IZI-to B.V. PRIVACY STATEMENT

Last updated: August 1st, 2024

APPLICATION MOVE-IZI

The protection of your privacy is of utmost importance to us. This privacy statement applies to all personal data that IZI-to B.V. collects, uses, shares, and stores about you, and provides guidance and information regarding our processing of personal data. This privacy statement outlines our commitment to protecting your privacy and other personal information we receive in the context of our business. You can consult this privacy statement at any time via our website at MOVE-IZI

1. Processing personal data

Personal data refers to any information by which a natural person can be directly or indirectly identified. Personal data relates to an individual, known as the data subject. The collection, recording, organization, structuring, storage, alteration, consultation, use, disclosure, and transmission of personal data are collectively referred to as processing. 

The personal data we collect about you helps us provide the best possible support in the conduct of our business, including but not limited to when you travel on toll roads where we provide collecting toll services, visit our website, or otherwise communicate with us. In addition, we are required to process certain personal data for legal, regulatory, and tax purposes. The personal data we collect, the basis for our processing, and the purposes of our processing are detailed below. Sometimes, these activities are carried out by third parties. 

2. Why we collect your data

Personal data refers to any information by which a natural person can be directly or indirectly identified. Personal data relates to an individual, known as the data subject. The collection, recording, organization, structuring, storage, alteration, consultation, use, disclosure, and transmission of personal data are collectively referred to as processing. 

3. Which (categories of) personal data do we collect from you and for which purposes do we use them?

When utilizing our website, contacting us through various communication channels, or traveling on toll roads where our services are provided, we will gather the following information from you: 

Personal data (categories)
Purposes of processing
Legal basis
Retention period
  • Name;
  • Address;
  • Telephone number;
  • Email address;
  • License plate number;
  • Vehicle details (e.g., model, year, colour);
  • Driver's license details (if required for tolling purposes and in compliance with applicable laws and regulations).
  • Managing and processing toll payments and/or billing services. 
  • Performance of a contract.
  • 7 years
  • Details of correspondence;
  • Records of communications;
  • Customer service inquiries and complaints;
  • Name, email address, fiscal number, license plate, case number, and/or contact number.
  • Providing customer support.
  • Performance of a contract/legitimate interest.
  • 5 years
  • CCTV data (e.g. photos and videos of vehicles).
  • To respond to customer complaints/requests.
  • Legitimate interest.
  • 5 years
  • Payment details;
  • Payment methods (e.g. credit card and bank details);
  • Date and time of toll transactions;
  • Toll payment history.
  • To charge/debit payments from you in connection with levying toll and/or other fees charged;
  • To verify payments.
  • Performance of a contract;
  • Performance of a contract;
  • 30 days
  • 7 years

4. Cookies

The website may use technical, analytical and profiling cookies, both first- and third-party ones. Cookies are indispensable for the improvement of the services and to provide products in line with users’ preferences. 

Any use of profiling and/or third-party cookies will always be subject to your prior consent.

To find out more, click here

5. How we collect your personal data 

IZI-to B.V. gathers your personal data both when you provide us with information and when you utilize our services. This includes instances such as using our toll roads, whereby we collect data through various technological means, including vehicle registration detection systems and electronic toll collection systems. IZI-to B.V. does not have default access to camera footage. In addition to data collected directly from customers, we also obtain information from external sources, such as publicly available publications and online data sources. Furthermore, we gather information from the RDW Open Data API, which includes details about Netherlands vehicles, such as make, model, and vehicle weight. 

6. What are the possible recipients of data/persons authorized to access data? 

In the provision of our services, our employees are granted access to personal data as outlined in Section 3, based on the “need-to-know principle”. This principle restricts access to personal data solely to those employees essential for fulfilling the respective processing purpose. 

For the purposes outlined in Section 3, personal data may also be transferred and processed by (technical) service providers, subcontractors, and/or service partners of IZI-to B.V., particularly in the context of contract fulfilment (e.g. toll processing). Additionally, personal data may be transferred in the course of payment transactions (e.g., to payment service providers).  

Recognizing the sensitivity of personal data and the importance of maintaining privacy standards, IZI-to B.V. establishes formal data processing agreements with these third parties. These agreements outline the obligations and responsibilities of the third parties regarding the handling and protection of personal data. Through these agreements, IZI-to B.V. ensures that they adhere to the same stringent standards of data protection and privacy that IZI-to B.V. itself upholds. 

Personal data may also be shared with courts, attorneys, credit agencies, and/or public institutions for the enforcement of claims and/or compliance with legal obligations. 

7. Do we transfer your personal data outside the EEA? 

We do not transfer your personal data outside the European Economic Area (EEA). All processing of personal data is conducted within the EEA, ensuring that your data is protected in accordance with the rigorous data protection standards set forth by the GDPR and other applicable privacy laws. 

8. How do we protect your personal data?

IZI-to B.V. employs appropriate safeguards and security measures specifically crafted to safeguard your personal data. These measures are implemented to mitigate risks such as misuse, interference, unauthorized access, modification, or disclosure. These measures include but are not limited to:

  • Regular auditing, both internal and external.
  • Ongoing and structured employee training initiatives. 
  • Adherence to an acceptable usage information policy.
  • Implementation of a comprehensive business continuity plan.

Additionally, we enforce strict policies and procedures concerning:

  • Privacy regulations, cookies, and personal data handling.
  • Remote access and equipment usage.
  • Access management protocols.
  • Change and interaction management guidelines.
  • Information systems requirements.
  • Assets management practices.

Our commitment to these measures ensures the integrity and confidentiality of your personal data.

9. Retention of personal data

We keep the personal data from you as long as we have a continuing legitimate business requirement to do so. This may include providing you with a requested service or adhering to relevant legal, tax, or accounting obligations.

When there is no longer a legitimate business necessity to process your personal data, we are dedicated to either deleting it or de-identifying it.

10. Your rights in relation to your personal data

It is important to us that your personal data is up to date and that you can exercise your rights under the GDPR. Under the GDPR, as a data subject you have the following rights:

Your right 
What does it mean?
Limitations and conditions of your right
  • Right of access.
  • Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”). 
  • If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations;
  • We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g., privacy and confidentiality rights of other staff.
  • Right to data portability.
  • Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used, machine readable format.
  • If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations;
  • This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e., not for paper records). It covers only the personal data that has been provided to us by you.
  • Rights in relation to inaccurate personal or incomplete data.
  • You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable.
  • This right only applies to your own personal data. When exercising this right, please be as specific as possible.
  • Right to object to or restrict our data processing.
  • Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.
  • As stated above, this right applies where our processing of your personal data is necessary for our legitimate interests.
  • Right to erasure.
  • Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), e.g., where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful. 
  • We may not be in a position to erase your personal data, if, for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.
  • Right to withdraw consent.
  • As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. 
  • If you withdraw your consent, this will only take effect for future processing. 

We aim to deal with your question, request or complaint within four (4) weeks of receipt of such statement. In the unlikely event that the manner in which we have dealt with your question, request or complaint does not meet your expectations, you have the right to lodge a complaint at the Dutch Data Protection Authority (“AP”). The AP monitors compliance with privacy legislation. You can always lodge a complaint with the AP at www.autoriteitpersoonsgegevens.nl

If you wish to exercise any of the above rights, please contact us by sending an e-mail to dpo@move-izi.nl.

11. Identity of the data controller

For the purposes of applicable data protection legislation, the data controller is IZI-to B.V., a Dutch private limited liability company with its principal place of business at Van Deventerlaan 31, 3528AG, Utrecht, the Netherlands.

12. Changes to the privacy statement 

IZI-to B.V. reserves the right to make changes to this privacy statement. We will indicate at the top of this statement when it was most recently updated. Accordingly, we advise you to consult the privacy statement regularly. This can be done at any time on our website.

This version was adopted on 2024-06-20.

69.DC.1001

Version 1.0 - 01.08.2024

Information classification: Public (P)