+31 70 20 42 7 42
+31 70 20 42 7 42

Everything defined with us

Privacy statement • investigated persons

At Haagsch Recherchebureau, we attach great importance to protecting the privacy of the people involved in our investigations. In this privacy statement, we explain what personal data we collect, how we use, store, and protect it. This privacy statement applies to all investigations carried out by the Haagsch Recherchebureau.

1. Data controller

Haagsch Recherchebureau, with its registered office at Alexanderveld 5, 2585 DB The Hague, registered with the Chamber of Commerce under number 74655736, is responsible for processing personal data in the context of carrying out private investigation tasks.

We treat personal data confidentially and process it only in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the AVG Implementation Act.

Because some studies are carried out covertly, it is possible that data subjects are not informed about the processing in advance. In that case, this is based on Article 14 (5) (b) GDPR, because notification would interfere with the purpose of the investigation. As soon as this is no longer the case, the person concerned will still be informed.

Do you have questions about this? Feel free to contact our Data Protection Officer (DPO).

Contact details:
Haagsch Recherchebureau
Alexanderveld 5
2585 DB The Hague

070 20 42 7 42
fg@haagschrecherchebureau.nl

FG number: FG0017215

2. Types of personal data

We process various types of personal data, including data that we obtain directly from the person being investigated and data that we receive from third parties or public sources. We obtain personal data, among other things, via:

  • public registers (such as the Commercial Register, Land Registry or municipal basic records);
  • public online resources, including social media;
  • statements from third parties (such as witnesses or clients);
  • own observations, observations or video and sound recordings during investigations.

The categories of personal data include:

  • Name, first names, gender, date of birth, place and country
  • Address, phone number (s), email address
  • Bank account numbers (e.g. IBAN, PayPal address, credit card number)
  • Photos, video footage, sound recordings that identify a person
  • Location data (e.g. via GPS, IP address)
  • Vehicle details (license plates, registration information)
  • Work-related information (e.g. job, employer information)
  • Company-related information (e.g. Chamber of Commerce number of a sole trader, partnership, directors of legal entities and UBOs)
  • Pseudonymous data (e.g. employee numbers, customer numbers, user names)
  • Information about online activities (social media profiles, surfing behavior)
  • Financial information (e.g. income, debts, property, transactions)
  • Criminal data and information related to conduct relevant to the investigation
  • Other information that may be indirectly traceable to an individual (e.g. via third parties, witness statements)

If we process special or criminal data, we will only do so if this is strictly necessary for the investigation purpose and permitted by: Article 9 (2) (f) GDPR (legal claim) or article 10 GDPR in combination with article 32 GDPR Implementation Act.

3. Purposes of processing

The personal data is only processed for the purpose of carrying out private investigations, including:

  • establishing facts and circumstances in the event of suspected fraud, theft, absenteeism or other irregularities;
  • collecting evidence in legal proceedings;
  • advising clients based on investigation results.

Prior to each investigation, we weigh interests in which we determine whether the processing is necessary and whether your right to privacy does not outweigh the legitimate interest of us or our client (Article 6 (1) (f) GDPR).

4. Legal basis for processing

We only process personal data if there is a legal basis for doing so. Depending on the type of investigation, we base ourselves on:

  • Article 6 (1) (f) GDPR (legitimate interest): to carry out private investigation tasks aimed at finding the truth, preventing fraud and protecting property.
  • Article 6 (1) (c) GDPR: when processing is necessary to comply with legal obligations, for example under the Private Security Organizations and Detective Agencies Act (Wpbr).
  • Article 6 (1) of the GDPR: to protect a person's vital interests, for example in the event of imminent danger.
  • Article 6 (1) (a) GDPR: when the person concerned has given explicit consent.

In each investigation, we assess whether the processing is necessary and proportionate and document this balance of interests.

5. Bewaartermijnen

We do not store personal data longer than necessary for the purpose for which it was collected:

  • Investigation files: maximum five years after completion of the investigation, unless the data is part of an ongoing legal process.
  • Financial administration: seven years, in accordance with the tax retention obligation.
  • Criminal or sensitive information: no later than six months after completion of the investigation, unless a legal obligation or procedure requires a longer storage period.

After the end of the storage periods, the data is securely destroyed or anonymized.

6. Sharing personal data

We only share personal data with third parties when this is necessary for carrying out the investigation or to comply with legal obligations.

Recipients can be:

  • clients (only to the extent relevant to the investigation);
  • lawyers, notaries or bailiffs;
  • external specialists or IT service providers who work under confidentiality;
  • judicial authorities or supervisors where required by law.

When we use IT services or cloud storage outside the European Economic Area, we do so only in accordance with the provisions of articles 44—49 GDPR and preferably based on the EU—US Data Privacy Framework or standard contractual clauses.

7. Personal data security

We take extensive technical and organizational measures to protect your personal data against loss, unauthorized access, unlawful processing or disclosure. Some of the most important security measures we use include:

  • Two-factor authentication (2FA): We use two-factor authentication to access our systems. This means that, in addition to a password, an additional verification step, such as a code on your mobile device, is also required to gain access.
  • Single Sign-On (SSO): We use a Single Sign-On system, allowing employees to log in securely and efficiently with a single set of credentials for multiple applications, while their access is monitored and managed.
  • Encryption (SSL): Sensitive information exchanged via our website is protected by Secure Sockets Layer (SSL) encryption. This ensures that data is transmitted securely between you and our servers.
  • Data breach protocol: We have a strict data breach protocol that provides procedures for reporting, investigating and dealing with data breaches. If necessary, we will inform you and the Data Protection Authority in a timely manner about a data breach, in accordance with legal requirements.
  • Password protocol: We use a strict password protocol, where passwords must meet high security requirements, such as minimum length, complexity and regular renewal. Employees only have access to the systems and data that are necessary for their work.
  • Access to data limited to authorized employees: Access to personal data is strictly limited to employees who are authorized to process that data. This is regulated through authorization management and the principle of minimal access, where employees only have access to the data they need for their specific tasks.
  • Regular data protection checks: We carry out regular checks and audits to ensure that our data protection measures comply with the latest security standards and that there are no vulnerabilities in our systems. This helps us to continuously ensure the confidentiality, integrity, and availability of your personal data.

Through these measures, we can guarantee the security of your personal data and ensure that it does not fall into the wrong hands or is processed unlawfully.

In addition, we periodically review our security measures and internal procedures and apply the principle of toe. This means that we already take data protection into account when setting up each study and process only the data that is strictly necessary.

8. Data Protection Impact Assessment (DPIA)

For our investigation activities, we carry out a data protection impact assessment (DPIA), as required under article 35 GDPR and it Decision of the Data Protection Authority of 27 November 2019. This assessment helps us identify the risks to the privacy of data subjects and take appropriate measures to mitigate them.

9. Rights of data subjects

You have the following rights with respect to your personal data:

  • Right to access, you can request a copy of the personal data that we hold about you.
  • Right to rectification, you can have inaccurate or incomplete data corrected.
  • Right to be forgotten, in certain cases, you can ask us to delete your personal data.
  • Right to restrict processing, you can ask us to restrict the processing of your data in specific situations.
  • Right to object, you can object to the processing of your data based on legitimate interests.
  • Right to data portability, you can request that your data be received in a structured, commonly used and machine-readable format.

During ongoing investigations, we may temporarily restrict certain rights, such as the right to view or delete, if providing them would interfere with the investigation or frustrate the purpose. This restriction is permitted under article 41 of the GDPR Implementation Act.Once the restriction is no longer necessary, you can fully exercise your rights.

You can exercise your privacy rights through us AVG request form. To ensure that the request for inspection has been made by you, we ask you to perform an ID check.

If you are not satisfied with how your personal data is or has been processed by Haagsch Recherchebureau, you can make use of our legal obligations complaints procedure.

If your complaint has not been dealt with satisfactorily, you can contact the national supervisor, the Personal Data Authority.

We reserve the right to amend this privacy statement. You can always find the most current version on our website.

Recognized & licensed by
At Haagsch Recherchebureau, we have 8 detectives across The Netherlands at your service — from the first fraud advice to the convincing evidence you need to take action.

With care and attention to your case, we offer the certainty of independent evidence.
070 - 20 42 7 42Plan je adviesgesprek

For employers

Integrity investigationFraud investigationCorporate theft investigationAbsenteeism investigationTransgressive behaviorCompetition clausePre-employment screeningPreventive surveillanceMystery guestPhysical pentestSME Risk ScanMKB Risicoscan
For individuals
Alimony investigation(Online) scam investigationCosts private detective
For lawyers
Independent burden of proofRecovery investigationFact-finding
For property owners
Tenant controlHousing fraud investigation
Work region
GroningenAmsterdamThe HagueUtrechtZwolleRotterdamEindhovenMaastricht
Detective agency
About usFAQsBlogJobsPress
Detective academy
Haagsche Recherche Academie
Terms and ConditionsPrivacy StatementCookie StatementPrivacy Code of ConductDisclaimerAccessibility StatementComplaints ProcedureResponsible Disclosure
WhatsApp Logo
Yes, I want a free advice