Logo of Municipality of Gemert-Bakel redirecting to the homepage of Municipality of Gemert-Bakel
Logo of Municipality of Gemert-Bakel redirecting to the homepage of Municipality of Gemert-Bakel

Privacy policy Peel Municipalities Joint Scheme

Gemeenschappelijke Regeling Peelgemeenten (GR Peelgemeenten) is a partnership of the municipalities of Asten, Deurne, Gemert-Bakel, Laarbeek, Someren. GR Peelgemeenten works with (personal) data of citizens, employees and (chain) partners. GR Peelgemeenten collects this data to be able to carry out its legal tasks in the social domain. In this privacy statement GR Peelgemeenten shows how it deals with personal data and privacy on a daily basis and what is and is not legally responsible.

New technological developments, innovative facilities, globalization and a digitizing government make the careful handling of personal data increasingly complex and necessary. GR Peelgemeenten is aware of this and therefore wants to indicate with this privacy statement how it complies in a general sense with national and European laws and regulations regarding privacy.

You are entitled to expect GR Peelgemeenten to handle your personal data with care and confidentiality. GR Peelgemeenten is aware of this and ensures appropriate safeguards in the areas of privacy, information security, data minimization, transparency and user control.

Privacy Policy

1. Legislation and definitions.

There are many laws, decrees and regulations that regulate the processing of personal data. For GR Peelgemeenten, these are the General Data Protection Regulation (AVG), the General Data Protection Regulation Implementation Act (UAVG) and domain-specific laws such as the Wmo 2015, Youth Act, Municipal Debt Relief Act, Participation Act, Basic Registration of Persons Act and the Archives Act.

Among other things, the AVG strengthens and expands privacy rights with increased responsibilities for organizations. The following terms are used in the AVG (Article 4, AVG):

Concerned

The person to whom the personal data relates. The data subject is the person whose data is being processed.

Processor

The person or organization that processes personal data on behalf of another person or organization.

Personal data

All data that deals with people and from which you can identify a person as an individual. This includes not only confidential data, such as about someone's health, but any data that can be traced to a particular person (for example; name, address, date of birth). In addition to ordinary personal data, the law also recognizes special personal data. Special personal data is data that is so privacy-sensitive that it can have a major impact on someone if processed. Therefore, special personal data are given extra protection in the AVG. Very strict conditions apply to the processing of special personal data.

Controller

A person or body that alone, or jointly with another, determines the purposes and means of processing personal data. Processing: A processing is anything you do with personal data, such as: recording, storing, collecting, assembling, providing to another, and destroying.

2. Principles

GR Peelgemeenten handles personal data securely and respects the privacy of those involved. In doing so, GR Peelgemeenten adheres to the following principles:

Legality, propriety, transparency

Personal data is processed in accordance with the law and in a proper and careful manner.

Basis and purpose limitation

GR Peelgemeenten ensures that personal data is collected and processed only for specified, explicit and legitimate purposes. This means that Peelgemeenten may not collect data without a precise purpose statement. Personal data is only processed with a legitimate basis.

Data minimization

GR Peelgemeenten processes only the personal data necessary for the predetermined purpose. GR Peelgemeenten strives for minimal data processing.

Retention period

Personal data will not be kept longer than necessary. Retention of personal data may be necessary to properly perform municipal duties or to comply with legal obligations.

Integrity and confidentiality

GR Peelgemeenten handles personal data with care and treats it confidentially. For example, personal data is only processed by persons with a duty of confidentiality and for the purpose for which it was collected. In addition, GR Peelgemeenten ensures appropriate security of personal data. This security is laid down in the information security policy.

Sharing with third parties

In the case of cooperation with external parties involving the processing of personal data, GR Peelgemeenten makes agreements about the requirements that data exchange must meet. These agreements comply with the law.

Integral assistance

Frequently, complex or multiple problems arise. In these situations, several professionals are involved in problems of an individual citizen and/or family. In this situation it is in the interest of the citizen and/or family that problems and solutions are approached and analyzed integrally. Within the legal frameworks, maximum space is sought to work together so that appropriate integral solutions are sought for the citizen and/or family.

Subsidiarity

To achieve the purpose for which personal data are processed, infringement of the privacy of the citizen concerned shall be limited as much as possible.

Proportionality

The interference with the data subject's interests must not be disproportionate to the purpose of the processing.

Rights of data subjects

GR Peelgemeenten deals with all requests from data subjects regarding rights regarding privacy in accordance with laws and regulations.

3. Responsible

The governing bodies of GR Peelgemeenten are responsible for the processing operations carried out by or on behalf of GR Peelgemeenten. The governing bodies of GR Peelgemeenten are the president, the general board and the executive board.

4. Scope

Peelgemeenten collects and uses personal data of residents, suppliers and employees and other natural persons (hereinafter referred to as data subjects).

This privacy policy applies to all processing of personal data by or on behalf of Peelgemeenten, including:

  1. The processing of personal data within the business processes of Peelgemeenten;
  2. Personal data processing that has been outsourced, or otherwise organized;
  3. The exchange of data with third parties such as with partnerships or suppliers
5. Processing operations (Article 4, AVG).

Processing of personal data is any operation or set of operations involving personal data, whether or not carried out through automated processes. In the AVG, processing includes:

  • Collect, record and organize
  • Structure, store, update and modify
  • Retrieve, consult, use
  • Provide by forwarding
  • Distribution or any other form of making available
  • Bringing together, relating to each other
  • Blocking, erasing or destroying data

From this enumeration, everything you do with personal data is processing.

Purposes (Article 5, AVG).

By law, personal data may only be collected if a purpose has been established. The purpose must be explicitly defined and justified. In principle, the data may not be processed for other purposes, exceptions to this are possible such as with the consent of those involved. For the implementation of some laws, such as the Youth Act for example, the purposes for processing are already laid down in law, as are the personal data that may be requested and processed.

Lawful basis (Article 6, AVG).

The law says that any processing of personal data must have a lawful basis under the law. That means the processing may only take place:

  • To fulfill an obligation stated in the law
  • For the performance of a contract in which the data subject was a part
  • To combat a serious threat to the person's health
  • For the proper performance of municipal duties
  • Where the data subject has given consent to the specific processing

Method of processing

The main rule of processing personal data is that it is only allowed in accordance with the law and in a careful manner. Personal data is collected as much as possible from the data subject himself. The law assumes subsidiarity. This means that processing is only allowed when the goal cannot be achieved in any other way. The law also talks about proportionality. This means that personal data may only be processed if it is proportionate to the purpose. When the same purpose can be achieved with no personal data or less (burdensome) personal data, this must always be chosen.

GR Peelgemeenten ensures that personal data is correct and complete before it is processed. This data is only processed by persons with a duty of confidentiality. In addition, GR Peelgemeenten secures all personal data. This prevents personal data from being accessed or changed by someone who has no right to do so. How GR Peelgemeenten does this is stated in GR Peelgemeenten's information security policy.

Transfer (Articles 44 to 50, AVG).

GR Peelgemeenten does not transfer personal data to any country outside the European Economic Area (EEA).

6. Transparency and communication

Open Government Act (Woo).

Through the Woo you can submit a request for information to GR Peelgemeenten. When making the request, GR Peelgemeenten always considers whether the answer does not violate the privacy of those involved. In principle, no personal data is provided.

Government Information Reuse Act (Who)

The Government Information Reuse Act regulates the provision of government information for reuse upon request. When making a request, GR Peelgemeenten always considers whether the response does not infringe on the privacy of those involved. In principle, no personal data are provided.

Duty to inform (Article 13,14, AVG).

GR Peelgemeenten informs data subjects about the processing of personal data. When data subjects give data to GR Peelgemeenten, they are informed of how GR Peelgemeenten will handle personal data. The data subject is not informed again if he/she already knows that we collect and process personal data from him/her, and knows why and for what purpose this is done.

Removal

GR Peelgemeenten does not retain personal data longer than necessary for the performance of its tasks. In doing so, the organization adheres to established retention periods under the Archives Act. When personal data is still stored that is no longer needed to achieve the purpose, it is deleted as soon as possible. This means that this data is destroyed, or modified in such a way that the information can no longer be used to identify someone.

Rights of data subjects (Articles 13 to 22, AVG)

The law not only defines the duties of those who process personal data, it also defines the rights of those whose data are processed. These are the rights of data subjects and consist of the following rights:

  • Right to information: Data subjects have the right to be informed in advance or to ask GR Peelgemeenten whether their personal data are being processed.
  • Right of inspection: data subjects have the opportunity to check whether, and in what way, their data are processed.
  • Right of correction: If it becomes clear that the data is not correct, the data subject can request GR Peelgemeenten to correct it.
  • Right of objection: data subjects have the right to ask GR Peelgemeenten to stop using their personal data.
  • Right to be forgotten: In cases where the data subject has given consent to process data, the data subject has the right to have the personal data deleted.
  • Right to object: data subjects have the right to object to the processing of their personal data. GR Peelgemeenten will comply with this unless there are legitimate grounds for the processing.
  • Right to human review: People have the right to a human review of decisions. This means that people can request a new, person-centered decision if they have received an automated decision from an organization. Peelgemeenten does not make decisions about people based on automatically processed data.
  • Right to data portability: the right to transferability of data.

Submission of request

To exercise these rights, the data subject may submit a request. This request can be made in writing or by e-mail(privacy@peelgemeenten.nl). GR Peelgemeenten has one month from receipt of the request to assess whether the request is justified. Within one month GR Peelgemeenten will let you know what will happen with the request.

If the request is not followed up, there is the possibility of objecting to the GR Peelgemeenten Executive Board, or filing a complaint with the Personal Data Authority (AP). On the basis of a request, GR Peelgemeenten may request additional information in order to be certain of the identity of the data subject.

7. Automated processing operations.

Profiling (Article 22, AVG)

GR Peelgemeenten does not make use of profiling. Should this be a choice in the future, it will be done according to legal guidelines.

Big data and tracking

GR Peelgemeenten does not use big data and tracking. Should this be a choice in the future it will be done according to legal guidelines

8. Duties of GR Peelgemeenten.

Register of processing operations (Article 30, AVG)

GR Peelgemeenten is responsible for creating a register of all processing operations for which GR Peelgemeenten is the data controller. Each register contains a description of what takes place during a processing operation, and what data is used for that purpose, namely:

  • The controller and, potentially, the joint controller;
  • The purposes of processing;
  • A description of the type of personal data and the associated data subjects;
  • A description of the recipients of personal data;
  • A description of the sharing of personal data to a third country or international organization;
  • The time periods in which the various personal data must be deleted;
  • A general description of security measures.

Data protection impact assessment (Article 35, AVG)

A data protection impact assessment (DPIA) assesses the effects and risks of new or existing processing operations on the protection of privacy. GR Peelgemeenten conducts these when processing operations pose a high privacy risk.

Appointing a Data Protection Officer (FG) (Articles 37 to 39, AVG)

GR Peelgemeenten has appointed an FG. The FG is involved in all matters related to the protection of personal data. The tasks of the officer are to inform, advise, supervise, create awareness and act as contact person for the AP. The officer is not intended to take over the privacy protection duties of employees. Employees have their own responsibility in properly handling privacy-sensitive data. The FG is responsible for structurally reviewing the implementation and execution of legal requirements and municipal guidelines in the area of privacy.

Data breaches (Article 33,34, AVG)

We speak of a data breach when personal data falls into the hands of third parties who should not have access to that data. When a data breach has occurred, GR Peelgemeenten reports this to the Personal Data Authority without unreasonable delay, no later than 72 hours after learning of the breach. If this is later than 72 hours, a justification for the delay will be attached to the report. The breach may involve a high risk to the rights and freedoms of data subjects. In this case, GR Peelgemeenten notifies the data subject(s) in simple and clear language. In order to prevent future data breaches, existing data breaches are evaluated.

Closing

If GR Peelgemeenten does not comply with a legal obligation, the person concerned can file a complaint. This will be handled through GR Peelgemeenten's complaints procedure.

For questions about privacy or about this statement, please contact GR Peelgemeenten's privacy team by sending an email to: privacy@Peelgemeenten.nl.

GR Peelgemeenten is responsible for creating a register of all processing operations for which GR Peelgemeenten is the data controller. Each register contains a description of what takes place during a processing operation, and what data is used for that purpose, namely:

  • The controller and, potentially, the joint controller;
  • The purposes of processing;
  • A description of the type of personal data and the associated data subjects;
  • A description of the recipients of personal data;
  • A description of the sharing of personal data to a third country or international organization;
  • The time periods in which the various personal data must be deleted;
  • A general description of security measures.

Data protection impact assessment (Article 35, AVG)

A data protection impact assessment (DPIA) assesses the effects and risks of new or existing processing operations on the protection of privacy. GR Peelgemeenten conducts these when processing operations pose a high privacy risk.

Appointing a Data Protection Officer (FG) (Articles 37 to 39, AVG)

GR Peelgemeenten has appointed an FG. The FG is involved in all matters related to the protection of personal data. The tasks of the officer are to inform, advise, supervise, create awareness and act as contact person for the AP. The officer is not intended to take over the privacy protection duties of employees. Employees have their own responsibility in properly handling privacy-sensitive data. The FG is responsible for structurally reviewing the implementation and execution of legal requirements and municipal guidelines in the area of privacy.

Data breaches (Article 33,34, AVG)

We speak of a data breach when personal data falls into the hands of third parties who should not have access to that data. When a data breach has occurred, GR Peelgemeenten reports this to the Personal Data Authority without unreasonable delay, no later than 72 hours after learning of the breach. If this is later than 72 hours, a justification for the delay will be attached to the report. The breach may involve a high risk to the rights and freedoms of data subjects. In this case, GR Peelgemeenten notifies the data subject(s) in simple and clear language. In order to prevent future data breaches, existing data breaches are evaluated.

Closing

If GR Peelgemeenten does not comply with a legal obligation, the person concerned can file a complaint. This will be handled through GR Peelgemeenten's complaints procedure.

For questions about privacy or about this statement, please contact GR Peelgemeenten's privacy team by sending an email to: privacy@Peelgemeenten.nl.

Or are you looking for