Privacy statement travellers june 2025

Vrouw wordt gecontroleerd in HTM tram

HTM and your personal data

 

HTM always treats personal data with care. We carefully process the data that people enter in online forms, such as personal data for requesting a yearly travel card and data relating to questions, complaints, claims and lost and found objects. To monitor the safety of you as a traveller and of our employees, we use camera images and in some cases bodycams in our vehicles and at bus and tram stops.

This privacy statement describes how we process your personal data and what we use it for. First and foremost, HTM complies in all cases with the General Data Protection Regulation (GDPR) and the GDPR Implementation Act, the Police Data Act (WPG) and the Passenger Transport Act (and the Decree) 2000.

 

The processing of personal data for the implementation of police tasks is governed by the Police Data Act. Special Investigation Officers (BOA) employed by HTM must, whenever appropriate, comply with the legal obligations of the Police Data Act and support the police, including in their investigative tasks. This includes data that we collect to investigate criminal offences, maintain public order and/or provide assistance.

In such instances, we may be required to process personal data such as your contact details or camera images.

If you travel without a valid ticket or if you do not comply with the applicable transport conditions in any other way, our BOAs can process your personal data in order to compile a report and impose a fine on you. The personal data that the BOAs process to do this is subject to the Police Data Act.

 

How do we process personal data?

Personal data is processed for a number of purposes, which we explain below. Personal data is not automatically used for all of these purposes at the same time.

Purposes:

Implementation of an agreement entered into, such as purchasing and using a yearly travel card and other tickets.

Information and service: travel information (such as e-mails about maintenance, schedule changes, route changes and disruptions); dealing with questions, requests, complaints, lost and found objects or requests for refunds when using an OV-chipcard/OV-pass and/or debit card; and applications for photo/film and sponsorship requests.

Public safety: monitoring the safety of travellers/employees in our trams and buses and at stops, including investigating the perpetrators of violence.

Improving our products: processing data that cannot be traced back to individuals for purposes, such as market research; location tracking for the use of HTM services; management information; analysis; general company strategy; the development of products and services to improve the provision of services; and the implementation of marketing campaigns.

Combatting fraud: including investigations into the incorrect use of OV-chipcards/debit cards with a HTM travel card/HTM product on them, and the correct use of the 'Money back in case of delay' scheme.

Financial administration: debtor management (such as calculating, collecting or crediting invoices for travel cards or other travel products and maintaining contact with debtors) and revenue administration.

Historical and statistical purposes, such as recording the numbers of people entering and leaving our vehicles.

Compliance with applicable laws and regulations, including the Passenger Transport Act 2000 and tax laws and regulations.

HTM processes personal data on the basis of the following legal principles as stipulated in the GDPR:

Consent of the person concerned

Implementation of the agreement

Legitimate (business) interest

Legal obligation.

 

How long do we store personal data?

HTM uses different retention periods, always in accordance with the GDPR. The relevant retention periods are specified in the overviews below.

Applications for photo/film and sponsorship requests with personal data are deleted after the request has been processed.

 

Personal data is protected

HTM has taken measures to protect personal data against loss or unlawful processing. These measures vary from physical measures, such as a burglar alarm and access control, to a wide range of organisational and technical security measures. Random HTM employees or third parties cannot access personal data. Access to your data is only available to authorised employees, and only when necessary for the performance of their work and on the basis of an established authorisation policy.

 

Providing data to third parties

In accordance with legislation and regulations, HTM is obliged to cooperate with investigative authorities, such as the police, the tax authorities or the Fiscal Information and Investigation Service (FIOD), if they request personal data. In such cases, HTM carefully scrutinises the authority of the relevant investigative agency, and naturally also complies with the requirements as stipulated in the GDPR/Police Data Act under this legal requirement.

HTM may also independently provide personal data to the police or judicial authorities in order to protect its rights and property.

Furthermore, the data may be used as substantive evidence in legal proceedings or proceedings before the Public Transport Disputes Committee. HTM never provides third parties with more information than necessary.

 

In order to facilitate the efficient nationwide processing of the settlement of (travel) transactions and the financial settlement for revenue distribution between the public transport companies, HTM shares your (transaction) data and product data with Translink Systems B.V. (Translink). For more information, see below in this privacy statement and visit https://www.ov chipkaart.nl/and https://www.ovpay.nl/nl/.

HTM also engages other parties for the provision of services. These are processors who may process personal data at the request of HTM and on behalf of HTM. HTM makes specific agreements with these processors about the processing of personal data, such as about the protection, retention and confidentiality of data and assurances that data may only be used to implement the specific task assigned by HTM. These processors include payment service providers, collection agencies, cloud and hosting parties, IT service providers, etc.

When you use the weather service on the HTM app, a pop-up window opens. You are then in the environment of the Buienalarm app. You will not automatically return to the HTM app. To do this, you must close the Buienalarm window.

When you click on and view this weather service, your data will be processed by Buienalarm.nl. For more information, see the Buienalarm privacy statement: Disclaimer & Privacy (infoplaza.com)

Your privacy rights

Everybody has the right to inspect the personal data processed by HTM. On request, HTM can provide a written overview of the personal data known to us. For persons under the age of 16, such a request must be submitted by a parent or guardian.

A request can be submitted by e-mail (gegevensbescherming@htm.nl) accompanied by a copy of the person’s identity document (with the BSN number and photograph blocked out) and a copy of the OV-chipcard (with the photograph blocked out). You can also submit your request by filling in the Personal data form at HTM. If you don’t want to send a copy of your ID as specified above, you can also identify yourself at the HTM desk with a completed form. The employees there can then forward the form to gegevensbescherming@htm.nland indicate that your ID has been checked by them.

HTM will respond to the request within the statutory period even if it cannot comply with the request. The above e-mail address can also be used for other questions about privacy.

Is your personal data incorrect or incomplete? Then please use the form above.

In personal accounts in the HTM webshop, you can indicate which information you do or do not wish to receive. Do you think that HTM has not acted correctly with regard to your rights? Then you can report this to the Dutch Data Protection Authority: klacht-melden-bij-de-ap.

 

The overview below lists the various components for which we also process your data when you use them.

 

1. Privacy OV-chipcard

2. Privacy OVpay

3. Privacy Information Management

4. Privacy HTM website and HTM apps

5. Privacy HTM camera surveillance

6. Privacy when reporting damage

7. Privacy Police Data Act

1. Privacy OV-chipcard

 

There are two types of OV-chipcard: the personal OV-chipcard and the anonymous OV-chipcard. There is also a once-only OV-chipcard that is valid for a limited period or for a specific journey. This once-only OV-chipcard is also anonymous.

The personal OV-chipcard is a card with a name and passport photograph (the newer cards no longer include a photograph, but inspectors can see the photograph in their hand-held devices while they are checking tickets). The personal OV-chipcard is used for ‘personal products’ such as a HTM annual travel pass or age discount.

Users of a personal OV-chipcard are known to the card issuer, which is Trans Link Systems B.V. (Translink). Translink processes the personal data of OV-chipcards and related transactions. For more information about Translink's privacy policy, visit the website Privacy - OV-Chipkaart.nl

 

HTM is not liable for Translink's privacy policy.

HTM, the other carriers and Translink are jointly responsible for processing personal data related to the core processes in the OV-chipcard system. To make this possible, we have entered into a joint cooperation agreement that stipulates the division of roles, responsibilities and arrangements regarding these core processes. Provisions have been made for each core process regarding which data must be processed for an effective and efficient OV-chipcard system and who needs that data.

 

HTM can use your chipcard identification in case of suspected non-payment, fraud prevention, suspected and/or proven fraud. The provision of your OV-chipcard identification means that Trans Link Systems (TLS) provides us with the internal card number (chip ID) that corresponds to the

number (engraved ID) that is printed on your card. TLS does not share your name, address, place of residence or other personal data that it processes about you. We have a legitimate interest in doing so as a public transport company.

 

There is no link between travel card administration at HTM and the travel data at Translink.

Data such as the name, address and place of residence on a personal OV-chipcard with a HTM travel card is processed in the HTM travel card administration. The transaction data (such as check-in/check-out data, location and chip ID) is processed in the OV-chipcard system. The HTM travel card administration is not linked to the OV-chipcard system, and HTM can only view data in the OV-chipcard system at your express request or in case of (suspected) fraud with an OV-chipcard, and then only by authorised persons.

This data is accessed through an online portal. Access to this portal is made possible by Translink, who, together with the carriers, takes the role of joint data controller for the purpose of processing this data. Without your permission, the travel details of your trips with other carriers cannot be accessed by HTM.

 

How long do we store personal data?

We make a distinction between transaction data and data that we use for our travel card administration.

Transaction data (data generated when using the OV-chipcard)

Personal data related to transaction data is never retained for longer than 18 months.

Travel card administration

Personal data (including contact details) that is required to provide a travel card is processed in the travel card administration. The retention period for this data is 7 years, as stipulated the General Tax Act.

 

See also https://www.ov-chipkaart.nl/en for more background information.

 

2. Privacy OVpay

 

When travelling using a Debit Card or OV-pas, we may use terms you are not (yet) familiar with. For your convenience, we list these terms and its meanings at the end of this privacy statement.

 

The nine Dutch Public transport operators  and Translink are jointly facilitating two additional ways for travelling by public transport: purchasing a (Transport) Ticket by checking in and checking out using your Debit Card or OV-pas. When we use the term Card in this privacy statement we mean both the Debit Card and OV-pas. 

 

Facilitating the Debit Card are we doing this in collaboration with a number of payment services . These payment services activate your Debit Card with a public transport travel function in the Netherlands. You pay for your journeys via the Bank Account associated with your Debit Card. 

 

For the OV-pas you pay for your journeys via the balance of your OV-pas. The OV-pas and related balance are issued and managed by Translink. If you have any questions regarding the OV-pas such as how it works, how to purchase it or about the balance you can contact Translink. For questions regarding any travels made you can contact the Public transport operator you travelled with or Translink.

 

Personal data.

As soon as data can be related directly or directly to a person, it is referred to as Personal data. Examples of these are your name, (email) address and date of birth. Your travel data or username can also be considered Personal data.

 

The Processing of your Personal Data is necessary when checking in and checking out with your Debit Card. It lets you travel and pay on public transport in bus, tram and Metro and Translink can also provide you with services. If you do not want RET and Translink to have the necessary Personal Data, you will not be able to travel and pay with your Debit Card and have to use another regular (Transport) Ticket.

 

The processes have been designed based on Privacy by Design. This means that Translink and the Public transport operators have designed and set up the systems in such a way as to protect your privacy as a passenger as much as possible. 

 

Pseudonymisation, re-identification and use of tokens

 

Immediately after you have checked in, the unique identification number (PAN)  of your Debit Card will be Pseudonymised. Each card is allocated its own unique number, a so-called token. These tokens are used for various purposes including travel, payment, service, inspection and overview reports. 

 

Translink has a central administration system where, among other things, Translink registers on behalf of the Public transport operators Tickets, calculates the price for a journey, and keeps track of the total amount for which you have travelled that day. The system allocates each Public transport operator its own unique identification numbers for the tokens, so that the Public transport operators have no mutual insight into the travel patterns of passengers with other Public transport operators.

 

Pseudonymised data cannot be traced back to your Debit Card details without additional information. This Pseudonymisation is a measure to reduce the risks for you as traveller in relation to the Processing of your Personal Data. There is a risk, however, that by combining this with other data, an organisation may still be able to identify which Debit Card belongs to the pseudonym. This may make it possible to review the travel history of a token. The Public transport operators and Translink have come to arrangements to minimalize the risk of re-identification.

 

Glossary

When travelling using your Debit Card or OV-Pas, we may use terms with which you are not (yet) familiar. For your convenience, we have listed these terms and their meanings.

 

App: a mobile application developed and offered by a Public transport operator or Public transport operators and Translink jointly (OVpay) that allows Passengers with a Card to create, consult their online account, link the Card to it, and thus, for example, to easily view their travel transactions and payments and submit service requests. Use of an App is subject to the terms and conditions of use of the relevant App.

 

AVR-NS: the terms and conditions of NS (general terms and conditions for the carriage of Passengers and hand luggage of Nederlandse Spoorwegen)

 

AV-S: the City and Regional Transport General Terms and Conditions (the General Terms and Conditions for passenger transport by public city and regional transport (by bus, tram, light rail and metro) and regional train transport provided by one or more of the following Transport Providers: Arriva, Keolis, Connexxion, EBS, GVB, HTM, Qbuzz and RET).

 

Bank: a financial undertaking that provides payment services and holds the Bank Account to which the Debit Card used by the Passenger on public transport is linked. This also includes a credit card company or other regulated financial undertaking which as a financial undertaking is offering payment services and which has issued the Debit Card.

 

Card: a Debit Card or OV-pas.

 

Controller: a natural or legal person, a government agency, a service or another body that, alone or together with others, determines the purpose of and means for Processing Personal Data as defined in the GDPR.

 

Debit Card: a contactless card issued by the Bank (physical or digital on a mobile or smartphone) that the passenger uses and pays for public transport by checking in and out at designated card readers at stations, stops and in vehicles. This also includes a card issued by a credit card company with which the passenger uses and pays for public transport.

 

Discount profile: the profile that Translink and the Public transport operator you travel with can access to check and inspect if you are entitle for a discount. The Discount profile requires your name and/ or date of birth and/ or photo.

 

Joint Controller: If two or more Controllers jointly determine the purposes and means of the Processing, they are Joint Controllers as defined in the GDPR.

 

OV-pas: a contactless card issued by Translink that the passenger uses and pays for public transport by checking in and out at designated card readers at stations, stops and in vehicles.

 

Payment reference number: this is a code comprising a combination of fourteen letters and numbers, created 

uniquely for each payment. This code is linked to the amount that is debited from your Bank account when paying with a Debit Card. 

 

Payment Service Provider: (PSP) a party that enables you to travel on account with your OV-pas. Traveling on account means that you can pay for your public transport journeys with your OV-pas afterwards, for instance by direct debit or a regular transfer.

 

Personal data: any information regarding an identified or identifiable natural person as defined in the GDPR. 

 

Personal OV-pas: an OV-pas that may be used only by one specific person. An OV-pas becomes personal if a Personal product is linked to it. That OV-pas may be used only by the person in whose name the Personal product is registered. The verification takes place on the basis of the Discount profile that can be accessed by the Public transport operator at which that Personal product is valid.

 

Personal product: the product is personal if its product conditions so provide. Personal means that only the person in whose name that product is registered may travel with that product in combination with the OV-pas.

 

Processing: an operation or set of operations relating to Personal Data or a set of Personal Data, whether carried out by automated processes or not as defined in the GDPR.

 

Processor: a natural or legal person, a government agency, a service or another body that Processes Personal Data on behalf of the Controller as defined in the GDPR.

 

Pseudonymisation: the Processing of Personal Data in such a way that the Personal Data cannot be linked to a traveller without the use of additional data, provided that this additional data is stored separately, and technical and organisational measures have been taken to ensure that the Personal Data is not linked to an identified or identifiable traveller as defined in the GDPR. 

 

Public transport operator(s): the Dutch public transport operators listed on the OVpay.nl website.

 

Technical Card data: this technical data consists of the numbers of the Card, namely the PAN, the PAN serial number, and the validity date. The PAN is a unique card identification number. The PAN serial number is contained in the chip of the Card and is not visible.

 

(Transport) Ticket: the Ticket that provides valid access to the train, bus, tram and metro and that has been purchased by the passenger by checking in for each journey with [...] with a Card used to travel. A (Transport) Ticket is only valid if it meets all the requirements set out in the General Terms and Conditions of Urban and Regional Transport or AVR-NS (in case of travelling with the NS).

 

Translink: the company who a.o. registers Tickets, calculates fares, settles payments with travellers and Public transport operators and provides services to Travellers. Trans Link Systems B.V., having its registered office and principal place of business in Amersfoort.

 

Travel day: the period which starts at 00.00 hour and ends next day at 03.05 hour.

 

2.1. How to travel and pay with a Debit Card and OV-pas using public transport?

A. Purchasing and topping-up OV-pas

You can purchase an OV-pas via the OV-pay app  and the OVpay website (as of August 2025). If you purchase an OV-pas, it gets an unique number in the central administration system of Translink. This allows for keeping the balance of the OV-pas and to settle any trips and travels made with this balance. The balance changes if someone is using the OV-pas for travelling and if money is deposited on or drawn from it.

 

Translink requires a name and delivery address to deliver the physical OV-pas. This data will be stored for 30 days. This allows Translink to produce a new OV-pas and send it to you in case anything goes wrong at the production or delivery process.

 

In autumn 2025 it is expected that an OV-pas can also be purchased (including topping up balance) at several nationwide operating retailers. This will be possible with both cash and Debit Card. When you purchase an OV-pas this way, Translink is not Processing Personal Data. Translink does also not know who purchased the OV-pas. Translink will know which travels are made with that OV-pas, but not know who the persons is (or persons are) who did use it for travelling.

 

Charging, managing and withdrawing balance of an OV-pas

Via the OVpay app and the OVpay website (as of August 2025) you can charge up to €150 and check balance on your OV-pas. If you lost an OV-pas, it has been stolen or is malfunctioning, you need to report such via the OVpay app or OVpay customer care. To process such notification Translink will need the card number and verification code of your OV-pas. These are printed on your card, one on each side. The OV-pas will then be blocked and is no longer valid for travelling.

 

An expired OV-pas will be blocked by Translink and is no longer valid for travelling. If you order a new card, the balance will be linked to this new OV-pas. For more information on linking your Card, see E./ services.

 

In autumn 2025 it is expected that automatic reload of your balance will be available. If your balance drops below a certain threshold due to travelling, the OV-pas balance will be charged automatically with a predefined amount. That amount will be debited from a predefined bank account, as agreed upon by you.

 

Travelling on account with OV-pas

Travelling on account means that you are paying afterwards for any trips made with the OV-pas. This requires a separate agreement with a Payment Service Provider (PSP). That agreement determines the payment terms, such as the payment deadline and payment method (e.g. by direct debit or a regular transfer).

 

The PSP will pay the costs for each journey you made on account to the Public transport operator. The PSP will settle this with you afterwards. The amount charged to you by the PSP may differ from the fare charged by a Public transport operator for the same journey when traveling on credit.

 

Failure to comply with the PSP's terms and conditions (including payment terms) may result in travelling on account with the OV-pas being blocked (temporarily).

B. Travel

 

First time travelling with your Debit Card

The first time you check in with your Debit Card, an automatic check is made to determine whether that Debit Card is suitable for travel. This also occurs if you have not used the Debit Card in question for travel for 90 days and then check in again.

 

Translink will also check at the Bank that holds your Debit Card if it has been blocked. If blocking is the case, the Public Transport travel function of the Debit Card will then be blocked, and you will not be able to use it for travel. This is a decision of the Bank. The Public transport operators and Translink cannot change this.

 

Travelling with your Debit Card or OV-pas

When checking in with a Card, the card reader will read the technical data. Here we check whether the card can be used to travel and will inform you accordingly via the card reader. Holding your Card at a card reader is called a tap.

 

If you are able to travel using a Card, personal data will be sent to Translink when you check in and out using the card readers of the Public transport operator with which you are travelling. In addition to the technical data of your card, this includes the date, time and stop or station where you boarded or alighted. Translink records all check ins and check outs, constructs all the trips made and calculates the trip fares. Your journey is compiled, and your fare is calculated using this information as well as, if applicable, additional information on products and profiles granting you a discount.

 

To be able to use the Discount profile ‘age discount in bus, tram and metro’, you have to provide your name, date of birth and photo in the OVpay app, OVpay website (as of August 2025) or in the App of a Public transport operator. If you do not want the Public transport operators  and Translink to have the necessary Personal data, you will not be able to use age discount in bus, tram and metro.

 

Checking the validity of your Debit Card 

Every time you check in with your OV-pas, an automatic check will be made against a deny list at Translink to ensure that the balance attached to the card is sufficient for travelling. The minimum required balance for travelling can differ per and is being determined by Public transport operator.

In addition, every time you check in with your Debit Card or OV-pas, an automatic check will be made against a deny list at Translink to ensure that the Card has not been blocked. The deny list is managed by Translink and distributed to the Public transport operators. A Card will be added to the deny list by Translink if:

the Card is on an alert list of the Bank (Debit Card) or Translink (OV-pas), e.g. because it is listed as stolen or missing;

settlement for the Card has not been made for the use of public transport, e.g. because your balance was insufficient at the time of settlement;

A product or profile granting you a discount is used while not respecting the applicable terms and conditions.

 

C. Paying

 

Paying with your Debit Card

When checking in and out with a Debit Card, Translink calculates the fare for the journeys you make. Translink settles in corporation with EMS  and your Bank the payment for the trips made by you. During the night following the day on which you travelled, the amount due for all the journeys you made in one day is presented in one sum to EMS and then to your Bank. To process the payment, Translink provides the Technical data and the Payment reference number to EMS and your Bank. 

During the Travel day Translink debits the amount due for travelling if the amount surpasses a predetermined limit as set by the Public transport operators. The amount due for all journeys will then directly be debited against your balance. After a successful payment any other journeys you will make will be presented to the Bank during the night following your Travel day, unless the predetermined limit will be surpassed again.

Upon successful payment, you can see the amount debited on your (digital) account statement. You will receive a unique Payment reference number for each day you travelled, on your account statement. This number is created uniquely per daily payment and is preceded by the letters ‘NLOV’. You can find your account statement by logging in to your secure Banking environment.

Because you can use different services with your Payment reference number and related amount, it means that sharing these with another person or organisation, they/ these can get insight in the trips made by you.

 

Paying with your OV-pas

When checking in and out with an OV-pas, Translink calculates the fare for the journeys you make. Translink also settles the payment for the travels you made. After checking out the balance of your OV-pas will be charged immediately for the costs related to your travel. A successful payment is directly visible in the OV-pay app and at www.ovapy.nl. 

 

An unsuccessful payment

If the payment with the Debit Card is unsuccessful, for example because the balance is too low, we will block the travel function associated with the Debit Card temporarily. You can then no longer travel with your Debit Card until the outstanding amount has been paid.  

 

Amount due for Debit Card

Translink may issue repeated payment requests to debit the amount due from your Debit Card account within a period of 62 calendar days. The block will be lifted if the payment is successful. During this period as well as afterwards as a traveller you can also pay the outstanding amount yourself. 

To do so, you have to offer your Debit Card to a card reader of a Public transport operator. Via Translink a payment request will be made to your Bank;

You can pay the outstanding amount in the OVpay app via your account. Via EMS a payment request will be made to your Bank;

You can pay the outstanding amount in the RET App via your account. Via EMS a payment  request will be made to your Bank.

 If the payment succeeds for one of those methods, you will then be able to travel again with your Debit Card approximately 15 minutes later.

 

Amount due for OV-pas

You can lift the blocking of your OV-pas by paying the amount due in the OVpay app. Via EMS a payment request will be made to your Bank. If the payment succeeds, you will be able to travel again with your OV-pas approximately 15 minutes later. Please notice that to be able to travel with an OV-pas you need a required minimum balance on the OV-pas as determined by the Public transport operator you like travelling with.

 

Summary reports

All Public transport operators receive each daily summary reports from Translink in order to check the accuracy of their own transactions and payments, to detect and correct potential mistakes and to safeguard the integrity of the public transport system. These are reports on transactions (such as check-in, check-out or failed tap), journeys (combining a check-in with a check-out) and payments relating to the specific Public transport operators. Translink ensures that every Public transport operator receive daily all payments made for all travels made by Cards. 

 

Block on travel use

The block on using a Card to travel can be checked by offering your Card to a card reader of a Public transport operator and pay notice to the notification on the display or by contacting OVpay Customer care. While any travel use of the Card is blocked, you can of course always use another regular (Transport) Ticket for travelling by public transport.

 

D. Service

We do understand that you may have questions about a journey, invoiced costs or a missed check-in or check-out. Or perhaps you’d like to see the previous journeys you have undertaken. You can view and request (parts of) your journeys 

In the HTM App or via the HTM Customer care;

Through the OVpay website, OVpay App and OVpay Customer care.

For us to help you, you will need to have for your Debit Card the Payment reference number in combination with the corresponding amount of your account debit. We do not know your Debit Card number, nor can we search your IBAN. Regarding the OV-pas we require the card number and verification code. Both are printed on the OV-pas.

 

App and website

Within both the HTM App and the OVpay App, you can link one or more of your Cards to the App. You first create an account with your own password. The linking can be done in several ways:

1. For the Debit Card you can enter your Payment reference number and corresponding amount in the RET app or OVpay app. This however only works within 31 days of travelling and when you made a contactless payment for your travel. To link an OV-pas the card number and verification code are required;

2. Another way to link a Debit Card in the OVpay app is by entering the PAN and expiration date of your Card at your account and then use your card for travelling;

3. Furthermore, you can also enter your IBAN and expiration date of your Debit Card at your online account and then use your Debit Card for travelling within 60 days. An OV-pas can’t be linked in this way.

 

Via your online account it is amongst others possible to check if you did check-in and/ or check-out, the fare for travels you made and your payments, payments status and any contingent blocking of your Card. In the Ovpay app you can also correct any missed check-ins or check-outs and pay for any outstanding amount for travelling.

In the OVpay app you can also view all travel history of the journeys you have made in the past 18 months using your Card for all public transport services. In your account of a Public transport operator (web or App) you can only view the journeys you made with that Public transport operators using your Card, also for the past 18 months. 

In the OVpay app and in the HTM App you can create a Discount profile ‘age discount at bus, tram and metro’ to benefit from a discount if this is applicable to you.

 

In the HTM App and OVpay app, you can also set to receive notifications when checking in and checking out and additionally in the Ovpay app also to receive notifications for any outstanding amount. At www.ovpay.nl you can view the journeys relating to that specific payment for your Debit Card, with a Payment reference number and corresponding amount.

Via the OVpay app you can view and charge your OV-pas balance. If you lost your OV-pas, it has been stolen or is defect, you have to report this via the OVpay app.

 

Customer care

Questions about travelling with a Card can be put to the Customer care of HTM or the OVpay Customer care. Customer care employees cannot view your Card (payment account/ balance) details. A Customer care representative will always ask specifically for your details if this is necessary in order to answer your questions.

 

Cross Service

The Public transport operators and Translink have signed mutual agreements so that any Public transport also can help you with questions about a journey with other Public transport operators. It has been agreed that you may contact the Customer care services of any Public transport operator with questions concerning all the journeys and transactions you have made over the past 62 days (by phone or at a service desk). Questions about a missed check-in or check-out can be put to the OVpay Customer care. Our service staff are only given access to the data they need to answer your questions.

 

E. Inspection

Everyone using public transport must have a valid Ticket. If you check in with a Card, your Transport Ticket has been linked to your Card via a registration at Translink. Special detection inspectors (‘BOA’ in Dutch) conduct regular checks in the vehicles/carriages and at stops and stations, to check if passengers have a valid Ticket. This includes conducting checks on the validity of your Personal product and Discount profile. If an inspector wishes to check your Ticket, you must present your Card to the inspector’s ticket reader.

 

To enable the inspector to provide you with courtesy and/or service, the inspector will ask your specific permission to do this. The inspector can then view the last ten actions involving the use of your Card for public transport on their device (up to a maximum of 62 days ago). This data is displayed on the device for a maximum of five minutes, but will disappear earlier if another Card is held against the card reader.

 

When using a Personal product or Discount profile, then this will be visible at inspection for the inspector. This product or profile is however only visible when it is applicable for your current journey. In all other cases, this product or profile will not be visible for the inspector. 

 

If the data provided by you for the Personal product or Discount profile are not correct, the inspector can block this Personal product or Discount profile. You are then unable to further use it. At the OVpay app, via OVpay customer care or the customer care of the public transport operator you travelled with you can correct your data, after which you are again able to use these.

 

An inspector may confiscate or block an OV-pas on behalf of Translink if it has been reported lost or stolen; you attempt to travel with an OV-pas whose validity date has expired; you act in breach of these OV-pas terms and conditions; and/or there is a suspicion of fraud or misuse of the OV-pas and/ or products linked to the OV-pas.

 

2.2. Basis for data processing

Checking in and out using a Card is the basis for the Processing of Personal Data. The legal ground for doing so is the performance of an agreement. This is a transport agreement to which the [AV-S] [AVR-NS] apply as well as either the ‘OVpay Check-in/out Terms and Conditions using your Debit Card and Credit Card’ or the “terms and Conditions OV-pas’. This depends on the card you are using.

 

The provision of Cross Service (see E. Service/Cross Service) is based on the legitimate interests of the Public transport operators and Translink. We would like your questions to be answered as well and as efficiently as possible via just one service point rather than several. It is in your interests as a traveller, as well in the interests of the Public transport operators and Translink, that we can handle your questions about travelling with several Public transport operators properly and efficiently. 

 

Managing notifications for checking in, checking out and outstanding amount in the RET App, OVpay app and Ovpay website is based on your consent.

 

Translink has a legitimate interest for managing deny lists of Cards. Translink is distributing these to Public transport operators enabling them to check if a Card is eligible for usage in public transport (see also B/ travel/ validity of Debit Card or OV-pas).



2.3. Who are the Controllers? What Personal Data do we use?

Your Personal Data is Processed by HTM and Translink. The Public transport operators and Translink are Joint controllers for processing Personal Data relating to travel using your Card. The conditions are established in a mutual agreement between the Public transport operators and Translink. The joint controllership relates to the following processes and the associated Personal Data:

 

 

Process: Tapping

Legal ground: Performance of a contract

Purpose: Status check Debit Card or OV-pas and validation of travel transaction 

Retention period: Maximum of 24 hours

Personal data: Technical data (PAN, PAN serial number and validity date); Tap data

 

Process: Processing taps (Transaction processing)

Legal ground: Performance of a contract 

Purpose: Processing of taps; Qualifying of taps: tap-in/ tap-out/ tap driven debt recovery;

Compiling journeys based on check-in/check-out; setting the price for a journey; preparing travel transaction data/ tap driven debt recovery for payment;

Parting trips and creating synthetic split-trips per Public transport operator to be able to allocate split-trips to the correct Public transport operator and to determine the fare.

Retention period: 18 months

Personal data: Technical data (PAN, PAN serial number and validity date); pseudonymised tokens; Travel transaction data

 

Process: Central traveller support (self-service) - without or with service account

Legal ground: Performance of a contract 

Purpose: Providing passengers with insight into travel and payment transactions and outstanding debt via OVpay website and App; Facilitating missed check-out via website and App or OVpay Customer care.

Creating discount profile to receive discount at urban and regional transport when travelling with a Debit card; 

Purchasing a (personal) discount product and applying such when travelling with a Debit card or OV-pas.

Retention period: Until service is provided; no data is left behind on the website or in the App. Until the data is nog loner required for a discount profile or discount product.

Personal data: Payment reference number; Payment transaction data; Outstanding debt; Travel transaction data,  pseudonymisation tokens; name, or name, date of birth and/ or photo. 

 

Process: Decentral traveller support (self-service) - with service account at Public transport operator

Legal ground: Performance of a contract 

Purpose: Providing passengers with insight via website/ app of Public transport operator into:

- travel and payment transactions at the Public transport operator (transactions in the last 18 months);

- outstanding debt and related underlying transactions (if relevant) at other Public transport operators

Retention period: Until service is provided; no data is left behind on the website/ in the app

Personal data: Payment reference number; outstanding debt; travel transaction data

 

Process: Decentralised traveller support via customer care - cross service

Legal ground: Legitimate interests of Public transport operators and Translink

Purpose: Via Customer care (counter or telephone) of Public transport operator to inform about:

- outstanding debt;

- travel transactions and payment transactions at other Public transport operators (cross service) (last 62 days)

Retention period: Until service is provided, Public transport operator’s Customer care only has view on transaction data 

Personal data: Payment reference number; Payment transaction data; Outstanding debt; Travel transaction data

 

Process: Inspection/checking of valid ticket

Legal ground: Performance of a contract 

Purpose: - Based on check-in/check-out with Debit Card Checking checking whether a passenger has a valid electronic Ticket when using public transport and if applicable checking the validity of the discount product and/ or profile;

- If there is no valid check-in, verification of the last ten public transport transactions with the same payment card in order to determine follow-up action by the Public transport operator (‘granting discharge’)

Retention period: Data will automatically be deleted as soon as the inspection device receives a reply that the Debit Card has been checked in/out and 5 minutes have passed, another Debit Card or OV-Pas is presented for inspection, or the inspection (app) is closed.

Personal data: Technical data (PAN, PAN serial number and validity date); pseudonymisation tokens; Travel transaction data; products; name or name, date of birth and/ or photo

 

Process: Mobile service to passengers

Legal ground: Performance of a contract; legitimate interests of Public transport operators and Translink

Purpose: Upon request from a passenger, the inspector/BOA can scan the Debit Card or OV-pas to provide information on the last ten travel transactions made on public transport using the same card.

Retention period: Data will automatically be deleted as soon as the inspection device receives a reply that the Debit Card or OV-pas has been checked in/out and 5 minutes have passed, another Debit Card is presented for inspection, or the inspection (app) is closed.

Personal data: Technical data (PAN, PAN serial number and validity date); pseudonymisation tokens; Travel transaction data

 

Process: Composing and delivering of feedback reports regarding processing of travel transactions

Legal ground: Legitimate interest Translink; legitimate interest and legal obligation Public transport operators

Purpose: Safeguard integrity of the public transport system (e.g. validating transactions) and administer contract of carriages, financially closing the loop of transactions as well as enabling financial administration and accountability 

Retention period: 18 months (legitimate interest); 7 years (legal obligation)

Personal data: Travel transaction data (such as check-in/check-out; date/time; location; means of transport; journeys and prices per journey); pseudonymisation-tokens; 

 

Translink and Bunq

Translink and Bunq are Joint controllers for processing Personal Data relating to producing and delivering the physical OV-pas. The conditions are established in a mutual agreement between both parties. The Joint controllership relates to the following process and the associated Personal Data:

 

Process: Producing and delivering physical OV-pas

Legal ground: Performance of a contract

Purpose: Producing and delivering a physical OV-pas.

Retention period: 30 days (name and delivery address); 

Personal data: Name and delivery address; pseudonymisation-tokens; Technical data (PAN, PAR, validity date, card number, card verification code).

2.4. With whom do we share your data?

Both Public transport operators and Translink make use of the services of Processors. Each always signs written agreements with external parties (such as IT suppliers) who process Personal Data on our behalf. We do this each by entering into a so-called ‘processor’s agreement’, in which among other things we stipulate agreements about the security of your Personal Data and about the use of the Personal Data.

 

Translink engages the services of EMS for handling payments with your Bank. To process the payment, Translink provides the Technical data and the Payment reference number to EMS who Processes this data in its capacity as Controller.

 

Translink makes use of the services of iProov  for taking your photo in the OVpay app. This photo is required to apply for age discount as part of a Discount profile for bus, tram and metro. iProov Processes this data as a Processor. 

 

Translink makes use of the services of Thales  for issuing and producing the physical OV-pas. Thales Processes these data as a Processor. Translink provides to PostNL your name and delivery address to enable to deliver the OV-pas ordered by you. PostNL Processes these data as a Controller.

 

In certain cases, the Public transport operators and Translink have the obligation bases on legal obligations to share your data with third parties. 

 

In certain cases, such as a suspicion of fraud or misuse of a Card or Personal product(s), Translink and/ or Public transport operators can share personal data with each other and/ or third parties such as law enforcement or the Bank which issued your Debit Card.

2.5. Security of Personal Data

The Public transport operators and Translink will secure your Personal Data, for example against unauthorised access, loss and theft. All parties have policies in place for making public transport payments using the Card in such a way that an appropriate level of security is applied by default.

 

The Public transport operators and Translink apply PCI DSS for the security of Card details. This is an international information security standard. The standard seeks to protect payment card details and prevent misuse of card information and, by extension, damage.

 

Your Technical data will only be processed in card readers at HTM and in the central administration system of Translink in pseudonymised form.

 

2.6. Automated decision making

Automated decisions are taken in three cases:

 

1. A fare that is still owed

As a passenger you always have to pay the fare that is due. If the processing of your payment fails, the (travel function of the) Card will automatically be blocked. You can then still check out for a journey, but you cannot check in for a new journey.

 

You may object to this automated decision whereby your Card is blocked. The reason for blocking the Card will be reviewed by OVpay Customer care, and the Card will be unblocked if warranted.

 

2. Debit Card blocked by a Bank

If a Debit Card, which has been used in public transport, has been reported stolen or missing by a Bank, or if there is another reason why the card has been blocked by the Bank, the travel function of the Debit Card will also automatically be blocked. For your Debit Card this is also part of the General Terms and Conditions for using your Debit Card that you have agreed with your Bank.

 

The Public transport operators and Translink cannot change this block. If you have any questions about this, please contact your Bank.

 

3. A lost or stolen blocked OV-pas

 

If an OV-pas has been reported stolen or missing at Translink, or if there is another reason why the card has been blocked by Translink, it will automatically be blocked. This can’t be undone. Also when retrieving the OV-pas at a later moment, a new one still has to be ordered. This is part of the ‘General Terms and Conditions OV-pas’.

 

2.7. Contact Point for questions regarding, or exercising your privacy rights, when travelling with a contactless Debit Card or OV-pas.

Questions.

If you have any questions about the Processing of your Personal Data in relation to travelling with a Debit Card or OV-pas, you can get in touch with the points of contact at HTM and Translink.

 

In principle, HTM and Translink can only answer specific questions by using the features of your Debit Card or OV-pas. If you have created an account in an App, if you have linked your Debit Card or OV-pas to this account and if you have provided Personal Data, HTM or Translink will be able to service you as well based on these data. Before getting insight in your travelling data, you have to provide a Payment reference number and corresponding amount.

 

For general questions about trips with a Debit Card or OV-Pas, contact OVpay customer service on telephone number 0900-1433 or use the contact form at www.ovpay.nl/contact

 

If you would like more information on how HTM or Translink handles your Personal Data, please contact the Data Protection Officer of either organisation:

 

For HTM: gegevensbescherming@htm.nl, for Translink: fg@translink.nl

 

3. Privacy Information Management

What do we use your data for? 

HTM, the other public transport companies and Translink want to ensure that the public transport system runs as efficiently and effectively as possible. That’s why the public transport companies and Translink have an interest in understanding more about the travel patterns of travellers.

This insight is also important for third parties – for example, government organisations that are tasked with (public) transport and are committed to improving services for travellers. We gain this insight by conducting statistical research. HTM, the other public transport companies and Translink (together ‘we’, ‘us’ or ‘our’) have jointly decided which personal data may be used to gain this insight and how that data may be used. We also call this Information Management. These arrangements have been set down in a cooperation agreement between the public transport companies and Translink.

 

The public transport companies and Translink are jointly responsible for processing personal data for the purpose of Information Management.

 

Which personal data do we use? 

We only use what is called ‘transaction data’ to conduct statistical research into the travel patterns of travellers. When we process your customer data, such as your name or date of birth, we do not use that data for statistical research. Below you can read which personal data we process for statistical research when you travel with an OV-chipcard, debit card or other ticket. 

 

We only use what is called ‘transaction data’ to conduct statistical research into the travel patterns of travellers. When we process your customer data, such as your name or date of birth, we do not use that data for statistical research. Below you can read which personal data we process for statistical research when you travel with an OV-chipcard, debit card or other ticket. According to the privacy legislation, we are permitted use transaction data for statistical research because this is necessary for our legitimate interest and the legitimate interest of third parties such as government organisations. The legitimate interest is to optimise public transport and to improve the services provided to travellers.



OV-chipcard 

Transaction data is created when you check in and out with a transport company with your OV-chipcard. This information is used to process your travel transactions. The transaction data is read using your card’s the chip ID. You can find the transaction details in the transaction overview of your OV-chipcard (at Mijn OV-chipkaart.nl).

We store the transaction data for statistical research in a separate database at Translink. Before we store the data there, we ensure that the data is pseudonymised. During this pseudonymisation process, the identifying characteristics in the data are encrypted. This means that the data cannot be traced back to a person without the use of additional information. After the data has been pseudonymised, Translink creates research files on behalf of public transport companies. This involves a set of statistical data. Translink or other specialised companies can use these aggregated, statistical research files to create information products. These research files and information products do not contain any personal data.

 

Debit card 

Transaction data is generated when you check in and out with a transport company using a payment card. This information is used to process your travel transactions. You can find the transaction data with your debit card in the OVpay app. If you do not use the OVpay app, you can view the transaction data with your payment card on the OVpay website. Here you can enter the ‘service reference ID’ that is specified on your bank statement for public transport trips.

We store the transaction data for statistical research in a separate database at Translink. The transaction data with a debit card cannot be traced back to a particular person without the use of additional information. We commission the creation of research files under the management of Translink. This involves a set of statistical data. Translink or other specialised companies can use these aggregated, statistical research files to create information products. These research files and information products do not contain any personal data.

 

Central point of contact 

We have set up a central point of contact where you can ask questions about the way your data is processed in order to create research files and information products. You can contact us at privacy@ov-chipkaart.nl; here you can also submit a request to exercise your GDPR rights.

If you do not want us to use your transaction data for statistical research into travel patterns, you can indicate this by sending an e-mail to privacy@ov-chipkaart.nl. You can apply for the form by sending an e-mail to privacy@ov-chipkaart.nl.

 

With whom do we share data? 

HTM, the other public transport companies and Translink employ the services of processors. We always make written agreements with processors by entering into a ‘processing agreement’ in which we make arrangements about the security and use of your personal data. Pseudonymisation makes it more difficult to link the data to individuals.

Translink or other specialised companies can use the research files to create information products. In this way they can identify trends in passenger flows, for example, which can then be used to determine where new public transport routes should be located. We may pass on these types of information products to government agencies or third parties in the field of (public) transport that are tasked with improving services to travellers. The information products do not contain any personal data.

We do not pass on your personal data for this purpose to legal entities or persons outside the European Economic Area.

 

For how long do we store your data? 

We store the transaction data and the pseudonymised transaction data for a maximum of 18 months after your trip.

See also: Data analysis (translink.nl) for more background information.



4. Privacy of HTM website and apps

Data about the use of the HTM website (htm.nl), the apps (HTMapp and HTM Fietsapp) and the feedback we receive from our visitors helps us to further develop and improve our website and apps.

 

4.1. HTM Website

Click behaviour 

General statistical information about the use of our website is stored on our website. This information is used to find out how many people visit the HTM website, how much time they spend on the website, which pages are visited the most, which information is downloaded the most, etc. In this way, we can optimise the design of the website so that we can further improve our services on the website – for example, to provide our customers with more targeted information.

Personal data is never recorded through the internet without the explicit instructions or consent of users – for example, when they are requesting information.

 

Use of cookies 

Visitor data is recorded on the website to measure visitors’ interest in the various site components. This enables HTM to adapt the website to the interests and experiences of visitors, while making access to and use of the website easier. HTM uses temporary cookies to do this. A cookie is a small file that is stored on your computer’s hard drive. Cookies do not contain any personal data. Cookies can be disabled in every web browser (Chrome, Internet Explorer, Safari and Firefox). All the pages on our website are still readable but there may be a drop in functionality.

 

Google Analytics 

We use the Google Analytics pixel but make sure that the information that it measures is rendered completely anonymous. The IP address is automatically anonymised and this information is never shared with third parties, including Google itself. We do not create profiles based on user behaviour for marketing purposes nor do we track data across multiple devices. The cookie that is placed on your device expires when the session ends.

 

4.2. HTM app(s)

HTM offers some of its services by means of apps. To ensure that the app functions properly, HTM may request permission to access and process certain personal data while the app is being installed. The collection and processing of this data via the apps is also covered by this privacy statement.

 

HTM does not track click behaviour and/or store cookies in the HTM app. 

 

GPS positioning

There is an option to activate GPS positioning in the HTM app. You are then granting permission 

to plan a trip from the location in question. The rights can be changed again by you the user.

 

Notifications (in the Favourites section)

The HTM app includes a Favourites section. Here you can specify your favourite transport lines and any subjects about which you wish to receive more information. You can switch this function on and off yourself. 

 

Purchasing barcode tickets in the app 

The app includes the option to purchase and pay for barcode tickets. 

 

HTM uses third-party processors to process barcode tickets. To ensure that your personal data is treated confidentially, HTM has entered into a processing agreement with these third parties. 

Tapconnect is HTM's mobile ticketing supplier, while Buckaroo is HTM's payment platform and in that capacity is a processor for HTM.

 

After payment to Buckaroo, you receive an overview of the tickets you have purchased in the HTM app under the heading Tickets. Please note that if you delete and reinstall the app, the ticket will no longer be valid or visible. 

You need to activate the 2-hour card before use. The day ticket is valid straight away. 



Legal basis and purposes of data processing for barcode tickets

HTM must process your data in order to implement the agreement with you for the

purchase and use of the HTM barcode feature while travelling.

As part of the agreement, HTM processes your data in order to:

provide the agreed services

provide customer service in response to your questions or requests – for example, for

your purchases and trips

send information about the use of the HTM barcode function and

the products and services offered through this website

improve services, which also includes recording information in

anonymised and aggregated format in management information and reports

maintain financial record-keeping and conduct

audits. 

 

4.3. Social media (Facebook and X (formerly Twitter) also accessible using the HTM app and HTM website)

The website contains buttons to promote (‘Like’) or share (Direct Message, DM, ‘Tweet’) web pages on social networks such as Facebook and X (formerly Twitter). These buttons work by means of pieces of code that come from Facebook or X. This code is used to place cookies. HTM has no influence over this process. Read the privacy statement of Facebook or X (which may change regularly) to find out how they process (personal) data using these cookies.

 

4.4. Technical security

HTM uses security technology in order to optimally protect personal data against unauthorised access or use. This security complies with the requirements of the GDPR.

 

4.5. Privacy policy of third parties

The website contains links to websites of other organisations, such as ov-chipkaart.nl and denhaag.com. HTM is not responsible for the way these parties use personal data.

 

4.6. Contact and questions

Questions about our cookie consent or changes to details are handled by our customer service. We make sure that the information is changed within one month.

 

5. Privacy and HTM camera surveillance

 

One of the measures that HTM takes to improve the safety of our travellers is to carry out surveillance, which includes the use of cameras. This is an important tool for investigating and prosecuting criminal offences and unlawful acts. This camera surveillance increases not only your safety but also the safety of our property and employees. The camera images are also used to investigate and reconstruct accidents. Wherever camera surveillance is being used, this is indicated by means of images on stickers.

 

Camera surveillance in trams, buses and at stops

There are cameras in and on all HTM trams and buses. This camera surveillance in the trams and buses is intended to increase the safety of employees and travellers and to protect HTM's property. The camera surveillance at the stops is intended to increase public safety at the stops and to prevent unwanted or unsafe behaviour by travellers.

We use the recordings (image and sound) to investigate and prosecute people who have committed a criminal offence or an unlawful act. The recordings can also be used in the event of injury, material or immaterial damage as a result of a criminal offence or unlawful act, and to provide training to employees working in camera surveillance.

The camera images are viewed live by employees who are specifically authorised to do so and have a confidentiality obligation. This takes place in an area that is not accessible to other employees.

 

Bodycam Some BOA inspectors wear a bodycam. These bodycams are aimed at increasing the public safety of employees and travellers and protecting HTM property. We use the bodycam recordings to trace and prosecute people who have committed a criminal offence or an unlawful act. The recordings can also be used in the event of injury, material or immaterial damage as a result of a criminal offence or unlawful act, and to provide training to employees working in camera surveillance.

The camera images are viewed by employees who are specifically authorised to do so and have a duty of confidentiality. This takes place in an area that is not accessible to other employees.

 

The camera images are used to:

Protect people against crime, nuisance and accidents; 

Protect stops, buildings, garages, grounds, yards, vehicles, platforms and all the items they contain against theft, burglaries, vandalism and the like; 

Support the emergency services in case of emergencies; 

Conduct crowd control at events and at peak times; 

Serve as evidence when a crime is reported to the police; 

Support a criminal investigation by the police based on advanced images; 

Support investigations by the Safety Department after incidents; 

Register damage.

We also use camera images to train employees who are tasked with processing camera images. Camera images are also used to investigate and reconstruct an accident. 

 

Which personal data is processed?

Cameras capture images on which persons (and sometimes sound) are recorded. When

incidents occur, we can then act quickly to detect and prosecute criminal offences and unlawful acts. The

camera recordings are only procured, viewed (and, where necessary, listened to and

saved) if an incident has occurred.

Only employees authorised by HTM management are permitted to view the images (and listen to the sound). This takes place in an area that is not accessible to other employees. If the camera images are useful for a criminal investigation and/or prosecution, only authorised employees are allowed to secure those camera images. The employees concerned have a confidentiality obligation.

 

Working method in the event of a (possible) incident

If there is an incident that may require follow-up (such as reporting it to the police), we immediately make a note of the time. The recordings around the noted time are then viewed and listened to as soon as possible. If HTM decides to report the incident to the police, HTM will provide the recordings to the police as (supporting) evidence. In addition, on request the recordings can also be made available to the law enforcement agency within the legal frameworks.

 

Legal basis and objectives of processing camera images

The legal basis on which HTM processes camera images is a legitimate interest or compliance with a legal obligation. Without camera images, it is not possible to investigate incidents later or to guarantee the safety of our travellers and employees. We believe that this interest outweighs any infringement of the privacy of a traveller or employee. In addition, we take safeguards to protect your privacy: we store all images securely and ensure that only authorised employees have access to the images.



How long do we keep the data?

We keep the recordings from the vehicles and bodycams for a maximum of 24 hours if no incident has taken place. Camera images of stops are kept for a maximum of 72 hours if no incidents have been reported. Camera images of the stops at the Central Station and Hollands Spoor locations are kept for 28 days.

 

With whom do we share the personal data?

If there has been an incident that we want to report to the police and we expect the images to provide (supporting) evidence, then we view the camera images as soon as possible. In addition, we must also make the camera images available to the (investigating) agencies within the legal frameworks if they request them on the basis of legal authority. This includes the police, the General Intelligence and Security Service (AIVD), Inspectorate SZW, the Human Environment and Transport Inspectorate (ILT), insurance companies and lawyers and the judicial authorities in the case of legal proceedings. For cases involving claims, camera images are made available to the insurers who handle claims for RET.



6. Damage, investigation and recovery



HTM does everything in its power to convey travellers to their destinations as safely as possible and to ensure a safe working environment. Unfortunately, incidents occur that result in personal injury or damage to equipment or the property of HTM or others. 

 

What do we use the personal data for?

HTM uses personal data to investigate the circumstances and consequences of an incident – for example, to determine the cause of the incident and identify the liable party, draw up witness statements, test the legality of a claim and determine the extent of the damage. The investigation results can also be used to take measures that can help prevent future incidents. 

 

Which personal data is processed? 

The contact details of claimants, witnesses, experts, representatives, claims handlers, lawyers and other parties concerned. In addition, travel data, camera images and licence plate numbers can be processed or, in the event of personal injury, medical, personal and financial data. Only employees involved in handling claims have access to this data. The data is stored in separate systems to which an authorisation policy applies. 

 

Legal basis of processing 

The basis on which personal data is processed in the context of handling and preventing claims is HTM's legitimate interest and/or your permission for the use of your personal data.  Without data it is not possible to investigate incidents, handle claims or prevent further claims. This is also in the interest of the person who has been adversely affected by the incident. HTM has a business interest in dealing with claims properly: to represent its financial interests in the best possible way, to provide the insurance company with information and to prevent future incidents as much as possible. We believe that this interest outweighs any infringement of the privacy of persons involved in the incident. In addition, we take safeguards to protect your privacy. We store all data securely and only employees involved in handling claims have access to the data. 

 

How long do we keep the data? 

The retention period is 10 years for damage to material items and 30 years for personal injury. 

 

With whom do we share the personal data? 

The personal data in a claim file is only shared with the parties involved in handling the claim, such as accident experts, medical experts, damage assessment agencies, lawyers, insurance companies and the authorities to which a dispute has been submitted in the context of the dealing with the claim.




7. Implementation of the Police Data Act

 

HTM employs special investigating officers (‘BOAs’) to maintain public safety in and around the public transport system. 

 

What do BOAs do?

Among other things, BOAs check at stations and in vehicles whether travellers have a valid ticket. BOAs also monitor public order and compliance with legal provisions, travel regulations and the conditions of transport. BOAs take enforcement action in the event of violations.

When a BOA processes personal data for the performance of his/her police duties (such as investigating criminal offences and maintaining public order), the Police Data Act and not the GDPR applies. This also means that BOAs are no longer processing personal data but rather police data. Like the GDPR, the Police Data Act stipulates requirements for the processing of police data.

 

For what purpose do we process personal data in the context of the Police Data Act?

We process police data under the Police Data Act for various purposes. 

These purposes are stipulated in Article 8 of the Police Data Act. 

This includes:

• Filing an official report if a passenger has committed a criminal offence or is travelling without a valid

ticket (fare evasion).

• Handling, administering and financially settling payments related to official reports, such as

agreeing to objections, applying the leniency scheme, applying reductions and

repayment schedules.



Which personal data is processed in the context of the Police Data Act? 

When apprehending travellers and/or filing an official report, we collect contact details, the place and date of birth, a description of the criminal offence with the time and place, the Citizen Service Number (BSN) and the ID type and number. We also collect financial data when a fine must be paid for fare evasion and/or when drawing up a repayment schedule.

You can submit an objection or leniency request to us in relation to an official report. In addition to the

information included in your request, we then collect contact details, the place and date of birth, a copy of the OV-chipcard and/or OVpay payment receipt details and the official report number.

 

Legal basis of processing

The basis on which the BOAs process your police data under the Police Data Act is the performance of their daily

policing tasks (Article 8 of the Police Data Act).

The BOAs process personal data on the basis of the following:

• Code of Criminal Procedure;

• Special Investigating Officer (BOA) Decree;

• General Municipal Bye-law (APV).

 

Finally, the BOAs process personal data for the implementation of the agreement. This is subject to the following regulations:

• Passenger Transport Act and Decree 2000;

• Transport conditions for urban and regional transport;

• HTM travel regulations.

 

For how long do we store your personal data?

The model below indicates the storage periods and the powers held by an investigating officer/BOA within these statutory time limits.



 



The maximum time within which the police are permitted to process personal data according to Article 8 of the Police Data Act is 10 years. 

In addition, HTM also stores camera images (see the above section dealing with cameras). 



With whom do we share the personal data?

Only authorised employees are allowed to access this data. They may only view the data they need

for their work. Occasionally, we may grant access to the police or municipal employees. They too

are only allowed to access the data that they need for their work. The actions of employees in systems

are logged. In this way, we keep track of the people who perform a particular action at a particular time in a particular

file.

When an official report is being filed, we check your details with the Personal Records Database (BRP). We do this again after sending the first payment reminder for a fine for fare evasion.

Sometimes it is necessary for HTM to provide your personal data to third parties. For example, to the Central Fine

Collection Agency (CJIB) if you have not paid your fine on time, or to the Public Prosecution Service (OM) or the police in connection with an incident for which HTM is pressing charges.

 

What are your rights under the Police Data Act?

Your rights under the Police Data Act differ from those under the GDPR. You have the right to view

the personal data that HTM processes about you under the Police Data Act. You can request a written overview of your personal data from HTM by sending an email to gegevensbescherming@htm.nl.

 

If your personal data under the Police Data Act is incorrect or incomplete, you can ask HTM to change that data. You can also have personal data deleted or ask for the processing of your personal data to be restricted. In addition, you can object to or appeal against the filing of an official report and the fine that was imposed (see the regulations for this on the HTM website).

 

You will receive a message from us when your request for correction, deletion or limitation of the processing your data

has been granted.

 

We have the right to reject your request if:

• It could impede judicial investigations or proceedings;

• It could have a negative impact on the prevention of criminal offences or on an investigation,

inquiry, prosecution or the imposition of penalties;

• Public safety is at risk;

• The rights and freedoms of third parties are being violated;

• National security is at stake;

• HTM has a legal obligation to retain this personal data;

• The request appears to be unfounded or excessive.

 

---------------------------------------------------------------------------------



Changes HTM reserves the right to change this text, where necessary. The changes will always be in accordance with the GDPR.

 

HTM Personenvervoer NV 

Koningin Julianaplein 10 

2595 AA The Hague

Registered in the Trade Register of the Chamber of Commerce under number 27014495



Privacy statement HTM updated: June 2024