DISSS is how much we value your privacy

Privacy statement by the Dutch Institute for Safe and Secure Spaces (DISSS)

This DISSS Privacy Notice describes how we collect and process your personal information in relation to our website and the used platforms Google Workspace, Google Workspace for Education and Google Cloud Platform (together, “Cloud Services”).

Introduction

DISSS works to promote a safer and more just society both by taking part in European Funded projects regarding the protection of public spaces and EU citizens. For this reason, you are entitled to expect that we handle your personal data in a careful and secure manner. This privacy statement explains how DISSS handels your personal data. Below we aim to answer the following questions;

  • What is personal data?
  • Does DISSS process your personal data?
  • Where are the data stored?
  • EU Privacy Standards and GDPR
  • How can you contact us about your rights?
This privacy statement relates to all personal data DISSS needs to use in the course of performing its tasks. This privacy statement is updated regularly.

Does DISSS process your personal data?

Personal data is information that directly concerns a specific individual or can be traced back to him or her. Examples of personal data include addresses, telephone numbers and email addresses.

Sensitive personal data

Some personal data is particularly sensitive, because its collection and use can have a big impact on someone’s life. Data concerning someone’s race, religion or health, for example, or someone’s citizen service number (BSN). This kind of data is not being collected by DISSS. For more information about personal data, please visit the website of the Data Protection Authority (in Dutch).

Where Data Is Stored

We maintain data centers around the world, and provide Google Workspace and Google Workspace for Education from these locations, and Google Cloud Platform from these locations. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security. Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. When transferring Service Data outside of the European Economic Area, we comply with certain legal frameworks.

EU Privacy Standards and GDPR

If European Union (EU), UK or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information. For users based in the European Economic Area, UK or Switzerland, the data controller responsible for Service Data is Google Cloud EMEA Ltd. However, where our customer has entered into an agreement covering Cloud Services with a different Google affiliate, that affiliate will be the data controller responsible for processing Service Data in connection with billing for the Cloud Services only. If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact Google via our Privacy Help Center. And you can contact your local data protection authority if you have concerns regarding your rights under local law. In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds: Where necessary for the performance of a contract with you We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.

When we’re complying with legal obligations

We’ll process your information when we have a legal obligation to do so.

When we’re pursuing legitimate interests

We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing Cloud Services you request; making recommendations to optimize use of Cloud Services; maintaining and improving Cloud Services; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Google, our users, our customers, and the public, as required or permitted by law.

How do we deal with your personal data?

DISSS applies a number of principles when processing personal data and takes measures to ensure it handles data in a reliable, fair and careful manner.

Data protection officer

DISSS has appointed a data protection officer. An independent appointee, the data protection officer checks whether DISSS applies and complies with the rules laid down in the Personal Data Protection Act and (as of 25 May 2018) the General Data Protection Regulation (GDPR). The Dutch Data Protection Authority (in Dutch) is responsible for supervising the application of privacy legislation.

Guiding principles

Purpose and legal basis DISSS processes personal data only if it has a legal basis for doing so. We ensure that personal data is processed only for the specific purpose for which it was collected.

The least amount of data possible

DISSS never processes more personal data than is strictly necessary. If possible we process less data or none at all.

Minimising infringement of privacy

DISSS ensures that any infringement of privacy is not disproportionate to the purpose for which the data was collected. If we have a choice of different types of personal data we could process for a given purpose, we always opt for the data that constitutes the most minimal infringement of privacy.

Retention periods

DISSS keeps your personal data: only for as long as is necessary to achieve the purpose for which it was collected;

Measures

Reliability, integrity and confidentiality

DISSS employs a range of measures to ensure that your personal data is dealt with in a reliable, fair and careful manner. All personal data is treated in confidence. This means your data can be processed only by persons with both the proper authority and a duty of confidentiality. Personal data is protected effectively. At a minimum we observe the rules and standards on information security laid down by central government. DISSS makes agreements about security measures with external parties such as software providers and data centres. We also check whether external parties stick to these agreements.

Your rights

When it comes to your personal data, you have several rights (in Dutch), such as the rights to access and rectify your data. If you wish to know what personal data of yours we have processed you can submit a request to this end. You must submit this request to bestuur@disss.eu. If it should turn out that your details are incorrect, incomplete or irrelevant, you can submit an additional request for your details to be rectified or supplemented. If you have general questions about data protection at DISSS, please contact our data protection officer. You should address your questions for the attention of the Data Protection Officer at bestuur@disss.eu or: Stichting DISSS Walpoort 10 5211 DK 's-Hertogenbosch For more information about your rights or to lodge a complaint, please contact the Data Protection Authority.