This is the privacy statement of the Dutch Authority for Digital Infrastructure as the National Cybersecurity Certification Authority (NCCA). The statement explains, among other things, for what purposes we collect and use personal data, which data we collect and what rights you have if we process your personal data.
Who are we?
The Dutch Authority for Digital Infrastructure is the supervisor for digital infrastructure in the Netherlands. The Dutch NCCA is part of the Radiocommunications Agency Netherlands. The NCCA plays a role in certifying IT products, IT services and IT processes in accordance with European cybersecurity certification schemes, and the supervision thereof. The NCCA was set up on the basis of the European Cybersecurity Regulation (Cybersecurity Act, Regulation (EU) 2019/881) and the Dutch Cybersecurity Regulation Implementation Act.
The NCCA’s tasks include certification and supervision. Certification involves approving ‘High’ level certification. Supervision consists of supervising conformity assessment bodies and holders of European cybersecurity certificates. Another of the NCCA’s tasks is handling complaints and reports in its field of activity.
Why do we process personal data?
We only process personal data that can be traced back to individual natural persons, such as citizens, if this is necessary to carry out our work. Our statutory remit determines the purpose for which personal data may be collected and why this may be necessary.
The NCCA is part of the Dutch Authority for Digital Infrastructure. That means that it is also subject to the privacy statement of the Dutch Authority for Digital Infrastructure. This privacy statement contains:
- Information about privacy rights;
- Contact details of the privacy coordinator of the Dutch Authority for Digital Infrastructure;
- Contact details of the Data Protection Officer at the Ministry of Economic Affairs and Climate, of which the Dutch Authority for Digital Infrastructure is a part.