Skip to main content

Main navigation

Legal obligations

Information about the use of your data to comply with NS' legal obligations.

What personal data do we use?

NS is required to comply with a number of legal obligations. This may require us to process your personal data, such as your contact details or transaction information.

What do we use your personal data for?

The basis for data processing is: compliance with a legal obligation.

We have to comply with various legal obligations imposed by e.g. tax law and railway law.

Investigative agencies, such as the police or the FIOD, may also request information from us. We are legally obliged to cooperate with such requests. In these cases, we always carefully investigate whether the request is within the investigative agency's jurisdiction, and monitor that procedural privacy protections are observed.

We are also required by law to have a Whistleblower policy. We may process personal data as part of this policy. More information about Whistleblowing

With whom do we share data?

We contract third parties to provide IT services. These third parties process our data solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal data.

We are authorised to share your data with law-enforcement agencies, such as the police for the sake of detecting and preventing crime.

We will not provide your personal data to persons or legal entities outside the European Economic Community unless we are legally obliged to do so.

How long do we store your data?

We store these data no longer than needed to comply with our legal obligations. Our legal obligation may require us to store your data for a legally mandated retention period. In that case, we will store your data for the entire duration of said period.