Privacy statement

NFIR beeldmerk kleur
NFIR beeldmerk kleur

Privacy statement

1. Introduction

NFIR B.V. (further: NFIR) located at Laan van Zuid Hoorn 165, Rijswijk, is responsible for the processing of personal data as reflected in this privacy policy. NFIR strictly works in accordance with the Privacy Code of Conduct for Private Detective Agencies, section Private Detective Agencies of the Dutch Security Industry, under the supervision of the Dutch Data Protection Authority (DPA). If you have a complaint about NFIR, please see our complaints procedure.

2. What personal data does NFIR process?

NFIR processes your personal data because you use its services or because you have provided it to it yourself, for example by filling out forms on or printed, subscribing to the newsletter or communicating via e-mail or phone. There may be differences in the personal data being processed by each executive department. The personal data that NFIR could process are:

  • First and last name
  • Gender
  • Date of birth
  • Place of birth
  • Address details
  • Telephone number
  • E-mail address
  • IP address
  • Other personal data that you actively provide, for example in correspondence or by telephone.
  • Location details
  • Internet browser and device type
  • Bank account number

NFIR might also process the following special and/or sensitive personal data about you:

  • Race
  • Religion or philosophy of life
  • Political affiliation
  • Sexual life
  • Trade union membership
  • Health
  • Criminal history
  • Credit check
  • Data of persons under 16 years of age
  • Citizen service number (BSN).
  • Biometric data
  • Genetic data

3. For what purpose does NFIR process personal data?

NFIR processes your personal data primarily for the purpose of fulfilling orders you have given, billing and handling your payment, and to contact you regarding NFIR’s services. The execution of given assignments includes, among other things:

  • Performing ICT scans to ensure the appropriate level of security;
  • Conducting research on individuals from the perspective of digital forensics;
  • Finding evidence of computer hacking and/or theft;
  • Investigating (corporate) fraud;
  • Preventive advice to the client.

NFIR also processes your personal data for the purposes listed below:

  • Forming electronic file for the purpose of detective investigations;
  • Archiving investigation results;
  • Maintaining investigation records.

Personal data is also used through the NFIR website for the following purposes:

  • Personalizing the user experience;
  • Improving the site and service offerings;

In addition, NFIR may use your personal data for sending the NFIR Newsletter, as well as commercial communications, promotions, advertisements and/or surveys. NFIR is further required by law to process personal data needed to file tax returns.

With all this said, it is noted that the recorded data, in addition to the purposes for which it was explicitly collected, can also be used for doing statistics, managing incidents or conducting market research. However, in these cases, NFIR will conduct a compatibility analysis in accordance with applicable regulations. Processing will be permitted only if the original purpose is compatible with the new purpose or is authorized under an independent legal basis. In these cases, the user will be informed of the changes in the purpose or the legal basis for processing their data.

4. Does NFIR use automated decision making?

NFIR uses automated decision making only within the “Security Monitoring” service. These are decisions that are made by computer programs or systems, without a human (for example, an employee of NFIR) in between. In Security Monitoring, NFIR’s software assigns a classification to a particular event in the customer’s network and notifies the customer of that classification via email, text message or an app.

5. How long does NFIR retain personal data?

NFIR does not retain your personal data longer than is strictly necessary to fulfill the purposes for which your data is collected. NFIR uses the following retention periods for information:

InformationRetention period
Financial information (for tax authorities)7 years
Commercial datesIndefinite time*
Log data from Dossier Monitoring.13 months*
Log data from Security Monitoring.1 year*
research data from Forensic Research1 year*
research dates of Incident Response1 year*
research data from Pentest investigations1 year*
research data from Social engineering1 year*
Results of Phishing simulations1 month*
Security Awareness program1 year* (after contract expiration)
Cyber Security Support contract.1 year* (after contract expiration)
Consultancy2 years* (after completion of program)
*This can be deviated from at the request of a customer. 

6. Does NFIR share personal data with third parties?

NFIR does not sell your personal data to third parties and only provides them to third parties if necessary for the execution of the agreement with you or to comply with a legal obligation and/or for the purpose of providing services to the user. With companies that process your data on behalf of NFIR, NFIR enters into a processing agreement to ensure the same level of security and confidentiality of your data. NFIR remains ultimately responsible for these processing operations.

Finally, the user should know that NFIR (and that NFIR reserves the right) to disclose their information in the following cases: (i) When required by a judicial or administrative authority; (ii) as necessary to exercise your rights in accordance with the terms and conditions of NFIR and this Privacy Statement; (iii) as necessary to comply with the law; (iv) if such data could be useful in protecting the rights of third parties; (v) when appropriate to protect the rights, property or safety of NFIR, its officers, subsidiaries, affiliates, directors, officers, employees, users or the general public; and (vi) when reasonable grounds exist related to public safety, national defense or public health.

7. Does NFIR use cookies or similar techniques?

NFIR uses the following types of cookies:

  • Functional cookies that collect technical data;
  • Analytical cookies for the purpose of improving the website and services;
  • Tracking cookies for recording personal preferences and marketing purposes;

The user should know that in order to visit the website, it is not necessary to allow the installation of cookies sent by the website. This may only be required in connection with certain services. The user can delete cookies from the hard drive of his/her computer, block access to his/her computer through his/her browser or choose the corresponding option when asked about the possibility of using cookies for these purposes and in accordance with the Cookie Policy. More information on the use of cookies can be found in the cookie statement.

8. Viewing, modifying or deleting data

You have the right to see, correct or delete your personal data that NFIR holds. In addition, you have the right to withdraw your possible consent to data processing or object to the processing of your personal data by NFIR and you have the right to data portability. Which means that you can request NFIR to send you the personal data that NFIR has available from you in a computer file to you or another organization named by you. The above rights do not apply if your personal data was collected and processed for the purpose of conducting digital forensic investigations. That data can only be removed if per a request of client of the digital forensics investigation to delete all examined data and the reports.

You may request access, correction, deletion or data reconciliation of your personal data or request to withdraw your consent or object to the processing of your personal data to To ensure that the request for inspection was made by you, NFIR will ask you to send a copy of your identification with the request. Make sure your personal photo, the MRZ (machine readable zone, the strip of numbers at the bottom of the passport), passport number and Citizen Service Number (BSN) are made black. This is to protect your privacy. NFIR will respond within twenty business days to your request. NFIR would also like to remind you that you have the opportunity to file a complaint to the national regulator, the Data Protection Authority. This can be done through the following link: data/tip-ons

9. How we secure personal data

NFIR takes the protection of your data seriously and takes appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. If you have the impression that your data is not secure or there are indications of misuse, please contact NFIR’s Data Protection Officer (FG) using the contact details below.

NFIR does not guarantee absolute privacy when using the website, as the possibility that unauthorized third parties may gain knowledge of it cannot be excluded. The user acknowledges that the existing technical means providing security are not impenetrable and that even when taking all reasonable security measures it is possible to suffer manipulation, destruction and/or loss of information. If a security incident is detected that poses a significant risk to the data owner, this event will be immediately reported to the appropriate supervisory authority, along with the corrective and palliative measures taken and/or to be taken.

NFIR is not responsible for the loss or deletion of data by users. Similarly, NFIR accepts no responsibility for any damage caused by computer viruses.

Finally, users must also take measures to protect their information. NFIR stresses that you take every precaution to protect your personal information while using the internet. As a minimum, you are advised to regularly change your password, using a combination of letters and numbers, and make sure you are using a secure browser.

10. Contact details

For questions regarding the processing of your personal data, please contact NFIR’s FG. Contact information is:


Laan van Zuid Hoorn 165
2289 DD Rijswijk

Phone number: +31 (0) 88 – 323 02 05
Email address: