Safety

Security and privacy are key principles for OnlineAfspraken.nl. Customer data is sensitive information, and therefore we want to inform you about the security of our system and your data.

Since May 25, 2018, the General Data Protection Regulation (GDPR) has been in effect. The GDPR applies to all companies in Europe that process personal data. This includes details such as a customer's address, phone number, or date of birth. It is important to be transparent about how you process personal data.

Our Measures 

All messages are sent encrypted, and every user works from an encrypted environment. You can recognize this by the SSL security certificates in your browser’s address bar. To assess the top 10 security risks (OWASP), we conduct penetration testing on our software by independent agencies (click on the 'scanned by' logo at the bottom of this page for more information).

Since February 28, 2019, we have been ISO 27001 certified, which means an independent party (DigiTrust) has verified that we have our processes and data security in order according to an important international standard for information security.

Misbruik

  • Certified secure connection (HTTPS).
  • A system with separate user rights (authorization), allowing individual rights to be set/isolated per user, and providing visibility into what they are doing.
  • Employee onboarding, confidentiality agreements, and handling data solely for its intended purpose.
  • In accordance with our privacy policy, we only process data for the purposes of an online agenda.

Down time

  • Dedicated servers, hosted by an ISO 27001 certified data center located in the Netherlands.
  • Lower risk of DDoS attacks.
  • Redundant setup (redundancy).
  • Overload on other websites has no impact on the speed & stability of our system.
  • SLA with mobile numbers to report incidents as quickly as possible (Platinum).
  • All hardware used (both server, network, and data center) is of very high quality, ensuring an uptime of at least 99.99%.

Data loss 

  • Dual hard drives.
  • Daily automatic backups are sent to an external backup server via a secure connection.

Tips for your business

Data processing agreement 

When using appointment software, a data processing agreement is required. This agreement is necessary when you engage another party (processor) to process personal data. We have already prepared this agreement, which complies with the requirements of the GDPR. It outlines the arrangements regarding our handling of your data.

If you choose a paid account with OnlineAfspraken.nl, you will automatically receive a personal email within two weeks to digitally sign the data processing agreement.

  •  If you would like to consult the data processing agreement in advance click here (dutch).

Do not collect more data than necessary
Document the customer data you process and the reasons for doing so. Create a privacy policy for this purpose and ensure that customers can access it. To process personal data, you need a legal basis. For example, storing address details is necessary if customers wish to receive a welcome package. If the data is not required for execution, you must have received the customer's consent to process their personal data. It is important to determine which customer data you actually need and which you do not.

Use a secure connection
We recommend using an SSL certificate for your website. An SSL certificate ensures the security of data between the server (your website) and an internet browser. You can recognize an SSL certificate by the HTTPS before the URL, and it will also be marked as secure in the browser's address bar. If you are not yet using one, we advise you to contact your web developer or media agency.

Deleting data 
Upon request, we can add a feature to your account that allows you to delete all customer and appointment data up to a certain date in one go. This feature is not enabled by default, as it permanently deletes data. If you would like to use this feature, please contact us.

Opt-in & opt-out function for commercial mailings
When sending commercial messages to customers, it is mandatory to use an opt-in and opt-out function. Visit our support page for instructions on how to set up this feature.