What are the most important changes when the General Data Protection Regulation comes into effect?

Control over your data

The safety of data and privacy are one of  the most important pillar stones of Nmbrs. This is why we find it (very) important that you can trust we process your data in a secure manner. This is only possible when our software is working properly and safe, our internal processes and policies are up to date and that our employees deal with your (company)data in the right ways. This is something we are continuously working on.


What constitutes personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

In the processing of personal data, Nmbrs adheres to the most important principles: legality, transparency, purpose limitation and accuracy.



The used procedures are in accordance with the applicable rules and decisions.



Accessibility is central to communication; both in finding the right information and in expressing the rights of those involved.


Purpose limitation

The personal data collected will be used for a specific legitimate purpose and will not be provided for other purposes.



The personal data must be accurate and kept up to date

The data subject rights under the GDPR

In addition to giving proper interpretation to the four above-mentioned principles, the GDPR grants 8 fundamental data subject rights. You must give substance to these (privacy) rights of individuals with respect to their personal data.

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
The right to know whether data concerning him or her are being processed.
When personal data are inaccurate, then controllers need to correct them indeed.
The GDPR introduces a right for individuals to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’.
Individuals have the right to request the restriction or suppression of their personal data. When processing is restricted, you are permitted to store the personal data, but not use it. This is not an absolute right and only applies in certain circumstances.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing. In other cases where the right to object applies you may be able to continue processing if you can show that you have a compelling reason for doing so.
The data subject should have the right not to be subject to a decision, which may include a measure, evaluating personal aspects relating to him or her which is based solely on automated processing and which produces legal effects concerning him or her or similarly significantly affects him or her. Such processing includes 'profiling' that consists of any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject's performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning him or her or similarly significantly affects him or her.

Nmbrs and the GDPR

We have appointed our Compliance and Risk Officer as our Data Protection Officer (DPO) who is registered as such with the Dutch Data Protection Authority.


Falko Cats

+31 (0)85 888 9961 (Office hours)


We have implemented technical and organizational measures to show that we integrated data protection into our processing activities.(Privacy by Design & Privacy by Default)

Further we have substantive agreements with its suppliers and sub-processors, specifically about the way in which personal data is handled and how they are protected. For more information about this look at our sub-processors page.

If you have additional questions for this, please contact

"Privacy by design & by default should be a core value of everyone"

Falko Cats, Compliance Officer

What else do we do?

We want to inform you in the best possible way about our security measures. Visit our security page for a complete understanding of our policies and technical measures.

Visit security page