The EU General Data Protection Regulation (GDPR) places a duty of information on the so-called ‘controller’, the person or entity in charge of processing personal data. Anyone whose data is processed must be notified proactively as to what that entails and how they can invoke their right to privacy.

This obligation requires ZonMw to explain in a simple, understandable way why and how we process personal data, how we handle privacy and how those affected can exercise their rights. The audience for a privacy statement, therefore, is all those whose personal data may be processed by the organisation: in particular employees and researchers, but also others who interact with ZonMw.

Means of fulfilling the duty of information can include:

  • a general privacy statement, published on the website; and,
  • specific information associated with a particular action, such as how data obtained when a user visits a website or submits a form is processed.

Unit privacy statements

The ZonMw-wide privacy statement outlines how we as an organisation treat personal data in general terms, including a few brief explanatory examples of typical operations.

This general statement also refers to the more specific ones issued by each unit. They describe in greater detail how the unit deals with the personal data of those involved in its own processes and chains.

With regard to the personal data of our own employees, we are compiling a dedicated section of the new privacy policy framework in consultation with HR. We will of course be communicating separately about this, so that it also further raises the privacy awareness of our workforce.

Privacy statement

Mission statement

‘ZonMw funds health research and encourages the use of the knowledge thus developed to improve health and care.’

ZonMw is an intermediary dedicated to enhancing scientific know-how and encouraging innovation in healthcare and research, across the entire spectrum from basic studies to clinical practice. As a link between society and science, we promote pioneering and innovative projects and facilitate their practical application. We also aim to further integrate outstanding science with innovation in the field.

Our view of privacy

Privacy is about the right of everyone we deal with, employees and members of the public alike, to protect their personal life, data and dignity. Nevertheless, collecting, processing and sharing data are hugely important to us in fulfilling our social and corporate mission. It is therefore essential that we do so in a responsible, lawful manner. Because personal data plays such a major part in achieving our social objectives, its protection and privacy in general are absolute priorities for ZonMw. So we always process it in a correct, proper and transparent manner, in accordance with the relevant legislation and regulations.

In this privacy statement, you can read how ZonMw handles personal data. It covers a variety of points.

  • What is personal data?
  • For what purposes does ZonMw process your personal data?
  • How do we handle your personal data?
  • When is your data shared?
  • Scientific research.
  • Contacting us about your rights.

This general privacy statement applies to all personal data that ZonMw may obtain from you in the fulfilment of our statutory duties. It is reviewed on a regular basis.

What is personal data?

Personal data is information directly related to an individual, or which can be traced back to them. For example, their home address, telephone number and email address.

Sensitive data

Some personal details are particularly sensitive because their disclosure or misuse could have a major impact upon a person’s life. Examples include data related to race, religion or health. This information is therefore subject to additional legal protections. Personal data about children and criminal records are always considered sensitive, too, and so are also protected by extra safeguards.

More information about personal data can be found on the website of the Dutch Data Protection Authority.

For what purposes does ZonMw process your personal data?

Throughout ZonMw, personal data is created, consulted, stored and shared for many different purposes. These include the conduct of research studies, maintaining a variety of registers, honouring grant applications and monitoring the field of healthcare.

ZonMw always explains how it handles personal data when performing particular tasks, why it does so and how it ensures that this is done properly. For an overview of units working with personal data, see the organisational diagram.

How do we handle your personal data?

ZonMw applies a number of basic safeguarding principles when processing personal data and has comprehensive measures in place to ensure that it is handled reliably, properly and carefully.

Data Protection Officer

ZonMw has a designated Data Protection Officer (DPO), an independent person whose principal task is to ensure that we are fully compliant with the Dutch Data Protection Act and the EU General Data Protection Regulation (GDPR). Externally, we are regulated in this respect by the Dutch Data Protection Authority.

Data-protection measures

Reliability, integrity and confidentiality

ZonMw has comprehensive measures in place to ensure that personal data is handled reliably, properly and carefully.

  • Confidentiality: we only allow persons with the appropriate authority and a duty of confidentiality to process your data;
  • Security: we observe, or even exceed, the Dutch government’s standards and requirements for information security;
  • External safeguards: ZonMw reaches firm agreements with third parties such as software suppliers and data centres about their data-protection measures and actively checks compliance with them.

When is your data shared?

In a number of cases, ZonMw is authorised and sometimes even obliged to supply data and information to other organisations, or to request them for information. The purpose of sharing data in this way must be compatible with the reason why it was originally collected, as defined in Article 6 of the GDPR.


For a legitimate reason and a specific purpose

ZonMw processes personal data only when it has a legitimate, legal reason to do so or with explicit consent, and solely for the specific purpose for which it was collected.

With as little data as possible

ZonMw processes no more personal data than is absolutely necessary, and whenever possible we process less or none at all.

Minimal infringement of privacy

ZonMw keeps any breach of privacy involved in collecting and processing data to the absolute minimum necessary for the purpose of the operation. If we can choose between different data or methods to fulfil a particular purpose, we always opt for the one which infringes the subject’s privacy the least.

Retention for as long as necessary

At ZonMw we keep your personal data:

  • for as long as is necessary to fulfil the particular purpose for which it was collected; or,
  • for as long as required under the Dutch Archives Act; and,
  • for no longer than is allowed by law.

Scientific research

ZonMw carries out practical and scientific research on behalf of the Dutch Ministry of Health, Welfare and Sport (VWS) and the Netherlands Organisation for Scientific Research (NWO). Wherever possible, we try to use anonymous data. If it is necessary to process non-anonymous personal data, we always ask the permission of the person concerned or request a statement of no objection. In all cases, we process as little traceable personal data as possible and always ensure that the results of the research cannot be linked to any individual.

Contacting us about your rights

You have a number of legal rights, including the right to inspect and correct any data we hold about you. If you want to know what that is, you can submit a request for access. We will process this within four weeks.

Does your information appear to be incorrect, incomplete or irrelevant? If so, you can make a further request to have your data amended or supplemented.

Our Data Protection Officer (DPO) is your contact person for all questions, comments and requests concerning the processing of your personal data by ZonMw. You can submit these by email, to, or by writing to the Data Protection Officer at our correspondence address.

If you have any questions about your legal rights, or a complaint, please contact the Dutch Data Protection Authority.

To top
Direct naar: InhoudSkip to navigationSkip to website footer