Privacy statement services

Itility obtains personal data in the following ways: 

• Directly from you, when you voluntarily provide your personal data via our website, for example by submitting a contact request, completing a form, or applying for a position through the careers section of our website. 

• Automatically, when you visit and use our website, for example through technical data such as IP addresses and log files generated by your interaction with the website. 

• During the recruitment process, when you provide application-related information, such as your CV or cover letter, via the website or connected recruitment systems. 

Itility does not collect personal data from third-party sources for the purposes covered by this privacy statement, unless this is permitted under applicable law and you have been informed accordingly. 

Is the provision of personal data mandatory? 

The provision of personal data is not mandatory unless explicitly stated otherwise. However, in certain cases, the provision of personal data is necessary in order for Itility to provide its services, to respond to requests, to enter into or perform an agreement, or to process applications. 

If required personal data is not provided, Itility may not be able to provide the requested services, respond adequately to inquiries, process applications, or comply with legal obligations. 

Itility processes personal data that you provide to us directly via the website or that is generated through your use of the website. Depending on your interaction with the website, this may include: 

• Your first and last name 

• Your email address 

• Your IP address 

• Geographical location 

• Account and profile information and 

• Other personal data you provide to us through our services, websites, or support channels, or personal data that is publicly available, for example through search engines. 

Itility does not intend to collect or process special categories of personal data as referred to in Article 9 GDPR, such as data concerning health, political opinions or religious or philosophical beliefs. We therefore kindly request applicants not to provide such information. 

If special categories of personal data are nevertheless provided on the initiative of the applicant, Itility will only process such data insofar as permitted under applicable data protection law. 

Itility only processes personal data that we need to enable the optimal use of our services, to improve our business, to enable you to interact with other aspects of our business, and to comply with applicable laws and regulations. Depending on the services you use and how you use them, Itility may process your personal data to: 

• Compile (anonymous) statistical data and analysis for use internally or with third parties 

• Create and manage your account (e.g., for authentication) 

• Deliver recommendations, newsletters, and other information regarding promotions to you 

• Contact you related to the service (system or user-to-user communications by email or otherwise) 

• Generate a personal profile about you to make future use of our services more personalized 

• Increase the efficiency and operation of our services 

• Keep customer and user administration 

• Monitor and analyze usage and trends for research and development 

• Notify you of updates 

• Perform other business activities as needed 

• Prevent fraudulent transactions, monitor against theft, and protect against criminal activity 

• Protect and improve the safety and security of our services 

• Provide support 

• Request feedback and contact you about your use of our services 

• Resolve disputes and troubleshoot problems  

• Respond to questions and complaints 

• When required, assist regulators and law enforcement and respond to subpoena. 

Automated decision-making and profiling 

Itility does not make use of automated decision-making, including profiling, as referred to in Article 22 GDPR. 

Decisions that may have legal or similarly significant effects on individuals are not based solely on automated processing. 

Itility processes personal data based on the following legal grounds: 

• Consent, where you have given your consent to the processing of your personal data. Where personal data is processed on the basis of consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal, Itility will no longer process the relevant personal data, unless another legal basis applies. 

• Performance of a contract, where processing is necessary for the performance of an agreement to which you are a party or to take steps at your request prior to entering into such an agreement (for example in the context of recruitment). 

• Legal obligation, where processing is necessary to comply with a legal obligation under applicable EU or national law. 

• Legitimate interests of Itility, provided that such interests do not override your fundamental rights and freedoms. 

 Where processing is based on the legitimate interests of Itility, these interests may include: 

• Maintaining effective and secure communication with customers and users 

• Ensuring the security, continuity and proper functioning of our website and IT systems 

• Maintaining and developing business relationships and conducting limited marketing activities, insofar as permitted under applicable law 

• Preventing fraud, misuse and other unlawful activities 

• Establishing, exercising or defending legal claims 

• Conducting internal analyses, audits and reporting to improve business performance and service quality 

• Handling complaints, disputes and legal claims, including establishing, exercising or defending legal rights 

• Complying with internal governance, compliance and risk management requirements 

Itility may share your personal data with third parties. When this happens, Itility ensures the third party will process your personal data carefully and only to the extent needed for the abovementioned purposes. We explicitly assure you that we do not sell your personal information to advertisers or other third parties.  

Examples of third parties with whom Itility might share your personal data: 

• Network provide 

• Cloud platform hos 

• Other service providers 

• (Security) auditors (for certification) 

• Itility partners 

• Legal, regulatory, and other governmental authorities. 

Such parties process personal data solely on the basis of our instructions and are bound by contractual obligations to ensure appropriate technical and organisational security measures. 

Personal data may also be disclosed where required by law or a binding legal obligation. 

Itility may transfer, process and store your personal data outside of the EU, to wherever our third-party service providers operate for the purpose of providing you the services.  Whenever we transfer your information, we take steps to protect it. 

Third parties may be based in other countries that do not have equivalent privacy and data protection laws. When we share your personal data with these third parties outside the EU, we make use of adequacy decisions (‘adequaatheidsbesluiten’), European Commission-approved standard contractual data protection clauses, or other appropriate legal mechanisms to safeguard the transfer. If necessary, additional security measures will be put in place. 

Itility takes appropriate technical and organisational measures to protect personal data against loss, unauthorised access, disclosure, alteration or destruction, in accordance with Article 32 GDPR. 

These measures include, among others, secure hosting environments, encryption, access controls and the use of SSL certificates for the website. If you have reason to believe that your personal data is not adequately protected, you may contact us using the details provided below. 

Itility does not retain personal data longer than is necessary for the purposes for which it is processed, unless a longer retention period is required by law. 

Retention periods may vary depending on the nature of the data and the purpose of processing. After the applicable retention period has expired, personal data will be deleted or anonymised. 

Under the GDPR, you have several rights in relation to the processing of your personal data. These include: 

• The right of access to your personal data (Article 15 GDPR) 

• The right to rectification of inaccurate personal data (Article 16 GDPR) 

• The right to erasure of personal data in specific circumstances (Article 17 GDPR) 

• The right to restriction of processing (Article 18 GDPR) 

• The right to data portability, where applicable (Article 20 GDPR) 

• The right to object to certain processing activities (Article 21 GDPR). 

Please note that these rights are not absolute. In certain situations, Itility may not be able to fully comply with a request, for example where this is necessary to comply with a legal obligation or to protect the rights and freedoms of others. Requests are assessed on a case-by-case basis in accordance with applicable data protection law. 

Requests can be submitted by contacting: 

Itility B.V. 
Attn. GDPR request 
Flight Forum 3360 
5657 EW Eindhoven 
The Netherlands 
Email: info@itility.nl 

Itility will respond to your request within one month, unless an extension is permitted under Article 12(3) GDPR. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). 

Our services are intended for use by organizations. Where our services are made available to you through an organization (e.g., your employer), that organization is the administrator of our services and is responsible for the accounts and/or service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of our services is subject to that organization’s policies. Itility is not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.  

 Administrators are able to: 

• Require you to reset your account password 

• Restrict, suspend, or terminate your access to the services 

• Access information in and about your account 

• Access or retain information stored as part of your account 

• Install or uninstall third-party apps or other integrations 

• Perform the necessary actions to protect a legitimate interest of the organization 

In some cases, administrators can also: 

• Restrict, suspend, or terminate your account access 

• Change the email address associated with your account 

• Change your information, including profile information 

• Restrict your ability to edit, restrict, modify, or delete information 

Even if the services are not currently administered to you by an organization, or if you use an email address provided by an organization (such as your work email address) to access the services, then the owner of the domain associated with your email address (e.g., your employer) may assert administrative control over your account and use of the services at a later date. 

Please contact your organization or refer to your administrator’s organizational policies for more information. 

This website uses cookies. Further information about the use of cookies can be found in our separate Cookie Statement, available on our website.