The office of Stichting Fonds 1818 [The Fonds 1818 Foundation] is based at Riviervismarkt 4 and 5 in The Hague.
Stichting Fonds 1818 is responsible for the following activities:
- Allocating donations, including the activities that this entails. See fonds1818.nl
- Renting out rooms, mainly in Het Nutshuis. See nutshuis.nl
Stichting Fonds 1818 (hereinafter referred to as Fonds 1818) is responsible for processing personal data as set out in this privacy statement.
Fonds 1818 takes the protection of your personal data very seriously and complies with the requirements of the prevailing privacy legislation. Your personal data is always processed with the utmost care. Fonds 1818 has taken appropriate measures to prevent the misuse, the loss of, unauthorised access to, undesirable disclosure and unauthorised alteration of personal data. These measures are reviewed regularly and brought to the attention of those concerned.
Fonds 1818 may need to process your personal data in the following situations:
- If you visit the website of Fonds 1818 and/or Het Nutshuis.
- If you apply for a donation from Fonds 1818 or register for a programme, such as Koren Zingen voor Ouderen. In such cases, your data is stored in the project administration records.
- If you take out a subscription to a Fonds 1818 publication, such as the newsletter. In this case, the data will be stored in the subscriptions administration records.
- If you register for a training course at Fonds 1818.
- If you sign up for a consultation hour, an information meeting or an event run by Fonds 1818.
- If you appear in visual material that was produced under the responsibility of Fonds 1818.
- If you apply (online, by e-email or by telephone) to reserve one of the rooms in Het Nutshuis at Riviervismarkt 5, or in the Fonds 1818 building at Riviervismarkt 4.
The next section gives details of the personal data that we process per category.
This is followed by information about:
- sharing your personal data with third parties;
- technical and organisational aspects of protecting your data;
- your rights.
Our websites install a cookie from the American company Google as part of the Google Analytics service. Fonds 1818 has signed a processing agreement with Google. Fonds 1818 only uses Google Analytics to monitor usage of the sites, and to make periodical improvements to the websites. The information that Google collects is anonymised and Fonds 1818 does not share data with Google for additional services. See our cookie statement for more information.
- Project administration
If you apply for funding from Fonds 1818, your data will be stored in the project administration records. In principle, Fonds 1818 only stores contact details of organisations, whereby the only personal data relates to the name and position of the contact person and the person authorised to sign on behalf of the organisation. If your organisation has no, or insufficient, business contact details because you do not have offices for example, Fonds 1818 will store additional personal data. This is always the case if the application concerns a residents’ initiative.
The following table shows the contact details that Fonds 1818 stores, and the reason for storing them:
|Personal details in project administration records||Why Fonds 1818 needs this data|
|Gender, first name and/or initials and surname||Fonds 1818 needs to know the names of the contact persons making the application in order to communicate about the application and about accountability for donations.
The second reason is to prevent fraud.
|Address and town/city||To send letters from Fonds 1818.|
|Telephone number and e-mail address||Your telephone number and e-mail address enable us to provide our services. We can contact you quickly if we need to, so that we can process and finalise your application.|
|Bank account number||Fonds 1818 needs a bank account number in order to transfer the donation.|
Fonds 1818 needs the data shown above if it intends to draw up and implement an agreement with you. In addition, Fonds 1818 has a legitimate interest in processing this data. Fonds 1818 must exercise caution and responsibility when allocating money, and must do its best to prevent fraud.
As Fonds 1818 endeavours to improve its services, your details may also be used for customer surveys. In addition, Fonds 1818 may also use the data to invite you to events that we think may be of interest to you or your organisation.
You must be at least sixteen (16) years of age to apply for a donation from Fonds 1818. For this reason, we do not process the personal data of minors under the age of 16. However, we cannot check whether an applicant is over the age of 16 in advance. We advise parents/guardians to keep an eye on their children’s online activities in order to prevent details of their children being collected and stored without their parents’/guardians’ consent. If you discover that we have unknowingly stored personal data relating to a minor without your permission, please contact our privacy contact person via email@example.com and we will delete this information.
Storage period in project administration records
Fonds 1818 will store the data that you submit with an application for a maximum period of eight years. The reason for this storage period is that projects sometimes run for a long time. For example, Fonds 1818 may make a donation to a longer-term investment. In such cases, Fonds 1818 may want to check that the money is still being used for the correct purpose several years after the donation was made, so that it can contact the person/organisation concerned if this is not the case. Furthermore, we have learned from experience that one contact person often makes several repeated applications and so it is handy if Fonds 1818 can use the stored data to process new applications more swiftly. The details on new applications are always checked and updated where necessary.
The personal data relating to an application that is rejected for not satisfying our general donation criteria (because the project is outside the working area of Fonds 1818, for example) will be deleted immediately after the application is rejected.
Storage period for Koren Zingen voor Ouderen
The data relating to choirs and care institutions involved in the ‘Koren Zingen voor Ouderen’ programme is stored for a maximum of one year after having taken part. You can cancel your account on the www.kzvo.fonds1818.nl website or amend your details at any given time. Every year, Fonds 1818 reminds account holders about the option of cancelling their account. If you cancel your account, the details will be deleted from the website. Fonds 1818 will then retain the details that have been deleted for one year for administrative purposes. See the ‘Frequently Asked Questions’ section on the website mentioned above.
Proof of identity
In order to be sure that the person who applies for a residents’ initiative really is who they say they are, we ask the main applicant to send a copy of their proof of identity. Block out the photograph, the MRZ (machine readable zone, the line with numbers at the bottom of your passport) and the BSN number [Burgerservicenummer] with a black pen on your photocopy. This is also to protect your privacy.
All proof of identity that is sent or e-mailed to Fonds 1818 is destroyed and removed from the e-mail box immediately after having been checked. Fonds 1818 does not store or process proof of identity. If you object to sending or e-mailing your proof of identity, you may make an appointment to come and show your document in person.
Deleting personal details
If you want Fonds 1818 to delete your personal details from the project administration records, simply send an e-mail with this request to Michel Nivard: firstname.lastname@example.org.
Your details will then be deleted as swiftly as possible. If Fonds 1818 has a good reason for not doing this, you will be notified and told of the reason.
You will find the rest of your rights at the end of this privacy statement.
- Subscription administration records for printed and/or digital Fonds 1818 publications
Your personal details will only be stored in our subscription administration records once you have actively signed up for a publication.
- In the case of subscriptions for printed publications that you receive by post, we will process your name, title, initials and address to ensure that the publication is sent to the correct address. Your e-mail address will also be processed, so that we can reach you quickly if we have any questions about your subscription. Your personal details will be stored for a maximum of three months after you cancel your subscription.
- We only require an e-mail address for processing and sending digital publications (such as the newsletter). Fonds 1818 will store your personal details for a maximum of a month after you cancel your subscription.
Fonds 1818 uses Mailchimp, an e-mail marketing provider based in the USA, to distribute the newsletters. Just like Google, Mailchimp is certified by the EU-US Privacy Shield. In addition, Mailchimp has added settings to the programme under the name General Data Protection Regulation as part of the European Privacy Regulations (GDPR), and has also included a processing agreement as part of its general terms and conditions (see https://mailchimp.com/legal/data-processing-addendum/). These measures are in proportion to the potential risks to our subscribers.
Unsubscribing is simple. You can use the link at the bottom of the newsletter to unsubscribe from the newsletter. To unsubscribe from the printed version, send an e-mail to email@example.com
- Administration for training courses
Once you register for a training course at Fonds 1818, your name, organisation and contact details will be stored in the registration list for that course or workshop. Fonds 1818 needs these details for organisational and communication purposes connected with the course or workshop, and to invite you back to refresher or feedback days. For this reason, Fonds 1818 keeps the data from the registration lists for a maximum of two years after the course or workshop has taken place.
- Administration for consultation hours, information meetings and events
Once you register for a consultation hour or meeting at Fonds 1818, your name, organisation and contact details will be stored in the registration list. Fonds 1818 needs these details for organisational and communication purposes connected with the consultation hour or meeting that you will be attending. Fonds 1818 will keep the data from the registration list for a maximum of six months after the meeting has taken place.
- Visual material
Visual material that allows people to be directly or indirectly identified will only be processed if a minimum of the following conditions have been satisfied:
- The material must serve a journalistic purpose (e.g. digital newsletters, social media). This is not covered by the GDPR.
- The person or persons concerned, or their legal representatives, must have given their consent.
Re. a) Fonds 1818 will always try to ask the person or persons concerned, or their legal representatives, for permission to use visual material, even when it is being used for journalistic purposes.
Fonds 1818 is reticent about using visual material in which minors under the age of sixteen years are clearly recognisable. Their data will only be processed after the legal representatives have given consent. In the case of images from or at organisations where children are present (e.g. schools), Fonds 1818 will make a written agreement with the organisations in question setting out their own responsibility to ensure that consent has been obtained.
Fonds 1818 realises that some people may be in a special situation and do not want their images to be published (e.g. an illness). We treat such cases with the utmost care. If in doubt, we will always ask for permission first.
Photos are stored in Fonds 1818’s own secure digital image bank.
Fonds 1818 likes participants to pass on any photos that they have taken during a Fonds 1818 project, that give an impression of that project. Fonds 1818 will obviously treat the photos confidentially. Once we have seen them, they will be removed immediately, unless we have agreed otherwise with the participant and satisfied the above-mentioned conditions.
As Het Nutshuis at Riviervismarkt 5 is a semi-public building, surveillance cameras have been installed. Cameras are mounted close to the bicycle park and the entrance to the building at Riviervismarkt 4. The footage from these cameras is only used by security staff monitoring the area in and around the building, and is deleted automatically after six weeks.
- Administration for renting out rooms
When renting out rooms in Het Nutshuis (Riviervismarkt 5) or in the Fonds 1818 building (Riviervismarkt 4), Fonds 1818 only in principle stores the contact details of organisations: the name and sometimes the position of the contact person.
If you hire a room as a private individual or if your organisation does not have business contact details, we will ask you for your name and address, your telephone number and e-mail address and your BTW (VAT) number if you have one. This data is processed so that we can communicate with you about your reservation, send you an invoice, satisfy the fiscal and legal requirements and send out invitations for customer satisfaction surveys.
Your details will be stored for seven years (this is the statutory storage period).
- Sharing your personal details with third parties
Fonds 1818 will not sell your personal data to third parties and will only pass them on if strictly necessary for the purposes of the agreement with you, or in order to satisfy a statutory requirement.
If Fonds 1818 has to rely on an external company that needs access to contact details, such as our hosting provider, our system manager and the printer that issues the printed publications, you can be assured that these companies are carefully selected. Furthermore, these companies must undertake to comply with the privacy regulations via processing agreements that Fonds 1818 signs with them. Fonds 1818 is ultimately responsible for this processing.
- Technical and organisational protection of your data
Fonds 1818 has taken the appropriate technical and organisational measures to safeguard a security level in line with the risks. These measures take the following into account:
- the status of the technology;
- the implementation costs (must counterbalance the risks that those concerned are running);
- the nature, scope, context and aims of processing the data;
- the probability and gravity of the risks that those concerned run in relation to their rights and liberties.
The main technical protection measures:
- Security for the websites and other applications through SSL certificates.
- Well installed, up-to-date firewalls including tunnel networks between the organisation and the data centre.
- Multi-factor authentication (MFA) for all IT services and applications.
- Password policy.
- Up-to-date antivirus software.
- Adequate monitoring software (real time).
- User policies for a group policy designed to disable the option of installing software locally (anti-CryptoLocker).
- Daily back-ups secured with an encryption and duplicated to a fall-back location (30-day retention period).
- The business systems are only accessible to users who need to work with them. Authentication and authorisation are efficiently regulated via the system of rights and roles.
- The websites only use analytical cookies to determine usage of the site. These are anonymous.
- Business systems and office automation operate in an ISO 27001 certified data centre (PaaS). This is managed by an external management party, which is also ISO 27001 certified.
- Part of the office automation (e-mail service and Teams) operates as SaaS (Office 365).
- Scans are not saved on the printer’s hard drive.
The main organisational protection measures:
- Clean desk policy with regard to documents and personal data.
- The IT portfolio manager and/or the IT coordinator are the only people responsible for allocating and cancelling staff accounts in the business system and office automation.
- Security at the entrances to the buildings via surveillance cameras and, if the office is closed, an alarm system.
- The staff magnetic keys cannot be copied. One permanent member of staff is responsible for monitoring and managing keys that have been issued and returned (key policy).
- Staff are trained to lock their computers whenever they leave the workplace. The system also locks down automatically when it detects 10 minutes of inactivity.
- Data protection appears regularly on the agenda, so that staff are constantly reminded to be careful.
- Staff are told to be careful when using data on external devices.
- Sealed paper containers are used for confidential information. The contents are destroyed by a certified company.
- Every staff member, whether permanent, temporary, internal or external is obliged to protect data and information from unauthorised access, use, alteration, disclosure, destruction, loss or transfer wherever necessary, and to report all suspected violations of this rule.
- There is an internal GDPR working group, which monitors compliance with the statutory requirements and internal policy, and checks whether additional technical or organisational measures are needed. Action is taken where necessary.
- Your rights
You have a number of legal rights, namely the right:
- to consult your own personal data;
- to rectify or supplement your personal data;
- to restrict the processing of your data;
- to make a complaint;
- to oblivion (destruction of personal data);
- to data portability;
- not be subjected to automatic decision-making (Fonds 1818 does not make use of automatic decision-making).
If you want to invoke one or more of these rights, please let us know by e-mail.
Michel Nivard is the contact person: firstname.lastname@example.org
You can also contact Michel Nivard if you would like more information on this subject or if you want to make a complaint to Fonds 1818 relating to the protection of your data. Fonds 1818 will do everything within its power to help you, and hopefully to find a solution.
As a last resort, you may file a complaint against Fonds 1818 with the Autoriteit Persoonsgegevens [Dutch Data Protection Authority] (see https://autoriteitpersoonsgegevens.nl).