Alliander attaches great importance to your privacy. If we process your personal data, we do so in accordance with the General Data Protection Regulation (GDPR) and its Implementation Act. You can read how we do this below.
Alliander is a grid company
Alliander ensures a reliable, affordable and accessible energy provision in a large part of the Netherlands. By continuously improving our grid, we are preparing for the future. A future in which everyone can use, produce and share sustainable energy.
Alliander is made up of a group of companies, including Liander, Liandon and Kenter. Together, we advocate high-quality knowledge when it comes to energy grids, energy technology and technical innovations.
The processing of your personal data
Alliander processes your personal data if:
• you are a customer or you send us a request for information. You can read here how we deal with your personal data;
• you are applying for a job or you send us a request for information about vacancies. You can read here how we deal with your personal data;
• you are visiting this website;
• you are a supplier;
• you are reporting as a visitor to one of our branches;
• you are participating in our innovation projects;
• you are participating in the training sessions of Alliander.
In this Privacy Statement, you can read how we deal with your personal data in the final five situations in the above list.
Alliander uses personal data only for the objectives described in this Privacy Statement and makes every effort to protect your personal data.
Objectives of data processing
Alliander collects and processes personal data with the following objectives:
2. Issuing orders to, communicating with and paying suppliers.
3. Registering visitors at our branches in order to protect them.
4. Starting and performing sustainable innovation projects.
Alliander processes different categories of personal data. These personal data are always processed with an objective in mind.
Name, address and contact details
Alliander processes name, address and contact details for entering into and performing agreements, communication, administration of visitors to our branches, access to our branches and branch security. Examples of this type of personal data category include name, address, e-mail address and telephone number.
Camera images and car registration numbers
To protect employees and third parties against theft, vandalism and to protect goods and property of Alliander. We destroy recorded images periodically. We do not share these images with third parties, unless there are suspicions of wrongdoing. In that case, we can transfer the images to the police. For access checks to our branches, we record the registration numbers of cars.
Contractual and financial data
To perform agreements for products and/or services, as well as the invoicing and crediting thereof. Examples include IBAN number, name, trading name and VAT number.
Alliander retains personal data in accordance with the retention periods in legislation, such as the General Data Protection Regulation (GDPR) and its Implementation Act and the Dutch State Taxes Act (Awr).
Alliander shares personal data with the following categories of recipients:
• service providers;
• parties with programme responsibility;
• investigative services;
• public authorities.
Alliander may instruct a third party to perform a certain service. If, in performing the service in question, this third party has access to your personal data or if the third party uses such data, this third party is then a processor. Alliander has taken the required contractual and organisational measures, so that the processor processes your personal data solely for the above objectives. Alliander has personal data processed by, for instance, security companies and IT service providers.
Provision to third parties, not being processors
Alliander provides your personal data to third parties only on the basis of statutory obligations or after you have given your consent. If you have given your consent for the transfer of your personal data to third parties, Alliander will not be responsible for the processing of such personal data.
Alliander processes your personal data only on the basis of the principles (legitimate reasons), as referred to in the GDPR. If we are processing your personal data on the basis of your consent, you will always be entitled to withdraw that consent again.
Security of your data
Alliander has taken appropriate technical and organisational measures and has designed its infrastructure and procedures in such as a way that your personal data will be protected. The measures are based on the nature of the data and our technical possibilities. Independent auditors monitor our security measures. We have laid down the processing of personal data in a processing register.
Access to your data
All staff, who require such in order to carry out their work, have access to your data. Staff are given an authorisation to retrieve your personal data. We evaluate and update the authorisations and user profiles on a regular basis.
Transfer outside the European Union
Alliander processes your personal data within the European Union (EU). If Alliander has personal data processed outside the EU, this processing will take place in accordance with the rules that the EU has adopted for that purpose. The stating point in this respect is the EU Standard Contractual Clauses. The level of privacy protection is similar to the situation regarding data processing within the EU.
Rights of data subjects
According to the GDPR, you may ask Alliander for access to your personal data. You may also ask us to change, supplement or erase your data, and you may object to the processing or have the processing limited. Finally, you may request us to supply you with all your personal data that Alliander has in its possession or to transfer it to another organisation. We will cooperate with your request in so far as it falls within the statutory frameworks.
Data protection officer
Grid manager Liander has its own data protection officer (DPO) for the personal data of customers. For data of other persons, the HR Privacy & Security Officer monitors the application of and compliance with the GDPR. If you have any complaints about exercising your rights or if you suspect that Alliander, or one of the processors has processed your personal data unlawfully, you can contact the HR Privacy & Security Officer : email@example.com.
Dutch Data Protection Authority
If you fail to come to an agreement with the HR Privacy & Security Officer, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). This body monitors compliance with the GDPR. You will find the Dutch Data Protection Authority’s contact details on their website. Alliander, however, always tries to reach a satisfactory solution with you.
Changes to the privacy statement
Copyright July 2018 Alliander N.V.