Privacy rights at the Netherlands Ministry of Defence
The Netherlands Ministry of Defence handles your personal data with the utmost care. If you want to know how, then please consult the General Data Protection Regulation (GDPR) about your rights. There are, however, a number of exceptions regarding your rights. On this page, you can read about which exceptions this refers to and about how you can check what personal data are stored at the Ministry of Defence, as well as what data can be accessed, amended, removed or transferred.
What are your rights?
As the data subject, you may be entitled to rights regarding your own personal data. With your permission, these rights may also be exercisable by, for example, a lawyer (through an authorisation).
The GDPR (Articles 15, 16, 17, 18, 20, 21, 22) sets out your rights. You have the:
- right of access by the data subject;
- right to rectification;
- right to erasure (right to be forgotten);
- right to restriction of processing;
- right to data portability;
- right to object;
- right to human intervention in decision-making and profiling.
You can find extended information on these rights on the Dutch Data Protection Act (DPA) website.
You may only exercise your rights in respect of your own personal data, not in respect of the personal data of others unless you have permission (an authorisation) from the data subject concerned. Please find more information below.
ExceptionsExceptions to privacy rights apply under the GDPR. This may be on account of other legislation or, for example, of national security.
Do I have to pay for submitting a request?
In principle, you do not have to pay for submitting a request.
Submitting a request for privacy rights
Valid ID compulsory
You must send a copy of a valid proof of identity with your request. The government.nl website provides more information on how to safely make a copy of your proof of identity.
The Ministry of Defence keeps records of who invoked what rights, and when. Your copy of your proof of identity will be destroyed after verification.
Authorisation to access personal data of another person
You can only exercise the rights relating to your own personal data, unless you are authorised for the personal data of another person. In that case, please include the following with your request:
- an authorisation
- a copy of your proof of identity
- a copy of the proof of identity of the person for whom you are authorised.
- If it concerns the personal data of a deceased person, you must send an excerpt from the register of deceased persons (also called a death certificate) instead of an authorisation. You must also explain your relationship with the data subject.
The government.nl website provides more information on how to safely make a copy of your proof of identity.
The Ministry of Defence keeps records of who invoked what rights, and when. After verification, the proofs of identity and, if applicable, the death certificate, will be destroyed.
Please note: are you currently working as a regular serviceman/woman, a reservist or a civilian at the Ministry of Defence? Please refer to the Privacy and Security intranet page for more information and to submit your request.
Request for privacy rights
What happens once I have submitted a request?
You have submitted a request with the Ministry of Defence under the GDPR. What happens next? Your request will be answered within 1 month of receipt. In some situations, the handling period may be extended by 2 months. You will be notified if that is the case.
If you do not agree with the decision regarding your request
If you have received a response to your request and you disagree with it, you can lodge a written objection within 6 weeks of the publication of the decision. For military personnel on duty abroad, a 13-week period applies.
You can send your objection to:
Legal Services Centre (JDV)
P.O. Box 90004
3509 AA Utrecht
What must be included in the objection?
The objection must include at least the following information:
- that the correspondence concerns an objection (preferably at the top of the letter);
- the date of the letter;
- your name;
- your address;
- a description of the decision to which you are objecting;
- the reasons for the objection;
- your signature.
It is advisable to include a copy of the decision and copies of other important documents.
Supervision by the Data Protection Officer
The Ministry of Defence has an independent supervisory officer in place who monitors the correct processing of personal data in accordance with the laws and regulations in force. This Data Protection Officer has the power to request information, to access to all documents, to access to all locations where personal data are processed, etc.
You can contact the Defence Data Protection Officer by email: email@example.com.
The Data Protection Officer does not have any supervisory powers for the MIVD, nor for the processing of personal data that the Royal Netherlands Marechaussee carries out in the context of its police duties.
The Data Protection Officer is also responsible for the GDPR processing register. This is the register in which the notifications of registrations (processing of personal data) are entered at the Ministry of Defence.