Saturday, November 15, 2025

GDPR

Downloads

GDPR

On 25 May 2018, the General Data Protection Regulation (GDPR) came into force. Below, you will find answers to key questions about how d‑basics software complies with the GDPR.

Your rights under the GDPR

The General Data Protection Regulation (GDPR) grants you the following rights regarding your personal data processed by d‑basics B.V.:

Right of Access

You have the right to access the personal data collected by d‑basics B.V., to understand the purposes for which it was collected, and to know whether it has been shared with any third parties.
Right to Data Portability

You may request a copy of the personal data that d‑basics B.V. holds about you in a structured, commonly used, and machine-readable format. This allows you to reuse the data or transfer it to another organization.
Right to Erasure (“Right to Be Forgotten”)

You can request the deletion of personal data stored by d‑basics B.V. Please note that once your data is removed, you will no longer be able to use the d‑basics data extraction software or access the d‑basics Portal.
Right to Rectification

You have the right to correct or update inaccurate or incomplete personal data held by d‑basics B.V. You may also request d‑basics B.V. to make these changes on your behalf.
Right to Object

You may object to the processing of your personal data by d‑basics B.V. In certain cases, you can also request that processing be restricted.
Right to Transparency

You have the right to clear and understandable information about why d‑basics B.V. collects, uses, or processes your personal data and how this is done.

This document explains how these rights are implemented by d‑basics B.V. and how they affect the use of d‑basics B.V. software.

Which Personal Data Is Collected by d‑basics B.V.?

To understand the impact of the GDPR on the use of d‑basics software, it is important to distinguish between:

Personal data of users of d‑basics software collected by d‑basics B.V.
Data extracted from accounting packages and processed by d‑basics software.

Personal Data of d‑basics Software Users

d‑basics B.V. may collect and process the following information from users of its software:

First and last name
Gender
Business address details
Job title
Business telephone numbers
Email address
Other personal details you add to your d‑basics portal profile
Logging information generate by d‑basics software
echnical information about software configuration
Information related to Service Desk activities (including comments and status updates)
IP-address
Bank details
Automatically transcribed telephone conversations

Data collected by d‑basics software

The d‑basics data extraction software retrieves information from your accounting package, converts it into data files, and sends these files to external recipients such as factoring companies or banks.

The nature of this information depends on the purpose for which the software is used.

On-premises and SaaS

The on-premises versions of the d‑basics data extraction software are installed within the user’s computer environment and operate under the user’s control. d‑basics B.V. does not have access to the data that is processed in this environment. In this scenario, the user is responsible for ensuring that the software is used in compliance with GDPR requirements.

The SaaS versions of the d‑basics data extraction software operate within a computing environment managed by d‑basics B.V. In this setup, d‑basics ensures that data processing complies with GDPR requirements. However, it remains the responsibility of the software user (sender) to ensure that any recipient of the data files generated by the d‑basics software also processes the data in accordance with GDPR regulations.

Special Categories of Personal Data

d‑basics B.V. will never request special categories of personal data (such as health information, political opinions, or religious beliefs).

If such data is imported or transmitted using d‑basics software, the responsibility for GDPR compliance lies with the software user (sender).

Remote support and Remote Collector

To provide technical assistance, d‑basics B.V. employees may use remote desktop software or the Remote Collector functionality offered by d‑basics Collector v2.

During a remote session:

The Service Desk employee can only view what is displayed on the user's screen or by Remote Collector.
Remote access can only be established with the user’s explicit cooperation and consent.

User Control

Remote desktop software

Remote desktop connections require active participation from the user. Once the session ends, d‑basics B.V. cannot reconnect without the user’s approval. The data that were visible at the time of the desktop connection will not be copied to d‑basics B.V.
Remote Collector

A user cannot participate in a Remote Collector session.

Once a remote Collector request has been approved, d‑basics can connect to the d‑basics Collector v2 instance that is installed at a client and has full access to all the functionality of the software, including having access to the data that is processed by d‑basics Collector.

During a Remote Collector session, no data is copied from the client environment to d‑basics B.V. and d‑basics B.V. will only be able to establish a Remote Collector connection during the timespan for which such access is granted.

Test data

When developing, testing or troubleshooting the data extraction software, d-basics B.V. may request a copy of a database. Users should ensure that the test database does not contain personal data. If this is unavoidable, the user must anonymize the data before sharing it.

As an alternative for sharing test data with d-basics, Remote Collector access can be granted. In that case, the data remains within the client environment, and a query tools in d-basics Collector v2 are used to perform the developing, testing or troubleshooting task.

Once test data is no longer needed, it is deleted by d‑basics. However, an anonymized copy of the test data may be retained by d‑basics for future testing purposes.

For which purpose does d‑basics B.V. collect your personal data?

d‑basics B.V. only collects the essential personal data for the purpose of legal obligations, legitimate interest, as part of an agreement, or because we have been given permission to do so.

More specifically:

Accounting and invoicing

Your personal data are used to carry out regular accounting actions such as invoicing and receivables management.
Client contact and support

Your personal data are used to communicate with you. Often this concerns the necessary support to install or use the d‑basics software and this communication usually takes place by telephone, conference call software, email, or through our ticket system. d‑basics B.V. also communicates about important updates of the d‑basics software and about the availability of the Service Desk.
Access to the d‑basics software

Your personal data are used to create a user account. You need this account to be able to use the d‑basics software.
Usage of the d‑basics software

Your personal data are used to check the proper functioning and the security of the d‑basics software.
Improvement of the d‑basics software

Your personal data are used for the maintenance and development of the d‑basics software.
Backup of settings

During the regular use of the d‑basics data extraction software a copy of the settings of this software is synchronised with d‑basics portal. If sensitive information - like passwords - is synchronised, it is encrypted in such way that it cannot be decrypted by d‑basics B.V.

The synchronised settings do not contain (personal) data that were copied from the accounting package.
Website visit

Information is collected during visits to the d‑basics B.V. websites regarding the use of the websites concerned and the origin of the visitors.

Granting permission for cookies

When you visit the d‑basics B.V. websites you are requested permission for the use of cookies. These functional, tracking, analytical, and 3rd party cookies are used by d‑basics B.V. to optimise visits to the websites.

Access to your personal data

d‑basics B.V. employees have access to the personal data of users of the d‑basics software as part of their daily support, management, and development activities.

As previously indicated, d‑basics B.V. employees do not have access to the data that are sent by users through the d‑basics software.

Disclose personal data to third parties

d‑basics B.V. will only disclose your personal data to third parties if there is a legal obligation to do so.

How does d‑basics B.V. keep your personal data secure?

d‑basics B.V. is constantly taking preventative measures to ensure your privacy and data are kept secure:

Organisational measures

Remaining ISO9001 and ISO27001 certified
Employees must sign a confidentiality agreement
Employees are given instructions and training about privacy and information security.
The d‑basics B.V. privacy policy provides employees with guidelines on how to handle your privacy and data responsibly.
The internal processes and procedures at d‑basics B.V. are constantly reevaluated
Your data are only accessible to those who need access to them based on their job descrip-tion.

Technical measures

d‑basics B.V. constantly re-assesses whether the software developed by d‑basics B.V. as well as the infrastructure used by d‑basics B.V. provide a sufficient level of warranty to adequately process personal data.

Examples of measures that were taken to this effect are:

SSL certificates

Connection to all d‑basics B.V. online environments is encrypted using SSL certificates. Additionally, the d‑basics data extraction software sends the information imported from the accounting package to the recipient through an encrypted connection provided the recipient has taken the technical measures to establish such an encrypted connection.
Penetration tests

In order to check the security of the products developed by d‑basics B.V., “pentests” are executed periodically.
Backups

d‑basics B.V. makes a daily backup of all the servers used by d‑basics B.V. and the data stored on them. These backups are encrypted and are stored at different locations.
Active network management

d‑basics B.V. performs active network management to minimize risks. This includes regularly installing updates, deploying firewalls, implementing multiple layers of cybersecurity protection, and conducting daily network scans.
Data in Europe

Information collected by d‑basics B.V. is processed on servers managed by d‑basics B.V. These servers are located in a data center in the Netherlands and also host the d‑basics Portal and Collector Online applications.

How does d‑basics B.V. handle data breaches?

In the event of a data breach, d‑basics B.V. will immediately take measures to minimize its impact.

Additionally, d‑basics B.V. will notify the Dutch Authority for Personal Data within 36 hours of discovering the breach. If the breach is reported to d‑basics B.V. by another party, notification will occur within 48 hours. Those affected by the breach will also be informed.

d‑basics B.V. requests that anyone who suspects a data breach promptly report it to d‑basics B.V. Contact details can be found at Contact information.

Data processing agreement with d‑basics B.V.

When d‑basics processes data subject to GDPR, this is covered by the data processing agreement included in the general terms and conditions of d‑basics B.V.

For companies that wish to enter into a separate data processing agreement, details about the standard d‑basics data processing agreement can be found here: d‑basics data processing agreement.

Contact us

If you wish to contact us about the GDPR you may contact d‑basics B.V. as follows:

d‑basics B.V.
Chamber of Commerce: 30195376

VAT number: NL813497541B01
Address
Trivium 76

4873 LP Etten-Leur

The Netherlands
Telephone numbers

Service Desk:

+31 (0)765239040

Finance:

+31 (0)765239050
Email

For support issues:

helpdesk@d‑basics.com

For administrative issues:

finance@d‑basics.com

To send the d‑basics data processing agreement:

legal@d‑basics.com

Notification of possible data breach:

threatdetection@d‑basics.com

To access, amend, or delete data:

gdpr@d‑basics.com