Privacy policy

RiskSphere takes your privacy very seriously and will always process, store, and use your personal information per the guidelines of the General Data Protection Regulation (GDPR). On this page, you’ll find our full Privacy Policy.

1. Who is RiskSphere?

RiskSphere collects your (“Data Subject”) personal information (“Personal Information”) and uses it to provide services (“Service”). RiskSphere is located on Maliebaan 75 in Utrecht and is registered with the Chamber of Commerce under number 89101219.

2. In what instances does our Privacy Policy apply?

Our Privacy Policy applies to all data and information that RiskSphere collects and uses. This pertains to data gathered from candidates, applicants, clients, employees, and those who visit the our website and use our applications or other services.

Maliebaan 75
3581 CG Utrecht

3. What is classified as Personal Information?

The General Data Protection Regulation has been enforced since May 25, 2018. This means that from that date on, the same privacy legislation applies throughout the entire European Union (EU). National personal data protection acts no longer apply, as the GDPR takes precedence.

The GDPR defines Personal Data as any information about an identified or identifiable natural person. Specifically, this entails all information that is either directly about someone or can be traced back to this specific person. This definition solely includes a natural person as the data of deceased persons, and that of organisations is not classified as personal data.

Personal data can include many types of input. It can range from someone’s name and city of residence to telephone numbers and postcodes with house numbers. Sensitive data such as details on a person’s ethnicity, religion, or health status are referred to as special personal data, as they have additional protection under this legislation.

4. What type of information is collected and used by RiskSphere?

To use the “Service” that RiskSphere provides, personal data must be collected, processed, and used. The personal data that RiskSphere collects, processes, and uses, are received from the person at hand via a contact form, white paper download, resume, business card, personal conversation, or have been noted in a contract with RiskSphere. Whether the data is obtained directly or indirectly, RiskSphere will always explicitly ask for your permission to collect, process, save, and use your “Personal Data”. This information is necessary to conclude, administer and execute your agreement and contract with RiskSphere.

The exact types of personal data used and what purpose it fulfils can be found in clauses 4 and 5 of this Privacy Statement, respectively.

Automatically generated information

RiskSphere also collects automatically generated information about your surfing behaviour while using the “Service”. This includes your IP address (the number of your computer that makes it possible to recognise your computer), the date of filling in the “Personal data”, and “cookies”. When RiskSphere uses this information, it is always anonymised. We do this by masking the last octet of the IP address.

What are cookies? And how does RiskSphere use them?

To provide its “Service”, RiskSphere uses cookies saved by your browser onto your computer. Cookies are small pieces of data that their server pings to your browser with the intent of being sent back to their server the next time you visit. These small bytes of data are saved onto your computer’s hard drive or other memory spaces.

Cookies cannot damage your computer or its files. Cookies save information (such as the various settings of your PC, your indicated preferences, and the items you have prescribed) to make your next visit or usage of our “Service” easier and more personalised. The information collected does not contain identifiable elements such as your name or address, save for your masked IP address. Use the help function of your browser to know more about these features. If you choose to use cookies, make sure you log out when using a public PC.

This website uses Google Analytics, a web analysis tool that is provided by Google Inc. (“Google”). RiskSphere has signed a processing agreement with Google. Google Analytics uses cookies to help analyse how users use the site. The information generated by the cookie concerning your use of the website (including your masked IP address) will be transferred to and stored by Google on their servers in the United States. Google uses this information to track how you use the website, compile reports on website activity for website operators, and provide other services related to website activity and internet usage. Google may provide this information to third parties if Google is legally obliged to do so or if these third parties process the information on behalf of Google. Google will not combine your IP address with other data held by Google. You can refuse the use of cookies by selecting the appropriate settings on your browser. By using this website, you consent to the processing of the information by Google in the manner and for the purposes described above. RiskSphere does not use other Google services in combination with the Analytics cookies.

The information saved within the cookies is used to optimise the RiskSphere website. You can change your cookie preferences by choosing “Yes, accept all” or “No, I’d rather not” when asked for your cookie preferences. If you do not select “Yes, accept all”, RiskSphere solely uses functional and (masked) analytics cookies.

RiskSphere uses the following cookies:

Functional cookies

These cookies are necessary to keep the website up and running, and our systems operational. They are usually only put into working after an action from your side in which you request a service, such as changing the settings of your privacy preferences, logging in, or filling out a form. Your browser can be set up to block these cookies or warn you before they are used. However, if you choose to block them, some parts of the website may not function as normal.

Analytics cookies

These cookies allow us to see where our visitors come from so that we can measure and improve the functionality of our website. They help us gain insights into which pages are the most (and least) popular and allow us to follow users’ movements throughout the website. All the information collected by these cookies is aggregated into one block of data, keeping all of it anonymous. If you do not allow these cookies to track you, we will not know when you have visited the website.

Marketing cookies

These cookies are placed on our website by our advertisers. Those advertisers can potentially use them to build a profile of your interests and show you relevant advertisements on other websites. The cookies identify your unique browser and device. If you do not allow these cookies, you will see fewer of our targeted advertisements on various websites.

5. What will RiskSphere use your data for?

RiskSphere will use your data for the following:

  • To conclude, administer and execute your agreement with us and thereby providing a “Service” to you;
  • To provide the “Service” to you with your specific consent, without prior agreement with you (see clause 6);
  • To send information about RiskSphere’s services and events via, for example, newsletters;
  • To maintain contact with you and to answer your questions;
  • To compile anonymised statistical data and to secure the “Service”;
  • To provide your information to third parties based on legal obligations;
  • To customise and improve the “Service”;
  • To provide the “Service”, RiskSphere uses cookies stored on your computer by your browser. Cookies are small pieces of information. Information about the use of cookies can be found under clause 4.

6. Authorising the processing of personal data

The Data Subject must give explicit permission to process their “Personal Data” by RiskSphere. Article 4 (11) of the GDPR defines the Data Subject’s right as any free, specific, informed and unambiguous expression of will by which the Data Subject accepts the processing of “Personal Data” utilising a statement or a clear active act.

7. Use by third parties

Without your explicit permission, RiskSphere will not provide your “Personal Data” to third parties for direct marketing purposes (for example, sending advertisements directly to the Data Subject). RiskSphere can provide your data to third parties insofar as this is necessary for the provision of the “Service” to you and/or insofar as this data cannot be traced back to you personally (such as automatically generated information, not being your IP address ). Lastly, RiskSphere can provide your data to third parties if it is obliged to do so based on legal provisions, if RiskSphere is forced to do so as a result of a lawsuit, and/or if it deems this necessary to protect its rights.

8. Retention period

RiskSphere does not store your “Personal Data” for longer than is legally permitted or longer than necessary to realise the purposes for which your data is processed. How long certain data is kept depends on the nature of the data and the purposes for which it is processed. The retention period can thus differ per purpose.

9. Rights of the Data Subject

Under the General Data Protection Regulation, you have the right to invoke the following requests in regards to your “Personal Data”:

  • The right to data portability. The right to transfer personal data.
  • The right of erasure. The right to be ‘forgotten’.
  • Right of access. The right to access your “Personal Data” that we process.
  • Right to rectification and addition. The right to change your “Personal Data” that we process.
  • The right to restrict the processing of your “Personal Data”.
  • The right to object to data processing.
  • The right to information about the way in which RiskSphere processes your “Personal Data”. You will find this information in this Privacy Statement.
  • Requests to exercise your privacy rights as described above can be submitted in writing by sending an email to

10. How does RiskSphere protect your “Personal data”?

  • RiskSphere will process your “Personal Data” properly and carefully, per the GDPR legislation.
  • RiskSphere requires you to fill in the data with an asterisk (*) behind it. It is not mandatory to fill in the data without an asterisk (*) behind it.
  • RiskSphere will take appropriate technical and organisational measures to protect your “Personal Data” against loss or against any type of unlawful processing.
  • RiskSphere will not keep your “Personal Data” for longer than necessary.


11. Transfering data within the EU

The level of data protection is the same throughout the EU. All EU member states have adapted their legislation to the European privacy directive. This means that the EU acts as one jurisdiction in protecting Personal Data. Foreign organisations must only meet the general requirements of GDPR legislation.


12. Transfering data outside of the EU

On the occasion that Personal Data is transferred to third parties in accordance with this Privacy Statement, and these third parties are established outside the European Union, the transfer will only occur if that country guarantees an appropriate level of security or has been designated as safe by the European Union. Third countries are all countries outside the EU, with the exception of countries in the European Economic Area (EEA).


13. Company Transfer

It may be possible that one or more parts and/or assets of RiskSphere are transferred to a third party or that RiskSphere merges with a third party. In that case, your “Personal Data” may also be transferred.


14. Is this Privacy Statement subject to change?

This Privacy Statement can be changed. These changes will be announced on the website.


15. Any questions?

If you have questions about this Privacy Statement, you can email