We purchase services from third parties for which purpose personal data are processed.
Personal data categories
- Name and address
- Identifying data
- Data required for communication
- Financial data
- Contractual data
- Procurement procedure data
We process these personal data because we have a legitimate interest in being able to purchase products and services (Article 6(1)(f) of the GDPR).
In some cases, we provide these third parties with access to personal data. Such a third party may be a processor, an independent controller or a joint controller. In all cases, we will enter into an agreement with such a party, in which responsibilities arising from the GDPR are laid down. Employees of service organisations who are given access to our data or value may be subject to screening.
If insourced staff are under the authority of a DNB manager, then the processing operations that apply to employees also apply to them. In the case of important purchases, an investigation may be held under the Public Administration (Integrity Assessment) Act (Wet Bibob).