This privacy statement explains how the Dutch Safety Board ('the Board') deals with personal data. The statement is broken down into a number of sections:
- What are personal data?
- Why does the Board process your personal data?
- How do we deal with your personal data?
- When do we share your data?
- How can you contact us about your rights?
This general privacy statement applies to all personal data that the Board may require you to supply in the performance of its tasks. For specific information about the processing of your personal data, please contact the department or team with which you have been dealing.
What are personal data?
Personal data means any information directly relating to a person or information that can be traced back to a person. Examples of personal data include addresses, telephone numbers and email accounts.
You can find additional general information about personal data on the website of the Dutch Data Protection Authority (Dutch).
Why does the Dutch Safety Board process your personal data?
The Board processes personal data in order to carry out its statutory tasks, which are set out in the Dutch Safety Board Kingdom Act. You can find more information about the Board’s procedures here. You can find more information about the laws and regulations applicable to the Board here.
Your personal data might also be sensitive personal data, which are defined by the Dutch Data Protection Authority as follows:
Sensitive personal data
Some personal data are particularly sensitive, because processing them can have a significant impact on someone’s life. Data concerning someone's race, religion or health, or someone’s citizen service number (BSN), are examples of sensitive personal data. This kind of data enjoys special protection under the law. Likewise, children's personal data are always sensitive and are therefore always subject to special protection.
The Board also processes personal data with consent by sending out newsletters and other general communications via email to keep interested parties informed about the progress of investigations.
How do we deal with your personal data?
The Board applies a number of basic principles when processing personal data, and takes measures to ensure that it handles data in a reliable, fair and careful manner.
Data Protection Officer
The Board has appointed a Data Protection Officer (DPO). This independent DPO checks whether the Board applies and complies with the rules laid down in the General Data Protection Regulation (GDPR). The Dutch Data Protection Authority is responsible for supervising the application of privacy legislation.
Guiding principles
Legal basis and purpose. The Board processes personal data only if it has a legal basis for doing so. In addition, we ensure that personal data are processed only for the specific purpose for which they were collected.
Using the least amount of data possible
The Board never processes more personal data than is strictly necessary. If possible, we process fewer personal data or none at all.
Minimising infringement of privacy
The Board ensures that any infringement of privacy is not disproportionate to the purpose for which the data were collected. If we have a choice between different types of personal data that we could process for a given purpose, we therefore opt to process personal data in a way that constitutes the most minimal infringement of privacy.
Retention only for as long as necessary
The Board keeps your personal data:
- only for as long as is necessary to achieve the purpose for which they were collected;
- as required by the Public Records Act;
- never longer than permitted under the law.
Measures
Reliability, integrity and confidentiality
The Board employs a range of measures to ensure that your personal data are dealt with in a reliable, fair and careful manner.
- All personal data are treated in confidence. In other words, the Board ensures that your data can be processed only by persons carrying both the proper authority and a secrecy agreement.
- Personal data are protected effectively. At a minimum, we observe the rules and standards on security laid down by central government.
- The Board makes agreements about security measures with external parties such as software providers and data centres. We also check whether external parties stick to these agreements.
When do we share your personal data?
Your personal data will not be shared in newsletters and other general communications.
In certain cases, the Board is authorised to provide data and information to or request them from other government bodies and independent organisations. The legal basis for this authority is the Dutch Safety Board Kingdom Act. You can find more information about this topic on the website under Laws and regulations, Coordination protocols.
How can you contact us about your rights?
You can unsubscribe from the newsletter or from any other communications to which you have signed up.
You have a number of rights, including a right of access and a right to rectification. If you wish to know what personal data of yours we have processed, you can make a request for access. You must submit this request to the Data Protection Officer at the email address below.
Should it turn out that your data are incorrect, incomplete or irrelevant, you can submit an additional request for your data to be rectified or supplemented.
If you have general questions about data protection at the Board, please contact our Data Protection Officer (DPO). You can submit your questions digitally or on paper to:
Data Protection Officer
fg@onderzoeksraad.nl
Dutch Safety Board
Attn: Data Protection Officer
PO Box 95404
2509 CK The Hague
For more information about your rights or to file a complaint, please contact the Dutch Data Protection Authority.