All Policies
Privacy Notice
As a customer, the palette of services you can use in our partner ecosystem includes network connectivity and cloud on ramps. Our ecosystem of channel partner companies offers best-in-class network service to mobile and last mile users, IP transit services, cloud exchange services and network cross connects.
1. Introduction
This Privacy Notice is provided by nLighten HQ BV (registered office address at Koolhovenlaan 120, 1119 NH Schiphol-Rijk, NL; Company number 84107588) and affiliated entities in Europe.
This Privacy Notice describes how we at nLighten collect, use, or otherwise process your personal data and for what purpose we may use your personal data in the context of our business activities. It is addressed to individuals outside our organization with whom we interact, including customers, suppliers, service providers, visitors to our websites, users of our portals and visitors to our premises (together: “you”)
Pursuant to the European General Data Protection Regulation (GDPR) and the UK Data Protection legislation, we will qualify as controller with respect to the personal data that we process. As a controller we have certain duties and responsibilities regarding our processing activities, and this means that we will only process personal data that are reasonably necessary in connection with the purposes set out in this Privacy Notice.
This Privacy Notice includes information regarding your rights with respect to the processing of your personal data.
2. Your relationship with us
In the context of our services, we may collect or obtain personal data about you as an individual, in e.g. the following ways:
- As a visitor to our office locations and/or data center facilities.
- When you interact with us through our websites or through social media.
- As a representative of our business relationship (customer, supplier, or service provider).
- As a registered customer representative using and accessing our customer portal.
- As an authorized representative of our customer, supplier or service provider accessing our secure data center facilities.
- As a prospect representative who shows interest in our services.
- As an applicant in a recruitment process.
3. How do we collect your personal data?
In the context of our services, we may collect or obtain personal data about you as an individual, in e.g., from the following sources:
Directly from you:
- Contact details that you provide to us as a representative of our contractual business relationship (e.g., client, supplier, service provider), either by email or telephone, or by any other means.
- Personal data that you provide to us by filling out a request form on our website (www.nLighten.eu).
- Personal data that you provide to us as an applicant in a recruitment process.
- Personal data that you provide to us when being hired by nLighten as an employee or as an independent professional.
Indirectly from you:
- Contact data: we collect or obtain personal data from our customer, supplier, or service provider, who provide your contact details to us as employer or as your agent.
- Security data: we collect information about your visits to our data center facilities and other premises, including records of the locations accessed (“data center access records”) and CCTV images captured during your visit of our data centers.
- Website data: we may collect or automatically obtain personal data when you visit our websites and our portals, e.g., by using cookies or other technologies.
- Registration and access details: we collect or obtain personal data when you use, or register to use any of our websites, portals, or services, including records of your interaction with us, such as details of your access to our portal.
4. For what purposes do we use your personal data and what is our legal basis for processing?
Personal data customer contacts
- Contact information (name, company, position, business email address, business/mobile number)
- Company and billing information: VAT number, bank account number, Chamber of Commerce registration number, website
- Communication: letters and e-mail messages with contact persons
- Information on the services provided to our customers and information on the subject matter
Purposes and legal basis for processing activities
We rely on the performance of a contract with our customers:
- For management of our business relationship
- For performance of contracted services
- Financial management and administration of contracted services
- To maintain up to date contact information into our systems
We rely on our legitimate interest:
- To ensure network and information security
- For legal compliance purposes
- Providing updates to our customers about our services
- To deal with possible complaints
- To establish, defend and exercise our legal position
Personal data supplier or service provider
- Your contact details (name, company, business email address, business and/or private mobile number)
- Business related information: VAT number, Chamber of Commerce registration number, bank account number, website
Purposes and legal basis for processing activities
We rely on the performance of a contract:
- For performance of contracted services, including day-to-day operational purposes
- For administrative purposes, including payment of invoices
- To maintain up to date contact information into our systems
- For invitations to business events and/or to receiving business related information
We rely on our legitimate interest:
- To deal with possible complaints
- To establish, defend and exercise our legal position
Personal data of a job applicant
- Your personal contact information: name, surname, postal address, job title, title, home number and/or mobile phone number, email address
- Business related information: VAT number, Chamber of Commerce registration number, bank account number, website
- Basic information in the recruitment procedure: your curriculum vitae, your application letter, your assessment and/or other information, such as references
Purposes and legal basis for processing activities
We rely on your consent for using your personal data:
- For recruitment activities and handling of job applications
- To assess the suitability of the applicant
- For offer and acceptance details
We rely on our legitimate interest:
- For security purposes or for the protection of our interests, the interests of other personnel or clients, such as preventing fraud, corruption or other offences or illegal activities
Personal data of an employee
- Your contact details (name, surname, email, home address, business/mobile number)
- Basic onboarding data, including nationality, marital status, birth date, bank account information, copy passport and tax identification number
- Job related data, including work permit (if applicable), compensation and allowances, information related to pensions, information related to insurances, sick leave related information (no health information)
- Information collection in the application procedure as well as during the employment, including certificate of conduct, development assessments and other relevant information
- Security related data such as logging records of your use of our IT systems, records of internal awareness training
Purposes and legal basis for processing activities
We rely on a legal obligation as an employer:
- To withhold taxes and pay social security premiums
- To establish, exercise or defend legal claims in the context of nLighten’s liability as employer
We rely on the performance of a contract with our employees:
- To keep, maintain and administer personnel records, payroll and salary records
- To determine and pay out salaries and other remuneration
- To withhold and pay out to the competent tax authorities the required (wage) taxes
- To execute pension
- To arrange for insurances
- To assist you and help re-integrate you after sickness or accidents
- To evaluate your performance
- To optimize your work activities
- To terminate your employment
We rely on our legitimate interest:
- For security purposes or for the protection of our interests, the interests of other personnel or clients, such as preventing fraud, corruption or other offences or illegal activities
- To ensure compliance with our code of conduct, internal policies and procedures and other instructions
Personal data of an independent professional
- Your contact details (name, surname, company, address, email address, business/mobile number)
- Business related information: VAT number, Chamber of Commerce registration number, bank account number, website
- Security related data such as logging records of your use of our IT systems, records of internal awareness training
Purposes and legal basis for processing activities
We rely on the performance of a contract with you for using your personal data:
- For performance of contracted services
- For administrative purposes, including payment of invoices
- To maintain up to date contact information into our systems
- For invitations to business events and/or for receiving business related information
We rely on our legitimate interest:
- For security reasons or for the protection of our interests, the interests of our personnel or clients, such as preventing fraud, corruption or other offences or illegal activities
- To ensure compliance with our code of conduct, internal policies and procedures and other instructions
Personal data visitors to our data centers
- Use of Video Surveillance systems (CCTV), both outside and inner areas
- Your contact details (name, surname, email address, business/mobile number, vehicle registration number)
- Biometric information by using fingerprint access for regular visitors
- Access log records (day, hour, badge nr)
Purposes and legal basis for processing activities
We rely on our legitimate interest:
- For the physical security of our data centers
- For authentication and identification purposes
- To secure and control physical access to our data centers and customer area
- For information security compliance purposes
- For incident reporting (incl. to local authorities)
Personal data of visitors to our website
- Your contact details (name, title company, email address, business phone number)
- Technical information such as your IP-address, device type, browser type and settings, dates and times connecting to our website
- Consent records: records of consent that you have given, together with date and time and related information (e.g., subject matter of consent)
- Necessary cookies for usage statistics, usage data
Purposes and legal basis for processing activities
We rely on your consent:
- For communicating with you in relation to your visit to our website
- For tracking and analyzing your surfing behavior
- For using your contact details for marketing purposes
We rely on our legitimate interest:
- To improve our services and the quality thereof
- For aggregate statistical information
Explanatory notes to the legal bases for processing:
- We may use your personal data for the performance of a contract in the context of our business relationship and/or in the context of the performance of contracted services.
- We may use your personal data for our legitimate interests, to the extent these legitimate interests are not overridden by your interests, fundamental rights, or freedoms.
• For providing information to customers and other relations about our products and services we rely on legitimate interest.
• For providing information to prospects for marketing purposes, we will rely only on legitimate interest if applicable law allows us to do so. - We may process your personal data based on your consent only for processing that is completely voluntary, and therefore based on your explicit confirmation (e.g., ticking a box, clicking the accept-button), based upon clear and transparent information. Your consent can be withdrawn at any time.
- We may use your personal data to comply with a legal obligation in accordance with applicable law.
5. With whom do we share your personal data?
5.1 We may share your personal data with our contracted service providers, suppliers and other third-party data processors who act on our behalf and only process personal data in accordance with our prior documented instructions. These recipients are authorized to use personal data only as necessary to provide us with their services. With whom and/or what categories of recipients your personal data may be shared is described here below.
- Applicants:
• With suppliers who have information on your suitability (e.g., assessment and employment agencies) or provide us with information (e.g., references) at your request, such as current or former employers. - Employees:
• With administrative bodies or organisations (e.g., social security and pension funds). - Clients:
• With parties involved in our services (e.g., legal professionals, translation agencies). - Website users/visitors
• Suppliers that maintain the user statistics of our website.
• Other third parties with whom personal data is shared if visitors have given consent.
5.2 Where we engage any service providers, we take all reasonable and adequate measures to ensure the confidentiality and security of personal data is protected, together with any additional requirements under the applicable Data Protection Legislation. A list of processors to whom we disclose personal data and associated purpose can be requested at info@nlighten.eu.
5.3 We may share personal data with other entities within nLighten for legitimate purposes and for the operation of our website and our services to you, in accordance with applicable law.
5.4 We may share personal data with legal authorities and external advisors as necessary in connection with legal proceedings, and for investigating, detecting, or preventing criminal offences.
5.5 We will only share personal data with third parties that guarantee to implement appropriate security measures to ensure that the processing activities meet the requirements of the applicable Data Protection Legislation and that ensure the protection of your individual rights.
6. Data transfer to countries outside EEA
Where we transfer your personal data from the Netherlands and/or Germany and/or the United Kingdom to recipients (e.g., third party data processors) located in countries outside the EEA that are not recognized by the European Commission as having an adequate jurisdiction, we will do so on the basis of the European Commission’s Standard Contractual Clauses (latest version 4 June 2021). From the United Kingdom we will transfer data outside the EEA on the basis of UK’s International Transfer Agreement or UK’s International Data Transfer Addendum to EC’s Standard Contractual Clauses.
The applicable Standard Clauses set out the rights and obligations for us as a responsible data controller and for the receiving data processing party to ensure appropriate data protection safeguards for the transfer to the receiving party. The Standard Clauses will also include specific technical and organizational measures implemented by the receiving party to ensure that the security of your personal data will be essentially equivalent to the GDPR requirements.
7. How do we secure your personal data?
We have taken appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and unauthorized access. The measures ensure the confidentiality of your personal data, and the maintenance of the integrity and availability of your personal data.
Measures include events logging of user activities on data processing systems, access to networks and systems restricted to staff with access rights, encryption in transit and storage where required, ensuring automatic back up of personal data and its availability in the event of a security incident, periodic testing and assessing and evaluation of the effectiveness of our measures to ensure the security of data processing.
Personal data in relation to your physical access to the data centers (CCTV recording, data center access records) will be held in the local systems on our premises and be subject to applicable local laws. Other personal data (e.g., customer account details) may be stored on servers of authorized service providers to which equivalent appropriate security measures apply.
Unfortunately, no data storage system or data transmission can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately (see contact details under 9).
8. How long do we retain your personal data?
We will not retain your personal data for any longer period than necessary or permitted by law to fulfill the purposes for which your personal data was obtained. The criteria for determining our retention periods include:
- The duration of our ongoing business relationship with you
• where we provide services and/or carry out a contract with you and/or your employer
• where you are lawfully included in our mailing list and have not unsubscribed
- Where we have a legitimate interest in processing the personal data for the purposes of operating our business and fulfilling our obligations with you and/your employer.
- Restricted retention periods, subject to applicable local laws and regulations shall apply for the following categories of personal data:
• CCTV recordings (physical security upon entering data center premises): 30 days.
• Access log records (based on secure biometric access to data centers): 12 months from date reader registration.
• Personal data of applicants in recruitment procedure that are not hired: 4 weeks – 6 months (unless applicant has consented to keep the personal data set longer: a maximum of 12 months).
- In compliance with legal obligations the following statutory retainment periods apply:
• For business records (tax and administration):
– Netherlands: 7 years after end of relevant tax year
– Germany: 10 years after end of relevant tax year
– United Kingdom: 3 years after end of relevant tax year
- Protecting our legal position
• To preserve evidence during any applicable limitation period under applicable law (any period during which any person could bring a legal claim against us in connection with your personal data, or to which your personal data are relevant for defending our interests in the context of judicial proceedings
9. What are your rights and how can you exercise them?
Under the Data Protection Legislation, you have the following rights that you may exercise in the context of our processing your personal data:
- The right of information about the personal data that we process about you. This includes the right to request access to, or receive copies of, your personal data, together with information regarding the nature, purposes of processing and with whom we have shared your personal data.
- The right to request rectification of any inaccuracies in your personal data.
- The right to request, on legitimate grounds:
• The erasure of your personal data and/or the right to be forgotten
• Restriction of processing of your personal data (e.g., for direct marketing purposes)
- The right to have your personal data transferred to another organisation in a structured, commonly used and machine-readable format, to the extent applicable (the right to portability).
- The right to object to processing of your personal data.
- Where processing of your personal data is based on consent, the right to withdraw your consent to such processing (this does not affect the lawfulness of any processing prior to the date of such withdrawal).
How to contact us
If you wish to exercise any of your rights, or if you want to ask a question about our processing of your personal data, please contact our privacy counsel at info@nlighten.eu.
If you are not satisfied with the way we respond to your request, please let us know.
If you feel your rights have been violated, you may file a complaint with the competent Data Protection Authority. For residents in the EU or UK the local Data Protection Authority, or with our leading Data Protection Authority, located in the Netherlands (AP), via its website
10. Use of cookies and other technologies
10.1 What are cookies:
A cookie is a small text file that is stored on your device by means of the website that you visit. Cookies can be accessed by your webserver or your device. As the administrator of our website, we may set cookies on your device. These cookies are called ‘first party’ cookies. Some cookies may also be set on your device by other parties, such as our advertisers or parties that set cookies to display certain content our website (e.g., videos). These cookies are called ‘third party’ cookies.
This Privacy Notice does not apply to the use of the cookies, set via our website by third parties. We cannot guarantee that these third parties will use your (personal) data in the most reliable and secure manner. Therefore, we cannot take any responsibility for the way these third parties make use of your cookies. For more information about how these third parties use your (personal) data, we refer to the privacy notices of these third parties.
10.2 Type of cookies
On nLighten’s website the following functional, analytical, and tracking cookies or similar technologies can be used.
Functional (necessary) cookies:
These cookies are necessary and make a website usable by enabling basic functions like navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Analytical cookies:
These cookies help website owners to understand how visitors interact with websites by collecting and reporting information. They allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.
Targeting/tracking cookies:
These cookies are used for marketing and advertising and can be set through our site by our (advertising) partners. They may be used by us or those companies to build a profile of your interests and show you relevant content and ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience targeted advertising across other websites.
On our website we use the following cookies:
Google Tag Manager
- Type/Cookie: Functional
- Purpose: Integration third party tools
- Retention period: –
Google Analytics
- Type/Cookie: Analytics
- Purpose: Analyze user behavior
- Retention period: 2 months
Below you can find a link to the privacy and/or cookie policy of the third parties that set performance and/or tracking cookies through our website. We encourage you to read these policies carefully.
10.3 Enabling and disabling cookies
You can set your browser in such a manner that it is merely allowed to store cookies with your consent. For more information, please consult your web browser’s manual. Please note that many websites do not work optimally if cookies are disabled. You can also choose to delete cookies manually. For more information, please consult your web browser’s manual.
11. Updates to our Privacy Notice
This Privacy Notice may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. In these cases, the adapted Privacy Notice will be published on our website. In case of material changes we will do our best to inform you directly. We encourage you to read this Privacy Notice carefully. If you have any questions regarding the processing of your personal data, please contact our office manager (see relevant contact details under section 9).
Effective: 1 December 2022