Last updated 01.08.2018
Processing personal data
What information is collected?
We use your name, email address, payment history in order to be able to provide you with a card. • Information of the card you are using or that we have provided to you, such as the card number, and the chip contained in the card; • Data on the use of the card issued to you. We receive this information from Translink and, if applicable, other service providers that accept the card. The personal data we receive is detailed and can contain the time, location, route, class and cost of a transaction. The use of personal data is not limited to travel and usage transactions, but can also include service and sales transactions. We can match information about usage of the card. For example, we will match check-in and checkout transactions to present the data of a trip.
For what purpose do we process the data?
The basis for the processing of personal data is to be able to provide a card. Based on this agreement, we use personal information for: • issuance of the card • taking care of the administration of the card; • communicating with - and informing you; • providing service, for example through the service desk; • receiving, processing and reporting transactions with the card to you; • extracting information, such as travel frequency, traveled routes and to provide the use of the card to give you appropriate information; • provide reports, insights, and advice; • providing service or complaint handling; • the processing of personal data into management information.
Who is responsible for the data?
RC BKA is the provider of the card and therefore responsible for the processing of the data.
To whom do we provide personal information?
We can provide you with your personal information. We can do this via e-mail or through the Service desk. • We provide personal information to use the card. • We may disclose your personal data to Processors of data (a role legally defined). These are partners who carry out work on our behalf. When we work with partners we ensure, as responsible entity, that they process personal data in accordance with the Data Protection Act in a proper and careful manner. • We are obliged to disclose your personal data if the Law forces us to, for whatever reason.
Security and storage period
For the protection of your personal data, we have taken physical, technical and organizational measures. We will remove personal information as soon as it is no longer necessary for the purposes as described above. We will keep the personal data collected by us if no longer than necessary for the purposes for which the data are collected and retained for a maximum of seven years. After the mentioned retention period, we remove all your personal data unless the data must be kept for a longer period as a result of legal obligations. Removal involves destruction or a modification ensuring that it is no longer possible to identify you.
Right of access:
The most important personal data such as name, email address and transactions can be requested via the service desk. You can ask us whether we process your personal data. We will contact you as soon as possible, but not later than four weeks, with answers and provide a copy of the personal data we process from you. For this, no costs are charged. To request access, please contact us via the Service desk.
Right to correction:
If your data is factually incorrect for the purpose of processing, you can inform us and we will process your request as soon as possible, but no later than four weeks. To request correction, please contact the Service desk.
Right to resist:
If you do not wish to receive information from us about products and services, please send us an email with the subject: "resist."
Complaints or questions
Each card user has the right to submit a complaint about the processing of their personal data by contacting us in a manner as mentioned below. Do you want to correct your data, or if you have a question or if you oppose to the processing of your data by us, please send us a message. We will respond to your request as soon as possible, at least within 14 days.
We, RC BKA B.V., have our registered office in Amersfoort at Utrechtseweg 9. E-mail:[email protected]
Notification Authority for Personal Data
Our processing of personal data is logged according to the Law on Personal Authority in The Hague under report number 1611969.
Entry into force
This version of the privacy statement associated with the ISIC/OV-chipkaart was drawn up July 2018. We reserve the right to make changes to the policy. On our website you can find the latest version of the privacy statement: www.rcbka.nl/privacyreglement.