Privacy protocol and privacy statement of the Court of Auditors Hilversum

Privacy protocol and privacy statement of the Court of Auditors Hilversum

Privacy protocol

Adopted by the Court of Auditors on 15 May 2018

The Court of Audit Hilversum consists of four external, independent members. They are supported by an official from the municipality of Hilversum. They conduct research into the legality, efficiency and effectiveness of the policy pursued. The legal basis for this is laid down in the Municipalities Act (Article 182 et seq.).

If the Court of Audit uses personal data for the performance of its task, it will make every effort to guarantee the privacy of the citizens and officials involved and to comply at all times with the requirements under the General Data Protection Regulation.

That means at least the following:

  1. The Court of Audit Hilversum has and will keep itself informed about the content of current privacy legislation, in particular the General Data Protection Regulation;
  2. The Court of Audit Hilversum appoints a Data Protection Officer (FG) and ensures that this person is registered with the Dutch Data Protection Authority via the web form. Any successor to the DPO will also be notified directly by the Court of Audit via the web form to the Dutch Data Protection Authority;
  3. Prior to each investigation, the Court of Audit determines whether and, if so, which personal data, for what purpose, will be processed by the Court in the proposed investigation;
  4. The personal data referred to will only be used by the Court for the purpose of the intended investigation and will be kept to a minimum;
  5. The Court adopts a privacy statement (see Annex 1 to this protocol) and will publish it on its website with this protocol;
  6. If necessary, the persons involved will be asked for explicit permission for the processing;
  7. These persons referred to under 5 will also be made aware of their right to withdraw the consent they have once granted and to request information from the Court of Audit about the way in which personal data made available by them have been processed;
  8. If the Court of Audit requests files from one or more citizens for the purpose of an investigation, it will preferably do so through the intermediary of the civil servant who manages and/or handles the files in question. This means that, at the request of the Court of Auditors, the civil servant contacts the citizens concerned and asks them for permission to share their data with the Court of Auditors, so that they can then contact the citizens concerned themselves;
  9. The Court will carefully record and document this;
  10. The (external) members of the Court of Audit will not share any data in e-mail that can be regarded as privacy-sensitive by its nature;
  11. If necessary, the Court will have researchers, consultants or research agencies to be hired sign a processing agreement prior to the processing of personal data;
  12. If possible, the processing of personal data will be avoided by a) only making anonymized data available to researchers, consultants or research agencies to be hired or b) only allowing access to the relevant files on the condition that only anonymized data is taken from them. If the option under b) is used, the Court of Audit will first require a signed confidentiality statement from the relevant investigators, consultants or research bureaus;
  13. The members of the Court of Audit are responsible for ensuring that their own computers and data carriers, which they (also) use for their work for the Court of Audit Hilversum, are equipped with passwords, up-to-date virus scanners and anti-phishing software;
  14. The members of the Court of Audit ensure that they only store research data from the Court of Audit Hilversum on their own computers and data carriers, the processing of which is not permitted under the General Data Protection Regulation;
  15. If necessary, the external members and the official secretary use a secure platform to share research files, preferably from Plein Overheid (Pleio), as used by the municipality of Hilversum;
  16. If a data breach occurs or if it is suspected, the members of the Court of Audit and the official secretary will report it to the Data Protection Officer as soon as possible after discovery, so that he can report it within the statutory period - no later than 72 days after discovery - (if applicable). necessary) can report to the Dutch Data Protection Authority;
  17. Investigation files are destroyed by the Court of Audit no later than two months after the Board's consideration of the follow-up investigation that follows the relevant Audit Office's investigation.

Thus decided and adopted in the meeting of the Court of Audit on 15 May 2018.

Privacy policy

The Court of Audit Hilversum investigates the lawfulness, efficiency and effectiveness of the policy pursued by the municipality. This means that it investigates whether the policy has been implemented in accordance with the applicable rules and is sufficiently economical and whether the objectives set by the Hilversum municipality have been achieved. The tasks and powers of the Court of Audit are set out in the Municipalities Act, in articles 182 et seq.

Sometimes the Court of Audit uses personal data in its investigation (such as your name, date of birth, address details, telephone number, e-mail address, correspondence with the municipality, etc.). The Court of Audit does not use this information to assess you as a person, but to assess whether the municipality has implemented the policy properly.

You have the right to have the Court of Audit Hilversum handle your personal data carefully and confidentially. You have the right to protection of your privacy. This is laid down, among other things, in the General Data Protection Regulation, which applies throughout the European Union from 25 May 2018.

The Court of Audit Hilversum has laid down in a protocol2 how it handles personal data and how long it retains your data.

The Court of Audit Hilversum takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized changes.

You have the right to view, correct or delete your personal data. You can send a request for inspection, correction or deletion to the Court of Audit Hilversum (calculator@hilversum.nl or (035) 629 27 00 ).


1 NB: this privacy statement is based on the “Handbook: privacy statement for the municipal website of King/VNG”, dated 1 July 2017
2 Protocol Concerning Privacy, Court of Audit Hilversum, dated 15 May 2018