General Information

The amsterdam&partners Foundation (Stichting amsterdam&partners) is the city marketing organisation for the City of Amsterdam. We organise, support and coordinate a variety of activities and campaigns in relation to city marketing.

Through our visitor centres, websites, newsletters and other services, amsterdam&partners collects personal data that is directly related to you, or that we can connect to you. This might include your name or your email address, but also the IP address of your computer. Your personal data is any information that can be traced to you as an individual, either directly or in combination with other data.

In this privacy statement, we explain how we handle your personal data. We also include information on your rights and how you can exercise them. You can find more specific information on which personal data we process and for what purpose under the headings below.

This privacy statement may be updated in response to changes in legislation or other developments. The most recent version of the privacy statement is available on our website 24h.nl.

Responsible Body

The amsterdam&partners Foundation, De Ruyterkade 5, 1013 AA Amsterdam, is the responsible body in the sense of the General Data Protection Regulation (GDPR).

The amsterdam&partners Foundation also operates under the name I amsterdam, as on the website 24h.nl. Here too, amsterdam&partners is the responsible body in the sense of the GDPR.

Data Protection Officer

We have a Data Protection Officer (DPO), who is responsible for providing internal oversight and advice in relation to personal data protection. You can contact our DPO by e-mail at dataprotection@iamsterdam.com.

Personal Data Processing

We process personal data for a variety of reasons: we send out a newsletter, we sell the I amsterdam City Card, we receive information from job applicants and we collect data via our website. The data we process and the purpose for which we process it depends on the specific data processing operation. For information on the different data processing operations, we refer you to the relevant Process-specific Privacy Statement.

We see it as important to securely protect the personal data we process. We have therefore taken a variety of organisational and technical measures to protect personal data from misuse, loss and unauthorised access or processing.

In processing personal data, we abide by the principles of the GDPR. We process personal data only where there is a legal basis (such as a request for your permission or an agreement). We process data only where necessary, and we process no more data than needed.

Sharing Personal Data

In providing our services we sometimes cooperate with third parties, and in certain cases we share personal data with these organisations. When we share personal data with another organisation, we ensure that we have clear agreements with this party in accordance with legislation and regulations. We not only see it as important that we handle personal data correctly ourselves, but we also require it of third parties with which we work.

When we supply personal data to parties outside the European Economic Area (EEA), we ensure that we do so only to those that sufficiently guarantee personal data protection. We abide by the provisions of legislation and regulations.

The specific information on data processing includes information on whether we share your data with other parties.

Exercising your rights

On the basis of the legislation and regulations regarding personal data protection, you have a number of rights. You have the right to access any personal data we hold on you. In addition, you may submit a request to alter or delete your personal data, or to restrict our use of it.

If we process your personal data on the basis of your permission, you are also entitled to withdraw your permission. In this case we are obliged to stop processing your personal data. It is also possible for you to object to the processing of your personal data.

If you wish to exercise any of these rights, you should send a request to our DPO at dataprotection@iamsterdam.com. On receipt of your email, we will send a confirmation, which will include the date by which we will inform you that we have complied with your request. Please bear in mind that the implementation of your request is not an automated process.

The submission of a request is free of charge. However, if your request is evidently groundless or excessive, we may opt not to handle it and/or to charge you a fee of €25 per request.

For more information on your rights regarding your personal data, we refer you to the website of the Dutch Data Protection Authority. This website also provides example letters that you can use to exercise your rights.

Data Breaches

We see it as very important that your personal data is safe with us. However, if you encounter a flaw in our security or a data breach, we would be very grateful if you would inform us. Please send an email to datalekken@iamsterdam.com. You will automatically be sent the form ‘Melding Datalekken/Reporting Data Breaches’). We would ask you to return this form to us within 24 hours so that we can promptly activate our relevant procedure and meet our obligation to report data breaches.

Questions or Complaints

If you have any questions about the processing or protection of your personal data, or you wish to make a complaint about the way in which we handle your personal data, please send an email to dataprotection@iamsterdam.com.

You can also lodge a complaint about us with the Dutch Data Protection Authority. For more information, see the website of the Data Protection Authority, www.autoriteitpersoonsgegevens.nl.

Amsterdam, October 2018