In and around the station
Information about how we use your data to enhance security and improve our services at and around the station.
What personal data do we use?
We use WiFi tracking to improve our services and to increase your safety in and around the station. To do so, we use your MAC address. The MAC address is immediately 'hashed' - converted into a series of characters. This series is then sent to a server, where we add extra random characters and hash the series again (a process known as 'salt'). The extra characters differ per day, and are not stored on a computer. We then 'cut out' some of the characters, so that there is no way that the series can be traced to an individual.
We also use counter sensors to make passenger counts and to analyse local passenger flows. The footage recorded by these sensors is not saved on the sensor or in any other way. In the past, NS also used Bluetooth tracking in addition to WiFi tracking, but this practice was discontinued as of 7 June 2018.
From November 2019 to February 2020, we will test the option of using sensors to detect vandalism. This test will use audio recordings. in these recordings, we will only filter out the sounds that pertain to vandalism. The test will begin with a few of the smaller stations around the country.
What do we use your personal data for?
Every day, more than 1.2 million travellers use the train stations in the Netherlands. As hubs of pedestrian traffic and public transport, a station is a special location that lets you transfer between trains, urban and regional public transport, bikes, cars, and increasingly diverse services and facilities.
The principle for data processing is: justified interest.
Together with our partner ProRail, we are constantly working to enhance security and improve our services in and around the station. To that end, it is essential to gain insight into the flows , walking routes, waiting times, and waiting areas for travellers and other station users. In this context, we are currently mapping traveller flows at a number of large stations by means of sensors that detect WiFi signals emitted by mobile phones, which is also known as WiFi tracking. We use this method in combination with counter sensors to gain a complete picture of passenger flows. We also ensure that all information generated by the sensors is processed securely and carefully, and in such a way that no information, can be traced back to individual passers-by. Your privacy is therefore guaranteed. Naturally, you can also choose to switch off the WiFi on your mobile device, and it will no longer be tracked.
We use the resulting non-attributable data for social purposes, such as security and crowd control at and around the station, as well as commercial purposes, such as choosing the locations for specific services and shops at the stations.
Stations that feature WiFi sensors can be recognised by a pictogram indicating their presence. These stations are: Amsterdam Centraal, Leiden Centraal, Amsterdam Zuid, Utrecht Centraal, Schiphol Airport, and 's Hertogenbosch. Station Amsterdam Bijlmer Arena only uses counting sensors.
The vandalism detection test will only use the sounds that pertain to vandalism. Other sounds captured in the recordings, such as human speech, will be destroyed within 14 days, in order to eliminate any information that can be traced to an individual person.
With whom do we share this data?
We contract third parties to provide IT and marketing services. These third parties process our information solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal information.
We are authorised to provide your personal information to parties outside the European Economic Community under certain circumstances. In that event, we will take suitable measures with these parties, for example by agreeing to the standard provisions required by the European Commission.
We have contracted Munisense to analyse the audio recordings used in the test.
How long do we store your data?
We do not retain the MAC address used to improve our services. We store the hashed MAC address, or the random string of characters, for up to 24 hours. The double-hashed MAC address stored on the server is retained for up to 5 years, as this lets us investigate long-term trends (in case of station reconstruction projects, for instance).
The footage recorded by counter sensors is not stored on the sensor or in any other way.The audio recordings in the test described above will be stored for a maximum of 14 days.