Below you will find information on how we keep your personal data secure. This information is updated whenever changes occur.

Summary

  • To record your choice regarding organ and tissue donation, it is essential that your data is correctly stored in the Donor Register.
  • We handle your data securely and comply with the AVG (General Data Protection Regulation).
  • Your data is only shared with organisations that also handle your personal data safely.
  • The CIBG, as an organisation, is responsible for storing your data in the Donor Register. The CIBG is part of the Ministry of Health, Welfare and Sport (VWS). The Minister of VWS is responsible for the processing of your data.
  • We only store strictly necessary data for your registration.

Below you can read more about the security of your data:

  • Your personal data
  • How long your data will be saved
  • Your rights
  • Who can access your data
  • Agreements and rules for your security

Which Personal Data Are Stored in the Donor Register?

Personal data refers to information about an individual. The Donor Register only uses the data required for its purpose. Below you will find the data that are stored in the Donor Register. A part of this information is received from the BRP (Personal Records Database), such as:

  • First name, initials, surname
  • Address
  • City of residence
  • Gender
  • Date of birth
  • Citizen Service Number (BSN)
  • Your choice regarding organ and tissue donation, including if you have not made a choice.
  • Whether you completed your choice yourself or someone else did so on your behalf
  • The name, address and telephone number of the person authorised to decide for you (only if you provide this information yourself)

If you contact us by email with a question or complaint, we use your email address solely to respond to your enquiry.

Why does the CIBG use your personal data?

Your personal data is used to register your donation choice. The legal basis for this is set out in Articles 9, 10 and 10a of the Organ Donation Act (Dutch).

You have several rights that allow you to maintain control over your personal data. For the Donor Register, these include.

Right of access

You have the right to request a copy of the data held about you in the Donor Register.

Right to be forgotten

Individuals aged 12 to 18 have the right to have their data removed from the Donor Register. This is known as the right to erasure. If you are 18 or older, you will always remain in the Donor Register.

Anyone aged 12 to 18 who has made a choice may request removal; in that case, a physician will not be able to view your choice upon your death.

Your data is not immediately removed from the archive. Under the Archive Act, we must retain it for 10 years. After this period, your data is permanently deleted.

Because the donor law requires that everyone aged 18 and older is included in the Donor Register, the right to be forgotten does not apply to individuals over 18.

Right to rectification

You have the right to change your data in the Donor Register.

  1. You can change your donation choice yourself.
  2. Your personal details such as your name and address come from the BRP and cannot be changed through the Donor Register. For such changes, you must contact your municipality.

Right to file a complaint

We do our utmost to handle your data securely. You always have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if:

  • You believe we are using your personal data incorrectly, and
  • This use does not comply with the AVG.

You can file a complaint with the Autoriteit Persoonsgegevens.

Submitting a request

If you wish to know which of your data we use, you may use the AVG request form (Dutch). You will receive a response within 4 weeks.

Depending on your request, we may ask for additional information to verify your identity (for example, control questions or a copy of your ID).

If we request an ID, please ensure your BSN is crossed out. The Rijksoverheid website explains how to safely create a copy using the KopieID app. Any ID copy is destroyed after your request has been processed.

With whom are your data shared?

Your data is shared only with the organisations listed below, under strict rules and agreements:

  • CIBG
    A limited number of CIBG employees have access to the Donor Register data, solely for the performance of their duties.
  • Dutch Transplantation Foundation (NTS)
    The NTS may access the Donor Register only at the time of a patient’s death, and only together with the patient’s attending physician.
  • Physicians and nurses form hospitals
    Physicians and nurses cannot access the Donor Register directly. They receive relevant information from the NTS at the time of a patient’s death.
  • Tax and Customs Administration (Belastingdienst)
    The Belastingdienst handles postal mail for the Donor Register. They use your data to send mail to you and to forward paper forms to the Donor Register.
  • Bureau of Statistics of the Netherlands (CBS)
    CBS receives data once per year to provide statistical information about donor numbers in the Netherlands. No names or identifiable personal data are shared.

Key points

There are four essential principles regarding the security of your data:

  1. Legal basis and purpose limitation
    Your data is only used because the law requires it and solely for the Donor Register.
  2. Minimal data processing
    We request only the information necessary for your registration.
  3. Minimising privacy impact
    The CIBG ensures that the impact on your privacy is as limited as possible.
  4. Retention only as long as necessary
    Your data is retained no longer than required. Registrations are kept for 10 years after death or deregistration from the Netherlands, after which they are deleted.

Rules and security measures

  • Your personal data is confidential. We ensure that only the right people can access your data. They must keep your data secret and have signed a confidentiality agreement.
  • Your personal data is strictly protected. We follow the Dutch government’s rules for information security.
  • We make agreements about the security of your data with various organisations, such as software suppliers and data centres. We check whether these organisations comply with these agreements.

Data Protection Officer (DPO)

The Ministry of Health, Welfare and Sport has an independent Data Protection Officer who monitors compliance with privacy legislation, including:

  • The Personal Data Protection Act (Wet bescherming persoonsgegevens)
  • The General Data Protection Regulation (AVG)

The Dutch Data Protection Authority is the organisation that monitors this.

Questions for the DPO may be sent to: FG-VWS@minvws.nl

Or by post:

Ministry of Health, Welfare and Sport
Directorate for Administrative and Political Affairs
P.O. Box 20350
2500 EJ The Hague

For questions about your rights or complaints, please contact the Dutch Data Protection Authority.

Mission of the Ministry of VWS

The CIBG is part of the Ministry of Health, Welfare and Sport. The ministry’s motto is: ‘The Netherlands healthy and well.’

Caring for people also means caring for their data. This includes data that individuals share with us themselves or that professionals in the field provide. This happens voluntarily or because it is required by law. It may also be done in the interest of our national — and sometimes international — public health. For example, through scientific research or by maintaining registers.

Contact Information CIBG

We are an executive agency of the Ministry of Health, Welfare and Sport. At the heart of healthcare, with a heart for healthcare. We connect the worlds of healthcare professionals, healthcare providers, and people with care needs by assessing, registering, and providing data. This may take the form of information, registration, or licensing. Our goal is to ensure that everyone has access to the right healthcare information — wherever you are, at any time.

On this page, you can find information on how to contact the CIBG.