NRFG logo
Search
Search

Privacy statement

Download Privacy statement

NRFG Data Protection Statement

Why does NRFG process personal data?

The Dutch Register of Data Protection Officers Foundation (“NRFG”) manages the FG register in the Netherlands. To do so, NRFG processes personal data of individuals: interested parties, registered Data Protection Officers (Register FG’s), and of contacts and those who have submitted a question, comment, or message.

NRFG processes personal data to communicate with and inform these individuals. The data is used to efficiently carry out NRFG’s activities.

NRFG also uses data for proper financial administration and management of the FG register. This includes assessing applications and suitability, calculating, recording, and collecting registration fees and donations, and other internal administrative activities. Data may also be used to handle complaints or disputes.

For those who have submitted a question or comment, data is processed to respond to the message. This includes correspondence or other matters related to NRFG.

Legal Basis

NRFG must base its use of personal data on one of the legal grounds from the General Data Protection Regulation (GDPR). The GDPR allows personal data to be processed if necessary for entering into and performing a contract (Art. 6.1.b GDPR). This basis applies under NRFG’s registration terms. Based on this, NRFG processes data for financial administration and for communication with interested parties and registered FG’s.

For sharing registration status with third parties, NRFG relies on the consent of the registered FG (Art. 6.1.a GDPR).

For using data from contacts and those who submitted a question, comment, or message, another legal basis applies. In these cases, processing is necessary for the legitimate interests of the data controller (Art. 6.1.f GDPR). This legitimate interest lies in the proper execution of NRFG’s tasks in line with its statutory objectives and operations.

Which personal data do we process and from what source?

From interested parties and registered FG’s, we process the following personal data:

  • First and last name
  • Salutation
  • Address and city
  • Date and place of birth
  • Email address
  • Phone number
  • Registration date
  • Billing address and other billing details
  • (Optional) Additional data for invoicing

This data is provided directly by the individual.

From contacts and those who submitted a question or comment, data such as postal address, email address, or phone number is used to respond to the message. This data is also provided directly by the individual.

To whom do we disclose personal data?

For registered FG’s who have given prior consent, NRFG shares registration status with third parties upon specific request via its website.

NRFG only discloses personal data to third parties if necessary for the purposes described above or if legally required to do so. NRFG does not transfer data outside the European Economic Area.

Retention Period

NRFG does not retain personal data longer than necessary for the purposes for which it is processed. These purposes are described above. Data is retained based on:

  • (a) the duration of registration with NRFG
  • (b) a legal retention period
  • (c) a (potential) claim or dispute requiring data retention
  • (d) the current calendar year plus a maximum of 2 years after a registration has ended and/or a question or comment has been answered

Your Rights

Every individual has the right to access their data, request corrections, deletion, or restriction of further processing. Individuals may also object to the processing of their personal data and request a copy of their data. Registered FG’s may withdraw their consent for sharing their registration status at any time, after which it will no longer be shared with third parties.

Would you like to exercise one of these rights? Please contact us, preferably via the email address registered with us. NRFG may ask for additional information to confirm your identity, including a (partial) copy of your ID. This is to ensure that the request is genuinely made by you.

Data Controller

The data controller as defined by the GDPR is NRFG. NRFG is a foundation with full legal capacity, registered with the Chamber of Commerce under number 96838272.

Questions and Complaints

Do you have questions after reading this privacy statement about how your personal data is used? Contact us via info@nrfg.nl.

Do you have a complaint about the processing of your data? Contact us via info@nrfg.nl. You may also file a complaint with the Dutch Data Protection Authority: www.autoriteitpersoonsgegevens.nl.