ISO 27001 certification

The security of your data and that of your participants has the highest priority for In the past years has developed a security organisation that offers protection on 5 levels. is ISO27001:2013 certified by DNV.GL. Here you can download the certificate and the statement of applicability.

ISO 27001 certification

Best Practices

Security culture

Secure systems

Secure storage

Secure connection and data centres

GDPR and Privacy

best practicesbest practices

Best Practices

ISO27001 is the most used standard for information security for governments and large companies. In order to comply with this standard, an organization must have a well-functioning management system in which the security of the data is continually improved. An organization must also take over a hundred control measures to ensure information security. Both requirements are verified annually by an external agency (DNV.GL).

ISO27001 is an extensive and costly system to implement and shows that is 100% committed to taking good care of your event and your data.

best practices

Security culture

The employees of are structurally educated in the field of information security. A confidentiality statement and a screening are also part of the conclusion of the employment contract. Within the screening, a Dutch "Certificate of Good Conduct" (VOG) is also requested that relates to the activities of the employee. In order to guarantee the continuous development of the employees and the competences of the employees in the field of information security, a competency scan takes place every quarter. The team includes an Information Security Officer and an Incident Response Team.

safe culture
safe culturesafe culture
safe systemssafe systems

Secure systems processes your data in systems that are separated from the internet via firewalls and load balancers. This ensures that malicious parties can not connect directly to the machines where your data is processed. All systems are included in a configuration management system and are automatically updated with the latest updates every day. Every month, these systems are subjected to an external security inspection based on information about the latest threats and recommendations.

safe systems

Secure storage

A unique innovation is our concept of data safes in the database for participant data. You will not notice anything of the data safe, but it provides extra protection for your participant data.

Your account comes with a safe for participant data. Just like with a letterbox, registrations can be added at any time, but only you can remove them with the key: your password. This ensures that unsecured participant data is never present in the system. Data is always stored in a secure state and cannot be retrieved without a password. The security of the data safe is based on encryption with AES 128 and RSA 2048, two leading standards in the field of encryption of sensitive data.

safe storage
safe storagesafe storage
safe connectionsafe connection

Secure connection and data centres

The internet connection with the systems always uses HTTPS when entering data. This is the same kind of secure connection that protects online banking.

Of course, these systems are set up in extensively certified data centers.

safe connection

GDPR and Privacy

For 10 years, has had a privacy policy that does not contain any surprises: we do not do anything with your data, or that of your participants, that you would not do yourself. In fact, we do not do anything with your data unless you ask us to. You can read more about this in our privacy statement. has been working for 10 years in accordance with the European Privacy Act and now this transition to the GDPR is of course included. meets all obligations arising from the GDPR. In addition to the regulations on data handling, the GDPR also sets a number of specific operational requirements:

  • has carried out a Privacy Impact Assessment.
  • A Data Protection Officer has been appointed.
  • All processes are audited on 'privacy by design.'
  • Procedures have been set up to comply with the obligation to help individuals to view, modify and delete their personal data.
  • does not carry out profiling or decision structures on the basis of personal data.
  • The data storage takes place in Europe.

The GDPR is a law that applies to the entire European Union. Because of this law, the protection of privacy is now well regulated throughout Europe. In addition, the European Union has drawn up so-called 'Model Clauses' for companies with data centers that process and store data from Europeans. These 'Model Clauses' provide the framework within which data can be processed safely and lawfully. The datacenters that uses are in the European Union and comply with these Model Clauses. With you meet the obligation to process data within the privacy regulations of the EU.

Data Processing Agreement

The GDPR stipulates that a Data Processing Agreement is required between and you. This agreement states the role we play in the processing of personal data and codifies mutual expectations. offers every customer the possibility to sign a processing agreement. For this we have set up a very easy do-it-yourself process in your account page.

What is required of you?

The GDPR states that you are obliged to provide a secure registration system. The law does not prescribe how you take care of this, but the intention and intent of the law does have similarities with the principles of ISO27001. This is no coincidence: ISO27001 is the best-known standard in the area of information security and the ISO27001 certificate provides proof that the registration system and the supplier are subject to extensive security checks. Without a certificate, you should carefully examine the safety of the system and the business operations of the supplier in order to comply with the obligations within the GDPR.

What can you pay attention to?

Some registration systems include in their security statement that HTTPS connections and ISO27001 data centers are used. These security measures are most easily implemented and has classified these as the lowest level of security.

Please note that an ISO27001 data center does not say anything about the security of the systems that have been set up there. It also says nothing about the security of the software or about the security in the operations of the suppliers. HTTPS also gives no guarantees about the protection of the supplier's networks or the security of the data storage. For data security, HTTPS and a secure data center are not sufficient.

At, security is a system that works through all layers of service and is an integral part of the product. distinguishes itself in the field of data security.