for longer.

NCI processes the following business or personal data:

Full name of contact person
Job title of contact person
E-mail address of contact person
Full names of employees with diplomas and qualifications
Full names of employees who are interviewed during the audit

We use your business or personal data to::

Carry out the requested audit
Contact you about the audit
Send out newsletters/information regarding certification

By law, every data subject can exercise certain rights with regard to his or her personal data. For example, you have the right to inspect, rectify and delete personal data relating to you. Do you want to know what data of you we have stored exactly? You can at all times request this information by calling +31 (0)181-481949 or alternatively, by sending an e-mail to

How long do we retain your personal data for?
We only retain personal data for as long as this is necessary for the purposes as set out in this Privacy Statement. This means that we will in any case process personal data as long as you have an agreement with us. With a view to the certification process, we keep records, certificates and other company data for a period of six years. After this period, this data will be destroyed in an appropriate manner.

Who has access to your data?
In order to at all times assist you during the audit process, all internal colleagues of NCI B.V. have access to the data in the DMS system. This ensures that we can work well together and always provide you with an appropriate response. This in its turn ensures that we switch quickly and that all NCI B.V. colleagues can help you! Our auditors can only access your data when we give permission for this via the system. Our auditors only receive permission when they will actually carry out the audit at your company. All colleagues of NCI B.V. and its hired auditors sign a non-disclosure agreement guaranteeing that your information is processed correctly and is not shared with third parties. You can request this from us at all times.

We have taken technical and organisational security measures to protect the personal data we process against loss or unlawful use. This way, we secure our systems and applications according to the applicable information security standards. We work together with an IT service provider in this respect. They provide 24/7 monitoring of a secure platform combined with up-to-date protection. In the unlikely event of a data breach, we will notify the Dutch Data Protection Authority thereof before informing the data subjects of the facts and circumstances of the incident. We have also made agreements with our service providers and imposed the obligation on them of taking adequate security measures.

Justified interest
We are permitted to process personal data because we have a legitimate interest in doing so, or because our organisation has a legal obligation to provide your personal data. This, for example, is the case when a standard prescribes us to check personal data during the audit and to process this in a report.

Is your personal data processed outside the EEA?
No, your personal data is processed within the European Economic Area (EEA). We use servers located in the Netherlands.

If you have a complaint about how we handle your personal data, you can contact us by telephone by calling +31 (0)181-481949 or alternatively, by sending an e-mail to We will be happy to help you find a solution. If the issue remains unresolved, you can always contact the Dutch Data Protection Authority.

Developments are fast and, therefore, the personal data requested and processed by us sometimes changes accordingly. The standards and/or regulations may also be subject to change. We, therefore, amend our Privacy Statement from time to time and recommend that you check this on a regular basis.