How we process your personal data
The National Electrical Safety Board is personal data controller in relation to the personal data processing carried out on this website and in the National Electrical Safety Board's operations. This means that we have a range of responsibilities in relation to individuals whose personal data we process.
Legal grounds for processing your personal data
The National Electrical Safety Board will never process your personal data unless there are legal grounds and a clear purpose of the processing. When we collect personal data from you, we provide information about, for example, the purpose of the processing and how long the personal data will be saved.
The personal data processed by the National Electrical Safety Board must be adequate and relevant in relation to the purpose of the processing. Therefore, we do not save more personal data about you than necessary, and we do not save your personal data longer than necessary.
Since we are a public authority, we are required to file and archive documents received by us, or that we prepare. Consequently, sometimes we are required to store your personal data for a long time. We always comply with the provisions of the Archives Act and have thinning procedures in place.
We comply with both the data protection legislation and the principle of transparency
We will never process your personal data for any other purpose than the one we have stated to you and we will never sell your personal data. However, the National Electrical Safety Board is a public authority, and consequently documents sent to us, or prepared by us become public documents that may be disclosed if requested. This complies with the principle of transparency and the provisions of the Public Access and Secrecy Act (2009: 400).
For example, we sometimes hire companies for the operation and maintenance of our IT and filing systems or for the e-services that we offer on our website. When we do so, these companies have access to the personal data processed in the relevant system. To prevent the companies from disclosing such personal data to any other company or from unintentionally losing them, we always draft a special agreement under which we impose requirements in relation to how the company must treat the personal data.
We have guidelines and procedures in relation to our handling of personal data
To fulfil our obligations, we have prepared internal guidelines and procedures for personal data processing. We also keep a register of the various types of processing of personal data that takes place at the National Electrical Safety Board.
We keep your personal data safe
The National Electrical Safety Board protects the documents and the various systems we use to prevent loss or unintentional disclosure of information. We work continuously by taking both technical and organizational measures to protect the personal data processed by us. We do so by, for example, always having updated virus protection and firewalls, creating a high level of security awareness among our employees and limiting access to, for example, classified documents, so that access is granted only to personnel who need access to such data.
The measures taken are intended to achieve a security level which is adequate based on the following criteria.
- Sensitivity of personal data processed.
- Special risks involved in the personal data processing.
- Cost of implementing measures.
- Technical possibilities available.