What data is recorded and how is this being used?

To offer products and services Postcode.nl B.V. needs certain information from her users and customers. Under the General Data Protection Regulation (GDPR) Postcode.nl B.V. is required to explain for what purposes the data is collected. Here you can find what data is collected and how it is being used.

Website visitor who uses non paid services

As website visitor on www.postcode.nl it is possible to look up information regarding postcodes and the products that Postcode.nl offers.

Related domains:

The following information is stored with non-logged in and logged-in visitors/users who do a search on the site:

Non-logged in visitors/users can contact us via a contact form. This requires the following information:

Visitors/users can report back to the Dutch government if they notice incorrect information. An account needs to be created for this:

Feedback data is forwarded to Kadaster and the responsible municipality after approval by an employee of Postcode.nl B.V.. With this feedback the following information is requested:

If a report has been forwarded, Kadaster will show this on their public website, with a possible response from the municipality. Do not include any personal details in the feedback!

User/customer who creates an account (SSO)

A user/customer can register and log in to the different Postcode.nl websites with the same login details. This is called an ‘SSO account’. The term SSO stands for ‘Single Sign On”.

Related domains:

Postcode.nl account

The following information is requested and/or saved when creating an SSO account to log in via a password:

When changing SSO account data as logged in SSO account user.


When registering/logging in with a Social Profile from Twitter, the following data is retrieved from Twitter:

We ask for permission for the following during linking to an SSO account.

This application will be able to:

  • Read Tweets from your timeline.
  • See who you follow.


When registering / logging in with a Social Profile from Google, the following data is retrieved from Google:

We ask for permission for the following during linking to an SSO account.

Has access to:

  • Basic account info
  • View your basic profile info
  • View your email address


When registering/logging in with a Social Profile from LinkedIn, the following data is retrieved from LinkedIn:

We ask for permission for the following during linking to an SSO account.

Postcode.nl Social Sign On would like to:

  • Use your name, photo, headline, and current positions
  • Use the primary email address associated with your LinkedIn account


When registering/logging in with a Social Profile from Facebook, the following data is retrieved from Facebook:

We ask for permission for the following during linking to an SSO account.

Postcode.nl Social Sign On will receive:

  • Your public profile and email address.

Your public profile includes name, profile picture, age range, gender, language, country and other public info.

Customer of one of the paid online services of Postcode.nl B.V.

To use the paid services of Postcode.nl an account needs to be created. The products of Postcode.nl B.V. are aimed at companies, for consumers the products have little added value. For complete databases it is not necessary to create an account, the application for a database is done via a different ordering process.

Related domains:

When creating a master account, the following information is requested:

Aanvraag Adres API

Applying for a Postcode Database and Data API

Customer logged in with an sso account linked to a main account

Related domains:

Log in/register for managing the main account.

Invite new contacts to access the main account and specific service:

Request new login details Address API service

Customer with login details for an API service

Related domains:

During use of the Address API service

During use of the Data API service

Customer of one of the paid offline services of Postcode.nl B.V.

Client offers a file containing address data to validate/enrich (batch validation):

Why is this data stored?

Website visitor

Postcode.nl customer

How long is the data stored?

All data is stored for a fixed time, after which they are removed from all systems. The anonymisation of API request data takes place after 6 months.

DataStorage periodLegal period
Search engine logs (after anonymisation of the requested data, including IP)5 yearsNo
Data related to the contract (invoice-, account-, contact details)7 yearsYes
API logs (after anonymisation of the requested data)During the contractNo
Batch validation dataWill be removed from all systems immediately after deliveryNo

Incidental contact moments with consumers via telephone or email are not registered and stored.

Data security

All Postcode database data are stored on our own servers and are secured to the highest standards. The servers are located in the Netherlands and fall under Dutch law.

Because we try to be a paperless office, we keep as few offline paper archives as possible. If there are offline archives these are physically secured and accessible only to authorised personnel. Furthermore, access security, workplace security (login systems with 2-factor authentication etc), and other possible security devices are installed where it is deemed mandatory and/or necessary. The level of security will be kept to the highest standards and its usefulness will be regularly discussed with employees.

Where possible, we work according to the Privacy by Design principle so that privacy is already guaranteed in the processes that are being developed.

Data outside the EU

To store the data required for an agreement and to store the communication that has been created, third-party services (Olark, Google, Mailchimp, Groove) are used where the servers are located outside the European Union. These parties are compliant with the General Data Protection Regulation.

Report data breaches

In the event of data breaches, Postcode.nl will report this to the Dutch Authoriteit Persoonsgegevens. This will take place within 72 hours after the discovery of the data breach if it appears that the data breach has risks for the rights and freedoms of natural persons. If after investigation it appears that the person concerned will suffer adverse consequences, Postcode.nl will inform the person concerned.

View, change and delete data

In accordance with the GDPR legislation it is possible to contact us to view your data, to change or delete data. Please contact us via info@postcode.nl. Keep in mind that we can ask for identification when asking for data. This option does not apply to the content of the Postcode database itself (the data in the search engine). This is open data from the government which is not covered by the GDPR.


Postcode.nl B.V.
Julianastraat 30
2012 ES Haarlem

Tel: +31 (0)23-532 56 89