Privacy Statement

In this privacy statement, we tell you how we as a municipality of Tytsjerksteradiel handle your personal data. We cannot do this for each specific case separately, because your personal data may be processed within the municipality in many ways.

For example, we process your personal data when we prepare a WOZ valuation report, but also when you file a notice of objection. We process your personal data when you apply for a driver's license, but also when you marry or enter into a registered partnership in our municipality. We process your personal data when you apply for a permit and when you rent something from us. We process your personal data when you have a waste container from us or receive benefits from us. These are some examples. There are many more examples to mention.

Because this privacy statement would be endlessly long if we were to mention every example, this statement deals generally with how we handle personal data within the Municipality of Tytsjerksteradiel. If you want to know specifically how we handle your personal data in your case, you can always ask this question to us at FGTD@t-diel.nl. We will then provide you with a customized answer.

Since May 25, 2018, the General Data Protection Regulation (GDPR) has been enforced. This law forms the basis for dealing with privacy within our municipality. In addition, the General Data Protection Regulation Implementation Act (UAVG) and the Police Data Act (Wpg) provide frameworks. Because as a municipality we also process police data, we must meet the requirements of the Wpg for that data. This includes, for example, an audit requirement.

As required by this legislation, technical and organizational measures are taken within the Municipality of Tytsjerksteradiel to safeguard privacy. Within the framework of data minimization, we only process personal data if we need it to perform one of the municipal government tasks. Performing municipal government tasks is often described in legislation other than the AVG and UAVG. These laws, such as the Youth Act, the Participation Act, the Environmental Management Act or the General Administrative Law Act, also contain rules on how to handle personal data. In this situation, data protection law applies as a general framework, but the specific interpretation is determined by the specific legislation.

Personal data we process

Within the municipality, we work with personal data of citizens, employees and (chain) partners. Personal data are data that provide information about a person, such as name, address, e-mail address or telephone number. These are ordinary personal data. In some cases we also process special personal data, such as data about your health or ethnic origin. We only do this if there is a basis for doing so. The forms on our website, via the contact form and applications with DigiD contain the personal data we process. For example, for a waste collection, we process your name, address and citizen service number. This is also the case when applying for a permit or lodging an objection. When providing benefits, we need more data, including income data. We process special personal data, such as health data, when assessing a request for facilities, for example.

Register of processing activities

The Municipality of Tytsjerksteradiel has a register of processing activities. This is an overview of all processing of personal data within the municipality. This register describes which personal data are processed in which situation, the basis for this, the associated legal framework and, for example, with whom the personal data are shared. The register of processing activities is used by the municipality to test practice against privacy regulations.

Reason for processing personal data

Personal data is processed when you purchase our services. These services are often municipal government tasks, so there is a basis in certain legislation. When you apply for a driver's license we process personal data, but that is allowed because it is regulated in the Road Traffic Act. When we organize elections we process personal data, but that too is allowed because it is regulated in the Elections Act. When you get married or enter into a partnership with us, we process this, because this is regulated in the Basic Registration of Persons Act. When we prepare a WOZ valuation report, we process personal data, but that is allowed because that is regulated in the WOZ Act. Every government task that we as a municipality have been assigned has a legal framework. This legal framework is in many cases the basis for processing.

Retention period

The Municipality of Tytsjerksteradiel will not retain personal data collected for longer than is strictly necessary, or required by law, to fulfill the purposes for which the data were collected. In many cases, the Archives Act and selection lists determine how long something may be retained.

Sharing with third parties

The Municipality of Tytsjerksteradiel only provides your personal data to third parties if there is a legal basis and this is necessary. For example, when you apply for benefits, your data will also be shared with the UWV. When you apply for a facility, your data will also be shared with the provider of the facility.

We enter into a processing agreement with organizations that process your data on our behalf to ensure the same level of security and confidentiality of your data. We remain responsible for these processing operations.

Information Security

Based on the Information Security Policy, measures have been taken to ensure the protection of personal data. Information security and privacy are linked. The technical measures mentioned in the General Data Protection Regulation are the rules that are in place regarding information security. The Baseline Information Security Government (BIO) describes for municipalities how to deal with information security and what requirements this must meet. Within the Municipality of Tytsjerksteradiel, information security and privacy issues are addressed jointly, because there is overlap. In this way, technical measures can be picked up and implemented according to legislation and guidelines. This is also why the Municipality of Tytsjerksteradiel has an integrated information security and privacy policy.

Rights of data subjects

As a data subject whose personal data are processed, you have several rights. You may:

  • request access to what personal data we have recorded about you;
  • Ask us to amend, correct or supplement personal data if it is incorrect or incomplete;
  • ask us to restrict processing, delete data or object to the recording of data;
  • withdraw your consent if we have recorded your data based on consent;
  • asking us to make a file containing your data available in a digital file by requesting "data portability" if we have captured your data based on your consent or performance of an agreement;
  • file a complaint with the Data Protection Officer of the Municipality of Tytsjerksteradiel or with the Personal Data Authority.

You can easily submit a request for inspection using the online form. If you do not have DigiD or do not want to use it, you can download the form, print it out and hand it in at the counter of the town hall after completion. You must show a valid proof of identity (passport or identity card) so that your identity can be established.

More information on these rights can be found on the website of the Personal Data Authority. To exercise rights other than the right to inspect, we ask that you contact us at FGTD@t-diel.nl or 14 0511.

DigiDFill out the online form

Decision on your request

Within one month of receipt, we will assess whether the request is justified. If the municipality intends to grant your request and the request is complex or extensive, the municipality may extend the processing of your request by two months.
A decision on your request is a decision under the General Administrative Law Act. You can therefore file a notice of objection against it. It is also possible to file a complaint with the Personal Data Authority (AP).

Use of cameras

Our employees, buildings and grounds may be secured using video cameras. The images are not kept longer than necessary. Images may be kept for a long time if there is an incident, which we are required to report, such as damage, theft or threats to employees.

Photography

Photo and video material in communications municipality of Tytsjerksteradiel 

We use imagery in two ways:

  • Single-use photos/videos. This is usually at press and representation events. We use these photos once when publishing a message, such as a press release, post on our website and/or social media. 

Persons appearing in the photo or video, we do not ask permission. 

  • Photos/videos for multiple times and long-term use. We use these for campaigns and publications. These photos appear on flyers, posters, social media posts et cetera and we store them in our image library. Individuals who appear in the photo or video complete a consent form. 

When images of children under 16 are used, we ask parents/caregivers or teachers for permission. At meetings or events in public spaces it may also occur that people are recognizable in the picture, who have not given permission. Then we may use the 'basis task of general interest', for example for information and reporting. We then do not need permission from the people who are in the picture. People are not the subject or focus of the photo and only appear in the picture in a small way.

Objection

We keep your data for as long as is necessary for the defined purpose. For new purposes, we will ask you again for permission to use. When we do not (or no longer) use your photos, we delete them. You can withdraw your consent to use at any time. You can do this by filling out a form under the heading 'Rights of data subjects'.

Cookies

You can visit the municipality's website anonymously unless you enter personal information. However, we do want to get a picture of the number of visitors to our site and which pages are visited. We do this because it allows us to improve our services. For this purpose, only the number of visits is recorded and not the identity of the visitors. Your data thus remains anonymous.

A cookie is a small text file that is temporarily placed on your hard drive by a web server. With the help of a cookie, our website can recognize you when you revisit our website and the website can be set up specifically for you. Thus, a cookie helps you save time. A cookie cannot spread viruses.

You can refuse cookies in your browser settings. However, please note that this may slow down or prevent the operation and use of some parts on the website. Through the help function of your browser (often found in the "options" menu) you can find more information about cookies.

The municipality uses cookies for visitor analysis through Siteimprove and Google Analytics. Cookies are also used to optimize website accessibility. For example, a functional cookie is set when the website is read aloud using Readspeaker.

If you make an application or submit changes via a digital form from the municipality's website, you must identify yourself for this using your DigiD, eHerkenning and eIDAS. After identification, this information is used for the application or change you submitted, so we can be sure we are helping the right person. DigiD is not used for making a report or asking a question via a digital form.

Change privacy statement

This privacy statement is subject to change without notice. Changes take effect from the moment they are published. We recommend that you consult the privacy statement regularly so that you are aware of these changes. The privacy statement was last amended in May 2023. 

Contact details

If you have any questions about this Municipality Privacy Statement, please make them known to the Data Protection Officer (FG). The FG can be reached by email at FGTD@t-diel.nl or by calling 14 0511.

Complaints

We are happy to help you if you have complaints about the processing of your personal data. If, despite this, you still cannot work things out with us, you also have the right under privacy legislation to file a complaint with the Privacy Supervisor. This is the Personal Data Authority (AP). On the website of the AP you will find contact information and also more information about privacy legislation.