ISO 27001 certification

Your and your participants data is secure

The security of your data and that of your participants has the highest priority for
In the past years has developed a security organisation that offers protection on 5 levels. is ISO27001:2022 certified by DNV. Here you can download the certificate and the statement of applicability.



Best Practices

ISO 27001 is considered the standard norm for information security management. To comply with this standard, an organization must have an effective management system that ensures continuous improvement of data security. In addition, the organization must implement multiple careful control measures to guarantee information security. Both requirements are annually audited by an external entity, such as DNV.

This ensures that security remains at a high level and demonstrates our commitment to continuous improvement in information security, placing us in a leading position.

The annual audits are crucial for in obtaining the ISO 27001 certification. They provide an objective assurance of data security and enable us to clearly communicate our dedication to the highest standards in information security to customers and stakeholders.

Security culture

The employees of are structurally educated in the field of information security. A confidentiality statement and a screening are also part of the conclusion of the employment contract. Within the screening, a Dutch “Certificate of Good Conduct” (VOG) is also requested that relates to the activities of the employee. In order to guarantee the continuous development of the employees and the competences of the employees in the field of information security, a competency scan takes place every quarter. The team includes an Information Security Officer and an Incident Response Team.

Secure systems processes your data in systems that are separated from the internet via firewalls and load balancers. This ensures that malicious parties can not connect directly to the machines where your data is processed. All systems are included in a configuration management system and are automatically updated with the latest updates every day. Every month, these systems are subjected to an external security inspection based on information about the latest threats and recommendations.


Secure storage

A unique innovation is our concept of data safes in the database for participant data. You will not notice anything of the data safe, but it provides extra protection for your participant data.

Your account comes with a safe for participant data. Just like with a letterbox, registrations can be added at any time, but only you can remove them with the key: your password. This ensures that unsecured participant data is never present in the system. Data is always stored in a secure state and cannot be retrieved without a password. The security of the data safe is based on encryption with AES 128 and RSA 2048, two leading standards in the field of encryption of sensitive data.


Secure connection and data centres

The internet connection with the systems always uses HTTPS when entering data. This is the same kind of secure connection that protects online banking.

Of course, these systems are set up in extensively certified data centers.

GDPR and Privacy

For 10 years, has had a privacy policy that does not contain any surprises: we do not do anything with your data, or that of your participants, that you would not do yourself. In fact, we do not do anything with your data unless you ask us to. You can read more about this in our privacy statement. has been working for 10 years in accordance with the European Privacy Act and now this transition to the GDPR is of course included. meets all obligations arising from the GDPR. In addition to the regulations on data handling, the GDPR also sets a number of specific operational requirements:

  • has carried out a Privacy Impact Assessment.
  • A Data Protection Officer has been appointed.
  • All processes are audited on ‘privacy by design.’
  • Procedures have been set up to comply with the obligation to help individuals to view, modify and delete their personal data.
  • does not carry out profiling or decision structures on the basis of personal data.
  • The data storage takes place in Europe.

The GDPR is a law that applies to the entire European Union. Because of this law, the protection of privacy is now well regulated throughout Europe. In addition, the European Union has drawn up so-called ‘Model Clauses’ for companies with data centers that process and store data from Europeans. These ‘Model Clauses’ provide the framework within which data can be processed safely and lawfully. The datacenters that uses are in the European Union and comply with these Model Clauses. With you meet the obligation to process data within the privacy regulations of the EU.

Data Processing Agreement

The GDPR stipulates that a Data Processing Agreement is required between and you. This agreement states the role we play in the processing of personal data and codifies mutual expectations. We also manage what we can expect from each other. For this we have set up a very easy do-it-yourself process in your account page. For this we have set up a very easy do-it-yourself process in your account page.

What is required of you?

The GDPR states that you are obliged to provide a secure registration system. The law does not prescribe how you take care of this, but the intention and intent of the law does have similarities with the principles of ISO27001. This is no coincidence: ISO27001 is the best-known standard in the area of information security and the ISO27001 certificate provides proof that the registration system and the supplier are subject to extensive security checks. Without a certificate, you should carefully examine the safety of the system and the business operations of the supplier in order to comply with the obligations within the GDPR.

What can you pay attention to?

Some registration systems include in their security statement that HTTPS connections and ISO27001 data centers are used. These security measures are most easily implemented and has classified these as the lowest level of security.

Please note that an ISO27001 data center does not say anything about the security of the systems that have been set up there. It also says nothing about the security of the software or about the security in the operations of the suppliers. HTTPS also gives no guarantees about the protection of the supplier’s networks or the security of the data storage. For data security, HTTPS and a secure data center are not sufficient.

At, security is a system that works through all layers of service and is an integral part of the product. distinguishes itself in the field of data security.

download-1 ISO 27001 certification

Download the certificate

download-1 Statement of Applicability

Download the certificate