NEa Register of Processing
The NEa maintains a register for all the instances where it processes personal data. This register contains, per processing action, a brief description of the type of data being processed, the reason why the data have been collected, what is done with the data and who is responsible for processing it. If you wish you can request this information. In this way you can check that the NEa is using your data in accordance with GDPR rules.
What is personal data?
Personal data is data that reveals something about you, or which can be related to you. You share your personal data with the NEa when you have contact with the NEa or when you make use of the services of the NEa. Examples of personal data include your name, telephone number or email address, as well as an IP address of a computer or a Citizen Service Number (BSN: burgerservicenummer). It involves all data that can be related to a specific person.
Privacy principles of the NEa
The NEa handles your data carefully. To this end it has defined the following privacy principles which are adhered to when processing personal data:
1. The NEa will only process personal data if …
There is a legal basis for doing so. This can, for instance, involve performing a legal obligation, when it is necessary for the implementation of our agreement with you or when processing is necessary for carrying out a task in the public interest.
2. The NEa puts the focus on you as stakeholder
When setting up and managing its data processing and registration, the NEa puts the focus on the interest and privacy risks of stakeholders. The personal data is retained no longer than is strictly necessary for the goal of processing.
3. The NEa is transparent
The NEa has a Processing Register which contains the goal and the basis of the personal data. If you wish you can request this information.
4. The NEa safeguards your rights
Together with you, the NEa keeps your personal data correct and up to date. You can view and rectify all personal data processing actions at the NEa unless legal provisions prevent this. The rectification of personal data, if technically feasible and if necessary, is just as simple as providing the data in the first place.
5. The NEa applies restraint to providing data to third parties
The NEa applies great care and restraint with regard to providing personal data to third parties. We only provide such data when this is lawful. No data is shared with external parties without us first checking the lawfulness of this.
6. The NEa stores your data in a secure manner
The NEa takes appropriate technical and organisational measures when storing and processing data. Before compiling data and entering this in its system, the NEa carries out an analysis and takes measures to ensure that personal data is secure.
The NEa applies national and international standards and guidelines for safeguarding information, including your personal data. The NEa acts in accordance with:
- ISO 27001 and 27002;
- Government Baseline Information Security (BIR) 2012 and 2017;
- Instructions from the authors of the GDPR;
- Instructions from the Dutch Data Protection Authority.
7. The NEa sets out its principles
The NEa makes it apparent to all that it is adhering to these privacy principles. Stakeholders can always ask the NEa for explanation and elaboration of these principles.
8. Retention periods
The NEa retains your personal data for no longer than is necessary for the purpose of data processing, and in doing so it observes the Dutch Public Records Act.
Social media/external platforms
When carrying out its digital communication through the internet and social media, the NEa uses external platforms such as Twitter and LinkedIn. The NEa considers it important to state that it has no influence on the way that these platforms handle your personal data. The NEa advises you not to share any privacy-sensitive data through these platforms. These platforms are not necessary for the functioning of the services of the NEa.
The General Data Protection Regulation (GDPR) puts the focus on the rights of the stakeholder. This involves the right to:
- know which of your personal data the NEa processes (Article 15 GDPR).
- have your personal data rectified (Article 16 GDPR).
- have your personal data erased (Article 17 GDPR).
- restrict processing of your personal data (Article 18 GDPR).
- make an objection (Article 21 GDPR).
Data Protection Officer
Do you have any questions about the way that the NEa processes your data? The NEa has appointed a Data Protection Officer (DPO).
Submit your questions via PbFG@minez.nl or by sending a letter to:
Data Protection Officer
Ministry of Economic Affairs and Climate Protection
P.O. Box 20401
2500 EK The Hague