The EU General Data Protection Regulation (GDPR) places a duty of information on the so-called ‘controller’, the person or entity in charge of processing personal data. Anyone whose data is processed must be notified proactively as to what that entails and how they can invoke their right to privacy.
This obligation requires ZonMw to explain in a simple, understandable way why and how we process personal data, how we handle privacy and how those affected can exercise their rights. The audience for a privacy statement, therefore, is all those whose personal data may be processed by the organisation: in particular employees and researchers, but also others who interact with ZonMw.
Means of fulfilling the duty of information can include:
The ZonMw-wide privacy statement outlines how we as an organisation treat personal data in general terms, including a few brief explanatory examples of typical operations.
This general statement also refers to the more specific ones issued by each unit. They describe in greater detail how the unit deals with the personal data of those involved in its own processes and chains.
‘ZonMw funds health research and encourages the use of the knowledge thus developed to improve health and care.’
ZonMw is an intermediary dedicated to enhancing scientific know-how and encouraging innovation in healthcare and research, across the entire spectrum from basic studies to clinical practice. As a link between society and science, we promote pioneering and innovative projects and facilitate their practical application. We also aim to further integrate outstanding science with innovation in the field.
Privacy is about the right of everyone we deal with, employees and members of the public alike, to protect their personal life, data and dignity. Nevertheless, collecting, processing and sharing data are hugely important to us in fulfilling our social and corporate mission. It is therefore essential that we do so in a responsible, lawful manner. Because personal data plays such a major part in achieving our social objectives, its protection and privacy in general are absolute priorities for ZonMw. So we always process it in a correct, proper and transparent manner, in accordance with the relevant legislation and regulations.
In this privacy statement, you can read how ZonMw handles personal data. It covers a variety of points.
This general privacy statement applies to all personal data that ZonMw may obtain from you in the fulfilment of our statutory duties. It is reviewed on a regular basis.
Personal data is information directly related to an individual, or which can be traced back to them. For example, their home address, telephone number and email address.
Some personal details are particularly sensitive because their disclosure or misuse could have a major impact upon a person’s life. Examples include data related to race, religion or health. This information is therefore subject to additional legal protections. Personal data about children and criminal records are always considered sensitive, too, and so are also protected by extra safeguards.
More information about personal data can be found on the website of the Dutch Data Protection Authority.
Throughout ZonMw, personal data is created, consulted, stored and shared for many different purposes. These include the conduct of research studies, maintaining a variety of registers, honouring grant applications and monitoring the field of healthcare.
ZonMw always explains how it handles personal data when performing particular tasks, why it does so and how it ensures that this is done properly. For an overview of units working with personal data, see the organisational diagram.
ZonMw applies a number of basic safeguarding principles when processing personal data and has comprehensive measures in place to ensure that it is handled reliably, properly and carefully.
ZonMw has a designated Data Protection Officer (DPO), an independent person whose principal task is to ensure that we are fully compliant with the Dutch Data Protection Act and the EU General Data Protection Regulation (GDPR). Externally, we are regulated in this respect by the Dutch Data Protection Authority.
ZonMw has comprehensive measures in place to ensure that personal data is handled reliably, properly and carefully.
In a number of cases, ZonMw is authorised and sometimes even obliged to supply data and information to other organisations, or to request them for information. The purpose of sharing data in this way must be compatible with the reason why it was originally collected, as defined in Article 6 of the GDPR.
ZonMw processes personal data only when it has a legitimate, legal reason to do so or with explicit consent, and solely for the specific purpose for which it was collected.
ZonMw processes no more personal data than is absolutely necessary, and whenever possible we process less or none at all.
ZonMw keeps any breach of privacy involved in collecting and processing data to the absolute minimum necessary for the purpose of the operation. If we can choose between different data or methods to fulfil a particular purpose, we always opt for the one which infringes the subject’s privacy the least.
At ZonMw we keep your personal data:
ZonMw carries out practical and scientific research on behalf of the Dutch Ministry of Health, Welfare and Sport (VWS) and the Netherlands Organisation for Scientific Research (NWO). Wherever possible, we try to use anonymous data. If it is necessary to process non-anonymous personal data, we always ask the permission of the person concerned or request a statement of no objection. In all cases, we process as little traceable personal data as possible and always ensure that the results of the research cannot be linked to any individual.
You have a number of legal rights, including the right to inspect and correct any data we hold about you. If you want to know what that is, you can submit a request for access. We will process this within four weeks.
Does your information appear to be incorrect, incomplete or irrelevant? If so, you can make a further request to have your data amended or supplemented.
Our Data Protection Officer (DPO) is your contact person for all questions, comments and requests concerning the processing of your personal data by ZonMw. You can submit these by email, to email@example.com, or by writing to the Data Protection Officer at our correspondence address.
If you have any questions about your legal rights, or a complaint, please contact the Dutch Data Protection Authority.