Legal obligations

NS is required to comply with a number of legal obligations. This may require us to process your personal data, such as your contact details or transaction information.

The basis for data processing is: compliance with a legal obligation.

We have to comply with various legal obligations imposed by e.g. tax law and railway law.

Investigative agencies, such as the police or the FIOD, may also request information from us. We are legally obliged to cooperate with such requests. In these cases, we always carefully investigate whether the request is within the investigative agency's jurisdiction, and monitor that procedural privacy protections are observed.

We are also required by law to have a Whistleblower policy. We may process personal data as part of this policy. More information about Whistleblowing

We contract third parties to provide IT services. These third parties process our data solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal data.

We are authorised to share your data with law-enforcement agencies, such as the police for the sake of detecting and preventing crime.

We will not provide your personal data to persons or legal entities outside the European Economic Community unless we are legally obliged to do so.

We store these data no longer than needed to comply with our legal obligations. Our legal obligation may require us to store your data for a legally mandated retention period. In that case, we will store your data for the entire duration of said period.