Privacy statement and cookie consent

Toccata B.V., located at Hillegomstraat 12-14 unit 1.01, 1058 LS Amsterdam is responsible for the processing of personal data as outlined in this privacy statement.

Personal data means any information concerning identified or identifiable individuals. Toccata values the right to privacy and aims to protect the personal data that we protect and use in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (GDPR) and its relevant national implementing legislation.

Personal data that we process.
Toccata processes your personal data because you make use of our services and/or because you provide them yourself via e-mail, telephone, correspondence or similar.

Below is an overview of the personal data we process:
– Date and place of birth
– Address details
– Phone number
– E-mail address
– Copy ID
– Salary and other details, necessary for payroll administration, fiscal filings etc.
– IBAN/bank account numbers

Special and / or sensitive personal data that we process.
Toccata processes the following special and / or sensitive personal data of you:

– Civil service number (BSN)

For what purpose and on the basis of which basis do we process personal data.

Toccata processes your personal data for the following purposes:

– To fulfill obligations arising from our engagement letter, in order to provide the services stipulated therein;
– To fulfill obligations arising from statutory provisions, such as the preparation of tax returns;
– To be able to comply with other legal obligations that may be imposed on us by virtue of our services

Automated decision-making.
Toccata does not take decisions based on automated processing on matters that can have (significant) consequences for people. These are decisions that are taken by computer programs or systems, without a person (for example an employee of Toccata).

How long we store personal data.
Toccata does not store personal data for longer than is strictly necessary to realize the purposes for which your data is collected. We use the following retention periods for personal data referred to in points 1 and 2, as long as the agreement continues to exist, a customer makes use of our services and for overviews and / or reports produced by Toccata, for example a tax return, a statutory retention period applies.

Sharing personal data with third parties.
Toccata does not sell your information to third parties but only provides it and insofar as this is necessary for the execution of our agreement with you or to comply with a legal obligation. With companies that process your data in our assignment, we conclude a processor agreement to ensure the same level of security and confidentiality of your data. Toccata remains responsible for these processing operations.

External links.
Toccata may include link to third-party websites. If you go to another website via one of these links, you should be aware that Toccata’s Privacy Statement will no longer apply. It is possible that these third parties or other parties will collect information about you on these websites. Toccata is not responsible for the content of these websites, nor for the actions of these third parties and other parties. Therefore, we advise you to read the Privacy Statement of these websites before providing any personal data.

Cookies, or similar techniques, that we use.
Toccata does not use cookies or comparable techniques to collect or store personal data on its site
Toccata only uses cookies for an optimal experience of its website. The cookies do not tell us who you are. When visiting, you remain anonymous.

View, modify or delete data.
You have the right to view, correct or delete your personal data. In addition, you have the right to withdraw your consent to data processing or to object to the processing of your personal data by Toccata and you have the right to data portability. This means that you can submit a request to us to send the personal data we hold to you in a computer file to you or another organization mentioned by you, provided that this does not conflict with other legal relationships within the existing agreement between us.

You can send a request for inspection, correction, deletion, data transfer of your personal data or request to withdraw your consent or objection to the processing of your personal data by Toccata to

To ensure that the request for inspection, correction or removal is done by you, we ask you to send a copy of your ID with the request. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) black in this copy. This is to protect your privacy. We respond as quickly as possible, but within four weeks, at your request.

When we delete your data, we may also be bound by other legal obligations such as the statutory retention periods.

Toccata also reminds you that you have the opportunity to file a complaint with the national supervisory authority, the Dutch Data Protection Authority. If you are of the opinion that Toccata B.V. does not handle your data correctly. This can be done via the following link:

How we protect personal data.
Toccata takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. If you have the impression that your data is not secure or there are indications of abuse, please contact us via

Governing Law and Forum.
The laws of the Netherlands govern this Privacy Statement. Any dispute relating to these Privacy Statement or your use of the Website shall be resolved solely in the court of Amsterdam.

Last updated: July 2018