TNO Privacy statement

This page tells what TNO does with your personal data, how TNO protects it and how you can exercise your GDPR rights.

Privacy statement TNO Research

You can find specific information about the use of personal data in research in the privacy statement TNO research.

What is personal data?

Personal data is information that can be traced back to you as a person. Examples of personal data are your name, home address and email address. You will find more information about personal data and privacy legislation on the website of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Why does TNO use your personal data?

TNO can use your data for various purposes. Below you will find an overview of the most common processing purposes of TNO and the personal data involved.

Data processing

Category of personal data

TNO research

Contact details; sex; date of birth or age; research data, including special categories of personal data such as health data or financial details.

TNO websites

Contact details; IP address and other online IDs; sex; date of birth or age; usernames and passwords; surfing behaviour; browser settings.

Customer and supplier management

Contact details; (digital) signature; sex, date of birth or age; payment details; correspondence content and results from customer satisfaction surveys.

Procurement

Contact details; ID details; financial data, sex; date of birth or age.

Access control to TNO locations (visitor registration and camera surveillance)

Contact details; sex; date of birth or age; ID-card details; camera images.

Recruitment and selection of personnel

Contact details; CV details; correspondence content.

Legal proceedings (private law, administrative law and complaints)

Contact details; sex; date of birth or age; ID card details, financial details, substantive procedural details.

Screening against (inter)national sanctions- and export controls regulations

Contact details; sex; date of birth or age; place of birth, identification data.

TNO has a register of data processing activities in which all operational and business data processing operations are registered.

How long does TNO keep your personal data?

TNO does not process your personal data longer than necessary for the purpose of the data processing. The retention period depends on a number of circumstances:

  • applicable laws and regulations, such as fiscal legislation or the 1995 Archives Act;
  • type of relationship with you as a data subject, for example customer relationship, job applicant or research participant;
  • the necessity to keep data in connection with (future) legal proceedings.

How does TNO secure your personal data?

TNO considers it very important that the personal data you provide is treated and secured with the greatest possible care. In order to optimally protect your personal data against loss, theft, unauthorized access or incorrect use, TNO takes appropriate technical and organizational measures to protect your personal data. These measures include measures to ensure the confidentiality, integrity and availability of personal data through physical, technical (access) controls. When using personal data in research TNO makes sure the research data is pseudonymized whenever possible.

Does TNO give personal data to other organisations?

TNO may share your data with other persons or organizations. TNO often collaborates with other research organisations in the Netherlands and abroad. If you participate in TNO research, it may be necessary to share your data with partners in a specific research.

There are also situations in which TNO is legally obliged to provide personal data to others. This always concerns special circumstances such as compliance with applicable laws and regulations or legal proceedings.

TNO uses IT systems that are not hosted by TNO. Your data will then be processed in these systems on behalf of TNO. TNO ensures that contracted IT vendors use IT systems that offer an appropriate level of data protection. TNO concludes data processing agreements with these vendors.

Below you will find the main categories of recipients who may process your personal data.

  • Research partners
  • IT-services, web and data hosting parties
  • Payment processors
  • Legal advisers and accountants
  • Courts
  • Governmental agencies

What are your privacy rights?

Based on GDPR, you have various rights to check if TNO collects and uses your personal data in accordance with the law. You can request access to your data, check if TNO has used the data lawfully or object against the processing of your personal data.

If you want to exercise your privacy rights, you can complete an online form.

After you have submitted the completed form, you will receive an automatic confirmation by email. In response to your request, TNO may ask for identification.

You can also download the form, print it and send it to:

TNO
attn. Corporate Legal & Compliance department
Postbus 96800
2509 JE THE HAGUE

Your request will always be processed. However, this does not mean that your request can be granted without further ado. In some cases your privacy rights do not apply. This may be the case when your personal data is used in TNO research.

You will receive a reply to your request within a month. If your request cannot be processed within a month, you will be notified accordingly. TNO is required to process your request within three months at the latest.

TNO's response is a decision governed by the General Administration Act. If you disagree with the decision because TNO has denied your request partially or in full, you can lodge an objection and subsequently apply to the administrative law courts.

Incidents (data breach)

In spite of our precautionary measures designed to give personal data the best possible protection, it remains possible that an incident may occur in which personal data are involved. An incident of this type is called a data breach. If you believe that a data breach is occurring at TNO, always get in touch with the Data Protection Officer of TNO ([email protected] or phone 088-866 0000).

The following information should be supplied when reporting a data breach:

  • your name and contact details;
  • the nature of the incident;
  • which personal data are involved;
  • which systems are involved in the incident; and
  • when and how you discovered the incident.

Questions and complaints

If you have any questions about this privacy statement, please contact the Data Protection Officer of TNO ([email protected]). You can also send a letter to:

TNO
attn. Data Protection Officer
Postbus 96800
2509 JE Den Haag

If you have a complaint, you can contact us in the same way. In addition, you are always entitled to submit a complaint to the Dutch Data Protection Authority.

Changes

This privacy statement may be changed at any time by TNO without prior announcement. Changes come into effect as soon as they are published on this website.

Corporate Legal & Compliance
Contact

Remy van den Boom LL.M.

  • Data Protection Officer
  • Privacy