Basis for preparation

The sustainability statements in this report are prepared on a consolidated basis, covering the parent company, LINKIT enterprise B.V. (“LINKIT”), and its subsidiaries controlled directly by LINKIT. The scope aligns with our financial statements and includes our own operations as well as activities across our value chain, including upstream, downstream, and internal processes.

The application of policies, actions, metrics, and targets varies depending on each topic. Details can be found in the relevant sections of this report.

We report on disclosures related to specific circumstances alongside the relevant disclosures.

Where estimates have been used, the methods and any associated uncertainties are detailed in the relevant sections of this report.

Any future restatements will be reported alongside the relevant data and determined based on their significance.

Management responsibilities

Diversity of the Advisory Board and Board

Information on the diversity of the Advisory Board and Board, including the gender breakdown of both groups, is provided in the Social section of this report.

Addressing sustainability matters within LINKIT

The organization, through our CEO, is kept informed on a quarterly basis, with sustainability matters addressed in both strategic reviews and daily operations. The CSR Team plays an active role in overseeing these topics, ensuring that sustainability risks, opportunities, and impacts are consistently monitored and reported.

The key processes for addressing sustainability matters include:

Q1: Annual reporting

In the first quarter, the Board reviews and approves the Annual Report. This report provides stakeholders with an overview of sustainability progress, policies, actions, and related metrics or targets.

Q2: Gap analysis

The Board and the CSRD Team analyze the gaps between our current performance and established sustainability goals, defining long-term priorities.

Q3: Target update

We update our sustainability goals based on the latest data and insights. As we learn from our ongoing initiatives, we monitor if our targets remain ambitious yet achievable.

Q4: Reporting updates & impact review

During the fourth quarter, the CSR team reviews updates on the material IROs, assessing how they impact the reporting scope. The team ensures all relevant disclosures and data points are included in the data collection process. Additionally, the CSR team reviews the actions taken this year and sets its goals for the next.

Our full workforce stays informed on sustainability initiatives through quarterly updates in our Clubday Update and newsletter, ensuring transparency across the company.

Incentive schemes

There are currently no formal incentive schemes, related to sustainability performance, in place at LINKIT. We focus on integrating sustainability into our overall business strategy and monitor our performance through regular reporting and oversight by the Board and the CSR Team.

Sustainability reporting risk management

Following our pre-implementation of CSRD in 2023, we have strengthened our internal control systems for sustainability reporting in 2025 while staying adaptable to the evolving regulatory environment brought on by the omnibus laws. Our expanded internal controls aim to minimize risks related to data accuracy, completeness, and compliance, and are reviewed regularly in close collaboration with our internal data owners.

Our primary risk remains data availability from our value chain, where we lack direct control, so our CSR Team is mapping out Scope 3 data requirements and building robust collection processes. As regulations evolve, we will refine our approach to external assurance to ensure full transparency and accountability.

Strategy, business model and value chain

LINKIT delivers business automation, IT modernization and staffing solutions for a wide range of clients, including private enterprises and public institutions. Our value chain spans upstream suppliers, our own operations, downstream clients, and broader outcomes, ensuring the delivery of high-quality digital solutions.

Read more about our business (externe link, opent in nieuw tabblad)

Our material IROs are primarily located within our own operations, for example, relating to our workforce. These operations are the foundation of our business model, driving the success of both our IT staffing services and project delivery.

In our upstream value chain, key dependencies include talent acquisition and suppliers of software that enable us to build and deliver our solutions. Downstream, our value chain encompasses the implementation of IT solutions by our clients, as well as the environmental impact of decommissioned hardware and resource use. Our business model and sustainability strategy are shaped by these dependencies, which are carefully considered during our DMA.

Interests and views of stakeholders

Staying connected with our stakeholders is essential to remaining relevant and effectively aligning our strategy with their expectations and needs. Our key stakeholders include employees, clients, and suppliers. Their insights help shape our strategy and drive targeted improvements in our operations. 

Each year, we conduct a comprehensive context analysis led by the Manager Quality & Security. This analysis examines changes in our market, customer expectations, legislation, and broader DESTEP factors. The results are presented to the Board during the Management Review. Based on these insights, necessary adjustments are made to our strategy and policies. Additionally, we continuously gather feedback through our LINKIT (Contractor) Survey, which is sent out during and after each assignment to assess the quality of our professionals and services. 

For our DMA, we conducted additional research, including an employee survey, a supplier and customer survey, and a sustainability analysis of our client base. Based on this research, we identified our material topics that influence our strategic decisions and how we create value within our organization and value chain. 

Within our own operations, we have started taking concrete steps to integrate sustainability structurally. We have signed the Diversity, Equity, and Inclusion (DE&I) Charter and implemented a DE&I policy, we offer employees an open training budget and provide continuous security awareness training. Additionally, we have set a maximum CO₂ emissions threshold for leased cars and we invest in well-being initiatives and confidential advisors to nurture a healthy and safe working environment. 

Within our value chain, we are making progress in embedding sustainability. Currently, we do not have sustainability criteria for our upstream suppliers, but we have begun developing a sustainable procurement policy. In our downstream activities, such as IT staffing and projects in business automation and IT modernization, we aim to experiment with sustainable solutions that drive technological advancement while also considering social and environmental impact. 

In addition to the annual context analysis and Management Review, sustainability is explicitly discussed once a year in the meeting between the Advisory Board and the Board. The CSR Team monitors progress and reports updates to the management team, while all employees are kept informed on a quarterly basis via our Clubday Update and Bits & Bytes events. This ensures that stakeholder interests are not only considered in policymaking but are also translated into our daily operations. 

Key stakeholders

Staying relevant in the rapidly evolving IT landscape is a priority to us. To achieve this, we seek input from our key stakeholders, whose insights and expectations shape our strategy and actions.

Double materiality assessment result

LINKIT’s identified IROs are directly linked to our core business model, which focuses on IT consultancy, services, and digital transformation. The material topics identified in this assessment are closely tied to our internal operations and extend to key stakeholders, including employees, clients, end-users, and suppliers. 

The material environmental IROs relate to the company’s resource consumption, carbon footprint, and responsible procurement. LINKIT operates in a low-emission sector compared to industries with direct production footprints, but its digital infrastructure and hardware use contribute to environmental impacts, including energy consumption and e-waste generation. We now actively mitigate these risks through maximization of car emissions and responsible waste management practices. However, the negative environmental effects of digital infrastructure extend beyond LINKIT’s operational boundaries, as global IT resource consumption and emissions are systemic challenges. 

From a social perspective, LINKIT’s material IROs largely revolve around employee well-being, diversity, and the ethical use of digital technologies. Sector-specific challenges, such as high workload, skills shortages, and inclusion gaps, are potential risks affecting workforce sustainability. To address these, LINKIT prioritizes talent development, dedicating a significant portion of employee time to upskilling and certifications. Additionally, ethical data management remains a core focus, ensuring compliance with evolving regulations and protecting user privacy. Our services contribute positively by driving digital inclusion and supporting public and private sector digital transformation. 

The financial materiality of these IROs is reflected in LINKIT’s risk exposure and resilience. Compliance with IT security standards and data protection regulations minimizes legal and financial risks. Investment in employee retention and training strengthens long-term competitiveness, reducing recruitment costs and enhancing service quality. The growing demand for sustainable IT solutions also presents market opportunities, reinforcing LINKIT’s strategic positioning. 

As part of its evolving materiality assessment process, we are integrating ESG risk management into our governance structures, ensuring that sustainability is embedded in decision-making. The ongoing assessment of material IROs ensures that LINKIT remains proactive in identifying and addressing emerging risks while leveraging opportunities for sustainable growth.

Policy overview

Below you can find our most significant policies that help us manage our impacts, risks, and opportunities.

Policies

In 2025, LINKIT formalised its long-term climate ambition:

• Scope 1 and 2: Net Zero by 2035

• Scope 3: Reduction in line with the Paris Agreement 1.5°C scenario, SBTi-aligned

These targets provide clarity and serve as a reference framework for investment decisions, mobility policies and supplier engagement.

With targets now defined, the development of a formal Environmental Policy has been initiated. This policy will structure responsibilities, governance, monitoring and alignment with our broader ESG framework.

Climate-related risks are incorporated into enterprise risk management and discussed at Board level, ensuring alignment between environmental ambition and strategic oversight.

Key themes

Climate change mitigation

Mitigation is the central focus of our environmental strategy. In 2025, we mapped nearly all Scope 3 emissions for the first time using a spend-based methodology. As expected, Scope 3 represents the majority of our total emissions, largely driven by IT procurement and supplier-related activities. While the methodology has limitations in accuracy, it provides the necessary baseline for targeted reduction strategies.

Climate-related risks

Climate transition risks are increasingly relevant to LINKIT. These include:

• Regulatory tightening at EU level

• Increased client demands for demonstrable emission reductions

• Supply chain vulnerabilities

• Reputational risks linked to transparency expectations

By formalising targets and embedding climate in governance structures, we strengthen our resilience against these risks.

Growth versus absolute reduction

A structural tension remains between organisational growth and absolute emission reduction. As a growing company, total emissions may increase even when efficiency improves. This requires disciplined choices in mobility, procurement and supplier engagement to prevent growth from undermining long-term climate objectives.

Data quality and value chain dependency

The spend-based Scope 3 methodology provides breadth but not precision. Measuring IT-related emissions remains complex. Additionally, a significant portion of our reduction potential depends on supplier progress. This limits direct control and increases the importance of dialogue and collaboration in the value chain.

Green IT and strategic positioning

Sustainability has been embedded in our innovation agenda. Investments in Green IT aim to support more energy-efficient IT architectures and lower value chain emissions. This positions environmental performance not only as a compliance topic but also as a strategic opportunity.

In 2025, we focused on strengthening structure and insight:

• Formalised climate targets towards 2035

• Mapped nearly all Scope 3 emissions using a spend-based approach

• Integrated climate considerations further into governance and decision-making

• Prepared the implementation of a revised travel policy

• Initiated development of a formal Environmental Policy

These actions lay the groundwork for measurable reductions in the coming years.

In 2026, the emphasis will shift from structuring to implementation:

• Further alignment and refinement of targets in line with the Paris Agreement

• Formal adoption and implementation of the Environmental Policy

• Implementation of a robust Scope 3 data model with clearer emission source insights

• Active roll-out of the new travel policy

• Increased engagement with suppliers to support Scope 3 reduction

The objective for 2026 is to move from defined ambition and improved insight to demonstrable emission reduction progress.

The energy consumption and mix figures presented here are based solely on our Netherlands business activities, the largest share of our operations, as we work to complete the full scope of LINKIT enterprise.

Scope 1

Scope 1 covers direct emissions from our own operations, such as fuel in company-leased vehicles or heating in our offices. These are emissions we have the greatest control over, and therefore they’re a primary focus for reduction initiatives.

Accounting principles

Scope 1 greenhouse gas (GHG) emissions refer to the direct emissions from sources that are owned or controlled by LINKIT. Direct GHG emissions comprise the sum of greenhouse gases, which are converted to CO₂ equivalents.

Scope 2

Scope 2 refers to indirect emissions associated with the purchase of electricity, steam, heating, or cooling. Although these emissions occur at the utility provider’s facilities rather than on our premises, they are part of our operational footprint.

Accounting principles

Scope 2 greenhouse gas (GHG) emissions refer to the indirect emissions resulting from the generation of purchased energy that is used by an organization. Scope 2 emissions occur at the facility where the energy is generated, thus being classified as indirect emissions. 

Scope 3

Scope 3 includes indirect emissions from our value chain, such as business travel, employee commuting, waste disposal, and procurement. While we recognize the importance of these emissions, we are still in the process of gathering comprehensive data for a full assessment. As we refine our methodologies, future reports will provide more detailed Scope 3 information.

Policies

LINKIT’s social approach did not fundamentally change in 2025. Our people strategy continues to be built on long-term investment in development, responsible employment practices and societal engagement.

What did change was the strategic context. With the renewed organisational strategy in place, the importance of attracting, retaining and engaging scarce IT talent became even more explicit.

Existing frameworks around performance, development and wellbeing remained in place. In 2025, the focus was not on rewriting policy, but on strengthening execution. It was about applying existing principles more deliberately in light of our strategic ambitions and market realities.

Key themes

Attracting and retaining scarce IT talent

The market for experienced IT professionals remains highly competitive. Growth ambitions and delivery quality depend on our ability to attract and retain the right people.

In 2025, the renewed organisational strategy provided clearer positioning — internally and externally — supporting recruitment efforts. At the same time, retention remains equally critical. Career development, leadership quality and engagement directly influence long-term stability.

Talent scarcity remains a structural market reality rather than a temporary fluctuation.

Leadership and ownership across the organisation

To support strategic execution, LINKIT launched its Personal Leadership Programme for all employees. The programme consists of three modules: Relate, Reflect and Resilience. Many colleagues participated in 2025. The focus is on strengthening interpersonal effectiveness, self-awareness and adaptability.

Leadership at LINKIT is not limited to formal roles. Strengthening ownership and reflection across the organisation directly contributes to engagement, performance and client impact.

From satisfaction to engagement

In 2025, we changed our measurement methodology: from employee satisfaction to employee engagement. This shift reflects a more strategic approach. Engagement provides deeper insight into motivation, commitment and discretionary effort; key drivers of retention and performance. This transition also allows for more targeted interventions in areas where engagement requires strengthening.

Preventive health and wellbeing

A new occupational health service provider was selected in 2025, with increased emphasis on prevention. In a market where workload and performance pressure can be high, proactive wellbeing support is essential to sustainable performance and retention.

Societal contribution

Beyond internal workforce development, we strengthened our societal engagement. In 2025:

• A structural partnership with JINC was established

• Two Bliksemstages were hosted

• LINKIT received the Nieuwkomer van het Jaar award

• Employees in the Netherlands could voluntarily participate

• Support for Wensambulance was continued

This reflects our commitment to contributing beyond our core business activities.

Actions we’ve taken this year

• Rolled out the new organisational strategy

• Launched the Personal Leadership Programme for all employees

• Transitioned from satisfaction measurement to engagement measurement

• Appointed a new occupational health provider with preventive focus

• Continued and formalised community partnerships

• Strengthened focus on retention and talent acquisition

The emphasis in 2025 was on structural reinforcement rather than short-term interventions.

What is not yet fully on track

• Talent scarcity remains a structural challenge

• Engagement measurement has been introduced, but long-term trend data is not yet available

• Wage gap analysis has not yet been formally conducted

• ESG participation is not yet structurally embedded across the organisation

Further formalisation and measurable KPIs are needed to strengthen accountability.

Focus 2026

In 2026, social priorities will include:

• Further strengthening talent attraction and retention strategies

• Embedding engagement insights into concrete action plans

• Exploring formal wage gap analysis

• Increasing structured ESG participation

• Continuing investment in leadership and resilience

The next step is to translate strengthened foundations into measurable improvements in retention, engagement and sustainable growth.

For better readability, our numeric objectives will be placed alongside the relevant data points.

Gender distribution in management

Age distribution

Social protection

We ensure that our employees are covered against loss of income due to major life-changing events, such as sickness, occupational injury, parental leave, and retirement, in accordance with employment terms and conditions described in employee handbooks and contracts.

Persons with disabilities

Due to legal restrictions under the EU General Data Protection Regulation (GDPR) covering all EU member states and EEA countries, as well as similar principles of personal data protection through national legislation in the countries we operate in outside the EU and EEA, we are unable to report on the number of persons with disabilities within our organisation.

Training skills and development

Health and safety

The nature of our work does isn’t heavily physical. Therefore, our workplace is not characterized by frequent work-related injuries.

Sickness

Psychosocial safety

Family-related leave

Work-life balance

Pay equity

Total annual renumeration

Discrimination incidents reported and complaints filed

Continuous concerns

Engaging with our people

At LINKIT, our employees are Explorers — encouraged to seek new solutions, challenge conventions and continuously develop themselves. We aim to provide an environment where development, excellence and inspiration are part of everyday work.

We keep employees informed about the direction of the organisation, while actively encouraging their input on how we work and where we are heading. This dialogue supports engagement and alignment as we continue to grow.

Surveys

In 2025, we transitioned from an Employee Satisfaction Survey to an Employee Engagement Survey, conducted through a new external provider to gain deeper and more actionable insights. The results are used to guide HR priorities and define targeted improvement actions.

In addition, we introduced an annual CSR Survey, enabling us to:

• Measure work-related travel in line with reporting requirements

• Capture employee perspectives on key material topics

• Gather input on sustainability initiatives

Events

We organise recurring in-person moments to strengthen connection and collaboration across the organisation. Quarterly Bits & Bytes sessions provide updates from the Board and create space for dialogue. Weekly Clubdays bring employees together for collaboration and knowledge sharing. In addition, well-being events contribute to team cohesion and a strong sense of community. Together, these initiatives support an environment in which employees feel engaged, heard and able to develop as LINKIT Explorers.

Channels to raise concerns

A safe work environment is important. That’s why we work hard to create one. If something turns out not to be safe, or if someone is not treated correctly, we want to hear about it. By sharing concerns, we can ensure a safe working environment together on all fronts.

LINKIT confidants

Our LINKIT confidants are trusted colleagues employees can talk to about any concerns. Their names and contact information can be found on our intranet and in our employee handbook. Each Confidant has been trained for this role. For each situation, they determine the most suitable approach and who needs to be involved. They operate independently from our HR team; HR only steps in if it’s necessary and requested. HR also makes sure we follow all Dutch regulations.

Whistleblower system

Our whistleblower procedure offers a secure way for employees to report serious concerns about illegal or unethical practices that could harm our organization or the public interest. In such cases, we treat every report confidentially, assess whether an independent investigation is warranted, and keep the person who reported the issue informed about the outcome. Individuals who submit a report in good faith and follow the proper steps are protected against negative consequences in their work.

IT Issue Mechanism

As an IT company, data security and privacy are naturally very important. That’s why we have various systems in place to safeguard our data and privacy.

If a data breach is discovered, or if there is a suspicion of one, we investigate immediately. We do what is needed to secure our data again and to comply with laws and regulations. Any data breaches are documented in a dedicated report.

Employees can find information about data security and privacy on the intranet, in the employee handbook, and in our IT code of conduct. We also offer courses through the Phished Academy, where every Explorer can learn about the laws and regulations around data security and privacy. Our Manager Quality & Security ensures we meet all legal requirements.

Managing impacts on our people

At LINKIT, we aim to provide a work environment where people feel engaged, supported and able to develop. Our policies and processes are designed to contribute to positive employee outcomes and to identify potential risks early.

We actively gather employee feedback to monitor whether our approach aligns with the needs of our people. In 2025, we strengthened this by transitioning to an Employee Engagement Survey, conducted through a new external provider to obtain more actionable insights.

In addition to formal surveys, we collect input through regular interaction moments, including company-wide sessions and direct HR channels. These insights are used to guide improvements in our people approach.

HR is responsible for managing these feedback channels and translating outcomes into actions where needed. All data is handled in accordance with our privacy standards, ensuring confidentiality and enabling open and honest feedback.

Actions taken in 2025

• Transitioned to an Employee Engagement Survey with a new external provider

• Introduced an annual CSR Survey to capture employee input on sustainability topics

• Continued investment in leadership development across the organisation

• Appointed a new occupational health service provider with increased focus on prevention

Long-term direction

LINKIT remains committed to creating a work environment where people can develop, perform and feel engaged over the long term.

Structural challenges such as talent scarcity, retention and engagement require continuous attention. We therefore focus on strengthening leadership, improving insight through engagement measurement and maintaining a proactive approach to employee wellbeing.

We continue to safeguard fair working conditions and respect for employees across the organisation. Rather than focusing on compliance alone, our aim is to ensure that our policies translate into a positive and sustainable employee experience.

Policies

Information Security Policy

The primary objective of our information security policy is to support our strategy. The policy does this in several ways:

• Thanks to the policy, our key applications and information are always readily available.
• The policy ensures that our data is reliable, enabling us to make sound management, financial, and commercial decisions and to report honestly and comprehensively.
• The policy ensures that personal data and competitively sensitive information remain confidential. We also extend this protection to our customers when necessary.

We actively ensure that our information security policy remains up-to-date, relevant, and fully complied with. Our policy is audited annually as part of our ISO27001 certification, and all employees receive regular training in our methods and procedures.

Whistleblower procedure

We believe in transparency and accountability. Anyone who becomes aware of potential or actual violations of LINKIT policies is encouraged to report these concerns through various channels, whether by speaking with a project or department manager, or by reaching out to our confidants. For serious issues, including violations of EU law under the Whistleblower Directive, our Whistleblower System provides an independent, autonomous, and fully anonymous channel to report misconduct such as corruption, bribery, fraud, sexual harassment, issues in public procurement, and environmental protection. Detailed information on the Whistleblower System, including a comprehensive description in our Whistleblower Policy, is available on our intranet for both our employees and relevant external stakeholders.

Key themes

Risk management and board oversight

Risk management remains central within all GRC frameworks and is applied organisation-wide. In 2025, risks were analysed using a structured “risk carousel” approach across teams. This resulted in broader risk identification, increased stakeholder involvement and greater organisational awareness. No major incidents occurred during the year. Importantly, no material issues arose that had not already been identified within the risk management process. Risk oversight, including sustainability-related risks, is formally discussed at Board level once per year.

Information security and cybersecurity

The security model continues to evolve in response to a shifting threat landscape. Security controls are increasingly organised around identity, role and project context rather than physical location or network boundaries. This reflects the growing prevalence of targeted and AI-driven phishing and social engineering threats. Security is embedded in the 4D project methodology, where the project’s risk profile determines the required control measures. To further strengthen resilience, a cybersecurity insurance policy was concluded. Beyond financial coverage, this ensures direct access to specialised incident response expertise.

AI governance: balancing innovation and control

Artificial Intelligence creates opportunities for efficiency and innovation, while simultaneously introducing new security and privacy risks. In 2025, LINKIT initiated the further development of its AI policy framework. The objective is to facilitate responsible innovation within clearly defined governance boundaries. A concrete outcome was the Pilot Enterprise ChatGPT initiative, implemented with appropriate safeguards. The structural tension remains: enabling innovation while maintaining control and compliance.

Compliance, regulation and market expectations

European regulatory pressure continues to increase. The registration under NIS2 and the initiation of SOC2 Type II reflect both regulatory developments and growing client demand for demonstrable assurance. Compliance has become a sales and contracting requirement rather than a back-office activity. Governance maturity increasingly influences market access.

Data and cloud sovereignty

Geopolitical developments have intensified focus on data and cloud sovereignty, particularly regarding dependency on hyperscale cloud providers and control over encryption keys. LINKIT actively monitors these developments and translates them into advisory insights and practical solutions for clients.

Actions we’ve taken this year

In 2025, governance efforts focused primarily on strengthening structure and preparedness:

• Organisation-wide risk assessment via the risk carousel approach

• Continued investment in ISO-based management systems

• Inclusion of a foreign entity within ISO scope

• Registration under NIS2

• Initiation of SOC2 Type II reporting

• Registration with RBA and FSQS platforms

• Development of a Third Party Supplier Policy

• Initiation of a structured AI governance framework

• Conclusion of a cybersecurity insurance policy

These actions reflect an increased allocation of resources towards structured compliance, risk management and supply chain governance.

What is not yet fully on track

While structural progress was made, several areas remain in development:

• ESG integration in supplier requirements is still in early stages

• SOC2 Type II assurance has been initiated but not yet completed

• AI governance requires further formalisation and operational embedding

• Risk discussion at Board level remains periodic rather than continuous

2025 was primarily a year of strengthening foundations rather than delivering visible external milestones.

Focus 2026

In 2026, governance efforts will shift towards deeper implementation and demonstrable assurance:

• Further implementation of NIS2 requirements

• Advancement towards SOC2 Type II assurance

• Formal introduction of a Supplier Code of Conduct

• Continued development and operational embedding of AI governance

• Further integration of ESG criteria into supplier management processes

The focus moves from readiness to scalable and demonstrable control.

Targets

Continuous concerns

Engaging with consumers and end-users

We enjoy working together with our customers and suppliers. To ensure that they also commit to handling data with integrity, reliability, and safety, we have embedded several processes. These processes include agreements on transparency, guidelines on data handling in accordance with our privacy statement, and instructions on how privacy rights can be exercised.

Surveys

Through various surveys, we monitor our efforts and assess the reliability of our suppliers.

• We send the LINKIT Contractor Survey after each customer assignment, which provides insight into the quality of our service and our employees.
  • We ask every supplier to complete a survey.
  • For suppliers we have not previously worked with, we request data on both the supplier and the professional who will be engaged; for those we have worked with before, we only request information about the professional who is deployed.
• Self-Employed Contractor Survey
• Fee Party Survey.

Our Manager Quality conducts an annual context analysis, and based on its outcomes, we implement changes as needed. The context analysis and any potential changes are presented to the Board.

Accessibility

Digital accessibility is an important part of our work. During a product’s testing phase, we strive to involve end users in testing, as they are best placed to determine whether a product is truly accessible. We advise our customers to involve end users in the design and testing phases as well, especially for public products used by many people.

The project manager, together with the project team, reviews the feedback received from end users during testing and adjusts the product accordingly, if necessary. Even after delivery, we continue to advise our customers based on end user feedback.

Data leaks or cyber incidents

If a data breach or any other digital incident occurs, we take immediate action. Our protocols are triggered, and if necessary, we involve local authorities and the individuals impacted by the incident. If individuals wish, they can request LINKIT to delete their data in accordance with GDPR regulations, and we comply with such requests whenever possible.

Channels to raise concerns

We do everything we can to keep our customers and employees satisfied and our data secure. However, things don’t always go as planned. To address such issues, we have established a complaint procedure for general concerns and a reporting procedure for privacy matters.

Complaint procedure

Here’s how our complaint procedure works:

• A complaint can be submitted via email (klachten@linkit.nl) or through the form on our website.
• The complaint is assigned to the relevant account manager, who is responsible for resolving it.
• The person who submitted the complaint will receive an acknowledgment within one business day.
• Our account manager will contact the complainant by phone within three business days, or sooner if necessary, to discuss the required action.
• If the complainant is not satisfied with the actions taken, there are two avenues for escalation:
• Internal appeal: The complaint is discussed in full during the Management Team meeting, where the team also considers the customer’s viewpoint and proposed solution.
• External appeal: The complainant may escalate the dispute to a mediator or take it to court.

Channels to raise concerns

If there are concerns about the security of our data  or that of our customers, these can be raised in various ways:

• LINKIT can be reached by phone, email, or through the response form on our website, and a formal complaint can also be submitted.
• Often, customers are approached directly with concerns about information security. While this is not a requirement on our part, any questions raised by customers are forwarded to the project team and management.
• Customers and end users can also express their concerns via our whistleblower system. Whistleblower reports are handled by an external law firm, which ensures that the whistleblower is protected.

Data breach reporting law

Since January 1, 2016, the Data Breach Reporting Act has been in force. If a (security) incident creates a significant risk of violating someone’s privacy, LINKIT reports it to the Dutch Data Protection Authority (AP). This may involve the privacy of a LINKIT employee, a candidate, or an employee of one of our customers.

When an incident involves personal data, we act very carefully. Every LINKIT employee is responsible for identifying incidents, from the loss of a laptop or phone to noticing a virus, malware, or stolen account information. If personal data is involved, the incident must be reported to the Privacy Officer. Initially, we refer to this as a LINKIT privacy incident. The Privacy Officer investigates the incident, reviews all circumstances, and then determines whether it should be reported to the AP and to those whose data is affected.