Privacy Statement

ISA respects and attaches great importance to the privacy and protection of your personal data. For us, as a supplier of security services, this is only natural. We receive personal data when you purchase a product or service from us. Are you curious about how we collect, store and process data and why we do this? Then read our privacy statement.
Our privacy statement can be found here.


1.1. ISA provides security services to a variety of clients in different industries and client segments. As part of its activities, ISA sometimes collects, stores and provides personal data or processes them in other ways.
1.2. We, at ISA, are committed to ensuring the privacy and security of personal data in accordance with applicable data protection legislation. This Privacy Statement provides you with general information about how ISA handles personal data. The Privacy Statement also describes your rights and how you may exercise them in relation to ISA.
1.3. This Privacy Statement may be amended from time to time. You can always view the latest version via this webpage:
1.4. If you have any other questions or requests regarding the processing of your personal data, please contact our Data Protection Officer; ISA Security Agency, Toetsenbordweg 12, 1033MZ Amsterdam, 020 636 1185,


2.1. ISA respects and is committed to the privacy and protection of your personal data. Personal data" means any information relating to an identified or identifiable natural person (the "data subject").
2.2. In the course of our activities, ISA will endeavour to ensure at all times that personal data:
- are processed in a lawful, proper and transparent manner ('lawfulness, properness and transparency');
- collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes ('purpose limitation');
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('minimal data processing');
- are correct and, where necessary, are rectified or updated ('correctness');
- be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ('storage restriction');
- processed in such a way as to ensure their appropriate security and to protect them, inter alia, against unauthorised or unlawful processing and against accidental loss, destruction or damage, by adopting appropriate technical or organisational measures ("integrity and confidentiality").

2.3. Your personal data will only be processed for specified legitimate purposes (see Article 5 below, 'Processing purposes: why we process your personal data') and if justified on a valid legal basis (see Article 6 below, 'Legal basis for processing your personal data').


3.1. ISA may be required to collect or otherwise process the following personal data:
- your name;
- your address, email, telephone number or other contact details;
- Information about your use of our products or services.
3.2. If you apply for a job with ISA, you may also be asked to provide us with the following information:
- CV, covering letter and references;
- date of birth and/or identification number;
- your photo.
3.3. Depending on the product or service you are interested in, we may process the following personal data:
- bank details;
- Insurance, financial, credit or bankruptcy history;
- personal characteristics (such as gender, date and place of birth);
- Government and other official identification numbers, subject to applicable laws and regulations (such as citizen service number (BSN), tax identification number or other identification number issued by the government, financial data and account information (such as account number, credit history, credit data and other financial data);
- voicemail recordings;
- Photos of events;
- Information that enables us to provide our products and/or services;
- marketing preferences, marketing activities and customer feedback;
- Data relating to online activities (such as data relating to your use of the ISA website);
- further sources, from publicly available information sources, from credit rating agencies.


4.1. When providing our products or services to you, we may collect or receive your data through various channels:
- via written forms;
- via, online forms;
- via ISA campaign websites, online forms;
- via telephone contact;
- in person-to-person contacts.
4.2. We may receive your personal data directly from you, from another entity of the ISA, from a business partner or from publicly available data. ISA will only transmit or receive personal data from third parties in accordance with the applicable data protection legislation. For further information in this regard, please refer to article 7 "To whom may we communicate your personal data?".


5.1. The collection and processing of the aforementioned types of personal data is necessary for us to achieve well-defined legitimate purposes in the conduct of our business activities. In particular, we process your personal data for the following purposes:
- Delivery of our security services and products;
- improvement of our services and products;
- Customer administration, e.g. to respond to customer requests or queries, customer satisfaction surveys or to handle complaints about a particular product or service;
- for the supplier administration;
- for administration and management of staff and agents;
- for managing commercial relationships with third parties;
- for administrative purposes within the ISA;
- for backup or archiving purposes;
- in relation to our legal obligations towards the authorities or in the context of legal proceedings;
- for statistical or market research purposes;
- For (direct) marketing purposes;
- to combat fraud and infringements by customers;
- for dispute resolution;
- for the protection of society, own sector or organisation;
- for account management;
- for credit acceptance and credit management;
- for the management of personal insurance.
5.2. ISA shall endeavour not to process or further process your personal data in a way that is incompatible with the aforementioned purposes.


6.1. ISA endeavours to process your personal data lawfully, i.e. on the basis of the valid legal basis, as set out below.
6.2. Your personal data will be processed in particular if necessary for the performance of the contract between you and us, or in order to take action at your request prior to the conclusion of a contract.
6.3. Your personal data may be processed on the basis of your consent. In that case, we will always ensure that we have your free, specific, informed and unambiguous consent.
6.4. Your personal data will be processed on the basis of our legitimate interests for, for example, administrative purposes, or for research and development purposes. For example, when processing your personal data for communicating with you, improving the quality of our products and/or services, providing you with marketing information (including direct marketing), for personnel and payroll administration, developing and implementing HR strategies and managing our business operations and IT infrastructure. Depending on the specific processing, the legitimate interests of ISA will generally include (i) the pursuit of our business activities and commercial purposes; (ii) the protection of our companies, shareholders, employees and clients; (iii) the improvement or further development of our products and/or services and our business activities in general; (iv) compliance with legal and regulatory obligations, standards, guidelines and codes of conduct and/or (v) the preservation and improvement of our market position.
6.5. Your personal data may be processed because it is necessary to comply with a legal obligation to which we are subject.
6.6. Your personal data are processed because this is necessary to protect someone's vital interests (e.g. in the case of accidents or incidents) or because this is necessary for the fulfilment of a task of general interest or in the exercise of public authority vested in us.


7.1. ISA may provide your personal data to another entity within the ISA (see Article 5 above, 'Processing purposes: why we process your personal data').
7.2. Other recipients of your personal data may also be service providers or business partners of ours, such as:
- IT service providers;
- marketing service providers;
- insurance companies;
- business partners;
- claims managers;
- analytical consultants;
- data storage companies;
- Other services provided by third parties, which help us to carry out our business activities;
- research and development organisations;
- If ISA sells a business unit or assets, ISA may provide your personal data to a potential purchaser of that business unit or assets;
- If ISA or a substantial part of its assets are acquired by a third party, your personal data may be transmitted to that third party.
7.3. In certain specific cases, we may also disclose your personal data to government, public authorities, legal authorities, supervisors and enforcers, when we are forced to do so.
7.4. ISA will only provide your personal data to parties that offer sufficient guarantees for the protection of your data and the realisation of your rights as a data subject (see Article 10 below, "What are your rights as a data subject?").


8.1. ISA always aims to process your personal data within the EEA. However, in order to achieve one of the aforementioned purposes, it may be necessary for your personal data to be transferred to countries outside the European Economic Area (EEA).
8.2. ISA will only transfer your data to a third party in a country outside the EEA after a thorough check and/or the signature of a specific agreement, in order to ensure that this third party:
- provides appropriate safeguards with respect to the level of protection of your personal data;
- adequately inform the person concerned;
- ensures the enforceability of your rights as data subjects; and
- effective legal means to you.
8.3. You can always obtain a copy of the data transmitted to these third parties upon request to us.


9.1. ISA undertakes to comply with the principle of storage limitation. As such, we will not store your personal data for longer than is necessary for the fulfilment of our contract and/or the achievement of one of the purposes mentioned above (see Article 5 above, 'Processing purposes: why do we process your personal data'). ISA may also be required by law to store your personal data for a minimum period in order to comply with legal requirements.
9.2. We will regularly check whether personal data that no longer serve a purpose can be deleted or otherwise anonymised.


10.1. ISA will do its utmost to respect and realise your rights as a data subject, as listed below.
10.2. Your rights as a data subject consist of:
- Right of access: You may at any time request access to your personal data. Upon request, we will provide you with a copy of the personal data we process. For further copies, we will charge a reasonable fee based on administrative costs. If you make your request electronically, and do not request any other arrangement, the information will be provided in a common electronic format.
- The right to rectification: you have the right to request the rectification or completion of inaccurate or incomplete personal data concerning you.
- The right to forget: you may request us to delete (part of) your personal data in the following situations:
When the processing was based on your consent and you have decided to withdraw your consent; when your data is no longer necessary for the purposes for which it was collected or otherwise processed; when you have objected to the processing of your data for direct marketing purposes; when you have objected to the processing of your data (see 'right to object' below) and after verification it appears that your rights, freedoms or personal interests outweigh our legitimate interests; when your personal data has been processed unlawfully (e.g. because your consent was not validly obtained); when your personal data needs to be deleted in order to comply with a legal obligation resting on ISA. because your consent was not obtained in a valid manner); when your personal data needs to be deleted in order to comply with a legal obligation incumbent on ISA.
- The right to object: you may object at any time to the processing of (part of) your personal data if it is used for direct marketing purposes. You may also object to the processing of your personal data if this processing is based on our legitimate interests. In the latter case, we will no longer process your personal data, unless we have compelling legitimate grounds to do so anyway or because this processing is necessary for the establishment, exercise or substantiation of a legal claim.
- The right to restrict processing: you may in any case request us to restrict the processing of your personal data in the following situations:
if you dispute the correctness of your data; if the processing proves to be unlawful; if we no longer need your personal data for the purposes of processing; or pending the answer to the question of whether our legitimate interests outweigh yours in the context of an objection.

If you exercise your right to restrict processing, we will be allowed to process your data with your consent, except for storage.
- The right to data portability: Upon request, you have the right in certain cases to obtain your personal data in a structured, commonly used and machine-readable form, in order to transfer it to another entity. If technically possible, you may request us to transfer your personal data directly to this other entity. Your right of portability must not prejudice the rights and freedoms of others.
- The right to withdraw your consent: if the processing is based on your consent, you are free to withdraw your consent at any time.
10.3. If you contact us to exercise the above rights, please enclose a copy of your identity card or passport so that we can verify that the request indeed comes from you.
10.4. In case of issues regarding your personal data or other privacy concerns, you may also file a complaint with the Authority for the Protection of Personal Data.


11.1. ISA is strongly committed to the protection of your data. We, at ISA, take all administrative, technical and organisational measures to ensure the protection and confidentiality of your personal data and to protect your personal data from access, loss, misuse, transmission, alteration or destruction, whether accidental or unlawful.
11.2. Prior to the transfer of your personal data to a third party/processor, we will always ensure that this third party/processor provides an adequate level of security.


12.1 Google Analytics

In order to gain insight into the performance and use of, Google Analytics is used. This software records various data about the visitors on the website, the origin of the visit (e.g. via a link on Social Media or a reference on another web page), the web pages viewed, how long the website or web pages are visited, which search queries are used, etc.

ImportantThis data can never be used to trace back to an individual or person. E-mail addresses, telephone numbers etc. are excluded from this recording.

Cookies are also used to record the above data. Depending on the settings of your web browser, you may receive a notification of this when opening our website or webpage. We would like to emphasise that no data other than that described above is recorded.

On 23 April 2018 at 15:20, changes were made to Google Analytics:

- A processing agreement has been concluded with Google.
- For privacy purposes, the IP addresses are anonymised. (last octet)
- No data is shared with Google.
- No other Google services are used in combination with Google Analytics cookies, such as re-marketing.
- Exclusion of data collection

If you do not appreciate that we record your visiting behaviour, you can ensure that Google Analytics does not record data in cookies. You can take various actions to this end:

  1. Installing a plug-in on your web browser. (For an overview of the possibilities for the various web browsers, click here:
  2. If you wish to fully protect yourself against the acceptance and placement of cookies during your visit to, you should adjust the settings of your web browser. For more information, please check the privacy settings of your web browser.

12.2 Cookies

In order for the website to function properly and to record data about visitors (as described under "recording data"), places cookies.

Cookies are stored on your computer and you can delete them yourself at any time. For more information about deleting cookies, please refer to the settings or manual of your web browser. If you have deleted the cookies, certain websites may ask you for your preferences again or you may have to log in again.

Important: With cookies, personal data such as telephone numbers, e-mail addresses and bank account details are excluded from being recorded. Cookies are completely safe and can never be traced back to an individual or person.

Cookies used

Cookie name Validity Function
_ga 2 years Recognising / distinguishing users
_gid 24 hours Recognising / distinguishing users
_whole 1 minute Slowing down of visit speed. Has this been set up via the Google Tag Manager? Then this is called _dc_gtm_

Last updated 23 May 2018.