Privacy Statement – Stichting Raad voor Accreditatie


The Dutch Accreditation Council (RvA) processes personal data in order to carry out its duties assigned by law; accrediting organizations that certify, inspect and test. We do this in accordance with privacy laws and regulation such as the GDPR (AGV). In this privacy statement we explain for which purposes we process personal data, in what way, and which security measures are taken. It also indicates how you can make use of your privacy rights, such as the right of access your data.

What is personal data?

By personal data we mean the information that can be traced back to a natural person, for example a name, home address, or an e-mail address, but also the IP address of your computer. The privacy legislation helps to protect the privacy of citizens and also applies to personal data collected via the internet.

More information on the definition of personal data can be found on the website of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Lawfulness and purpose of processing

The RvA may obtain your personal data in various ways. With this privacy statement we explain what type of personal data, the basis of which it is processed and for what purpose. 

Legal obligation RvA

For the execution of our tasks and the agreements made with our customers, or processing of application, the RvA processes personal data of the organizations contact person. This concerns the name, telephone number and e-mail address. The processing is necessary to carry out the statutory duties and the agreement.


When applying for a job, you provide us with your personal data by phone, website, post or e-mail. We may also obtain your personal data through a third party (for example an employment agency of recruitment agency). This includes your name and address, telephone number, e-mail address and the personal data from your application letter and cv.  These personal data are processes for the purpose of acquiring personnel for our organization. We have a legitimate interest to do this; to recruit competent personnel with a good fit for the job and for the organization.

Contact via RvA website

You have the option to provide us with your contact information through the RvA website. This includes, for example, filling out the contact form or the complaint form. It concerns your name, e-mail address and phone number. This information is processed with your consent for the purpose of contacting you, for example, to answer a question or make an appointment. If the contact leads to an agreement, the personal data will be processed in order to be able to execute the agreement.


If you sign up to receive our newsletter, we will process your name and e-mail address with your consent, in order to be able to send you the newsletter. You may unsubscribe from the newsletter at any time.

What personal data do we process?

Processing personal data is necessary to carry out the legal task. The RvA will inform you about the processing of your personal data. We only process data you provide or data you know is already known within the RvA.

The RvA may process the following data:

  • Name and surname
  • Address information 
  • Date of birth
  • Phone number
  • E-mail address
  • Personal data from application letter and cv

How do we handle personal data?

The RvA ensures adequate security of your personal data, in line with the applicable legal requirements and guidelines, including the Baseline Information Security Government (BIO, based on ISO 27001 and 27002).

The RvA processes personal data, solely for the purpose for which it is collected, limited to what is necessary for this purpose. The RvA does not perform automated decision making processes.

The RvA employees have signed a confidentiality agreement and are bound by certain rules regarding the handling of information including personal data.

When and with whom do we share personal data?

The RvA takes the utmost care and restraint in providing personal data to third parties. 

The process of accreditation may entail that the RvA shares data, including personal data, with third parties under its responsibility. These third parties are often individuals who, on the basis of their specific expertise, are called upon by the RvA to carry out accreditation assessment on behalf of the RvA.

The RvA uses third party services to perform its services and processing (personal) data. These suppliers are engaged for, for example, ICT support and phone-services. These suppliers are not allowed to use the personal data for other or own purposes, they are contractually obliged to handle your personal data with care, and they are bound by duty of confidentiality, and meet the requirements arising from the GDPR (AVG). A data processing agreement is concluded with all suppliers.

Furthermore, personal data may be shared with third parties in case of a legal obligation to do so, for example by order of the police, or data for the implementation of tax- and pension law.

How long is your personal data stored?

The RvA will not retain your personal data longer than is necessary, for the purpose the processing or as required under the Dutch law.

Personal data obtained by the RvA for the purpose of a job application will be deleted no later than 4 weeks after the closing of the job application process, in case the RvA does not enter into a contract with you. By your consent the data may be kept for a longer period of time, with a maximum of 1 year. In the case you send an open application and there is no open position that you would like to apply for, the RvA will respond to your application. With your permission, your personal data will then be kept for up to 1 year with a view to possible future vacancies.

If you are subscribed to the newsletter, your personal data will be kept for the duration of this subscription. You may unsubscribe at any time by contacting us. After unsubscribing, your personal data will be deleted within reasonable time.

Personal data necessary for the execution of the agreement that you or your organization has concluded with the RvA, will be kept as long as required by law (fiscal, archival). 

If the contact did not lead to an agreement, the personal data will be deleted within reasonable time.

What privacy rights do you have?

You can make a request in the following situations:

  • You want to know what personal data we process about you (article 15 GDPR/AVG). 
  • You want to have your personal data adjusted (article 16 GDPR/AVG). 
  • You want to have your personal data deleted (not always possible, article 17 GDPR/AVG). 
  • You want us to limit the processing of your data (article 18 GDPR/AVG). 
  • You want to object (article 21 GDPR/AVG).

Contact about your rights

To make a request regarding of your rights, please email:
You may also make a request by mail:

Raad voor Accreditatie
Request privacy rights
Postbus 2768

In the case you make a request to execute your rights as described above, the RvA may ask for your identification. Your contact information provided in doing so, will be used to process your request. The RvA will respond within 1 month. 

You can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) about the way the RvA processes your personal data.

Data Protection Officer

The RvA has appointed a Data Protection Officer (DPO) who is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). The DPO is independent and supervises the compliance and application of the GDPR (AVG). The DPO can be reached via:

Cookie policy

The RvA uses functional, analytical and tracking cookies. A cookie is a small text file, stored in the browser of your computer, tablet or smartphone when you first visit this website. The RvA uses cookies with purely technical functionality. These cookies ensure a proper operation of the website, and, for example, that your preferences are remembered. They are also used to make the website work properly and to be able to optimize it.

The RvA website also saves analytical cookies. These cookies are used to analyse the website and related statistics, to allow the website to be optimized. For this purpose Matomo is used. These cookies are only used to keep track of the number of visitors to the website. 

In addition we place cookies that track your browsing habits so we are able to offer customized content. At your first visit to our website, we have already informed you about these cookies and asked for your permission to use them. All stored cookies can be deleted via your browser setting. You may also adjust your browser settings to no longer store cookies.

Version date

Privacy statement, July 2021