The most important rules for handling personal information in The Netherlands are laid out in the AVG (Algemene Verordening Gegevensbescherming, the General Data Protection Regulation (GDPR)). The Quin app conforms fully with these guidelines.
The AVG concerns the lawful handling of personal data. The most important provisions of the AVG can be summarized as follows:
Personal details may only be processed in accordance with the law. For the data subject (the person whose data is being processed), how and why personal details will be processed must be reasonable and transparent.
Personal information may only be collected with a justifiable goal. That goal must be specific and described clearly in advance. The reason for which an organization processes personal information must be compatible with why that personal information is collected.
Does a person or an organization process personal details? Regardless, the person whose details are being processed should be aware of the organization or person who is processing these details (the so-called ‘Data Controller’) and the purpose of the data processing.
If organizations process personal data, their starting point should be ‘as little as possible’. That means that, among other things, the processing of the data must suit the purpose for which those data are being collected.
The Data Controller must therefore make sure that the data are correct and updated as and when necessary.
Data processing must be protected in an appropriate manner. Extra-strict rules apply to special data, for instance when they concern race, health and religious beliefs.