How does HSD Foundation (HSD Office) deal with the GDPR?
The General Data Protection Regulation (GDPR) took effect on 25 May 2018. The GDPR contains new privacy rules with the main objective of protecting your personal data even more effectively. The current HSD Privacy Policy has been modified based on that new legislation.
What does this mean for you?
You share your personal details with us consciously and unconsciously, such as by visiting our corporate HSD and powered by HSD websites, when you contact us, or when you visit our office. The updated Privacy policy describes in more detail how we handle your personal data. You can, for example, find more information about how we obtain your information and what information we process. Of course, your personal data is in safe hands with us. HSD Privacy Policy also applies for your employees or Board members. Does your organisation provide us with personal data of employees or Board members? If so, then we assume that you will inform them about our updated Privacy Policy. Below, we provide insight into how the HSD Foundation (HSD Office) deals with the privacy legislation in the context of the GDPR, and what that means for you.
What is personal data and whose personal data do we process?
Personal data is the information of natural persons that directly or indirectly tells something about you. HSD is a network organisation, in which creating connections is one of our roles. For that reason, company data of our HSD partners, for example, including contact details, is published on our corporate HSD website and powered by HSD websites: Security Talent and Security Insight. The information required for this purpose is delivered by the organisations themselves.
We process the personal data of partners and their representatives, but also of individuals that express interest in us and our services, or of people that are affiliated with a company or organisation with whom we have, would like to have or have had a relationship.
For what purpose does HSD Office use your information?
HSD Office strives to provide our HSD partners the most optimum, personal service, based on the partner agreements. This also applies, for example, for:
- Contact with HSD Foundation (HSD Office)
- Visit to the corporate HSD website and powered by websites: Security Talent, Security Insight, Summerschool and Cyber Security Week
- Newsletter & email
- Personal advice
- Social media
- Reviews & (partner satisfaction) surveys
You give HSD Office permission to use your personal data for:
- Events, such as during HSD Cafés, matchmaking, conferences, Cyber Security Week
- Public-private partnership in the area of safety, Triple Helix activities
- Contact with the Dutch security cluster HSD
Who has access to your data?
Based on partner agreements, the contact details provided by the partners especially for this purpose are available on various HSD websites. These details are publicly accessible. We only make non-publicly available personal data available to other parties if that is absolutely necessary for our services. These are parties such as payment partners and IT service providers. The parties to whom we grant access to your data can only use this information to provide you a service on behalf of HSD Office. Some cookie developers have access to the information that cookies on our website collect. You can read more about this in our cookie statement and the privacy policy of these parties. We will never sell your information to third parties.
Where will your information be stored?
We store your information in a highly secure environment. We always utilise strict security measures. Your information will be stored within the European Union. In those exceptional cases in which personal data is passed on to organisations from countries outside the European Union, we will ensure that your privacy remains protected in a suitable manner.
How long do we retain your information?
We will not retain and use your information for longer than is necessary. After that, we will delete all of the data that we have about you. Or we will use your information anonymously, because we require certain data for internal analyses and reports, such as for the HSD partner portfolio. Guidelines for the retention periods are:
- Visual material will be retained for as long as that suits the objectives of the HSD Office
- We delete inactive accounts after 7 years. After that period, we will only use your information anonymously, for internal reports.
- We are required by the tax authority to retain our records with your invoice, payment and order data for 7 years. After that, we will only use anonymous information for internal reports.
- If you have signed up for the newsletter or have granted permission to receive personalised messages, we will retain that permission for 5 years. Additionally, if you decide at a given moment that you no longer wish to receive the newsletter or personalised messages, we will retain the withdrawal of your request.
- If you have registered for an event, we will retain that registration for 5 years.
What are your rights?
Of course, you maintain control over your information. Would you like to inspect and receive a copy of your personal data? Or would you like to amend or delete your information, limit the use of your information or modify your email preferences? No problem. Let us know by post or email. In that way, you can also object to the use of your information or indicate that you believe that your privacy takes precedence over our interests. In that case, we will re-examine the situation. You can unsubscribe from the newsletter using the link at the bottom of the newsletter itself.
Do you have questions or complaints?
If you have questions or complaints regarding your information and the protection of your privacy, you can contact the Data Protection Officer of HSD.
HSD Foundation
Wilhelmina van Pruisenweg 104, The Hague
email: This email address is being protected from spambots. You need JavaScript enabled to view it.
If you are not satisfied with how HSD handles your privacy, you can of course contact the Personal Data Protection Authority; we recommend, however, that you always contact us first to let us try to help you.
Privacy Policy HSD Foundation (HSD Office)
We are aware that you place trust in us. We therefore see it as our responsibility to protect your privacy. In our privacy policy, we inform you of what information we collect, why we collect this information and how we handle this information. This privacy policy applies to the services of HSD Office. You should be aware that HSD Office is not responsible for the privacy policy of third parties. By using the services of HSD, you acknowledge that you have familiarised yourself with the HSD privacy policy. HSD Office respects the privacy of all HSD Office stakeholders and ensures that the personal information that you provide to us is treated confidentially.
Definition of personal data
Personal data is all information that can be tracked back directly or indirectly to you as an individual. This can include your name, address, date of birth, telephone number, social security number, email address or bank account number. Everything that is done with personal data is referred to as ‘processing’. The legal definition of the term ‘processing’ is very broad and refers, among other things, to:
- the collection
- the retention
- the consulting
- the use
- the deletion of personal data.
The Data Protection Officer
HSD has no sensitive personal data other than name and address information, email addresses and info provided by partners and stakeholders themselves, such as phone numbers and the bank account number of suppliers. In addition, HSD also has salary information, date of birth, bank account numbers, social security numbers and proof of identity of employees. For this reason, HSD is not required to appoint a Data Protection Officer. However, as a Security Cluster, HSD attaches such importance to privacy that we nevertheless choose to appoint one within our organisation. The Data Protection Officer supervises compliance with our privacy policy, mitigates risks, advises the management and, in rare cases of data leak, the procedure for notifying the appropriate authority will be initiated.
Whose personal data do we process?
As a network organisation with an important connecting role, we process the personal data of persons with whom we would like to have, have, or have had a relationship with. This can include, for example, the following stakeholders:
- (Potential) partners and their representatives
- Persons affiliated with an organisation with whom we have a relationship
- Journalists
- Visitors to events and sessions organised by HSD Office
- Visitors to the HSD website www.securitydelta.nl
- Visitors to the powered by websites Security Talent, Security Insight, Cyber Security Week and Summerschool
- Other interested parties
For what purpose does HSD office use your information?
HSD Office strives to provide our HSD partners the most optimum, personal service, based on the partner agreements. This also applies, for example, for:
- Contact with the HSD Foundation (HSD Office)
- Visit to the corporate HSD website, Security Talent, Security Insight, Cyber Security Week and Summerschool websites
- The possibility to create an account for Security Talent (to submit vacancies and educations) and Security Insight (to collect content of your interest).
- Newsletter & email
- Personal advice
- Social media
- Reviews & partner satisfaction surveys
You give us permission to use your personal data for:
- Events, such as during HSD Cafés, matchmaking, conferences, Cyber Security Week
- Public-private partnership in the area of safety, Triple Helix activities
- Contact with Security Delta (HSD)
Objectives and HSD Office business
HSD Office uses personal data to establish contacts and to create connections between the various partners in the HSD Ecosystem. We do not collect or use any information for purposes other than those described in this privacy policy.
HSD Office is a non-profit network organisation. ‘HSD Office business’ is creating a national security cluster with international reach with The Hague as its centre with national security, urban security, cybersecurity, forensics and protection of vital infrastructure as substantive areas in order to:
- enhance the international competitiveness of ‘The Netherlands Ltd.’ in the Security sector; and
- encourage public-private partnership in the security domain with the goal of achieving innovations in the area of security to increase societal security
HSD Office strives to achieve the above goals, for example, by means of:
- Formulating the strategy together with the triple helix parties (government, industry and knowledge institutions) for achieving the objective. The foundation organises the governance on the implementation of the strategy;
- The development of the cluster and laying the foundation for the right alliances with the other national and international ‘security partnerships’ together with the most closely involved governmental departments, i.e. the Ministry of Security and Justice, the Ministry of Economic Affairs and the Ministry of Defence, the clusters around Eindhoven and Twente and with the Rotterdam-The Hague metropolitan region, the province of South Holland, the National Government and the EU;
- Stimulating cooperation and innovation, among other things by investing in projects for innovation and knowledge development, as well as better coordinating supply and demand;
- Creating the best possible knowledge, innovation and valorisation environment by creating innovation houses, living labs, HSD Office as support agency, a financing vehicle and physical location bundling to form an HSD Campus;
- Increasing the availability of specialised personnel and talent by means of training and courses, as well as by also connecting education, research and valorisation;
- Strengthening the business establishment climate and the international visibility of HSD, among other things by organising or carrying out trade missions, marketing and communication and acquisition of new organisations, companies and conferences
Use of our services
When you are an HSD partner and/or make use of one of our services, we can ask you to provide personal data. This information will be used to enable us to provide and improve the HSD services as described under objectives and HSD-office business.
Communication
When you send us email or other messages, it is possible that we will retain those messages; see also the guidelines on retention periods. In some instances, we will request personal data from you that is relevant to the particular situation. This enables us to communicate with you.
Third parties
The personal data can be shared internally. Our employees are required to respect the confidentiality of your information. To be able to establish good connections, only your personal information (name, work email, work telephone) can be made available to third parties within the HSD Ecosystem. This never involves providing lists of various types of personal data such as email addresses.
Choices for personal data
We offer all persons included among those ‘whose personal data we process’ the option to access, modify or delete all personal information that is provided to us at any time.
Modifying personal details/unsubscribing from the newsletter service/unsubscribing from communication
At the bottom of every mailing/newsletter, you will find the option to modify your information or to unsubscribe. You can also contact us. See the contact details below.
Cookies
We only use functional cookies on our websites and anonymous cookies for website statistics. With the information collected in this way, we examine how we can optimise the websites for the best user convenience. The anonymous information will also be processed in a dashboard.
Retention period guidelines
We will not retain and use your information for longer than is necessary. After that, we will delete all of the data that we have about you. Or we will use your information anonymously, because we require certain data for internal analyses and reports, such as for the HSD partner portfolio. Guidelines for the retention periods are:
- Visual material will be retained for as long as that suits the objectives of the HSD Office
- We delete inactive accounts after 7 years. After that period, we will only use your information anonymously, for internal reports.
- We are required by the tax authority to retain our records with your invoice, payment and order data for 7 years. After that, we will only use anonymous information for internal reports.
- If you have signed up for the newsletter or have granted permission to receive personalised messages, we will retain that permission for 5 years. Additionally, if you decide at a given moment that you no longer wish to receive the newsletter or personalised messages, we will retain the withdrawal of your request.
- If you have registered for an event, we will retain that registration for 5 years.
- HR-related matters will be retained in conformance with the HR document
Information protection
Information protection will be structured as follows:
- Your information will be saved in a high-security environment within the European Union. We always utilise strict security measures. In those exceptional cases in which personal data is passed on to organisations from countries outside the European Union, we will ensure that your privacy remains protected in a suitable manner.
- Measures taken: two-factor authentication, standard monitoring systems, responsible disclosure policy, pentesting of HSD websites and additional legal audit of the approach of the privacy policy
- Processing agreements are/will be entered into with our suppliers/service providers
- In case of data breaches, the procedure for reporting to the Personal Data Protection Authority will be initiated.
Questions
If you have questions about this privacy policy, contact us:
HSD Foundation
Wilhelmina van Pruisenweg 104, The Hague
Attn.: Data Protection Officer
email: This email address is being protected from spambots. You need JavaScript enabled to view it.
If you are not satisfied with how HSD handles your privacy, you can of course contact the Personal Data Protection Authority; we recommend, however, that you always contact us first to let us try to help you.