Along with the Standard Clauses for Data Processing, this Data Pro Statement constitutes the data processing agreement for the product or service provided by the company that has drawn up this Data Pro Statement.

On this page you will find the current state of affairs with regard to visiting address, the sub-processors and security measures. Articles 1, 8, 12, 13 and 14 of the Data Pro Statement respectively. The full Data Pro Statement can be downloaded as a PDF via the links below.

• Dutch
• English

General

1. This Data Pro Statement was drawn up by:

Teqa Informatica B.V.
Reykjavikstraat 1
3543 KH Utrecht
The Netherlands

Hereafter refered to as ‘data processor’.

8. The data processor uses the following sub-processors:

• Leaseweb
  hosting of our databases, web servers and file storage: ISO 27001, PCI DSS en SSAE 16

i-Reserve can be linked with products from external parties such as Exact, King, Accountview, Cardgate, Mollie, Buckaroo, Google calendars and others. If i-Reserve is linked to products from such external parties, the Client is responsible for making agreements with these external parties regarding the processing of personal data.

Security Policy

12. The data processor has implemented the following security measures to protect its product or service:

• All data is processed within the EU / EEA
• Program code is owned and managed by processor
• Possibility of two-step verification for access to i-Reserve
• Minimum requirements for composition of passwords
• Secure HTTPS connection with SSL certificate
• Encryption of information
• Web Application Firewall (WAF)
• IP address whitelisting for management functions
• Slowdown and lockdown mechanics
• Scans and backups
• Ability to automatically anonymize personal data
• Hosting partner complies with ISO 9001, ISO 27001
• Data processor is affiliated with the Netherlands ICT, which also advises on GDPR
• Data processor employees are bound by a duty of confidentiality
• Data processor employees are trained on information security awareness
• Office of the data processor has an alarm system

A summary of the security measures may be found here: What does i-Reserve do towards security and privacy of (personal) data?

13. The data processor conforms to the principles of the following Information Security Management System (ISMS):

• ISO 27001

Data leak protocol

14. In the unfortunate event that something does go wrong, the data processor will follow the following data breach protocol to ensure that clients are notified of incidents:

• In the case of a data-related infringement, the data processor will inform the client within 48 hours. Data processor shall strive to do its best to ensure that the information provided is complete, correct and accurate.
• If laws and / or regulations require this, the data processor will cooperate in informing the relevant authorities and / or parties involved.
• The client (controller) assesses whether he will inform the supervisory authorities and / or data subjects or not.
• The duty to report in any case includes reporting the fact that there has been a leak and, in so far as the information is available:
  • what the (alleged) cause of the leak is;
  • contact details for the follow-up of the report;
  • approximately: the number of data subjects and categories of personal data;
  • what the (known and / or expected) consequence is;
  • what the (proposed) solution is;
  • what measures have already been taken.