Privacy Statement

CPB Netherlands Bureau for Economic Policy Analysis carefully manages personal data. Personal data consist of information that can be traced back to natural persons, such as name, residential address and email address. The protection of these data has been regulated under the EU’s General Data Protection Regulation (GDPR). The regulation protects the privacy of civilians. This privacy statement documents CPB’s compliance with this regulation.

Information included in personal data

Personal data consist of information about a person or information that can be related to that person. Examples of such data are name, telephone number and email address, but also include the IP address of a computer and people’s Citizen Service Number  (burgerservicenummer). It therefore refers to all data that can be related to a natural person. 

How CPB handles your personal data

CPB Netherlands Bureau for Economic Policy Analysis is a Research institute that has been conducting economic policy analyses since 1945. CPB does so at its own initiative or at the request of the Dutch Government, Parliament, Cabinet Ministers, Members of the House of Representatives, trade unions and employers’ organisations. Because of these types of data, CPB is able to assess policy proposals as well as the impact of already implemented policy. The research data that CPB uses largely originate from data that have been collected by other, such as Statistics Netherlands (CBS), universities and other organisations.
 
CPB has defined the following number of principles in relation to the handling and processing of personal data:

CPB processes personal data only if...
...there is a legal basis for doing so. Examples include research activities conducted in order to comply with CPB’s legal obligations and instances when processing is required in the general or public interest. On the basis of the Dutch Sustainable Public Finances Act, CPB has been tasked to conduct independent assessments and analyses. It does not store any data other than those required for carrying out these tasks. 

At CPB, the focus is on the private citizen involved
Processing of personal data must be for the benefit of society. When processing and managing personal data, CPB always considers the interests of the persons involved and the related risks they could be running.  Personal data, therefore, will not be stored any longer than is absolutely necessary.  

CPB exercises restraint in sharing data with third parties
CPB is diligent and exercises restraint, with respect to sharing your personal data with third parties. When there is no legal basis for doing so, data will not be shared with external parties. 

CPB operates in a transparent way
CPB reports the use of personal data files to the Data Protection Officer of the Dutch Ministry of Economic Affairs and Climate (EZK). In the near future, it will also do so publicly on the website of the Ministry of EZK.  

CPB keeps personal data safe and secure 
CPB will keep personal data secure from unauthorised access, theft and misuse, by applying technical measures in its local network. It ensures that such data can only be accessed by CPB research staff and are used only for research purposes.    

Implementation of CPB principles is verifiable
CPB is open and transparent about the application and implementation of the principles described above. Supervisory bodies, political actors and the general public are always welcome to ask for explanations and information related to the implementation of those principles.  

Personal data storage period

CPB will store personal data no longer than necessary for research purposes or as required under the Dutch Archives Act (Archiefwet).  

Information about data processing

CPB keeps and manages a register of all personal data that have been processed. In the near future, this register will become publicly available. For each act of processing, the register contains a short description of the types of data processed, the reason for their storage, how the data are being handled and who is responsible for the processing. U can find the information on webpage of the Rijksoverheid.nl 

Social media / external platforms

CPB uses external platforms for its internet and social media services. We would like to point out that we have no control over how these platforms handle your personal data. We therefore advise you not to share any privacy-sensitive information via those platforms. CPB does not require these types of data for providing its services.   

Rights

According to the General Data Protection Regulation (GDPR), people have the right to know which of their personal data are being collected and processed by the government, including the reasons for such collecting and processing, as well as the sources from which the data originate. However, the GDPR does include an exception for statistical and scientific research, described in Article 89, clause 2 of the GDPR. This exception means that individual people do not have the right to inspect or change any of the personal data stored by CPB and used in its research. 

For more information about the General Data Protection Regulation (GDPR) and about the careful handling of personal data, see the website of the Dutch Data Protection Authority (Dutch DPA): www.autoriteitpersoonsgegevens.nl/en. Questions about the GDPR at CPB can be directed by email via the contactform.

Data Protection Officer 

The Data Protection Officer of the Dutch Ministry of Economic Affairs and Climate (EZK) reviews CPB’s compliance with GDPR legislation. CPB, in turn, reports to and is held to account by the Data Protection Officer. 
Questions and requests can be directed by email to: PbFG@minezk.nl, or by letter to:

Data Protection Officer 
Ministry of Economic Affairs and Climate
Bureau Bestuursraad
PO Box 20401
2500 EK The Hague