GDPR and Privacy
For 10 years, aanmelder.nl has had a privacy policy that does not contain any surprises: we do not do anything with your data, or that of your participants, that you would not do yourself. In fact, we do not do anything with your data unless you ask us to. You can read more about this in our privacy statement. aanmelder.nl has been working for 10 years in accordance with the European Privacy Act and now this transition to the GDPR is of course included.
aanmelder.nl meets all obligations arising from the GDPR. In addition to the regulations on data handling, the GDPR also sets a number of specific operational requirements:
- aanmelder.nl has carried out a Privacy Impact Assessment.
- A Data Protection Officer has been appointed.
- All processes are audited on 'privacy by design.'
- Procedures have been set up to comply with the obligation to help individuals to view, modify and delete their personal data.
- aanmelder.nl does not carry out profiling or decision structures on the basis of personal data.
- The data storage takes place in Europe.
The GDPR is a law that applies to the entire European Union. Because of this law, the protection of privacy is now well regulated throughout Europe. In addition, the European Union has drawn up so-called 'Model Clauses' for companies with data centers that process and store data from Europeans. These 'Model Clauses' provide the framework within which data can be processed safely and lawfully. The datacenters that aanmelder.nl uses are in the European Union and comply with these Model Clauses. With aanmelder.nl you meet the obligation to process data within the privacy regulations of the EU.
Data Processing Agreement
The GDPR stipulates that a Data Processing Agreement is required between aanmelder.nl and you. This agreement states the role we play in the processing of personal data and codifies mutual expectations. aanmelder.nl offers every customer the possibility to sign a processing agreement. For this we have set up a very easy do-it-yourself process in your account page.
What is required of you?
The GDPR states that you are obliged to provide a secure registration system. The law does not prescribe how you take care of this, but the intention and intent of the law does have similarities with the principles of ISO27001. This is no coincidence: ISO27001 is the best-known standard in the area of information security and the ISO27001 certificate provides proof that the registration system and the supplier are subject to extensive security checks. Without a certificate, you should carefully examine the safety of the system and the business operations of the supplier in order to comply with the obligations within the GDPR.
What can you pay attention to?
Some registration systems include in their security statement that HTTPS connections and ISO27001 data centers are used. These security measures are most easily implemented and aanmelder.nl has classified these as the lowest level of security.
Please note that an ISO27001 data center does not say anything about the security of the systems that have been set up there. It also says nothing about the security of the software or about the security in the operations of the suppliers. HTTPS also gives no guarantees about the protection of the supplier's networks or the security of the data storage. For data security, HTTPS and a secure data center are not sufficient.
At aanmelder.nl, security is a system that works through all layers of service and is an integral part of the product. aanmelder.nl distinguishes itself in the field of data security.
