Privacy Statement

Alliander attaches great importance to your privacy. If we process your personal data, we do so in accordance with the General Data Protection Regulation (GDPR) and its Implementation Act. You can read how we do this below.

Alliander is a grid company

Alliander ensures a reliable, affordable and accessible energy provision in a large part of the Netherlands. By continuously improving our grid, we are preparing for the future. A future in which everyone can use, produce and share sustainable energy.

Alliander is made up of a group of companies, including Liander, Liandon and Kenter. Together, we advocate high-quality knowledge when it comes to energy grids, energy technology and technical innovations.

The processing of your personal data

Alliander processes your personal data if: 
•    you are a customer or you send us a request for information. You can read here how we deal with your personal data;  
•    you are applying for a job or you send us a request for information about vacancies. You can read here how we deal with your personal data; 
•    you are visiting this website;
•    you are a supplier;
•    you are reporting as a visitor to one of our branches;
•    you are participating in our innovation projects;
•    you are participating in the training sessions of Alliander. 

In this Privacy Statement, you can read how we deal with your personal data in the final five situations in the above list.
Alliander uses personal data only for the objectives described in this Privacy Statement and makes every effort to protect your personal data. 

Objectives of data processing

Alliander collects and processes personal data with the following objectives:
1.    To improve the user convenience and look and feel of the website. We need functional and analytical cookies for this purpose, which is why we record the data of your website visit. You can read our cookie policy here. 
2.    Issuing orders to, communicating with and paying suppliers.
3.    Registering visitors at our branches in order to protect them. 
4.    Starting and performing sustainable innovation projects.

Data categories

Alliander processes different categories of personal data. These personal data are always processed with an objective in mind.

Category

Objective

Name, address and contact details 

Alliander processes name, address and contact details for entering into and performing agreements, communication, administration of visitors to our branches, access to our branches and branch security. Examples of this type of personal data category include name, address, e-mail address and telephone number. 

Camera images and car registration numbers

To protect employees and third parties against theft, vandalism and to protect goods and property of Alliander. We destroy recorded images periodically. We do not share these images with third parties, unless there are suspicions of wrongdoing. In that case, we can transfer the images to the police. For access checks to our branches, we record the registration numbers of cars.  

Contractual and financial data 

To perform agreements for products and/or services, as well as the invoicing and crediting thereof. Examples include IBAN number, name, trading name and VAT number. 

Retention periods

Alliander retains personal data in accordance with the retention periods in legislation, such as the General Data Protection Regulation (GDPR) and its Implementation Act and the Dutch State Taxes Act (Awr).

Recipients

Alliander shares personal data with the following categories of recipients:
•    service providers;
•    parties with programme responsibility;
•    investigative services;
•    public authorities.

Processors

Alliander may instruct a third party to perform a certain service. If, in performing the service in question, this third party has access to your personal data or if the third party uses such data, this third party is then a processor. Alliander has taken the required contractual and organisational measures, so that the processor processes your personal data solely for the above objectives. Alliander has personal data processed by, for instance, security companies and IT service providers. 

Provision to third parties, not being processors

Alliander provides your personal data to third parties only on the basis of statutory obligations or after you have given your consent. If you have given your consent for the transfer of your personal data to third parties, Alliander will not be responsible for the processing of such personal data. 

Consent

Alliander processes your personal data only on the basis of the principles (legitimate reasons), as referred to in the GDPR. If we are processing your personal data on the basis of your consent, you will always be entitled to withdraw that consent again.

Security of your data

Alliander has taken appropriate technical and organisational measures and has designed its infrastructure and procedures in such as a way that your personal data will be protected. The measures are based on the nature of the data and our technical possibilities. Independent auditors monitor our security measures. We have laid down the processing of personal data in a processing register.

Access to your data

All staff, who require such in order to carry out their work, have access to your data. Staff are given an authorisation to retrieve your personal data. We evaluate and update the authorisations and user profiles on a regular basis.

Transfer outside the European Union

Alliander processes your personal data within the European Union (EU). If Alliander has personal data  processed outside the EU, this processing will take place in accordance with the rules that the EU has adopted for that purpose. The stating point in this respect is the EU Standard Contractual Clauses. The level of privacy protection is similar to the situation regarding data processing within the EU.

Rights of data subjects

According to the GDPR, you may ask Alliander for access to your personal data. You may also ask us to change, supplement or erase your data, and you may object to the processing or have the processing limited. Finally, you may request us to supply you with all your personal data that Alliander has in its possession or to transfer it to another organisation. We will cooperate with your request in so far as it falls within the statutory frameworks.

Data protection officer

Grid manager Liander has its own data protection officer (DPO) for the personal data of customers. For data of other persons, the HR Privacy & Security Officer monitors the application of and compliance with the GDPR. If you have any complaints about exercising your rights or if you suspect that Alliander, or one of the processors has processed your personal data unlawfully, you can contact the HR Privacy & Security Officer : privacyofficer-hr@alliander.com.

Dutch Data Protection Authority

If you fail to come to an agreement with the HR Privacy & Security Officer, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). This body monitors compliance with the GDPR. You will find the Dutch Data Protection Authority’s contact details on their website. Alliander, however, always tries to reach a satisfactory solution with you.
Changes to the privacy statement
Although the outlines of this privacy statement will remain unchanged, Alliander may introduce changes. We will always do so in line with privacy legislation. We therefore advise you to re-read this statement from time to time, so that you will always remain informed regarding our privacy policy.
Copyright July 2018 Alliander N.V.