Information on the use of your information to prevent and investigate fraud.
What personal information do we use?
Unfortunately, fraud is a fact of life when it comes to claims and refund requests. In order to prevent or investigate cases of fraud, we use information such as your contact details, payment info, card data, and travel information pertinent to the claim, refund request, or incomplete check-in or check-out transactions.
If you are the holder or booker of an NS Business Card from NS Zakelijk, we may also use your business contact details if possible, which may be provided by the employer.
What do we use your personal information for?
If we suspect that fraud has been committed with an OV-Chipkaart while travelling with NS, we may choose to send you a letter asking you to pay an outstanding amount.
The principle for processing the information is: justified interest.
It is in NS' commercial interest to limit fraud as much as possible. We take every precaution to prevent infringements on your privacy. For example, we only use the information necessary, and if less severe measures are available, we will take advantage of them.
With whom do we share this information?
If the fraud potentially involves a criminal act, we may pass along your information to the investigative agencies, such as the police, to facilitate the investigation and prevention of criminal activity. We may call on third parties to provide IT services.
These third parties process our information solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal information.
We are authorised to provide your personal information to parties outside the European Economic Community under certain circumstances. In that event, we will take suitable measures with these parties, for example by agreeing to the standard provisions required by the European Commission.
How long do we store your information?
For suspected cases of fraud, we will store your data for 3 years from the moment of the last suspicious incident. If fraud is established to have occurred, then we will save the data from the fraud investigation for 5 years from the last incident.