This privacy statement explains how we handle personal data, what rights you have and how you can contact us for more information.
We process these data in order to carry out our statutory tasks pursuant to Article 1.5.1. of the Dutch Act on Adult and Vocational Education and the resulting activities:
- accrediting and coaching work placement companies
- maintaining the VET qualification structure
- providing information on the labour market,
- work placement and the effectiveness of the training courses on offer
- advising on the connection between vocational education training (VET) and the labour market
- carrying out research in support of the above tasks
And for the following additional activities:
- International credential evaluation
- Reporting and expertise point for specialist workmanship
- Stagefonds zorg
- Boris project
- Review Chamber
- Reporting point for work placement discrimination
- Reporting point for work placement shortages
- sending out newsletters and other SBB information
- contact in case of questions by e-mail, telephone, chat, contact form
Depending on our services, we process the following data with which we can identify you directly and indirectly:
- name, address, postcode, town
- e-mail address
- telephone number
- date of birth and age
- work placement company
- educational institution, training
- username, password, user logs
- IP address
- Citizen Service Number (BSN)
We only process personal data for the fulfilment of our statutory tasks. If this changes, we will inform you via this website and ask for your permission if necessary. We process data on the basis of the following principles:
- The processing is a statutory obligation or is necessary for the performance of our public-law duties.
- The processing is necessary for the performance of a contract.
- You have given SBB permission to process your data. This is the case, for example, when you leave your contact details via the contact form. You can withdraw your permission at any time.
We avoid the unnecessary collection of data. We only ask for data that are necessary to fulfil our tasks or to answer your question.
You can always ask for access to the data we process about you. You can do this via the contact form. You will receive a written response within four weeks of your request.
If you make this request, we will, for identification purposes, ask you for the data that enable us to determine that you are the person in our files. We will let you know:
- whether we use your personal data and, if so, which data
- why we use your data
- to whom we may disclose your data
- the origin of your data if known
If we do not have any personal data about you, we will immediately delete all data you have provided with your request.
You can ask us to amend your personal data if they are incorrect or incomplete, irrelevant or used in breach of the law. We will then adjust your data as soon as possible. You can also ask us to restrict the use of your personal data. This means that your personal data will be disabled until it is clear that your personal data are being processed lawfully.
If you want to have your data deleted from our files, you can make a request to that end. We will deal with your request free of charge and within a reasonable time. You will receive a confirmation of your request, stating what we will do in order to delete your data. It may be that deletion of your personal data is not possible or not permitted, for example due to a statutory retention obligation. If so, we will inform you of this in the confirmation of your request.
We retain your data for as long as necessary for our services. We have also set retention periods. We are bound by statutory retention periods, for example under tax regulations. We will delete all data after expiry of the periods.
In addition to exercising your statutory rights, you can always lodge a complaint or object to the use of your personal data. You can contact our Data Protection Officer for this purpose. You can also direct your questions about this privacy statement to her. If you have a complaint about the use of your personal data, you can also give the Dutch Data Protection Authority a tip.
SBB does everything in its power to prevent data breaches and other security incidents. We have taken organisational and technical measures to this end.
In the event that an incident does occur, SBB has established a protocol for monitoring signals of possible security incidents and data breaches, reporting them to the Dutch Data Protection Authority where necessary and informing data subjects about a possible breach of their privacy. In the unlikely event that you discover a security incident or data breach at SBB, please report it to us so that we can take action.
SBB has developed policies to guarantee the security and protection of personal data as much as possible. We have recorded agreements and set up our systems in such a way that an appropriate level of security always applies. If other parties process data for us, we will enter into a processing agreement with them, which sets out the security arrangements.
We will inform you of any changes to this privacy statement in person or via this website.