Realtime Register B.V. is committed to operating its business in compliance with the requirements of the EU GDPR by preserving the confidentiality and integrity of all the information it holds and processes.
Although the Legislation places most of the obligations upon the Data Controller, it is the responsibility of all Realtime Register employees to apply the provisions of the EU GDPR in relation to all Processing of Personal Data and handling of Confidential Information, whether Realtime Register is acting as Data Controller or Data Processor (or both).
All employees of Realtime Register and, where applicable, external hired employees receive suitable and regular training regarding the information security policy and the information security procedures of the organization, to the extent, it is relevant for their function. Within the training, explicit attention is focused on dealing with (special categories of or otherwise sensitive) personal data.
Employees have been screened, and if required due to their position at Realtime Register are in possession of a certificate of good conduct (VOG).
The EU GDPR requires Realtime Register to take appropriate technical and organizational measures to safeguard Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Realtime Register has put in place a number of technical and organizational measures and procedures which we apply not only to Personal Data, but also to all information we hold, including Confidential Information and information of any other kind that is used within the business.
IT facilities and equipment are physically protected against unauthorized access, damage, and malfunctions.
There are procedures to allow authorized users to access the information systems and services they need for the performance of their duties and to prevent unauthorized access to information systems.
In the case of data transport of confidential information over networks, an adequate level of encryption shall be applied.
Strict procedures apply to the management of certificates and associated keys.
Data processing activities that users or employees perform are recorded in log files. The same applies to other relevant events, such as attempts to gain unauthorized access to personal data and disruptions that may lead to a change or loss of personal data.
Security measures and protocols are applied to all application systems, including adequate access management.
The network and the information systems are actively monitored and managed. There are also procedures available regarding data leaks as required by the EU GDPR.
Realtime Register installs security solutions and patches in a timely manner for it the software it uses when such solutions and patches have been issues.
There are procedures in place for the timely and effective handling of information security incidents and vulnerabilities in security as soon as they are reported.
Realtime Register reports data leaks to relevant supervisory authority (the Dutch Data Protection Authority), and the applicable data controller(s).