Privacy Policy - Hyarchis
Welcome to the team post (3)

Privacy Policy

published 2021-03-22


The content of this page was last modified on: September 19, 2023.

Hyarchis Personal Data Protection Policy

1. Introduction

VDD Iqware B.V., hereinafter referred to as Hyarchis, processes personal data of visitors and users of its website. We do that in order to provide visitors and users with the most effective and prompt service that we can.

By sharing the contents of our Privacy and Cookie Policy with you (please see below for details of the cookies that we use), we are endeavouring to be completely transparent with regard to the types of personal data that we process, the purposes for which we process personal data and the rights to which visitors and users of our website are entitled in relation to the personal data processed by us.

The processing of personal data by Hyarchis takes place in a manner that is fully compliant with the relevant requirements laid down in the General Data Protection Regulation (GDPR). Our Privacy and Cookie Policy may be amended if there are any statutory or other urgent reasons so to do. As such, it is therefore advisable to consult our Privacy and Cookie Policy on a periodic basis.

2. Who is Hyarchis?

Hyarchis is a software developer in the field of document management and data management based on artificial intelligence.

We develop and deliver our own software to companies in various industries. We also provide support on our software ourselves. Joint success is central to everything we do.

Hyarchis (registered at the Chamber of Commerce under number 17110231) is located at Daalakkersweg 2-108 (5641 JA) in Eindhoven. If you have any questions, comments or requests relating to our Privacy and Cookie Policy, please send us a message at any time at the following e-mail address: [email protected]. If you prefer contacting us by telephone, you can call us on the following telephone number: +31 (0)88 – 00 78 500.

3. What personal data are processed by Hyarchis?

In order to provide you with the most effective and prompt service as a visitor to or user of our website, we process the following categories of personal data. We do not process special or sensitive personal data.

How do we obtain personal data?

We obtain some information automatically when you visit our website. We collect this information via cookies, for instance. In this context, we also refer to our Cookie Statement. We obtain other information if you actively provide it to us. For example, if you are or become our client or if you sign up for newsletters or events.

We also obtain information from third parties, such as personal data from the Trade Register of the Chamber of Commerce, or personal data available on public professional websites. We also obtain information from professional social media sources like LinkedIn.

Categories of personal data

The personal data we process in relation to you are direct personal data and indirect personal data:

Direct personal data

  • Personal data provided by you
    • contact details and other personal data. These include details such as your first name, surname, sex, address, telephone number, email address, job title(s), company name, email adress and (details of) your identification documents (identification data);
    • contact details and other personal data filled in on contact forms or other web forms. The precise content of the data depends on the content of the contact forms and web forms;
    • contact details provided during initial meetings, events, seminars, etc. These may include details provided on business cards;
    • other personal data that are provided by you to us in any correspondence.

Indirect personal data

  • Personal data that give insight into the use of our website or other electronic means of communication. These could include data such as:
    • IP address (unique number identifying your device when you connect with the internet), which we use to measure your interest in our website;
    • Session ID, type of device (computer, tablet, smartphone, etc.), Internet browser and operating system;
    • details of your activities on our website, i.e. your browsing behaviour on the website, including data on your first visit, previous visit and current visit, the visited pages and how you navigate through the website and the kind of device you are using; and
    • the opening and reading of a newsletter or commercial email. This also includes clicking behaviour in the email or newsletter.
  • Personal data obtained from other sources:
    • personal data available on public professional social media platforms such as LinkedIn. These are names and contact details;
    • personal data obtained from the Trade Register of the Chamber of Commerce. This could include a Chamber of Commerce number and contact details; and
    • personal data available on public professional websites, such as company websites.

4. Lawful basis for processing

We process your personal data only when this is permitted on grounds of one of the legal bases cited in the General Data Protection Regulation (GDPR). We are guided by the following legal bases:

–   Consent:

We ask your consent for participation in a client satisfaction survey, marketing purposes which will be specified in detail when you give your consent and for the use of cookies on our website. Also, we request parental permission in the case of users who are less than 16 years of age (see below).

If we have requested and obtained your consent to process your personal data, you have the right to withdraw such consent at any time. You can do this by contacting us ([email protected]);

–    Statutory obligation;

–    Legitimate interest:

We may also process personal data if we have a legitimate interest and this does not breach your privacy disproportionately. We use your contact details to invite you to seminars and events, for instance.

We also have a legitimate interest if we use your personal data to contact you after you have approached us yourself.

We do not always need permission to contact you. If we obtain your email address as a result of providing services, we can offer you similar services via marketing. In that case, we have a legitimate interest in offering you these services.

Minors – parental permission

We have no intention whatsoever to collect personal data relating to visitors to or users of our website who are less than 16 years of age, unless they have obtained explicit permission from their parent(s) or guardian. In view of the fact that we are unable to verify whether a visitor is over 16 years of age, we would advise parents or guardians to be involved in their children’s online activities.

After all, involvement of that type is capable of preventing data about children being collected without the parents’ permission. If you are convinced that we have collected personal data relating to a minor without parental permission, please contact us via the following email address: [email protected]. Once we receive your request, we will delete the information we have collected.

5. Why does Hyarchis process the personal data listed above?

For Hyarchis, personal data are processed for one of three principles or aims. These are as follow:

  • to analyse how our website is used (in order to make it more user-friendly)
  • to be able contact you as a customer, potential customer or contact (in order to be able to provide our services)
  • to be able to provide you with information, as our customer, potential customer or contact (in order to keep you up to date with regard to our business activities, to changes to the products and services we provide or with regard to specific and relevant developments in our specialist area that are applicable to you; whether or not prompted by innovations, statutory obligations or similar)

6. For how long does Hyarchis retain personal data?

Generally speaking, we can state that Hyarchis will not store your personal data for any longer than is necessary in order to achieve the objectives for which the personal data were collected in the first place. Unless, that is, we are subject to a statutory or other urgent obligation. The personal data processed by us is subject to the retention periods listed below.

CategoryRetention period
Direct personal dataA maximum of 26 months
Indirect personal dataA maximum of 26 months

7. Sharing of personal data

Under no circumstances will Hyarchis sell your personal data to third parties. We will only provide them if that is necessary in connection with the performance of our agreement with you, or in order to fulfil a statutory obligation. In order to be able perform our agreement with you, Hyarchis may engage the services of organisations fulfilling the role of a service-provider.

We conclude processing agreements with those organisations processing your personal data on our behalf, in order to ensure that they are able to guarantee that your personal data receive at least the same level of security and confidentiality that is provided at Hyarchis. Organisations of that type must therefore not be regarded as “third-party recipients”, but as processing companies. For you, as a customer, potential customer or contact of Hyarchis, we remain responsible for the processing work carried out by our service-providers.

At the moment, your personal data is shared by us with the organisations listed below, due to the fact that we make use of the products and services those companies supply.

Our webhosting supplier

  • automatically receives data that you, as a visitor to or as a user of the Hyarchis website, leave behind on the webserver(s) in use, for example as a result of navigating through our website or by contacting us using web forms or by e-mail
  • data left behind on the webserver(s) are backed up on a periodic basis and those backups are also located on the webserver(s) in use,

Our supplier of analytics software

  • automatically receives data that you, as a visitor to or as a user of the Hyarchis website, leave behind on the webserver(s) in use, due to the fact that Hyarchis makes use of analytics software made available by the supplier
  • data left behind on the webserver(s) are backed up on a periodic basis and those backups are also located on the webserver(s) in use.

Marketing software supplier

  • automatically receives data that you, as a visitor or user of the Hyarchis website, leave behind on the web server(s) in use, for example by navigating through our website. Receive your name and email address if you have subscribed to our email newsletter.

Online marketing partner

  • receives data regarding your visit to our website and regarding your questions to Hyarchis.

Transfers personal data to third countries or international organisations

When your personal data are processed, your personal data may be shared with third parties. These parties may be located outside the European Economic Area (EEA). When applicable, we have taken appropriate (security) measures for sharing the personal data. In addition, we take into account the additional requirements that the GDPR sets for transfers outside the EEA.

We can transfer these data if we have your explicit consent or if this is necessary for performance of the contract.

8. Automated decision-making

Hyarchis does not make use of automated data processing to take any decisions on matters that may have (significant) consequences for data subjects as individuals. In this instance, this relates to decisions taken by computer programs or computer systems without human intervention (such as in the form of an Hyarchis employee) being required.

9. Viewing, amending or deleting personal data

As a customer, potential customer or contact of Hyarchis, you have the right to view, rectify or delete personal data about yourself. In addition, you are also entitled to withdraw any consent you may have given for the processing of your personal data by Hyarchis and to object to the processing of your personal data by Hyarchis. You also have a right of data portability.

Data portability means that you can submit a request to us, asking that the personal data we hold about you to be sent to yourself or to another party (an organisation designated by you). The transfer of data may take place by means of an .xlsx (Microsoft Excel) file in digital format.

You can send a request to view, correct, delete or transfer your personal data, a request to withdraw your consent, or an objection to the processing of your personal data to the following email address: [email protected].

In order to be certain that a request relating to personal data has actually been submitted by you, we request that you also send a copy of your proof of identity. When submitting a copy of your proof of identity, please ensure that on the copy itself, your passport photo, the MRZ (Machine Readable Zone – the strip with numbers at the bottom of your passport), your passport number and your Citizen Service Number (BSN) are covered over in black. We ask this in order to protect your privacy. We will then respond to your request as quickly as possible, within no more than four weeks.

We will do our utmost to respect your right to privacy. If you are of the opinion that we are not acting in accordance with the privacy legislation, it goes without saying that we would be grateful if you could inform us of that. In addition, we would like to point out that if desired, you are able to submit a complaint to the national supervisory authority (the Dutch DPA – Autoriteit Persoonsgegevens).

For more information on the rights you can exercise on the basis of the privacy regulations, please see the website of the Dutch DPA. See this webpage for an overview of your rights under the privacy regulations.

10. Links

The Hyarchis website includes various references to third-party websites. Hyarchis is not responsible for the manner in which personal data is processed by those third parties. If you wish to obtain more information about that, please consult the privacy policy of the organisation concerned.

11. Cookies (or comparable technologies) used by Hyarchis

12. How Hyarchis secures your personal data

Hyarchis takes protecting your personal data extremely seriously, which is why we take suitable measures to combat the misuse, loss or accidental disclosure of your personal data or any unauthorised access and unauthorised changes thereto. If you have the impression that we are not being effective in securing your data or you have observed signs of misuse, please contact us as a matter of urgency via the e-mail address: [email protected].

To give you an idea of what we do to secure your data, we have provided an overview below, detailing the measures that we take.

  • The Hyarchis webserver contains security software (including a firewall).
  • Data transfer with the Hyarchis webserver takes place via an internet connection that is secured in accordance with the TLS protocol (to verify this, check to see that the letters “https” are listed in the web address and look for the green padlock in your address bar).
  • We apply DKIM, SPF and DMARC (three internet standards) in order to prevent you receiving e-mails bearing our name that contain viruses, that can be regarded as spam or are intended to harvest personal (login) details.
  • DNSSEC is an additional security measure (supplementary to DNS) that is used by Hyarchis in order to convert a domain name to the associated IP address (during conversion, we add a digital signature that prevents you from being diverted to an incorrect IP address).

13. Applicable law

Any legal disputes arising as a result of this privacy statement will be submitted exclusively to the Dutch court under the applicability of Dutch law.

More interesting posts

Remediation : the cornerstone of a good KYC policy

Remediation is the last of the three major building blocks of a good KYC policy....

Read more
Welcome to the team post (3)
Monitoring: the heart of a good Customer Due Diligence policy

The Wwft requires financial institutions to subject customers to a periodic audit to monitor customer behavior and identify deviations. That doesn't sound nice. But you can also look at it...

Read more
Welcome to the team post (3)
Onboarding: the battle for the customer

Financial institutions have to adhere to a lot of rules. They have to check the identity of their customers, check whether they are not registered in sanctions lists, they have to check who...

Read more

Want to learn more? Subscribe to our monthly newsletter and stay one step ahead!

Contact information