Privacy Statement

version 06-2021

Fidron B.V. (hereinafter: Fidron) attaches great importance to the protection of your personal data. In this Privacy Statement, we want to provide clear and transparent information on how we deal with personal data and the rights of those involved.

If, after reading this Privacy Statement, you still have questions or comments, please contact our internal manager by emailing privacy@fidron.nl.

Who are we?

Fidron is a Private Investigation agency specialized in the automotive industry. Fidron is mainly involved in tracing, seizing and securing collateral on behalf of finance, lease and rental companies. Fidron also performs numerous investigations in the field of theft, fraud and debt collection.

For the above-mentioned activities, Fidron has both a licence from the Ministry of Justice and Security (POB nr. 833) and a licence from The Dutch Authority for the Financial Markets (AFM nr. 12044875).

Why do we process personal data?

As a Private Investigation agency, Fidron obtains personal data both from its clients and from publicly accessible sources (e.g. Chamber of Commerce register, Social Media). We also process personal data provided by the data subjects themselves. To be able to carry out our work, we need to process these personal data.

In the overview below you will find the specific purposes for which we process personal data, the basis, the retention period and the personal data concerned that are processed for that purpose.


Execution of the research task / detective work


Name and address details, contact details (telephone number(s), e-mail address(es)), vehicle registration number, financial details (IBAN, outstanding debts, debtor due date), company details (Chamber of Commerce number, business address), debtor portal login details


Execution of the agreement, pursuit of legitimate interests

Storage period

Not less than 3 and not more than 5 years after conclusion of study (unless a study requires a longer period)


Fraud investigation


Name and address details, contact details (telephone number(s), e-mail address(es)), vehicle registration number, financial details (IBAN, outstanding debts, debtor due date), company details (Chamber of Commerce number, business address), debtor portal login details


Execution of the agreement, pursuit of legitimate interests

Storage period

8 years after conclusion of investigation (unless an investigation requires a longer period)


(Financial) Administration


Financial data (IBAN, outstanding debts, due date of the debt), company data (Chamber of Commerce number, business address)


Legal obligation

Storage period

7 years




Contact details (email address)


Express consent

Storage period

Until unsubscription (you have the right to withdraw your consent at any time)

Storage period

In principle, personal data are not kept longer than is strictly necessary for the purpose for which they have been provided. We strive to observe the principle of minimal data processing. We therefore use different retention periods. After this retention period, we remove or anonymise the personal data.

For exceptional situations (e.g. fraud prevention) we have a legitimate interest to keep personal data longer. We regularly check whether this legitimate interest still applies.

Special personal data

In principle, Fidron does not process special personal data. After all, the processing of special personal data is prohibited without legal exception. That is why special personal data are only processed when there is a specific statutory exception.

When do we provide personal data to third parties?

We only provide personal data to third parties if this is strictly necessary for one of the above purposes. We have concluded processing agreements with these third parties. These (sub)processors will only use the personal data for the purpose that we agreed upon.

We will not share personal data with third parties/sub-processors without the express consent of the (co-)controller.

We never sell personal data to third parties.

What rights do you have as a data subject?

As a data subject, you have several rights to control your personal data. We want to be transparent in our data processing. Below you will find the rights you, as a data subject, can invoke. We take care to respond to your request in the right way.

  • Right of Inspection: If you request your right of access, we will provide you with an overview of all personal data or copies of documents that we have collected from you. In addition, we will state the purpose and explain the basis of this processing.
  • Right to rectification: You have the right to submit a request for rectification of any incorrect information relating to you. You also have the right to have the incorrect information rectified and possibly replaced by correct information.
  • Right to Object: In certain situations you can object to the data processing.
  • Right to data portability: You have the right to request your personal data which we process digitally. We will transfer these data to you in a digital and structured way.
  • Right to forget: In a few situations you have the right to be forgotten. This means that we will remove any (possible) personal data about you.
  • Right to restriction: In some situations you have the right to (temporarily) restrict data processing.

For exceptions and explanations to the above rights, please refer to the website of the Authority for the Protection of Personal Data.

We ask you to verify your identity by sending a copy of your identity document. Please make sure to cover the BSN number and your passport photo (Tip: use the CopyID app from the Dutch government). We will not share personal data if you cannot prove that you are the data subject.

To invoke one of the above rights, please submit your request to the e-mail address below. For a sample letter you can consult the website of the Authority Personal Data.

How do we ensure that personal data is processed securely?

Fidron takes the protection of your personal data very seriously. Personal data are stored in a secure cloud environment. Our ICT partner ensures that this digital environment is constantly up-to-date and meets the necessary security requirements. The ICT partner has the ISO 27001 and NEN 7510 certificates, received for its information security policy.

In addition to technical measures, we also take various organisational measures to secure personal data against loss and/or unlawful processing. Employees are required to sign a confidentiality agreement and are regularly trained on the internal protocols for processing personal data.

We have a protocol for when a data breach occurs, in order to act as quickly as possible after discovery. If necessary, we report data breaches to the AP and to the person(s) concerned. We always report data breaches to our clients within the agreed period.

Do we share personal data outside the EEA?

We only share personal data with parties in countries outside the EEA if certain conditions are met regarding the level of protection of the data processing. The third country, outside the EEA, must meet the adequacy requirement of the EC.

We do not share personal data outside the EEA without our client's written consent.

Automated decision making

We do not engage in automated decision making and/or profiling.

How can you file a complaint?

If you suspect that we have handled your personal data carelessly, you can file a complaint with our internal manager. If the complaint requests it, we will contact you or try to solve the complaint ourselves. You can address your complaint to privacy@fidron.nl with the subject line "Complaint about...

You have the right at all times to submit a complaint to the supervisory body, the Dutch Data Protection Authority.

Fidron B.V.
PO Box 696
8000 AR Zwolle

Tel.: +31 (0)38 - 4258860
Email: privacy@fidron.nl