Privacy Icon


Being able to use VendorLink securely is very important to our customers. For that reason, VendorLink invests on a daily basis in creating and managing a secure and reliable product. VendorLink is used by over 100 customers from various sectors (healthcare, education, industry, local government and financial services), and all our customers trust us to store their (customer) data securely. VendorLink does everything in its power to meet these expectations so that our customers can use VendorLink securely and without worries.
Click here to read what VendorLink does to protect our software.

Privacy Icon
General Data Protection Regulation Icon

General Data Protection Regulation

VendorLink respects the privacy of its customers, prospects and website visitors and handles personal data offered to us in confidence with extreme care. Personal data is used and processed in accordance with the prevailing laws and regulations. As from 25 May 2018, the General Data Protection Regulation (GDPR) will come into effect. This is derived from EU Directive 95/46/EC. The GDPR will ensure that personal data (of EU citizens) that we now receive and store will be better protected and that people have more insight into and a bigger say about the use of this personal data. More information about the impact of this new law on our organisation, customers and software is given below.

General Data Protection Regulation Icon
Protection of Personal Data Icon

Protection of Personal Data

The protection of personal data is central to the GDPR. In comparison with the previous legislation, the scope of the definition of personal data has been considerably expanded.

  • According to the law, personal data is defined as all information relating to an identified or identifiable natural person.
  • This means that information with which a person can be identified directly or indirectly is subject to the law, and any organisation that works (collects, sends, hosts or analyses) with this information must comply with the law. The law is applicable to the Data Controller and the Processor of personal data.
  • Whereby a data controller is a natural person or legal entity who decides the purpose and means of processing the data, and the data processor processes the data on behalf of the data controller without being under the latter’s direct authority.
  • Our customers are always the Data Controller; they determine the purpose and the means – VendorLink.
  • VendorLink is always the Data Processor in this matter; we process the personal data on behalf of the customer. We act completely at the customer’s behest and according to his instructions.
Protection of Personal Data Icon
Changes for the purpose of the GDPR Icon

Changes for the purpose of the GDPR

To enable us to comply with the new legislation, and to support our customers, we have taken the following steps. An overview of the main steps is given below:

  • VendorLink has drawn up a processor agreement for our existing customers to sign. It is mandatory for the Data Controller and the Data Processor to enter into an agreement.
  • With this, VendorLink helps its customers to meet this obligation. Among other things, the agreement covers:
  • the way in which customers can retrieve personal data to inspect, correct, change or delete it.
  • how and when we are to inform regulators and stakeholders in the event of personal data being leaked.
  • The sub-processors that VendorLink uses in order to offer its software.
  • For new customers, the processor agreement forms a standard part of the SLA. This is so that the processor agreement can be signed as soon as the customer and VendorLink enter into the contract.
  • We have mapped out the processes involved in the storage and processing of personal data by our software. These processes comply with the GDPR. VendorLink gives its customers
  • the option to view, change or delete user profiles with personal data. When deleting data, one should remember that, for technical reasons, not all data can be deleted immediately from our servers and backup systems.
  • Our Cookie Policy and Privacy Declaration have been updated and added to our website. This is in order to inform customers, prospects and visitors to our website about the use of cookies and how we handle collected personal data.
  • Visitors to our website are asked to accept the cookies we offer for the optimisation of our website.
  • Optimisations have been made in order to give our customers faster insight into active users of VendorLink in the future. This is to enable customers to easily delete or make anonymous those users whose linked personal data is no longer of value.
Changes for the purpose of the GDPR Icon