The General Data Protection Act (GDPA – in Dutch Algemene Verordening Gegevensbescherming or AVG) came into force on 25 May 2018. The GDPA contains new privacy rules with the main aim of protecting your personal data even better. Based on this, the current DITSS Privacy policy has been adjusted.

How does this affect you?
You knowingly and unknowingly share your personal data with us, for example by visiting our DITSS website or when you contact us. The updated privacy policy describes in more detail how we treat your personal data. For example, you will find more information about how we obtain your data and which data are processed by us. Of course, your personal information is safe with us! The DITSS privacy policy also applies to your employees and directors. Does your organisation pass personal data of employees or directors on to us? Then we assume that you inform them about our new privacy policy. Below we give you an insight into how the DITSS Foundation deals with privacy legislation in the context of the GDPA and what that means for you.

What is personal data and from whom do we process personal data?
Personal data is data from natural persons that directly or indirectly tells something about you. The DITSS Foundation is a network organisation, and making connections is just one of our roles. For example, data from our DITSS partners, including contact details, may be published on our DITSS website on this basis. The data for this is provided by the organisations themselves.

We process personal data of our partners and their representatives, but also of persons who show an interest in us and our innovation processes. Or from people who are connected to our foundation or to a company / organisation DITSS cooperates with or has (had) a relationship with.

What does DITSS use your data for?
The DITSS Foundation strives, based on the partner agreements, to provide our DITSS partners with the most optimal, personal service. This applies to:

  • contact with the DITSS Foundation;
  • e-mail;
  • personal advice;
  • social media.

You give DITSS permission to use your personal data for:

  • events, such as the DITSS Safety Workshop, congresses, theme meetings, etc.;
  • public-private cooperation in the security domain and Triple Helix activities;
  • contact with DITSS. 

Who has access to your data?
Based on partner agreements, the contact details specifically provided by the partners for this purpose can be found on the website of the DITSS Foundation. These are publicly accessible. We only pass on personal data that is not publicly available to other parties if this is really necessary for our services. This concerns parties that provide support in connection with for example IT service providers/salary/ payment of declarations etc.. Parties that have been granted access to your data may only use it to provide you with a service on behalf of the DITSS Foundation. We never sell your information to third parties.

Where is your data stored?
Your data is stored in a secure environment. We always apply strict security measures. Your data is stored within the European Union. In the exceptional case that personal data is transferred to organisations from countries outside the European Union, we will ensure that your privacy remains appropriately protected. This DITSS website is technically hosted by the Dutch company TransIP. This means that all content of this website is stored on the servers of this hosting provider.

How long do we keep your data?
We do not store and use your data longer than necessary. All data we have on you is then deleted. Or we use your data anonymously, because certain data is needed for internal analysis and reports, such as for the Supervisory Board and the Advisory Board.

Guidelines for the retention periods are:

  • Visual material will be retained as long as it suits the purposes of the DITSS Foundation.
  • We will delete inactive accounts after 7 years at the latest. After that period, we only use your data anonymously and only for internal reports.
  • The Dutch tax authorities require us to keep our administration with your billing, payment and order data for 7 years. After that, we only use your data anonymously for internal reports.
  • If you have registered for an event, conference or theme meeting, etc., we will keep this data for 5 years.

Image material
During (public) events of DITSS, photos and videos can be taken that will be published on our website at a later time and/or on social channels. Persons who are recognisable in a photo taken for DITSS and whose personal data is known, will be contacted to grant permission prior to publication. All other photos are published taking into account the purpose for which they were taken. If you do not agree with this, you can contact us by e-mail: info@ditss.nl

What rights do you have?
Of course you remain in charge of your data. Would you like to view your personal data or receive a copy? Or do you want to change, delete, restrict the use or adjust your e-mail preferences? No problem! Let us know in writing or by e-mail. You can also object to the use of your data or alert us that you think that your privacy concerns outweigh our interests. In that case, we will review the situation.