Privacy Policy

Our privacy statement

Personal data

Personal data are data which contain information about you, or which can be associated with you.

If you are a customer or supplier of, or are applying to Noteborn BV, or otherwise have contact with us, you share personal data with us. Some examples of personal data are your name, address, telephone number, e-mail address, and account number, as well as any other information which we can associate with you. We naturally handle these data with great care and make sure they are processed securely.

If you work as a freelancer or have a sole proprietorship or a general or other partnership, the data of those legal entities also constitute personal data which directly or indirectly identify you.

For what purpose does NOTEBORN use personal data?

Noteborn likes to know with whom we are doing business. For this reason, we record and process personal data. Processing is a term from the General Data Protection Regulation (GDPR) and comprises all operations performed on personal data. The legal definition of ‘processing’ is as follows: ‘the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.’

Purposes of processing

You submit data to us at various stages of the information and buying process. Noteborn only processes such data as are necessary for the agreed purpose. For example, your name and e-mail address are sufficient for sending a monthly newsletter, but various additional information is required for an employment contract.

Commercial activities

As a company, Noteborn likes to know with whom it is doing business. Therefore, it verifies certain information at the start of a business relationship.

This includes steps such as:

  • making contact with you,
  • checking whether you are eligible to become a customer of ours,
  • entering your data in our administrative system and, when necessary, updating the data,
  • processing your payments and other financial operations.
Reducing risks

We share some of the responsibility for your, and our security, and the security of our customers.

Therefore, we also use your personal data to mitigate risks. We first meticulously verify the identity of people or companies wishing to become a customer of Noteborn.

This includes steps such as:

  • verifying the VAT number, in case of foreign companies.
  • taking measures to promote good data security, including with the aid of user names and passwords.

investing in measures which protect you, and us, against various forms of criminal behaviour.

  • making sure that NOTEBORN remains a healthy company (risk management).
Legal obligations

Noteborn has an obligation to comply with numerous legal provisions. When you conclude transactions with Noteborn, or if you would like to work for Noteborn, we take various steps, including:

  • checking the identity of new customers (duty of identification): verifying that the information you have provided is accurate and checking your entry in the commercial register and the VAT number, and storing copies of this information.
  • taking account of changes in your situation and making sure that all the information is up to date at all times (due diligence),
  • sharing your personal data with organizations which are entitled by law to request certain information from Noteborn. This includes, for instance, sharing tax-related data with the tax authorities and the auditor and, in the case of fraud, with the police.


  • When you apply to Noteborn, you automatically consent to the processing of your personal data. Noteborn erases the data of unsuccessful applicants after four weeks, unless an applicant has consented to their data being retained for one year.
Engaging in marketing activities

Noteborn would like to keep you informed about the latest developments, including by e-mail. To do this, we need your personal data, including name and e-mail addresses.

If you do not wish, or no longer wish to receive e-mails and/or newsletters, you can unsubscribe at any time by e-mailing

Which personal data do we process?

Noteborn collects data from everyone who is (or has been) in direct or indirect contact with us.

Personal data of our existing and potential customers
  • Both your and your company’s name and contact details (e-mail address, telephone number, address), including the names of contacts and representatives of your company.
  • Your position (legal representative, managing director, customer).

Purpose of data collection

  • We have to verify the identity of new customers.
  • We naturally would like to address you personally in our correspondence with you, and we would like to use the correct e-mail and postal addresses.
  • Should these change, we will amend your personal data.
Our employees’ personal data
  • Our employees’ personal data.

Purpose of data collection

  • In order to register you with various agencies as an employee of Noteborn.
  • Employees’ personal data are processed on the basis of legal provisions and the employment contract. In this context, reference is made to the regulations applicable to the employment contract.
Necessary data for security and fraud prevention
  • The data we record with a view to security and to fraud prevention include images from surveillance cameras at the factory’s loading gates.

Purpose of data collection

  • The images from surveillance cameras are used in the event of an incident. The courts and the police are entitled to request the images.
Your financial situation
  • These data cover information about payments and payment arrears.

Purpose of data collection

  • The purpose of collecting these data is to safeguard Noteborn’s financial security.
Sensitive personal data
  • These include criminal justice data.

Purpose of data collection

Information about fraud constitutes criminal justice data, and is documented by us.

Important note

We do not, under any circumstances, use information relating to health, religious, political or philosophical beliefs, sexual orientation, or ethnic background.

Data about use of our website

These are the following types of data:

  • Your IP address: this is the address of your computer or mobile phone on the Internet, which computers can use to communicate with each other. Generally speaking, we can determine who the user of a particular IP address is. However, such inference to an individual is permitted only with the authorization of the courts.
  • Data about your visit to our website: when did you visit which web pages, which searches did you perform,
  • the device on which you visit our website or use our app,
  • cookies and your cookie settings,
  • the browser used, and the browser settings as well as, if applicable, your computer’s operating system and the name of your access provider.

Purpose of data collection

  • IP addresses of visitors to our sites are recorded by us to prevent fraud.
  • We place various types of cookies on your computer. Cookies are very small text files, made up of letters and numbers. They record data about the websites you visit and may contain your preferred settings, such as language.
  • Thanks to cookies, we know which pages you have looked at on, and the products or services in which you are likely to be interested. In this way, we can show you relevant information or contact you with information about topics of interest to you, such as cupboards.
  • We can also tell which device you use to visit the site (a mobile phone, PC, or table), and which operating system and browser version are used. This information is used to ensure that the content is displayed in a manner appropriate to the device concerned.
  • By placing cookies, we can tell whether you have opened an e-mail sent by us. Furthermore, adverts by Noteborn may be shown to you on the websites of other companies.
  • In a few instances, cookies are genuinely necessary, but not always. If you would prefer only essential cookies to be placed on your device, you can alter your cookie settings to level 1 (basic). This is less complicated than it may sound.
Important note:

Parties who handle Internet traffic may store the IP address. We cannot always guarantee that this is done in Europe. If, for example, our website is visited from the United States, the IP address may also be stored outside Europe by parties handling Internet traffic.

Data on social media

These are the following types of data:

  • public comments about Noteborn that are posted on social media on which we are also active,
  • your posts in the Noteborn Community,
  • data about your chats with our Webcare team via Facebook.

Purpose of data collection

  • Where appropriate we are active on social media, such as Facebook, Twitter, Instagram, Google+ and Youtube. On these platforms, we share information about promotions and about Noteborn with anyone who is interested.
  • Our Webcare team deals with public comments on the Internet relating to Noteborn, and, if necessary, responds to messages sent to NOTEBORN.
Information about you from parties other than NOTEBORN

These are the following types of data:

  • information about companies and their representatives from the Dutch commercial register,
  • information from official sources (such as commercial information agencies), the insolvency register (information about insolvencies and debt settlements), newspapers, the Internet, and social media,
  • information from companies to which you have given your consent to gather and sell information about you.

Purpose of data collection

We use this information for the purposes of checks, such as:

  • for business customers: are your details still up-to-date? To this end, we regularly compare our data with the information in the commercial register.
Retention period for personal data

We store personal data for as long as is necessary for the purpose for which your data are used, and for as long as required by law. The retention periods vary, from a few months to a number of years. Tax-related information, for example, is kept for 7 years.

With whom do we share your data, and why?

So that we can offer you the best possible services and remain competitive, certain data are shared within and outside Noteborn. These are:


We share information with intermediaries who are active on our behalf. These intermediaries are registered in accordance with the applicable laws and provisions, and work with the requisite permission of supervisory authorities. Such intermediaries must also abide by data protection provisions.

Government agencies, regulators, and supervisory bodies

In order to comply with laws and provisions, we are entitled to share data with the relevant bodies, for purposes including combating terrorism and preventing money laundering.

In certain cases, we are legally obliged to share your data with external parties, e.g.:

  • the tax authority may require us to submit your financial data (credit balance, payment or savings accounts, or investments in an investment account);
  • judicial authorities, e.g. police, public prosecutor’s office, and courts;
  • lawyers, in insolvency proceedings for instance, authorized persons representing the interests of other parties, and auditors.
Service providers working for NOTEBORN

When we use other service providers, we only share personal data that are necessary for a specific task.

Service providers support us in various ways, including:

  • by performing certain services and activities,
  • by designing and maintaining Internet tools and web applications,
  • with marketing activities, events or communication with customers,
  • by preparing reports and statistics, producing printed matter, and designing products,
  • by placing adverts in apps, on websites, and on social media.
Service providers with a data processing contract

Such a party will have been instructed to perform a specific activity and may only undertake a specified part of the processing in accordance with the controller’s stipulations: sending mailings, storing personal data in the cloud. A data processing contract is an obligation pursuant to the GDPR which applies only to parties who are responsible for personal data (data controllers). Therefore, it does not apply to a customer relationship with Noteborn.

With other companies at your request

If you ask us to, we will also share your personal data with other companies. We always make sure that third parties can only access the personal data necessary for their specific activity. If we share your personal data, either internally or with third parties in other countries, we also take adequate measures to protect those data.

NOTEBORN insists on the following:

binding rules for companies, pursuant to the General Data Protection Regulation (GDPR). These rules in accordance with the General Data Protection Regulation have been approved in all EU member states by the data protection authorities in the member state concerned. The data protection authority in the Netherlands is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP).

How NOTEBORN protects your personal data
Noteborn takes adequate data security precautions

We invest a lot of time and money in the security of our systems and of the personal data we store, and have taken adequate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, unintentional loss, destruction, damage, modification, or disclosure.

We have appointed a Data Protection Officer at our company. Data breaches are rectified, recorded, and reported to the supervisory authority and, if necessary, to you.

We have signed a declaration of confidentiality

All employees of Noteborn who work with special categories of data and sensitive personal data have signed a declaration of confidentiality. We handle the data you provide to us with care. Your data may only be viewed and processed by duly authorized employees. Our procedure for the processing of personal data is inspected by the Dutch Data Protection Authority, which verifies that we comply with the General Data Protection Regulation.

Right of access, and right to rectification and erasure of your personal data

Pursuant to the data protection provisions, you have the following rights with regard to the processing of your personal data:

  1. Right of access

You have the right to obtain information about the processing of your personal data, i.e. the right of access to the data we hold about you.

Once you have made a written request for information, we will inform you in writing of the reason for which we process your personal data, which types of personal data we process, the organizations to which we have transmitted those personal data, how long we store those personal data, and the rights you can exercise in regard to the processing of your personal data.

  1. Right to rectification and to have data completed

You have the right to ask us to rectify incorrect personal data. We will inform you once we have rectified your personal data. We will also inform third parties who have received incorrect personal data about the incorrect or incomplete data.

  1. Right to restriction of processing

You are entitled to ask us to restrict the use of personal data. This means you decide that the personal data are temporarily not available. Such a request may be made when:

  • you have doubts as to the accuracy of the personal data,
  • the processing is unlawful, and you do not want the data to be erased,
  • the personal data are no longer necessary for the purposes in question, but are necessary in order to exercise, or substantiate a legal claim,
  • you have objected to the processing of the personal data.

We will also inform third parties who have received the personal data about the restriction of the use of those personal data.

  1. Right to object

You have the right to object to the processing of personal data. If you object to the processing of your personal data, those data will not be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

  1. Right to data portability

You have the right to obtain a copy of the processed personal data which you have provided to us, in a structured, commonly used digital file format. These are digital data, not paper documents.

  1. Right to erasure (right to be forgotten)

You have the right to obtain the erasure of your personal data if the following conditions are met:

  • the personal data are no longer necessary in relation to the purposes for which they were collected;
  • you withdraw consent on which the processing is based and there is no other legal ground for the processing;
  • you object to the processing, and there are no compelling grounds not to honour your objection;
  • the personal data have been unlawfully processed by us;
  • the personal data have to be erased for compliance with a legal obligation;
  • the personal data have been collected by mobile phone or Internet services.

If you wish to exercise your above rights, please contact Noteborn’s Data Protection Officer, Mr Coert Hutzemaker. We will respond to your request within one month. In the case of a complex request, we will respond within two months.

Lastly, there is the option of submitting an objection to the use of your personal data by Noteborn to the competent data protection authority; in the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP). If your personal data have been recorded on the basis of your consent, you have the right to withdraw your consent.

Changing your settings for newsletters

We would like to keep you informed about our products and services. Naturally, we respect the fact that you may prefer not to receive a newsletter. Therefore, please advise us whether you wish to receive, or continue receiving newsletters and offers by e-mail.

Questions about data protection

If you have any questions about data protection, or would like to exercise your rights, please contact

This Privacy Policy may be revised from time to time.

Scroll to Top