Privacy policy

Within NCI Certification personal data and other data are being processed in accordance with the law. We process personal data in audit reports, on our website and in our DMS-system. In this privacy policy we show you how we record your information.

NCI Certification is an independent certifying institute of multiple management systems. Personal data is only collected for certifications. This includes the examination of obtained certificates, names of the interview candidates and your (business) contact information. We handle this information with care. We have appropriate technical and organisational measures to secure the processes.

We find it important you know:
We are open and honest about the information we collect and why we do this.
The way we handle your information is according to European laws.
We respect it is your information that we handle and that it allways will be yours. Therefore you can let us know if you do not want us to process your information any longer. One exception: we must process it when the standard asks it of us.
We only exchange information with third parties when necessary. For example with your consultant or an external auditor who has a contract with NCI Certification. And who is performing the audit.
We keep your reports with all personal data in our secure system for 6 years.
Quotation request
You can visit our website, call or email us for a quotation request. We do need some personal data: your name, (business) email, phonenumber and function. After we received the quotation form, we will store it in our secured DMS-system. A couple of days later we will send you the quotation. When you have a consultant and his/hers email is known, we will send them the email in cc. Untill you withdraw your agreement we will keep your personal data in our DMS-system.
When we perform an audit as the stardard states, we are obliged to include some personal data in the report. We at least need the diplomas acquired by employees and the names of the employees we have interviewed. The reports are stored in our secured DMS-system. Upon completion we will send the report to you and, when known, to your advisor. All reports will be destroyed after 6 years.
Contact form
It is possible to contact us on our website. Before you can send the contact form we ask you to fill in some information such as your name and email. That way we can answer you as soon as possible. When needed we store your data in our DMS-system untill you withdraw your consent.
On our website we use functional cookies and analytic cookies. We need functional cookies to keep the website up and running. These standard cookies make sure you stay logged in when you visit our website. The analytic cookies are related to the functional ones. They keep track of your path on our website and show us how you found us. This gives us the opportunity to optimise our website.
You can subscribe yourself for our newsletter. Already existing or potential relations are automatically subscribed. Your information is used to inform you of our services and news. We only safe your name and email untill you unsubscribe. At the bottom of every newsletter you can find the option to do so.
Social media
We use social media to inform you of our services and the latest developments. You can follow us on LinkedIN. There are no regulations for following us. You only agree with the terms and policy of the social media platform. We will only safe your message and account name when you send us a message.
Application process
When you apply for a job at NCI Certification we ask you to share some information with us: your name, home adress, gender, date of birth, email, phone number, application letter and resume. This information will be safed until after the application process is ended or unless we have your explicit consent to store it longer.
NCI Certification will process the following (business) data:
Complete name of the contact person.
Function of the contact person.
Emailadress of the contact person.
Complete names of the employees with acquired diplomas.
Complete names of the interview candidates.
We use your data for:
Performing the audit.
Contacting you about the audit.
Sending newsletters/information about the certification.

Every person concerned can, based on the law, enforce rights in regard to your personal data. You have the right to see, rectificate and remove personal data that relates to you. Do you want to know exactly which information we store? Please contact us. You can reach us at +31 (0)181 481949 or email us at

How long do we store your personal data?
We store your data only for as long as is necessary for the purposes named in this privacy policy. This means we at least keep your data as long as you are a customer. Because of the certification process we store reports, certificates and other business information for six years. After this period we will destroy the data appropriately.
Who has access to your information?
To help you at all times, every employer of NCI Certification has access. This makes it possible for us to cooperate at the highest level and always provide you with a suitable respons. Our auditors can only access your information when permission is given. They will only get this access when they are assigned to your certification. All colleagues and external auditors sign a declaration stating their confidentiality. That way your information is being processed correctly and is not shared with others. These documents can be obtained at all times.

Securing your data

To protect your personal data against theft or improper use we took some technical and organisational measures. That’s how we secure our systems and applications according to the applicable standards for information security. To do so we work together with an IT provider. They promise a secure and safe platform 24/7 and provide up-to-date security. In the unlikely event of a databreach, we will report this to the authority personal data before we inform the concerned parties about how this could happen. We also have agreements with our service suppliers and ordered them to take appropriate security measures.

Change happen quickly. That means something can change in the way we process your data. It is also possible that standards or rules change. Every now and then we update our privacy policy. We would like to advice you to check our privacy policy every once in a while.
Legitimate interest
We can process personal data because we have a legitimate interest or because our organisation has a legal obligation to provide you with information. This for example happens when a standard states us to check your personal data during an audit.
Is your personal data being processed outside of the EER?
No. We only process your data within the EER. Our servers are located in The Netherlands.
When you have complaints you can call us at +31 (0)181 481949 or send us an email at We are happy to help you. If we do not find a solution together you can always contact the Dutch DPA (Data Protection Authority).