Go to content

Privacy rights at the Netherlands Ministry of Defence

The Netherlands Ministry of Defence handles your personal data with the utmost care. If you want to know how, then please consult the General Data Protection Regulation (GDPR) about your rights. There are, however, a number of exceptions regarding your rights. On this page, you can read about which exceptions this refers to and about how you can check what personal data are stored at the Ministry of Defence, as well as what data can be accessed, amended, removed or transferred.

What are your rights?

As the data subject, you may be entitled to rights regarding your own personal data. With your permission, these rights may also be exercisable by, for example, a lawyer (through an authorisation).

The GDPR (Articles 15, 16, 17, 18, 20, 21, 22) sets out your rights. You have the:

  • right of access by the data subject;
  • right to rectification;
  • right to erasure (right to be forgotten);
  • right to restriction of processing;
  • right to data portability;
  • right to object;
  • right to human intervention in decision-making and profiling.

You can find extended information on these rights on the Dutch Data Protection Authority (DPA) website.

You may only exercise your rights in respect of your own personal data, not in respect of the personal data of others unless you have permission (an authorisation) from the data subject concerned. Please find more information below.

Exceptions

Exceptions to privacy rights apply under the GDPR. This may be on account of other legislation or, for example, of national security.

Do I have to pay for submitting a request?

In principle, you do not have to pay for submitting a request.

Submitting a request for privacy rights

Valid ID compulsory

You must send a copy of a valid proof of identity with your request. The government.nl website provides more information on how to safely make a copy of your proof of identity.  

The Ministry of Defence keeps records of who invoked what rights, and when. Your copy of your proof of identity will be destroyed after verification.

Authorisation to access personal data of another person

You can only exercise the rights relating to your own personal data, unless you are authorised for the personal data of another person. In that case, please include the following with your request:

  • an authorisation;
  • a copy of your proof of identity;
  • a copy of the proof of identity of the person for whom you are authorised.

Personal data of a deceased person

To request personal data of a deceased person, please send the following:

  • Extract from the municipal register of deaths (also known as a death certificate). If the person died more than 50 years ago, this may also be a picture from the archives of the civil registry.
  • A description of your connection with the deceased.

The government.nl website provides more information on how to safely make a copy of your proof of identity.

The Ministry of Defence keeps records of who invoked what rights, and when. After verification, the proofs of identity and, if applicable, the death certificate, will be destroyed.

Please note: are you currently working as a regular serviceman/woman, a reservist or a civilian at the Ministry of Defence? Please refer to the Security and Privacy intranet page for more information and to submit your request.

Request for privacy rights

Your information
Which GDPR right do you wish to exercise?(required)
Whose personal data are you requesting?(required)
For example: the other person is my father, mother, son, daughter, brother, sister.
For example: the other person is my father, mother, son, daughter, brother, sister.
For example: the other person is my father, mother, son, daughter, brother, sister.
Please enter the employee ID or registration number of the person whose personal data you are requesting. If you do not have this information, please enter: date of birth.
What personal data does this involve?(required)
What medical data does this involve?
We need this information to ensure that your request reaches the right person for processing. This will speed up your request.
Always include a copy of your own proof of identity
When requesting personal data of another person, always include an authorisation signed by the other person.
When requesting personal data of another person, always include a copy of the other person’s proof of identity.
When requesting personal data of a deceased person, always include an extract from the municipal register of deaths.
If necessary, you can add additional information here
Information about the processing of your personal data

The Defence organisation will use your personal data to process your request. The Defence organisation keeps records of who invoked what rights, and when. Death certificates and proofs of identity will be destroyed after verification. We will not share your information with others.

Statement of agreement(required)

Note: after clicking 'Continue', scroll down and select 'Edit' or 'Send'.

What happens once I have submitted a request?

You have submitted a request with the Ministry of Defence under the GDPR. What happens next? Your request will be answered within 1 month of receipt. In some situations, the handling period may be extended by 2 months. You will be notified if that is the case.

If you do not agree with the decision regarding your request

If you have received a response to your request and you disagree with it, you can lodge a written objection within 6 weeks of the publication of the decision. For military personnel on duty abroad, a 13-week period applies.

You can send your objection to:

Netherlands Ministry of Defence Objections Advisory Committee
Legal Services Centre
PO Box 90004
3509 AA Utrecht
The Netherlands

What must be included in the objection?

The objection must include at least the following information:

  • that the correspondence concerns an objection (preferably at the top of the letter);
  • the date of the letter;
  • your name;
  • your address;
  • a description of the decision to which you are objecting;
  • the reasons for the objection;
  • your signature.

It is advisable to include a copy of the decision and copies of other important documents.

Supervision by the Data Protection Officer

The Ministry of Defence has an independent supervisory officer in place who monitors the correct processing of personal data in accordance with the laws and regulations in force. This Data Protection Officer has the power to request information, to access to all documents, to access to all locations where personal data are processed, etc.

You can contact the Defence Data Protection Officer by e-mail: functionaris.gegevensbescherming@mindef.nl.

The Data Protection Officer is also responsible for the GDPR processing register. This is the register in which the notifications of registrations (processing of personal data) are entered at the Ministry of Defence.

The Data Protection Officer does not have any supervisory powers for the MIVD.