Privacy policy

Itility values privacy. Itility therefore also processes personal data extremely careful, and we find it important to explain to you how we do this. This privacy statement covers the personal data we process about you when you use our services, or otherwise interact with us.

In this privacy statement we explain what personal data we process, for which purposes, how we process, for how long we retain personal data, with who we share your personal data, and what your rights are regarding the processing of your personal data.

Where we provide services under contract with an organization (for example, your employer) that organization controls – and is therefore responsible for – the (personal) data processed through the services. This policy does not apply to the extent we process personal data in the role of a processor (‘verwerker’) on behalf of such organizations.

Wherever Itility is mentioned, this refers to Itility B.V. (Flight Forum 3360; 5657 EW Eindhoven) including all its subsidiaries and affiliates (e.g., Itility Services B.V.).

This privacy statement may change if new developments or insights so require. Any updated versions will be communicated to you. This privacy statement was last amended on 29/09/2022.

If you do not agree with this policy, do not access or use our services or interact with any other aspect of our business.

1. What data does Itility process?

Itility processes your personal data as you provide it to us, use our services, or as other sources (e.g., other users, third party services, or public databases) provide it to us. Itility may process the following personal data:

  • Your first name and surname,
  • Your address,
  • Your telephone number,
  • Your email address,
  • Your IP address,
  • Geographical location,
  • Account and profile information, and
  • Other personal data you provide to us through our services, websites, or support channels, or personal data that is publicly available, for example through search engines.

2. Purpose for processing personal data

Itility only processes personal data that we need to enable your optimal use of our services, to improve our business, to enable you to interact with other aspects of our business, and to comply with applicable laws and regulations. Depending on the services you use and how you use them, Itility may process your personal data to:

  • Compile (anonymous) statistical data and analysis for use internally or with third parties,
  • Create and manage your account (e.g., for authentication),
  • Deliver recommendations, newsletters, and other information regarding promotions to you,
  • Contact you related to the service (system or user-to-user communications by email or otherwise),
  • Generate a personal profile about you to make future use of our services more personalized,
  • Increase the efficiency and operation of our services,
  • Keep customer and user administration,
  • Monitor and analyze usage and trends for research and development,
  • Notify you of updates,
  • Perform other business activities as needed,
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity,
  • Protect and improve the safety and security of our services,
  • Provide support,
  • Request feedback and contact you about your use of our services,
  • Resolve disputes and troubleshoot problems,
  • Respond to questions and complaints, and
  • When required, assist regulators and law enforcement and respond to subpoena.

3. On what grounds does Itility process?

Itility will only process your personal data for the abovementioned purposes when:

  • We have your consent,
  • We need it to execute the services,
  • We need to meet a legal obligation under EU or national legislation, or
  • It protects a legitimate interest of Itility.

4. Sharing with third parties

Itility may share your personal data with third parties. When this happens, Itility ensures the third party will process your personal data carefully and only to the extent needed for the abovementioned purposes. We explicitly ensure you that we do not sell your personal information to advertisers or other third parties.           

Examples of third parties with whom Itility might share your personal data:

  • Network provider,
  • Cloud platform host,
  • Other service providers,
  • (Security) auditors (for certification),
  • Itility partners,
  • Your organization (e.g., administrator(s) of your employer),
  • Legal, regulatory, and other governmental authorities.

At first request of customers, Itility shall provide a detailed updated list of these third parties.

5. Personal data security

Itility ensures that personal data processed by Itility is sufficiently secured, in line with the applicable regulatory requirements and directives.

Itility protects your personal data using adequate technical and organizational security measures to minimize the risk of loss, destruction, misuse, unauthorized access, disclosure, and amendment of this data. Examples of this include firewalls, performing regular back-ups, data and communication encryption, and physical and administrative data access controls.

If you believe your data is not well-protected, if there are indications of misuse, or if you would like more information about the way data processed by Itility is protected, please contact Itility. Our contact data can be found in section 7. Your privacy rights.

6. Personal data retention period

Itility only retains the personal data it processes for as long as reasonably necessary for the purposes for which the data is processed or as is required by regulations or law (e.g., the Dutch Public Records Act (Archiefwet)). The specific retention period varies per type of personal data. After this retention period Itility will either delete or anonymize your personal data.

7. Your privacy rights

The personal data Itility processes of you are yours. Therefore, you have the following rights:

  • The right to view your personal data (article 15 GDPR),
  • The right to request your personal data to be corrected or deleted (articles 16 and 17 GDPR),
  • The right to restrict processing (article 18 GDPR),
  • The right to data portability (article 20 GDPR), and
  • The right to object to your data being used (article 21 GDPR).

If you want to exercise any of your rights, you can submit a written request. Itility will process your request within four weeks.

You can send your written requests to:

Itility B.V.
GDPR request
Flight Forum 3360
5657 EW Eindhoven
info@itility.nl

Where the services are administered for you by an administrator (see “End User Notice” below), you will need to contact your administrator to assist with your requests first.

8. Transfer of personal data outside the EU

Itility may transfer, process and store your personal data outside of the EU, to wherever our third-party service providers operate for the purpose of providing you the services.  Whenever we transfer your information, we take steps to protect it.

Third parties may be based in other countries that do not have equivalent privacy and data protection laws. When we share your personal data with these third parties outside the EU, we make use of adequacy decisions (‘adequaatheidsbesluiten’), European Commission-approved standard contractual data protection clauses, or other appropriate legal mechanisms to safeguard the transfer. If necessary, additional security measures will be put in place.

9. End User Notice

Our services are intended for use by organizations. Where our services are made available to you through an organization (e.g., your employer), that organization is the administrator of our services and is responsible for the accounts and/or service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of our services is subject to that organization’s policies. Itility is not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Administrators are able to:

  • require you to reset your account password,
  • restrict, suspend, or terminate your access to the services,
  • access information in and about your account,
  • access or retain information stored as part of your account,
  • install or uninstall third-party apps or other integrations,
  • perform the necessary actions to protect a legitimate interest of the organization.

In some cases, administrators can also:

  • restrict, suspend, or terminate your account access,
  • change the email address associated with your account,
  • change your information, including profile information,
  • restrict your ability to edit, restrict, modify, or delete information.

Even if the services are not currently administered to you by an organization, or if you use an email address provided by an organization (such as your work email address) to access the services, then the owner of the domain associated with your email address (e.g., your employer) may assert administrative control over your account and use of the services at a later date.

Please contact your organization or refer to your administrator’s organizational policies for more information.

10. Cookie policy

Itility uses Cookies on this website. Please find our Cookie policy on our website.