NPRC Privacy statement
At the Nederlandse Particuliere Rijnvaart-Centrale Coöperatie (‘Dutch Private Rhine Navigation Central Cooperative’; the NPRC), we attach great importance to your privacy. The General Data Protection Regulation (GDPR)[1] applies to the processing of personal data by the NPRC.
Below, we explain for what purpose and how we process personal data, what rights you have and how you can exercise them.
About the NPRC
As the largest cooperative of inland waterway transport companies in Europe, the Nederlandse Private Rhijnvaart-Centrale Coöperatie (‘Dutch Private Rhine Navigation Central Cooperative’, the NPRC) provides integrated logistics services for the transport of goods by water to members, non-members and customers. At the NPRC, cargoes are linked to ships. The provision of integrated logistics services for freight transport by water to members, non-members and customers is one of the NPRC’s core tasks.
The processing of personal data is an important and necessary part of the operations of the NPRC. It is important that the processing of personal data takes place with the utmost care.
Controller
The NPRC is the controller[2] within the meaning of the General Data Protection Regulation (GDPR)[3]. As the controller, the NPRC determines for what purpose it processes personal data and what resources it needs to do so. The NPRC is responsible for the careful processing of personal data described in this privacy statement.
Data collection
The NPRC collects the necessary data from if you use or wish to use one of our services, work with us or otherwise exchange data with us, for example by leaving data with us via the member portal on our website.
The NPRC collects the necessary data if you are or wish to have a business relationship with us, use our app, use our member portal, work for us or perform services for us, or exchange data with us for the purpose of making contact.
Types of data
We (possibly) process the following personal data:
Members and non-members
-
- Personal identification data (surname, first name, address);
- Personal details (nationality, place of birth, date of birth, sex, marital status);
- Electronic identification data (IP address, location)
- Contact details (email address and telephone number);
- Details for appointments;
- Participation in events;
- Committees, councils or boards;
- Financial identification data including bank account number;
- Permits;
- Agreements;
- KVK data;
- VAT number;
- Login details.
People interested in membership in the NPRC
- Personal identification data (surname, first name, address);
- Contact details (email address and telephone number);
- Details for appointments;
- Details for screening prospective members.
Contact persons of (potential) customers, companies or organizations or of persons with whom we maintain a business relationship for the fulfilment of our business interests
- Personal identification data (surname, first name, address);
- Contact details (email address and telephone number);
- Position;
- Contact details (email address and telephone number);
- Details for appointments;
- Login details.
Employees (external and independent contractors)
- Personal identification data (surname, first name, address);
- Personal details (nationality, place of birth, date of birth, sex, marital status);
- Contact details (email address and telephone number);
- Position;
- Email address;
- Phone number;
- Details for appointments;
- Financial identification data including bank account number;
- Copy of proof of identity;
- Social Services Number;
- Agreements;
- Log in details;
- KVK data;
- VAT number.
Purposes and processing
- Entering into a membership agreement;
- Managing a registry of members;
- Entering into a transport or service agreement;
- Performing transport and logistics services;
- Managing financial records;
- The appointment of qualified personnel;
- Entering into an employment agreement;
- Maintaining personnel records;
- Managing payroll records;
- Maintaining relationships with members, non-members, customers and suppliers;
- Commercial communications, including sending targeted newsletters;
- Registering and handling complaints, applications and requests.
Basis on which we may process data
The NPRC processes personal data only if:
- the processing is necessary for the performance of an agreement between you and the NPRC;
- the NPRC has a legal obligation to process your personal data;
- the NPRC has a legitimate interest in processing your personal data in the context of its services;
- you have given the NPRC permission to process personal data for specific purposes.
If you have given consent to the processing of personal data, you can withdraw your consent at any time.
In the event of a legitimate interest, we always make a careful and proportionate balance between your privacy interests and the business interests of the NPRC.
With a view to efficiently handling the transport and logistics process, and connecting transport to other modalities, the NPRC and ship owners have a business interest in sharing ship and cargo location data with customers.
Retention periods
The NPRC only retains your personal data for as long as we need it. The NPRC retains only those data that are necessary during the term of our relationship or for the duration of the agreement. If the agreement ends, the NPRC stores the data for a maximum of 5 years.
If the retention of personal data is subject to a legally stipulated retention period, we comply with this.
Transfer of data
The NPRC only provides your personal data to third parties if: this is necessary for the implementation of our agreement with you, we are legally obliged to do so, we have a legitimate interest in this, or we have received your express consent for this.
If the NPRC outsources the processing of personal data, in whole or in part, under its responsibility, the NPRC makes written agreements with this party in accordance with the legal requirements that such an agreement must meet.
Depending on the purpose for which we process personal data, examples include the following categories of recipients: other members of the cooperative, customers, suppliers such as hosting parties for the storage of data, banks for financial processing, government agencies such as the tax authorities, pension funds.
We do not sell your information to third parties.
Security
In order to prevent unauthorized access to personal data, our organization has taken various security measures, including measures against unauthorized access, unauthorized use, unauthorized modification, unlawful and unintended destruction, and unintended loss.
To prevent abuse and unauthorized access to your personal data, the NPRC has taken appropriate security measures. For example, only those persons who are authorized to do so have access to your data. Your personal data are protected. Security measures we have taken to protect them are checked regularly. For security reasons, we have taken the following measures, among others:
- logical access control on our devices and systems, using passwords and two-factor authentication;
- physical measures for access security of our locations;
- organizational measures for access control;
- security of network connections via Transport Layer Security (TLS) technology;
- securing data traffic on our website via Secure Socket Layer (SSL) technology;
- authorization and targeted access restrictions;
- data storage within the EU.
Your rights
If you have a business relationship with the NPRC, we would like to draw your attention to your rights under the GDPR with regard to your personal data processed. For example, you have the right to inspect your data and to the deletion of personal data we are not legally obliged to process or store or that we process only with your consent. Should data we hold about you be incorrect, you can request in writing that we change your data. You can also object to the use of your data.
After you have made this known to us in writing, you can exercise these rights. Make sure that you clearly indicate who you are. After verifying your identification, our staff will be happy to help you.
The NPRC will respond within four weeks of receiving your written request.
Right to complain
Do you not agree with the way in which we process your personal data or handle your rights as a customer or member of the NPRC? Then you can contact us via privacy@nprc.nl.
A complaint can also be submitted to the Autoriteit Persoonsgegevens (‘Dutch Data Protection Authority’; AP).
To do this, visit https://www.autoriteitpersoonsgegevens.nl.
Changes
It is possible that we will have to change our privacy statement. We will publish any changes on our website by means of the privacy statement. In order to keep abreast of the current version, we recommend that you regularly read our privacy statement.
Data Protection Officer
NPRC has appointed a Data Protection Officer (DPO). If you have questions about the processing of your personal data by the NPRC, you can contact the DPO via e-mail privacy@nprc.nl.
Questions
Do you have questions about this privacy statement? Please do not hesitate to contact us.
De Nederlandse Particuliere Rijnvaart-Centrale Coöperatie U.A.
Post address: Boterdiep 46, 3077 AW Rotterdam,
Phone number +31 (0) 103 139 900
Email: privacy@nprc.nl
[1] General Data Protection Regulation https://eur-lex.europa.eu/legal-content/NL/TXT/?uri=celex%3A32016R0679
[2] Controller: person or organization responsible for the Processing of personal data.