The province gives shape to this in its internal and external actions and statements by basing itself on key values such as reliability, transparency, carefulness and security.
Which personal data do we process and why?
Many processing operations of personal data the province of Noord-Brabant performs are due to legal and administrative tasks that must be performed by the province and legal obligations that the province must comply with. In addition, the province has an important role as the regional director. Based on this binding role, the province initiates, stimulates, facilitates and participates in partnerships. Personal data is only shared within partnerships if there is a reason or basis for this. Fulfilling the role of regional director appropriately also means appropriate relationship management. Personal data that is processed by the province for maintaining relationships and contacts is only processed if the involved parties have given their consent in writing.
The province also processes personal data for its internal management and security. The province, for example, manages a personnel administration and it uses CCTV monitoring for the security of the provincial government building.
The province only uses personal data for the processing operations for which they are intended.
Personal data is not used for any other objectives. In addition, only the personal data is processed that is strictly necessary for the processing.
What happens to personal data at the province?
The province ensures that personal data is only accessible to officials who need the data for the performance of their job or instructions.
Third party processing
The province may use the services of third parties when it performs its tasks. This may be by external workers who support the province in performing its tasks, external parties to whom the province has (partially) outsourced the tasks or in partnerships within which tasks are dealt with in cooperation with other parties. In addition, the province uses online services such as cloud services and SaaS (Software as a Service) solutions in certain cases for its information provision.
The province takes great care when selecting partners (that will be performing the work). The province has third parties sign a data processing agreement with a view of ensuring privacy. By signing this agreement, they state that they will comply with the provisions set down in the General Data Protection Regulation (GDPR) when performing their tasks. A security/privacy scan is performed in relation to the selection of online services for the processing of personal data and other confidential data.
Storage of data
For the storage of data, the province only uses systems intended for this purpose. Personal data is erased after the processing has been completed. In relation to specific data types, the province must comply with retention periods based on the Dutch Public Records Act. The data will, in this case, be erased when the relevant period has elapsed.
Based on the law (GDPR), you have a number of rights as an involved party with regard to the province of Noord-Brabant in relation to the processing of personal data.
- You are entitled to have access to the data that the province processes about you.
- You are entitled to information about the way in which your personal data is processed.
- You are entitled to rectify or supplement your personal data.
- You are entitled to ask the province to erase your personal data if the province of Noord-Brabant does not have a legitimate reason to continue processing this data.
- You are entitled to have less data processed.
- You may object to your personal data being processed.
- You are entitled to ask the province to pass on to you your personal data in a structured, commonly used and machine-readable format.
- You may object to automated individual decision-taking including profiling.
You can submit a request to the province to exercise these rights. The province will process your request within 4 weeks. In addition, you can submit a complaint if you are dissatisfied about the way in which your personal data is being processed.
If you have a complaint about the way in which the province of Noord-Brabant is treating the processing of your request or complaint, you can submit a complaint about this to the Dutch Data Protection Authority.
What do we do to protect your personal data?
Information security plays an important role within our information provision. We regularly have an external audit performed in relation to the security of our IT environment and systems. In addition, we ensure that our employees are aware of the risks related to the processing of information and personal data in particular. We do this, for example, through awareness campaigns and mandatory e-learning courses and by ensuring that information security and privacy are paid attention to during meetings for new employees.
Questions and contact
If you have any questions or remarks about this privacy statement or the way in which the province of Noord-Brabant deals with privacy and the processing of personal data, please contact the Data Protection Officer of the province. The province's aim is to deal with questions and remarks personally and quickly. You can contact the province using the methods described below:
Province of Noord-Brabant
Attn. Data Protection Officer
PO Box 90151
5200 MC 's-Hertogenbosch
This privacy statement was last updated on 23 May 2018.