The data of the volunteers is stored in a secure Excel format that is shared among the board members.
The details of the participants are stored in the database of our website via a secure code. In addition, a download is regularly made from the database in a secure Excel environment by the registration officer. This is also made available to the treasurer.
A separate page will be opened on our website indicating how the Foundation handles privacy data in accordance with the GDPR.
Photos of volunteers and participants will only be posted after obtaining permission from those involved. For participants, reference will be made to this general regulation when confirming registration. When registering, participants automatically give permission to post photos, but can indicate when registering if they do not want this.
A processing agreement will be concluded with the administrator of the website.
All volunteers will be informed about the existence of personal data as referred to under 3 and the purpose: only for internal use.
In addition, they will be informed about the possibility to submit a complaint about the way in which the data has been processed and about the possibility to view, correct or, if desired, have this data removed.
The participants will also be informed by e-mail immediately after registration on our website about the recording of personal data. They also have the same opportunity as the volunteers to submit a complaint, view, correct and request the removal of this data.
Every officer of the Foundation who, in his/her position, must have access to the personal data of volunteers and participants may only use this data internally and in accordance with the purpose of the Foundation.
The relevant officer will handle this information with care. They have a duty of confidentiality towards third parties with regard to personal data.
The officer is aware of the provisions of the General Data Protection Regulation of the Tour de Junior Achterveld Foundation and will act accordingly.
Every officer who is given access to the personal data will sign a confidentiality statement.
In the event of a data breach, the Data Protection Officer will be informed within 24 hours by the person who caused the data breach.
A data breach is understood to mean an incident that fears a serious breach of the confidentiality of personal data processed by TdJ. Examples of data breaches are:
Sending e-mails or physical document containing personal data to an e-mail address that belongs to a party for which the organization does not, directly or indirectly, have permission from those involved to view the data.
Providing access to a database containing personal data to a person who is not a board member or volunteer of TdJ.
The Data Protection Officer is responsible for the report. He/she is charged with reporting breaches of confidentiality of personal data processed by TdJ to the Dutch Data Protection Authority.
Within 48 hours, data subjects whose confidentiality of the personal data has been infringed will be informed of the leak by e-mail. Those to whom data have been leaked are also requested to stop the leak within 48 hours by destroying incorrectly obtained information.
The Data Protection Officer will inform the Dutch Data Protection Authority of the leak within 72 hours by reporting in accordance with the procedure established by the Personal Data Authority.