Privacy

Personal data is information that directly concerns a specific individual or can be traced back to him or her. Examples of personal data include addresses, telephone numbers and email addresses.

Sensitive personal data
Some personal data is particularly sensitive, because its collection and use can have a big impact on someone’s life. Data concerning someone’s race, religion or health, for example. This kind of data enjoys special protection under the law. Likewise, children’s personal data is always sensitive, and is therefore always subject to special protection.

Criminal record or judicial data
The Ministry also processes personal data while doing research in the context of the justice system. Such data concerns criminal records, criminal offences, suspected offences and security measures. This kind of personal data also enjoys special protection.

The WODC is allowed to process sensitive personal data and criminal record and judicial data based on the exceptions for scientific research and statistical purposes named in Articles 24 and 32 of the Dutch GDPR Implementation Act (UAVG).

For more information about personal data, please visit the website of the Data Protection Authority.

The WODC only processes personal data if it is necessary for the execution of scientific research in the public interest. The results of the research are published on the website of the WODC, and the publications only contain anonymous and/or aggregated results of the research. There is no reporting on individuals, and small numbers are suppressed.

The WODC applies a number of principles when processing personal data and takes measures to ensure it handles data in a reliable, fair and careful manner.

Data protection officer
The Ministry of Justice and Security has appointed a data protection officer. An independent appointee, the data protection officer checks whether the Ministry, including the WODC, applies and complies with the rules laid down in the General Data Protection Regulation (GDPR). The Dutch Data Protection Authority is responsible for supervising the application of privacy legislation.

Guiding principles
Purpose and legal basis
The WODC processes personal data only if it has a legal basis for doing so. We ensure that personal data is processed only for the specific purpose for which it was collected.

The least amount of data possible
The WODC never processes more personal data than is strictly necessary. If possible, we process less data or none at all. Personal data are anonymised or pseudonymised whenever possible.

Minimising infringement of privacy
The WODC ensures that any infringement of privacy is not disproportionate to the purpose for which the data was collected. If we have a choice of different types of personal data we could process for a given purpose, we always opt for the data that constitutes the most minimal infringement of privacy.

Retention periods

The WODC keeps your personal data:

• only for as long as is necessary to achieve the purpose for which it was collected;
• only for the length of time required by the Public Records Act; and
• never longer than is permitted under the law.

Measures
Reliability, integrity and confidentiality

The WODC employs a range of measures to ensure that your personal data is dealt with in a reliable, fair and careful manner.

• All personal data is treated in confidence. This means your data can be processed only by persons with both the proper authority and a duty of confidentiality.
• Personal data is protected effectively. At a minimum we observe the rules and standards on information security laid down by central government.