Privacy and Cookie Policy Xolphin B.V.

Xolphin B.V. considers the careful handling of personal data to be of great importance. We carefully process and adequately secure personal data. We comply with the requirements of the General Data Protection Regulation (GDPR). In some cases, Xolphin is a controller for data processing and in other cases a processor or sub-processor of personal data. In this privacy policy, we explain what personal data we collect and use and for what purpose we do so, in the event that we are the controller. In the event that we are processor or sub-processor for your personal data (e.g. if you have purchased a product from us from one of our suppliers) please refer to the controller's privacy policy (see below).

We recommend that you read this privacy policy carefully.

Processing of data

By using our website and by purchasing products or services you leave us certain (personal) data. In this section, we will explain what data is involved and for what purposes we process that data.

Use of cookies

We use cookies on our website. A cookie is a file that is sent along with the pages of this website and stored by your browser. We use cookies to:

  • enable functionalities of the website (technical or functional cookies stored per session);
  • analyse the use of the website and check which country you are visiting the website from, and on the basis of this information, improve the website or show you the correct website (analytical cookies that are stored per session).

We do not require permission for the cookies we use, because these are necessary for the website to function properly. The purely analytical cookies are privacy friendly. When you visit our website, these cookies are therefore loaded by default. You are free to disable cookies through your browser. Please note that it is then no longer possible to visit our (full) website. Most cookies have an expiration date. This means that they expire automatically after a certain period of time and no longer register data from your site visit. You can also opt to delete cookies manually before the expiration date has passed. For more information about removing cookies, please refer to the browser manual.

Account on our website

For certain parts of this website, you will need to register first. Your username is linked to a password. It's your own responsibility that you choose your password with care and that you handle your password carefully. The employees of Xolphin do not have access to your password. If you have forgotten your password or suspect that it is compromised, you can create a new password through the website.

We store this information in a way to prevent you from having to enter it every time you place an order, in order to contact you for invoicing and payment, and to give you an overview of the products that you have purchased. All within the framework of the execution of an agreement that you conclude with us. We will retain this information for as long as you have an account with us, or for a maximum of 7 years after you last used the account.

The information we store in your account is:

  • Name and address details (personal or the company you work for)
  • Alternative billing address
  • VAT number and CoC number
  • First and last name
  • Email address
  • Phone number
  • Fax number
  • Name and email address of persons authorised to log in to the account
  • Payment details
  • Invoices
  • The issued certificates with the company details
  • Quotes

Order history

Your order history will also be linked to your account. We need this information in order to be able to process your order, to pass it on to the supplier and to help you with the use of the product or service afterwards. It also allows us to display the status of your order and gives you an overview of all the products and services you have purchased. The aggregated data may be used by us for research and development purposes and for product improvement. Everything within the framework of (improving) the implementation of the agreement. In addition, we have to store this data for 7 years in order to ensure that the product will continue to comply with laws and regulations. We store:

  • Company details of the beneficiary (name and address details, CoC, VAT, start date and legal form)
  • WHOIS information
  • Contact information (phone number, email address, department and contact)

When your product is about to expire, we will automatically send you a renewal reminder by email. You can unsubscribe from this by sending us an email.


If you contact us, for example by means of a contact form on the website or an email, then the (personal) data provided by you will be stored. We do so in order to be able to answer your question, in the execution of, or in preparation for the conclusion of, an agreement. This may concern:

  • Contact details
  • Timestamp
  • The order relating to the contact
  • Any additional information you provide to us
  • Voice logs

We store this information so that we can answer your question or process the information in the form or the email. We store this information for 7 years.


The products we sell are quite technical. Sometimes you may need some extra support with the installation. In that case, you can contact us so that we can help you substantively. We will ask you to provide us with some technical information so that we can offer you the right support. Are we unable to find a solution by email or telephone? Then we may ask your permission to use Teamviewer. This is a third-party program that allows you to remotely view your screen. By using Teamviewer it is possible that we encounter personal data on your screen. Naturally we will not use this personal data, insofar as this is not necessary to use to provide the requested support. We will not store data we see on your screen. You can revoke your consent at any time. We will then immediately stop using Teamviewer.

Customer satisfaction survey

It is important for us that our customers are satisfied. In order to gather insight into the level of satisfaction among our customers, we conduct customer satisfaction surveys. We will contact you to participate in a customer satisfaction survey through the contact information in your account. We have a legitimate commercial interest in using your information to conduct a customer satisfaction survey. If you do not want us to use your personal data for this purpose? Please send us an email, and we will not contact you for this purpose again.


We would like to hear your opinion about our products or services. Sometimes we may ask if it is okay to post your review online. We will then publish your first and last name, the products and/or services you have purchased and the content of your review on our website and on our social media channels. We will only do so after having obtained your prior consent. You can revoke your permission at any time. We will either delete the review or completely anonymize it.

Working at Xolphin

We offer different vacancies on our website and different job boards. When you apply for a vacancy with us, we collect the following personal data:

  • Name and address details
  • Gender
  • Date and country of birth
  • Contact information
  • Contents of your resume (such as information on study and employment history)
  • Content of your cover letter
  • Salary indication
  • Availability
  • Any references provided

We process this data in order to deal with your application, and to prepare the possible conclusion of an employment contract.

We store the application data for a maximum of six weeks after the position has been filled. We store this information so that we can contact you in the event that the vacancy becomes available again within the probationary period. If we are not able to offer you a job at that moment, we can - with your consent – store your application data for another year. You can revoke your consent at any time by sending us an email. If you join us, we will store your application data in your personnel file. This file will be stored for as long as necessary and, in the case of application data, for a maximum of two years from the date of commencement of employment.


We use strict security procedures, e.g. to prevent unauthorised persons from accessing, personal data so that it cannot be misused, provided, modified or damaged. We use secure connections that encrypts all information sent to and from our server. We also use:

  • Physical security through locks on doors and safes, controlled access to buildings and facilities, camera surveillance and secure destruction of paper records
  • Technical security using antivirus, encryption and monitoring of systems, servers and data centres
  • Certification in accordance with the ISO 27001:2013, ISO 9001:2015 and WebTrust standards

Transfer of personal data

We will not provide your personal data to third parties, unless this is necessary for the execution of the agreement you conclude with us, have given us permission to do so, if this is required by law, or if we have a legitimate interest in doing so. In the event of suspected fraud or misuse of our website, we may transfer personal data to the appropriate authorities.

We are familiar with the judgment of the Court of Justice of the EU of 16 July 2020 with implications for the transfer of personal data. We are currently investigating how to resolve this. We highly value privacy and try to do everything we can to find an appropriate solution. If we have a suitable solution, we will inform you via this privacy policy.

Do you have questions about the processing of your personal data? Please contact us using the contact details in this privacy policy.

Delivery of product or service

Within the framework of the agreement, we will share your data with the supplier(s) and/or service provider(s) designated by you. When purchasing a product or service on our website, you choose a supplier from whom you wish to receive the product. This supplier needs your personal data in order to be able to deliver the desired product and thus execute the agreement (the End User Agreement) that you have entered into with them by us. We take care of the transfer of the (personal) data in the account to this supplier. If you request a certificate, this information - such as the name of the applicant - can possibly be seen in the certificate provided by the supplier. We do this based on the agreement you contract with us. The suppliers are independently controllers of your personal data with regard to the application and issue of the product. This is because the supplier determines what data we have to collect and what has to be done with it, and we carry out this task. In the same way, the supplier also determines how long we retain your data, namely 7 years.

Our suppliers: Sectigo, Digicert, GlobalSign and Comodo, are global organizations. They use systems worldwide. This means that your personal data will be processed globally, and therefore also outside the EEA. For all these suppliers, that means that your data will be processed in Europe, in Asia or Asia-Pacific and in the United States. Digicert and GlobalSign also process your data in the Middle East and Africa. More information about this can be found on the websites of the suppliers. The suppliers have made sure that all their offices handle your (personal) data with care. For more information, please refer to the privacy policy of these companies (see below).

For the other described purposes, Xolphin is the controller of the processing of your personal data. We, Xolphin, use services of third parties. These third parties process your personal data on our behalf. These include:

  • Suppliers of IT services;
  • ISP and the internet and telephone providers;
  • Accountant;
  • Supplier of the accounting software;
  • Collection agency.

We do not allow these service providers to share the data or use it for anything other than providing those services. We have concluded processor agreements with our service providers.

Websites of third parties

When you click on a Social Media button (such as LinkedIn), the administrators of this website may collect your personal data.

This privacy and cookie policy does not apply to websites of third parties that are connected to this website through links. We cannot guarantee that these third parties will handle your personal data in a reliable or safe manner. We recommend that you read the privacy and cookie policy of these websites before using them.

Changes to privacy and cookie policy

We have the right to make changes to this policy. It is recommended that you check this policy periodically so that you are aware of these changes.

Your rights

You have the following rights:

  • Clarify what personal data we store and what we do with it;
  • Access to your exact personal data;
  • Having errors rectified;
  • Removal of (outdated) personal data;
  • Withdrawal of consent;
  • Restricting the processing of data;
  • Obtain your personal data in a digitally readable standard format for transfer
  • Objecting to a specific use;
  • File a complaint with the Dutch Data Protection Authority.

We will ask you to identify yourself before such requests are processed. We will inform you of our decision in writing within four weeks of receipt of the request. However, this period may be extended for reasons related to the specific rights of data subjects or the complexity of the request. If we extend this period, we will inform you of this in advance.

Contact information

Questions about our privacy policy or questions about your rights can always be addressed to

Xolphin B.V.

Rogier van der Weydestraat 2

1817 MJ Alkmaar

CoC number: 37101223

Phone number: 088 775 7750

Privacy policies of suppliers:

This privacy and cookie policy is a translation. In case of a dispute the original Dutch version prevails.

Last update 28 july 2020.

point up