Specific Privacy Statement Regarding the Application of the Bibob Act at HHNK

Officials employed by the Hollands Noorderkwartier Water Board (HHNK) assess cases as they arise in accordance with the Bibob Act (Promotion of Integrity Assessments by Public Administration). HHNK applies the Bibob Act to permits, grants, public contracts, and real estate/land transactions in which HHNK is a party. In doing so, we use personal data. We are happy to explain how we do this.

Please also review HHNK’s Privacy Policy and Privacy Statement, as well as HHNK’s Bibob Policy.

What personal data do we use?

When applying the Bibob Act, we process only the data that is necessary. This includes, among other things:

  • name;
  • address;
  • place of residence;
  • country;
  • zip code;
  • date of birth or age;
  • marital status;
  • gender;
  • place of birth;
  • information about a person's financial or economic situation;
  • government-issued identification numbers (ID No.): BSN;
  • (copies of) identification documents such as a driver's license or passport;
  • information subject to a special, legally prescribed duty of confidentiality;
  • information subject to professional confidentiality;
  • criminal personal data and personal data regarding unlawful or disruptive behaviour connection with a prohibition imposed as a result of that behaviour.

Whose personal data do we process?

We process data from the data subject themselves and from the data subject’s business network for the purposes of a Bibob investigation. The data subject is the applicant for a licence, or the counterparty in a transaction or procurement process. This may be a natural person or a legal entity. In the case of a legal entity, contact is typically handled through the director who is authorized to act on behalf of the legal entity.

The following individuals may be involved in a Bibob investigation: the person concerned, a supervisor, a controlling party, a financial contributor, business partners, any person who is or will be listed in the decision as a supervisor, administrator, or manager, and any person who has or may have equivalent de facto influence over the person concerned. The person concerned is required to provide information in accordance with the Bibob Act (Article 7a). 

Who provides us with the data?

The individual concerned provides us with information about themselves and about information requested from their network. In addition, we request information from other government agencies and public sources. 

What is the legal basis and purpose for which we use your personal data?

The legal basis for the processing the Bibob Act and our public-law mandate. 

The goal is to implement the Bibob Act by conducting background checks. This includes information such as criminal records, tax authority records, or Bibob data. The Bibob Act applies to certain permits, subsidies, public contracts, and real estate/land transactions. Information is collected on individuals and legal entities (including their business networks) who apply for a licence subsidy, enter into a real estate or land transaction with HHNK, or are bidders in a procurement process. HHNK applies the Bibob Act to prevent the facilitation of criminal activity and to protect the interests of bona fide entrepreneurs. If an investigation reveals that the applicant for a licence, or the counterparty in a transaction or tender, is suspected of involvement in criminal activities, HHNK will not issue the requested licence(or will revoke it if already granted) or will not execute the transaction or award the contract. No automated decisions are made. 

Sharing Data with Third Parties

We share your data in accordance with Article 28 of the Bibob Act. This includes the following:

  • We engage third parties to perform IT services. These third parties are our processors and process the data solely on our behalf and for no other purpose. We have entered into agreements with these parties regarding the processing personal data.
  • Only authorized employees are granted access to data. They may only view the data they need to perform their jobs.
  • Under the Bibob Act and to protect the integrity of government agencies, we may share your information with other government agencies, such as the police, the National Bibob Office, the Tax and Customs Administration, and the Public Prosecution Service.

Data Processing Outside the European Economic Area

We do not process your data outside the European Economic Area (honour) or share your data with individuals or legal entities outside the honour, unless we are legally required to do so. In that case, we will implement additional safeguards in accordance with Chapter V of the General data protection Regulation data protection GDPR).

Retention Period

We retain personal data and the Bibob file for up to five years for completed Bibob investigations. In exceptional cases, we may extend this period to a maximum of ten years. Please refer to HHNK’s Bibob policy for more information. For terminated Bibob investigations, the retention period is one year.

Your rights

Your rights under the Bibob Act and the GDPR:

  • know what personal data we collect and with whom we share it;
  • exercise your rights under the GDPR;
  • access the data we process about you;
  • supplement and/or correct your personal data;
  • have your personal data deleted (subject to certain conditions);
  • have processing your personal data restricted (under certain conditions, your data will then be authorisation only with your authorisation );
  • object to the processing your personal data;
  • withdraw your authorisation the processing your personal data;
  • File a complaint with the Dutch Data Protection Authority (the national supervisor the protection of personal data). For more information, visit the Dutch Data Protection Authority’s website at .

You can exercise these rights by requesting access to your personal data, having it corrected, or having it deleted. To do so, you can submit a GDPR request here.

Your safety

We try to prevent anyone who is not entitled to do so from:

  • has access to your data;
  • your details may change;
  • may disclose your data.

We do this by, for example:

  • encrypt personal data;
  • control access to computer systems;
  • only grant access to computer systems to persons who are authorized to do so and/or who are bound by a duty of confidentiality;
  • classify documents and emails (indicate how strictly they must be protected) and secure them.

These measures fall under theGovernment Information Security Baseline( ) (BIO), with which we must comply.

data protection officer

We have appointed an independent data protection Officer data protection DPO). The DPO advises and monitors us regarding the processing personal data. data protection contact our data protection Officer in three ways: by calling our general phone number at 072 5828282, by emailingfg@hhnk.nl, or by mail (HHNK, attn: data protection Officer, Postbus . Postbus , 1700 AG Heerhugowaard).

Contact information

On the Contact page, you'll find our phone number and address.