Privacy Statement Municipality of Kerkrade

Depending on the situation, the municipality of Kerkrade processes different personal data. In this case, each piece of data is necessary for the purpose for which it was obtained and can only be consulted by the official who needs the data to perform his or her job. In this way, the municipality of Kerkrade complies with the rules prescribed by the AVG and the Wpg. 

• The municipality processes contact information such as name, phone number and e-mail address when a citizen makes a request;
• For applications and/or assistance in the areas of work, income, youth assistance, social support or security, the municipality may process special categories of personal data, such as financial, medical or criminal data;
• In addition, the municipality processes personal data on its own initiative, for example, to levy taxes and to combat fraud.
• Furthermore, the municipality processes personal data in the context of investigation and enforcement. This is subject to the privacy regulations of the Wpg.

Personal data may only be processed if the municipality of Kerkrade can invoke a processing basis. These processing bases are listed in the AVG. The municipality of Kerkrade processes personal data under five of the six existing processing bases: 

• consent of the person to whom the personal data relates;
• for the execution of an agreement with the municipality;
• for the performance of a statutory duty of the municipality;
• for advancing a vital interest;
• for the performance of a public law duty.

The following bases apply to the Wpg: 

• Processing of personal data for day-to-day investigation and enforcement (Art. 8 Wpg);
• Processing of personal data for maintenance of law and order (Art. 9 Wpg);
• Processing personal data for support tasks (Art. 13 Wpg). 

Personal data must not be processed for longer than is strictly necessary. The municipality of Kerkrade bears Health for this. Specifically, this means that personal data are (automatically) deleted after a predetermined retention period. The retention period is always dependent in duration on the individual processing.

Pursuant to the AVG and the Wpg, the municipality of Kerkrade has a duty to treat personal data with care and confidentiality and to protect it to the best of its ability against unauthorized access (both internal and external) or unlawful use. For example, to ensure the security of personal data, the municipality of Kerkrade has taken the following measures: 

• Each official signs a confidentiality agreement;
• Access to personal data is granted only to officials who need the data to perform their jobs;
• The Municipality of Kerkrade takes appropriate technical and organizational security measures to protect data;
• The Municipality of Kerkrade does not retain your personal data for longer than is necessary for the proper performance of its (statutory) duties.

Persons whose data is processed by the municipality have a number of rights as data subjects that they can use to influence how the municipality of Kerkrade processes data. A request to this effect can be submitted preferably via the online contact form Data Protection Officer, but can also be submitted by e-mail or by post. The municipality will process the request within four weeks. Data subjects have the following rights:

• Right to access personal data known to us;
• Right to supplement, correct or delete personal data;
• Right to information about how the Municipality of Kerkrade processes personal data and how long they are kept;
• Right to have the municipality transfer personal data processed by it, for example, when moving house;
• Right to object to the processing of personal data.

Requests cannot always be granted. This is the case, among other things, if the municipality of Kerkrade is obliged to process certain personal data, as is the case, for example, in the Basic Registration of Persons, or in the case of investigation and enforcement. A request to delete personal data must then be rejected.
 

The Municipality of Kerkrade is required by law to maintain a registration of persons residing in its municipality. Personal data are processed for this registration. Citizens have the right to request access to the personal data that the municipality keeps on them in the Basic Registration of PersonsBRP).

A request to inspect the BRP specifically can be made via the page Request BRP personal data. Finally, under the Key Registers Act there is a right to ask the municipality not to provide personal information from the BRP to certain persons or agencies. A request can be made via the page Keep BRP personal data confidential.

The website of the Municipality of Kerkrade records data about visitors, such as the number and duration of visits, the most frequently visited pages and the times the website is visited. Personal data such as the IP address is anonymized and cannot be traced back to individual persons. More information about the cookie policy of the municipality of Kerkrade can be found in the cookie statement.

Contact details provided via the website of the Municipality of Kerkrade, for example for an application submitted via a digital form, are processed only for the purpose for which they were provided, such as handling an application or answering a question or complaint. The personal data processed are (automatically) deleted after a fixed retention period. 

For many processing of personal data, they are stored in automated systems. In those cases, the data are also processed by external parties, such as software suppliers. In such cases, the municipality of Kerkrade makes written agreements on the security and confidentiality of the personal data processed. The agreements comply with statutory regulations. In principle, personal data are not shared with others.

Processing personal data to tackle undermining should never be 'just' done. There must be a clear need and or reason for it. The reason for the investigation can be various external and internal contact moments.
Municipality processes only the data that are necessary, such as name, address, date of birth, optional BSN or company data. At each stage of investigation it is assessed whether a signal is heavy enough and whether it is necessary to request or share further data.

The personal data can be processed and accessed in MS Outlook, MS Word, internal municipal document management system (CORSA), internal municipal registration system (Liber), system of the M foundation (report crime anonymously), system RIECIS (RIEC), Cryptshare and Ziver, Basic Registration of Persons, Basic Registration of Addresses and Buildings, Chamber of Commerce & the Trade Register, Land Registry, WOZ value, GOUW taxes, internet, PDF (Adobe). Access to systems is set up in accordance with the nationally established norms and standards for information security within the government.

The General Data Protection Regulation (AVG) and the General Data Protection Regulation Implementing Decree (UAVG) apply to the processing of personal data.
Automated decision-making does not apply; human review is always involved.

Basis and purpose of processing in tackling undermining

Data processing is based on Article 6(1)(e) of the AVG: tasks of public interest or a task in the exercise of public authority vested in the controller.
More specifically, data processing is based on the generally defined tasks in the municipal law, which include, in particular, duties of care of the mayor and the Municipal Executive. In this, a number of specific tasks related to public order and safety are assigned to the mayor. Consider, for example, the mayor's power of closure under the Municipalities Act and the Opium Act.
The aim of tackling undermining is to prevent social problems and protect the quality of life.

Sharing with third parties

In specific cases, data are shared with cooperation partners such as Regional Information and Expertise Center (RIEC), Police, Prosecutor's Office and Tax Office. A Data Protection Impact Assessment (DPIA) has been performed on the sharing of data with third parties. Based on this DPIA, measures have been taken to prevent risks in data processing.
The cooperation is aimed at stopping and frustrating criminal activities and taking fiscal measures only within RIEC casuistry and on the basis of the RIEC covenant.

Retention period

When dealing with undermining, the municipality also uses the statutory retention periods (Archives Act).
Investigations that are terminated prematurely are destroyed after one year.
If a report is taken up, personal data are kept for five years calculated from the handling date.
Destruction takes place according to internal destruction procedure according to the rules of the Archives Act.

Rights and access

When dealing with undermining, you have the same rights as in all other municipal processes. More information can be found on this page under the heading "rights of data subjects."
Your rights may be limited if compelling interests oppose granting the request. This may include, for example, an ongoing investigation. 

Contact and complaints

Questions, comments and complaints can be addressed in the first instance to the Data Protection Officer (FG). In the second instance, one can contact the Personal Data Authority. For the complaints procedure, see the information on this page under the heading "questions, comments and complaints. 

If the municipality performs tasks in the context of investigation and enforcement, the rules of the Police Data Act (Wpg) apply. In these cases, the municipality may provide personal data to other agencies or receive personal data. This exchange of data takes place with, for example, the police, the judiciary and the school attendance officer. For police data, specific rules apply as to who may consult which data and how long the data are kept.

Questions, comments and complaints can be directed in the first instance to the Data Protection Officer (FG). The FG is the internal supervisor of the processing of personal data and oversees the municipal privacy policy. 

The data protection officer can be reached through the contact form. In the second instance, one can contact the Personal Data Authority, the national supervisory authority for the processing of personal data.

General information on the protection of personal data can be found on the website of the Personal Data Authority. More information on the municipality of Kerkrade's privacy policy is set out in the privacy policy framework.