NS Safety & Security Assistants

The tasks of SSAs include checking whether travellers at stations and in trains have a valid ticket. They are also responsible for keeping the peace and enforcing the law and NS's rules and T&Cs. SSAs have a duty to enforce the rules when they encounter an offence, and support the police in their investigative duties. SSAs who process personal data in the context of their investigative duties are subject to the Police Data Act ("Wpg"), rather than the GDPR. 

For the SSAs to perform their duties properly, NS may have to process personal data, such as your contact data. If you are stopped and/or given a ticket (combo ticket, formal warning or a ticket for violating a travel or area ban), SSAs will collect your contact details, date and place of birth, a description of the offence, along with the time and place, your citizen service number, ID type and ID number. NS also collects financial data when processing and collecting on tickets for fare evasion and other offences. You can submit a complaint to NS about a ticket. In addition to the information you provide in your request, NS will collect contact data, data of birth, a copy of your OV chipkaart (if necessary) and the ticket number. If NS or an SSA reports an offence to the police, we will collect, as far as possible, contact information, place and date of birth, time, place and type of offence.

The basis for the processing is: compliance with a legal obligation

Police Data Act

Regular policing duties (Art. 8 Police Data Act): police data can be processed with a view to carrying out the daily policing duties: enforcing laws and regulations, providing assistance, surveillance, traffic matters and simple investigations.

Our information systems make use of the records and registers of government agencies with public-law-related duties, such as the Dutch Population Register (BRP) maintained by the National Office for Identity Data (RvIG). We are also authorised to collect personal data from these registers. 

We collect some (personal) data on the basis of another law:

Code of Criminal Procedure

According to the Code of Criminal Procedure, SSAs are obliged to establish the identity of a suspect. The Identification of Suspects, Convicts and Witnesses Act - and the accompanying decree - specify the data we must use for this purpose. 

Special investigator decree

Special investigators are also authorised to collect personal data to perform their investigative duties. For example, when giving a ticket or writing an official report in the event of a criminal offence and in the processing and (financial) settlement of these offences.

Finally, SSAs also have various supervisory duties. In the performance of these supervisory duties, personal data are processed pursuant to the provisions of the following regulations:

• Passenger Transport Act and Decree 2000
• Nederlandse Spoorwegen's Terms & Conditions for the transport of Passengers and Hand Luggage (AVR-NS)
• General conditions of public urban and regional transport
• NS International General Terms & Conditions
• House rules for travelling with NS
• House rules Intercity direct

We contract third parties to provide IT services. These third parties process our data solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal data.

NS may also share your personal data with third parties, such as BOS Incaso, the Central Judicial Collection Agency (CJIB) if you fail to pay your fine on time, or the Public Prosecutor's office. We are authorised to share your information with law-enforcement agencies, such as the police, with an eye on tracking and preventing criminal offences. 

We will not provide your personal information to persons or legal entities outside the European Economic Community unless we are legally obliged to do so.

The Wpg specifies fixed retention periods for police data. Police data processed with the purpose of performing regular policing duties will be retained for up to 5 years after the data are first processed. After this term, the data are only retained for another 5-year term if needed for compliant resolution and accountability under article 14 of the Police Data Act. Formal warnings have a retention term of 6 months. 

The rights of data subjects in the Wpg are different from GDPR rights. The person to whom the personal or police data apply is called the data subject. The data subject has a right to:

• access;
• rectification;
• data erasure;
• limit data processing;
• object.

In the context of our policing duties, we are obliged to inform you of any data that are processed. We will also let you know when we have complied with your request for rectification, erasure, or limitation of data processing.

If you want more information about how your personal data are processed, you can submit a written request. If you believe that your data are not correct, you can submit a written request to us, specifying what must be changed.

We have the right to deny your request if:

• This would obstruct legal investigations or procedures;
• This would have negative consequences for our ability to prevent criminal behaviour, to track offenders, to investigate criminal actions, to prosecute suspects, or to punish offenders;
• This would jeopardise public safety
• This would violate the rights and freedoms of third parties;
• This would jeopardise national security. A request may also be denied if it is clearly an ungrounded or excessive request.

The NS Data Protection Officer monitors compliance with its obligations pursuant to the GDPR and Police Data Act. The contact details of the Data Protection Officer can be found at the start of this privacy statement.