General privacy statement

The General Data Protection Regulation (GDPR) regulates what can and cannot be done with personal data and what privacy rights individuals have when organizations process their data. The Dutch Data Protection Authority, in Dutch Autoriteit Persoonsgegevens (AP) ensures compliance with the laws.

Organizations or companies that provide us with personal data are obliged, according to the GDPR, to inform their employees about this. You can provide this statement to your employees as an organization or company.

As a municipality, we have a large number of statutory tasks. These statutory tasks include, for example, maintaining the Basic Personal Records, in Dutch Basisregistratie Personen (BRP), implementing the Participation Act, in Dutch Participatiewet, and the Social Support Act, in Dutch Wet maatschappelijke ondersteuning (Wmo). As a result, we have a large amount of personal data (download the guidelines in English). These data are processed and transmitted to the national database, which is used, among others, by the Tax Authority. In all public law processes of the municipality, we have an obligation to work with data from the BRP. We have a great responsibility in this regard.

Dutch municipalities have committed themselves to a minimum level of information security through a covenant. These rules are laid down in the Government Information Security Baseline, in Dutch Baseline Informatiebeveiliging Overheid (BIO), which you can read at nldigitalgovernment.nl.

Secure internet transactions receive special attention in protecting your privacy regarding the use of the digital counter.

Information about visits to the digital counter is only used to support technical decisions and statistical processing and is never used to identify individual persons. Requests or inquiries submitted through digital forms are solely used for processing.

This means that it must be clear which data are recorded about the person and with whom these data are exchanged. The client is informed that data are shared, with whom, and why.

Confidential information sent via email is guaranteed to be securely transmitted using ZIVVER. Messages can only be read by the sender and recipient and are safe from hackers. 
Read more about using ZIVVER at Proclaimer.

The College of Mayor and Aldermen is responsible for the careful handling of personal data. In addition, the department head is responsible for proper handling of personal data within their department. You can find information on how to contact the College or the respective departments on Addresses and opening hours.

If you have specific questions about a case or file, you can contact your contact person. If you do not know who that is, do not wish to contact them, or do not have a contact person, you can contact the responsible Data Protection Officer via fg@ouder-amstel.nl.

All our employees have taken an oath of office and are obliged to maintain confidentiality. This means that we handle the data you entrust to us with care. Only authorized personnel are allowed to process your data.

The municipality only provides your data to other organizations when there is a legal obligation to do so. We enter into agreements with organizations that require your data on our behalf to ensure the same level of security and confidentiality for your data. The municipality remains responsible for the processing of your personal data.

If you do not want your personal data to be shared, you can request confidentiality. This is also referred to as "restriction of disclosure of personal data."

The municipality may disclose your personal data, recordings of telephone conversations, or IP addresses of website visitors to the police and judiciary. This may also include employees responsible for safety and enforcement of company rules. The municipality also has the right to disclose information in case of criminal matters, such as threatening an employee.

The municipality collects information about website visits through cookies, such as which page, search term, or browser you use. We do not collect personal data through cookies.

These data are stored and processed externally. They are used for statistical analysis of visitor behavior. With this information, we can improve the layout of our website, optimize it, and make it more user-friendly.

The municipality uses both session and persistent cookies. In addition, cookies are necessary to conduct transactions with the municipality. Without cookies, this is not possible. On Proclaimer you can read what cookies are and how you can set or disable them.

Access

You have a legal right to access your own data or the data of minors under the age of 16 for whom you are the legal representative. The municipality determines who the legal representative is by using the Personal Records Database (Basisregistratie Personen). Contact us by phone: (020) 496 21 21.
For this right of access, there is a legal minimum age of 16 years.

Correction

If your data is incorrect, you can contact the municipality to have it corrected. This is known as the "right to correction."

Erasure

You have a legal right to request the deletion of data, but this is not always possible. It is not possible to have your data deleted from the Basic Personal Records. The municipality is bound by legal retention periods. If there is no legal need to keep your data, they can be deleted. This may include destroying your data after a job application.

Objection

If you object to the processing of your data or a specific form of processing, you can contact the municipality.

The protection of police data falls under a special law, namely the Police Data Act (WPG). This regulates the processing of personal data for the performance of police duties, including those performed by extraordinary investigating officers (boas).

The personal data covered by the WPG will be kept for as long as this is required by this law.
Requests for access, correction, deletion and objection are treated in a similar manner to requests based on the GDPR. However, due to its sensitive nature, a limited number of departments have information about this to the extent necessary. The requests can be made known to the municipality in the same way as indicated earlier in this statement for the GDPR.

Despite our efforts, incidents can occur. These may include addressing an email or letter incorrectly, a website containing too much information, or a lost file.
In these cases, there may be a data breach. If you suspect this, please report it to the municipality immediately.
We can then take immediate action to prevent further harm. If your data is involved in a data breach, you will be informed directly by the municipality.

The municipality places great importance on the security of its systems. Despite all precautions, it remains possible to find a weakness in the systems. Under the guise of Coordinated Vulnerability Disclosure (previously known as Responsible Disclosure), you can inform us if you find a weakness in our systems.

In that case, we request you to report it to the Information Security Service for municipalities: informatiebeveiligingsdienst.nl/responsible-disclosure/. This way, we can promptly take appropriate measures.

If you have complaints about the service or how we handle your personal data, you can contact us by phone: (020) 496 21 21.