Centric Support is involved with the GDPR in several ways:
- We record information about the reporter.
- We store personal data of citizens in attachments.
This document explains how we handle this sensitive personal data.
Support
Customer/Reporter Data
Why do we use your personal data?
On Centric’s Customer Portal, customer contacts can submit questions and issues. These are usually one or more applications and/or system administrators, policy officers, etc. We use the personal data of these "reporters" to contact them regarding the reports they have submitted.
What types of personal data do we process?
We store the first name, middle name (if applicable), last name, business phone number (landline and mobile), and business email address of the contacts in our Service Management Tool.
Who has access to your personal data?
Only authorized Centric employees have access to your personal data. Authorization is arranged individually per employee.
What is the legal basis for processing your personal data?
We process the personal data of contacts to handle and resolve the questions and issues they submit through various communication channels (phone, email, Customer Portal).
What security measures have been taken?
The Customer Portal is accessible only to customer contacts and authorized Centric employees. When an application/system administrator or officer leaves the organization or changes roles, their access rights to the Customer Portal can be revoked. Your organization is responsible for implementing this change in a timely manner. Each organization has one or more Contact Administrators who can manage the contacts (add, modify, and remove).
It is not permitted to use a general account (email address) for access. Two-factor authentication (2FA) is required to access the Customer Portal.
How long do we retain the reporter’s personal data?
At your request, we can delete the personal data of a former contact (reporter).
Citizen Data
Why do we use citizens’ personal data?
When a software issue occurs in a specific "citizen file," the personal data of the relevant citizen is needed to analyze and resolve the issue.
What citizen personal data do we process?
Your organization determines which personal data is provided. Generally, this includes first name, initials, last name, date of birth, citizen service number (BSN), and gender.
Who has access to citizens’ personal data?
Only authorized Centric employees have access to citizens’ personal data. Authorization is arranged individually per employee. Every Centric employee is required to sign a confidentiality agreement. This emphasizes our commitment to handling data confidentially during the execution of our work.
Once the citizen’s personal data is uploaded via an attachment in the Customer Portal, the content of the attachment is only visible to the reporters of that customer. Authorized Centric employees can view the attachment in our Service Management Tool.
What is the legal basis for processing citizens’ personal data?
We process citizens’ personal data solely to handle and resolve questions and reports submitted by your organization’s contacts via phone, email, or the Customer Portal.
How long do we retain citizens’ personal data?
Attachments containing citizens’ personal data are deleted three months after the issue is marked as resolved. If a change (bug or wish) is linked to the issue, the data is deleted three months after the change is marked as resolved.
What security measures have been taken?
The Customer Portal is accessible only to organization contacts and authorized Centric employees. Citizens’ personal data provided to support a question or report may only be uploaded via an attachment in the Customer Portal. Submitting attachments through other channels (e.g., email) is not permitted. Our Servicedesk Public is not allowed to process such attachments.
Personal data of citizens is not allowed in the incident description or explanation. As the reporter, you are responsible for this. The file name of the attachment must also not contain personal data.
Version
July 1, 2025