Last updated: April 2026

Privacy Policy

Transparency about how XITAD B.V. handles your personal and company data, in strict accordance with the General Data Protection Regulation (GDPR).

1. Introduction

XITAD B.V. ("we", "us", or "our") respects your privacy and is committed to protecting the personal data of our clients, partners and website visitors. This policy describes how we collect, use, secure and share information when you use our platform, our website or our ITAD services.

2. Data we collect

We collect only data that is strictly necessary to deliver our enterprise services:

  • Business contact details: Name, business email address, telephone number and job title of our contacts.
  • Account & portal data: Login credentials, audit logs and interactions within the XITAD Enterprise Portal.
  • Hardware & inventory data: CMDB exports and hardware lists. Please note: we require you to anonymize these lists before uploading them. The hardware itself is always subjected to our destruction protocol (NIST 800-88) upon receipt.
  • Technical data: IP addresses, browser type and metadata via essential cookies to safeguard the security of our platform.

3. Purposes of processing

We process your data solely for the following purposes:

- Quoting, planning and executing IT Asset Disposition projects.
- Facilitating secure access to the XITAD Enterprise Portal.
- Generating legally watertight certificates of destruction (CoD) and audit trails.
- Complying with legal, fiscal and compliance-related obligations.

4. Sharing data with third parties

XITAD never sells your personal data to commercial third parties. Sharing takes place only with rigorously selected, ISO 27001-certified processing partners within our network, or logistics partners, and only insofar as this is strictly necessary for the execution of the ITAD process. Watertight data processing agreements have been concluded with all of these parties.

5. Data security & retention

Information security is at the core of our operation. We employ end-to-end encryption, Multi-Factor Authentication (MFA) and strict role-based access control (RBAC). We do not retain your data longer than strictly necessary. However, certificates of destruction and financial transaction data are, in accordance with statutory retention obligations, archived for 7 years in a heavily secured environment.

6. Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access to the personal data we process about you.
  • Rectification of incorrect or incomplete data.
  • Erasure of your personal data (the "right to be forgotten"), provided this does not conflict with our statutory retention obligation for audit trails.
  • Restriction of, or objection to, the processing of data.

7. Contact & questions

For questions about our privacy policy, requests regarding your rights, or comments concerning our data processing, you can contact our Data Protection Officer (DPO) at:

XITAD B.V.
Email: privacy@xitad.com
Phone: +31 (0)85 - 200 62 00