Skip to main content

Main navigation

Combating fraud and misuse

Information on the use of your information to prevent and investigate fraud.


What personal data do we use? 

Unfortunately, fraud and misuse are facts of life when it comes to claims and refund requests and credit card payments. In order to investigate and prevent suspected fraud or abuse, we use information such as your contact details, payment info, card data, and travel information. For credit card payments, we may process all data necessary to complete the transaction, including the IP address, for example.

If you have or are a booker of an NS-Business Card from NS Zakelijk, we will use your business contact details if possible. We may obtain this information from an employer.

What do we use your personal data for? 

If we suspect that fraud has been committed with an OV-chipkaart while travelling with NS, we may choose to send you a letter. In that letter, we may ask you to pay an outstanding amount, for example. In addition, based on detected fraud and abuse, we can determine the deployment of staff and carry out more targeted checks. 

The principle for processing the information is: justified interest.

It is in NS' commercial interest to limit fraud as much as possible. We take every precaution to prevent infringements on your privacy. For example, we only use the information necessary, and if less severe measures are available, we will take advantage of them.

With whom do we share data? 

If the fraud potentially involves a criminal act, we may pass along your information to the investigative agencies, such as the police, to facilitate the investigation and prevention of criminal activity. We contract third parties to provide IT services.

These third parties process our data solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal data.

We are authorised to provide your personal data to parties outside the European Economic Community under certain circumstances. In that event, we will take suitable measures with these parties, for example by agreeing to the standard provisions required by the European Commission.

If you fail to meet your payment obligations, we will share your contact details with BOS Incasso to collect the outstanding amount. In case of fraud or suspected fraud or abuse involving the NS Business Card, we will share your data with the relevant chain partner. For payments via iDeal or credit card, we will share your payment details with third parties for the processing of the transaction and to combat fraud. 

How long do we store your data?

For suspected cases of fraud, we will store your data for a maximum of 3 years from the moment of the last suspicious incident. If fraud is established to have occurred, then we will save the data from the fraud investigation for a maximum of 5 years from the last incident.