Is a data processing agreement required for NEN Connect?
No, a data processing agreement is only required if the contractor's services are focused on processing personal data. (In other words, processing personal data is the primary goal. This applies, for example, to many suppliers providing ICT services).
Not every exchange of personal data requires using a processing agreement.
For example, lawyers receive personal data from our clients, but that does not make lawyers a processor. A lawyer's primary service is to provide legal advice and not to process personal data. So lawyers themselves are responsible for processing data and that means they do not have to use a processing agreement with all their clients.
The same applies to NEN Connect. This service provided by NEN is not primarily aimed at processing personal data, so there is no need for a processing agreement with a party that has a license to NEN Connect, for example.
Of course we have taken measures to keep personal data secure:
- We always tell you what we do with your data and how, for example, you can use your rights of inspection and objection.
- We use your data only for the purpose for which we have collected it (such as: complying with our contract, customer relationship management, customer administration and marketing).
- We do not collect, use and store more data than we need to achieve the purpose for which we obtained the data and only if there is no other way to achieve the same purpose.
- The more privacy-sensitive the information, the less we make use of the data.
- We use the data only insofar as there is a ground for doing so specified by law.
- We take appropriate security measures against the loss of or unauthorized access to the personal data.
- We provide your personal data to third parties only if we obtain sufficient safeguards to protect your data.