General data protection regulation – privacy declaration

General Data Protection Regulation / Privacy Declaration

The EU has adopted new data protection / privacy measures as from 25 May 2018 (General Data Protection Regulation – GDPR). NOFOTA processes data from its members, interested parties, suppliers and partners. Personal data can be part of this.  NOFOTA attaches great importance to the protection of personal data. Personal data are data about an identified or identifiable natural person, for example a name or e-mail address. These personal details are treated by NOFOTA with the utmost care and appropriate technical and organizational measures, taking into account the requirements arising from the GDPR.

Examples of measures are:

  1. using SSL certificates;
  2. the use of a user name and password policy on our systems;
  3. all persons who are able to access personal data on behalf of NOFOTA are obliged to maintain their confidentiality;
  4. personal data are transmitted through secure systems;
  5. NOFOTA employees have been informed about the importance of the protection of personal data and are bound by the confidentiality of personal data;
  6. the use of anti-spam / anti-virus filters;
  7. limited and secured data transfer to non-European Economic Area-countries.

Privacy declaration

In this privacy statement, we explain when and why we collect personal information, how we use it, the conditions under which we share this information with third parties and how we secure this information. This statement applies to all our services and also to people who apply for a job with us.

When we collect personal information

  1. if you use our services;
  2. if you communicate with us personally, in writing, by telephone, via social media or via our websites;
  3. if your data is on public sources.

We only collect the information if this serves a legitimate interest and if this interest should not give way to your personal interests. Before we collect data, we make an analysis to assess whether there is a mutual interest for both parties. We process personal data in accordance with the purpose for which it was provided and only those data that are minimally required for this purpose.

Purposes of processing

The processing of (personal) data takes place within the framework of the usual activities of an association. Examples include conducting member administration, collecting membership fees, sending industry-related information to members and / or interested parties, disclosing information about those involved and activities of the association on their own website, exercising auditing, other internal management activities, handling complaints, keeping the data up-to-date, and any other activities. In addition, some personal details can be processed by NOFOTA on the basis of a legal obligation. Personal data are not passed on to third parties, unless permission is obtained, transfer is necessary in the context of the execution of an agreement, is necessary on the basis of a legal obligation, or any other lawful way of processing according to the GDPR. For example, NOFOTA uses a third party for: providing the internet environment, the IT infrastructure, distributing newsletters, news items, e-mail messages and invitations. NOFOTA never passes on personal data to third parties with whom no processor agreement has been concluded. In such processor agreements, NOFOTA makes agreements about the security of your personal data. If you receive e-mails from us, we register your interactions, with the aim to connect the content of our communication with what we think is relevant to you.
NOFOTA processes the following personal data (if known) for the above purposes: gender, surname, first name, initial (s), telephone number (s), e-mail, passport, photo, job title and organization. We can also collect feedback, comments and questions we have received through service related communication and activities such as meetings, (telephone) conversations, documents, e-mails.

Storage of data

NOFOTA stores personal data for as long as necessary to achieve the purpose of the processing. If the membership, the cooperation or the subscription is terminated, the personal data will be deleted no later than three years after termination.

Rights of data subjects

NOFOTA regularly sends (digital) newsletters and news items to the persons whose data they process. There is always a possibility to opt out. In addition, a request for deregistration can also be directed to the NOFOTA Secretariat (
Those involved can request an overview of the personal data that NOFOTA processes about them. If after inspection it appears that the information in question is incorrect or incomplete data subjects may request correction or changes. Data subjects may also ask for blocking or complete deletion of their data. Furthermore, data subjects can ask us to transfer their data to another party. Requests for an overview, correction, change, blocking, deletion or transfer can be addressed to NOFOTA via Incoming requests are processed and answered as quickly as possible, within four weeks at the latest. If your request is not answered to your satisfaction, you have the right to submit a complaint to the supervisory authority, the Dutch Data Protection Authority.

This privacy statement can be changed. The most recent version of this privacy statement can always be found on Last modified on May 22, 2018.