This page tells you about what ESI (TNO) does with personal data, how TNO protects personal data and how you can exercise the rights you have under privacy legislation.
What are personal data?
Personal data means any information that is traceable to you as a person. Your name, your home address or email address are examples of personal data. On the website of the Dutch Data Protection Authority (the Dutch DPA) you will find more information about personal data and privacy legislation.
Why does TNO use your personal data?
Whenever you wish to receive information from TNO, we need your details so that we can send the information. TNO also saves the data you provide when you request, for example, a folder or an annual report. In addition, TNO processes your personal data so that it can send the online newsletter and digital press releases. In such cases, TNO uses your personal data based on your consent.
Your personal data may also be used when you participate in research conducted by TNO. TNO carries out research within the scope of the TNO Act. TNO is allowed to use personal data when conducting research. When special personal data such as health data are required for this purpose, TNO always explicitly asks for your consent.
TNO also registers your personal data when you visit one of TNO's locations. You must always identify yourself with a valid ID. For some TNO locations, strict safety regulations apply because these locations hold classified information. When visiting these locations, the data on your ID is registered by TNO. Your personal data will also be stored for a longer period of time.
How long does TNO keep your personal data?
TNO does not keep your personal data any longer than is necessary for the purpose for which it is being held. If you have signed up to receive information from TNO and you later sign off, TNO deletes your personal data.
When TNO completes a study that involves use of your data because you were a participant, your data are deleted once they are no longer needed for archiving purposes. By this we mean that for an extended period it needs to be possible to substantiate the results of the study by referring to the underlying data. In this situation, TNO will protect the personal data by giving them a pseudonym or rendering them anonymous, if possible. Data that have been given a pseudonym can no longer be traced directly to you as a participant. Data that have been rendered anonymous can never be traced to you.
How does TNO secure your personal data?
TNO attaches great importance to ensuring that personal data provided by you are handled and kept secure with the greatest possible care. In order to optimally protect your personal data against loss, theft, unauthorised access or misuse, TNO takes the correct technical and organisational measures to keep your personal data secure, which includes the use of the latest security technology. In terms of organisation, TNO has arranged for research data to be accessible exclusively by employees involved in the research in question.
Does TNO give personal data to other organisations?
TNO adheres to the principle that it does not share your personal data with others. The data will not be sold. However, there are exceptions whereby TNO is required to give personal data to others. These are always exceptional circumstances, such as legal proceedings or crime prevention.
What are your privacy rights?
Under the prevailing privacy legislation you have various rights you can exercise to keep control of the personal data an organisation collects about you and uses. For example, you are entitled to access the personal data that TNO has about you. This right of access is intended to enable you to check whether the data are correct and to make any rectifications as necessary. You can also check whether TNO has used the data lawfully. As well as the right of access, you have the right to object against the use of your data by TNO.
If you wish to exercise your privacy rights, please use the form send in your request. You must fill in all information requested. You will find the form here.
After sending the completed form you will receive an automatic e-mail saying that your request has been received. You must also provide TNO with a copy of your ID-card, passport or driving license in order to establish your identity. Please send us the copy of your ID by replying to the automatic e-mail with the confirmation of your request. TNO recommends the use of the CopyID app of the Dutch National Government that allows you to make a secure copy. Please click here for more information about the CopyID app (Dutch). Only a completely filled out form and the copy of your ID will ensure the processing of your request.
In case you don’t want to send in your request electronically, you can download the form, fill it out, print it and send it together with the copy of your ID to:
t.a.v. Afdeling Corporate Legal
2509 JE DEN HAAG
Your request will always be processed but this does not necessarily mean that your request can be granted. This is because the prevailing privacy legislation recognises exceptional situations in which your privacy rights are not valid. This may be the case, for example, where personal data are used to conduct research.
You will receive a reply to your request within a month. If your request cannot be processed within a month, you will be notified accordingly. TNO is required to process your request within three months at the latest.
TNO's response addressing the matter of your request is a decision governed by the General Administration Act. If you disagree with the decision because TNO has denied your request partially or in full, you can lodge an objection and subsequently apply to the administrative law courts.
Incidents (data breach)
In spite of our precautionary measures designed to give personal data the best possible protection, it remains possible that an incident may occur in which personal data are involved. An incident of this type is called a data breach. If you believe that a data breach is occurring at TNO, always get in touch with the Data Protection Officer at TNO. The best way to do this is by email via firstname.lastname@example.org. You can also get in touch by telephone via the general number 088-866 0000. You will be put through to the Data Protection Officer.
The following information should be supplied when reporting a data breach:
your name and contact details;
the nature of the incident;
which personal data are involved;
which systems are involved in the incident; and
when and how you discovered the incident.
Questions and complaints
If you have any questions about this privacy statement, exercising your rights or TNO's activities in the field of personal data, you can get in touch online with the Data Protection Officer at TNO via email@example.com. You can also send a letter to:
attn. Data Protection Officer
2509 JE Den Haag
If you have a complaint about how TNO handles personal data, we would like to hear from you. You can also report your complaint to the Data Protection Officer at TNO. In addition, you are always entitled to submit a complaint to the Dutch Data Protection Authority.
This privacy statement may be changed at any time by TNO without prior announcement. Changes come into effect as soon as they are published on this website.