This Privacy Statement defines how the KOMO Foundation (hereinafter referred to as ‘the Foundation’ or ‘we’ / ‘us’) handles personal data belonging to our certificate holders, certification bodies, companies, suppliers and other contacts.
This statement also clarifies the goals and principles of data processing. It also sets out which personal data we process. This statement also describes your personal data rights and who your contact person is within the Foundation.

General measures to protect personal data

The Foundation respects your privacy. All personal data belonging to you and retained by us is treated with care and protected in accordance with the new European privacy legislation, the General Data Protection Regulation (GDPR).

Personal Data

Personal data is information about an identified or identifiable natural person. The type of data the Foundation collects is determined by the purpose for which it is collected. If it is relevant for a specific purpose, we process the following personal data:

a.  Initials
b.  Surname
c.  Address
d.  Telephone number
e.  Email address
f.  Company name
g.  Data relating to your network peripherals, such as an IP address
h.  Data about your web surfing behaviour.

How we process personal data

The reasons why we collect your personal data include, for example; because you make it available to us when you sign up for a newsletter; because you enter into an agreement with us; or because you use our website.
Personal data you have given us (for the principle on which this is based, see below in this text)
We process personal data if you:

  • Apply for My KOMO (principle A)
  • Provide a project description for placement on the KOMO website (principle A)
  • Carry out certification for us (principle B)
  • Use the registration form to register for the digital newsletter on the website (principles F and A)
  • Use the registration form to register for meetings (principle A)
  • Use the contact form (principle A).

We acquire personal data when we:

  • Enter into an agreement with a supplier (principle B)
  • Process, administer and invoice orders (principle B)
  • Conduct statistical analyses (principle F).

Principle(s) for the processing and legitimate interests

The Foundation processes personal data according to the principles defined under the General Data Protection Regulation (GDPR).
Data processing is permitted in accordance with the GDPR on the basis of the following principles:
A. The data subject has given permission for processing.
B. The processing is necessary for the implementation of an agreement (e.g., employment contract, but also for a Licensing Agreement or a Service Level Agreement (SLA).
C. The processing is necessary in order to comply with a legal obligation (e.g., the Quality Assurance Act for building).
D. The processing is necessary to protect vital interests (vital: e.g., First Aid).
E. The processing is necessary for performing a general interest task (e.g., government, MOT inspection station).
F. The processing has a legitimate interest for the processing (e.g., marketing/direct mail).

Purposes of the Processing

Purpose Principle (A, B, C, D, E, F as indicated above)
To use My KOMO. The data subjects do not give permission (A).
Placing of reference project or blog on the website. The data subjects give permission (A).
Certification for KOMO quality mark. The implementation of an agreement (B).
The sending of newsletters. The legitimate interest of the Foundation (F).
Attending meetings. The data subjects give permission (A).
Answering question via the contact form. The data subjects give permission (A).
Processing, administration and invoicing of services. The implementation of an agreement (B).
Conducting statistical analyses. The legitimate interest of the Foundation (F).

Your Rights

You can send us either an email or letter, stating your name, initials, address and telephone number and requesting details about which part(s) of your personal data we have retained and who we have provided this data to.
Email: You can send your letter to: Contact Person KOMO Data Processing, PO Box 420, 2800 AK Gouda, The Netherlands. To prevent abuse, we may ask you to identify yourself. We will process your request as quickly and as carefully as possible. We cannot meet excessive requests.
In addition to the right to access your personal data (see above) you have the following rights:

  • The right to withdraw your consent, to the extent that our processing of your personal data is based on it.
  • The right to correct your personal data or allow it to be corrected.The right to delete your personal data.
  • The right to limit the processing concerning you.The right to the transfer of data.The absolute right to object to direct marketing.
  • The right to object to processing that takes place on account of the legitimate interests of the Foundation or a third party (depending on your personal circumstances).
  • The right to file a complaint with the Dutch Data Protection Authority (Dutch DPA). They may decide to start an investigation based on your tip. You are permitted to exercise your rights only to the extent that these rights are granted to you by law.

Sharing with Third Parties

In certain cases we share your data with third parties. This takes place with parties who assist the Foundation in its provision of services and who are not processors (such as auditors, accountants and legal advisers) when: we are legally required or authorised to provide personal data to third parties, if we suspect a violation of the rights of third parties, of criminal offences or of abuse and third parties have a legitimate interest. Passing on your data to these third parties will only occur for the purposes defined in this Privacy Statement, and only to the extent permitted on the basis of this Privacy Statement, applicable laws and regulations, or if we are required by law to provide your information to a competent authority.

The Foundation also uses services provided by third parties acting as ‘processors’ (e.g., suppliers of data processing systems, hosting service providers), in which the purpose includes data management. These service providers will only process personal data in accordance with the instructions and under the control of the Foundation.

In principle, your personal data is not passed on to countries outside the European Economic Area.

Data Retention Period

We store your personal data for no longer than is necessary to meet the purposes for which it was obtained. Generally speaking, if the Foundation no longer needs your data, it will be deleted or made anonymous, unless we are legally obliged to retain your personal data for a longer period of time.

References and Links

The Foundation’s website contains references and/or hyperlinks to one or more third-party websites. We are in no way whatsoever liable for the way in which these third parties deal with privacy legislation. We recommend that you read the privacy policies of these websites so that you are fully informed of how these third parties deal with their personal data.

Changing this Privacy Statement

We have the right to change or supplement this Privacy Statement unilaterally. These changes will be announced by us in accordance with the law.

The most recent update to this Privacy Statement took place on 19 November 2019.


Do you want to contact us? Please do so by writing to:
The KOMO Foundation
PO Box 420
2800 AK Gouda
The Netherlands
International tel: 00 31 085 – 486 24 20
Calling in the Netherlands: 085 – 486 24 20



Our Foundation uses functional and analytical cookies on its website. Visitor privacy is guaranteed with these cookies

Functional Cookies

Functional cookies are necessary to enable the website to function properly. These cookies are therefore enabled by default. They ensure that you can remain logged in during your website visit You cannot remove/disable these cookies.

Google Analytics

Analytical cookies enable us to record the level of traffic to the website. We place these cookies each time you visit our website. The statistics give us insight into how often our website is used, which information visitors are looking for and which pages are most frequently visited. We analyse and improve the website to make the experience as pleasant as possible for visitors.

The statistics that we collect cannot be traced back to any particular person. Accordingly, the data is always used anonymously. We have masked the last octet of the IP address and turned off ‘data sharing’. In addition, we do not use any other Google services in combination with the Google Analytics cookies. The anonymously acquired information is stored by Google on servers in the United States of America. Google can provide this information to third parties if Google is legally required to do so, or in so far as these third parties process the information on behalf of Google. We have no influence on this.


Hotjar is a set of analytical tools that help to collect qualitative data. This gives Hotjar insight into visitor behaviour on a website. Hotjar has been set up in such a way that no persons can be identified.

Disable Cookies

If you do not want to accept analytical cookies you can disable them in your internet browser settings. The way you can block these cookies differs per browser. More information about enabling and disabling cookies is usually explained in your browser’s help feature.

Close menu
KOMO Quality