Privacy Statement

Download the full privacy statement (PDF)

Stichting Het Nationale Park De Hoge Veluwe, Stichting Horeca Het Nationale Park De Hoge Veluwe, Stichting Hoge Veluwe Fonds and Stichting Faciliteiten het Nationale Park De Hoge Veluwe (collectively: ‘The Park’, ‘we’ and ‘us’) collect personal data from you in certain cases in our capacity as data controller. Your personal data is all information that can be directly or indirectly traced back to you.

This Privacy Statement outlines the ways in which we process your personal data. If you have any questions after reading this Privacy Statement, please contact our Privacy Department by email at privacy@hogeveluwe.nl.

This Privacy Statement may change from time to time as new developments warrant. The most recent version can be found at www.hogeveluwe.nl. We recommend that you consult this Privacy Statement regularly so you are aware of any changes.

The Kröller Müller Museum is not operated by The Park and has its own privacy statement, which is available here.

What kind of personal information do we process and for what purpose?

The personal information we collect from you varies depending on the situation. In most cases, we receive your personal information directly from you. In some cases we receive your personal information some other way, for example if you buy tickets to The Park on the website of the Kröller-Müller Museum rather than directly from us. Or if you register for certain activities at The Park through our business partners. We may also collect personal data through our social media channels.

We have summarised the most common situations in which we process your personal data below.

Website and social media channel visits:

Website visits: If you visit our website, we may store cookies on the device you use to visit the website. We use functional cookies based on our legitimate interest to ensure the website’s technical functionality. We use tracking cookies only if you give consent for this in the cookie banner; you can find more information about this in our Cookie Statement. You may withdraw your consent at any time. Our website may also contain references or links to other websites. The Park is not responsible for how these organisations use your personal information; please read the privacy statements, if available, of any website you visit.
Website orders: If you purchase tickets or other products through our website, we collect your name, address, email address, telephone number and transaction details. This information is needed to complete the transaction with you. If you purchase a personal visitor card (staff card, business partner card, annual membership card or sponsor/donor card), we will process your date of birth and passport photograph in addition to the aforementioned details. We have a legitimate interest in printing this information on your visitor card as visitor cards are strictly personal. We also process your IBAN account number for direct debit use and, if applicable, financial information about your support or donation (amount and frequency of donation), as well as your Citizen Service Number (Burgerservicenummer), if we are legally obligated to do so.
Newsletter: If you subscribe to our newsletter, we will process your email address and name. Our newsletters contain web beacons, which are small graphic files with a unique ID that enable us to see when and how often you open the newsletter, for which we also process your IP address. We use this information in the legitimate interest of improving the effectiveness and quality of our communications and informing you about specific topics.
Social media channels: The Park has a number of social media accounts on Facebook, Instagram, X and YouTube. You can comment or 'like' posts on these social media accounts and 'tag' us so that we can repost your post on our accounts. In this context we do not process your personal data outside the platform concerned, but we do process it in our legitimate interest of analysing our account’s reach and improving the number of reactions or 'likes' to posted messages.          

Visits to The Park:

When you visit The Park, we may process different types of personal information about you, depending on the situation. Click on the situations below for details.

Visitor survey: If you complete a visitor survey at The Park, your name, email address and telephone number will be processed. We use your visitor survey responses to improve our services and products and do not retain them beyond the time needed to incorporate your responses into our visitor survey results.
Cameras: Cameras are installed at The Park’s entrances and inside The Park itself. We use two types of cameras: surveillance cameras and camera traps in our wildlife monitoring system. See below for more information about both types of cameras:

  • Surveillance cameras: We have a legitimate interest in using surveillance cameras to protect The Park, the property of the Kröller-Müller Museum, our employees and visitors. You will be alerted to the presence of these surveillance cameras in The Park. It is possible that you will appear in camera recordings. Some of these surveillance cameras are operated by the Kröller-Müller Museum. The Park can view such camera recordings in real time and for four weeks after recordings are made. All recordings are destroyed after this four-week period, except if there are any irregularities in the recordings, in which case they may be shared with the authorities.
  • Wildlife monitoring system: The park also uses camera traps as part of a wildlife monitoring system. These camera traps record the movements of animals in the nature park. The cameras are not aimed at visitors. If visitors appear in a recording nevertheless, those images are deleted.

Special Investigating Officer: The Park employs Special Investigating Officers (Buitengewoon Opsporingsambtenaar or ‘Boas’). Boas monitor The Park and intervene where necessary. In such cases, the Boas process personal data about you, for example in order to identify offenders and to prepare and finalise an official report. The Boas will also share your personal data with other relevant agencies such as the police and Public Prosecution Service. The Boas are subject to both the General Data Protection Regulation (GDPR) and the Dutch Police Data Act (Wet politiegegevens) in relation to their investigative duties.
Photography: Photographs may be taken during events and used to give an impression thereof or for reporting purposes. Such images are covered by an exception for journalistic purposes and do not require us to ask for your consent. If you do not wish to be photographed, please inform the photographer and they will take this into account. In the case of pictures taken for any other purposes than those described above and in which you are recognisable, we will ask for your consent in advance. If you are a minor or incompetent, we will ask your legal representative for consent.
Campsite: If you use The Park campsite, The Park is legally obligated to record the name and address of the contact person, day of arrival, day of departure, number of overnight stays, last visit to the campsite and form of identification in the night register. The night register is also kept for your safety, so we know who is present in the event of an emergency. The municipality (Ede) may ask us to provide data from the night register, for example when declaring tourist tax.
Wi-Fi networks: If you use one of The Park’s Wi-Fi networks, we process the following personal data in order to provide this service and in the legitimate interest of securing our network: the MAC address, operating system, name of the device you are using to connect to the Wi-Fi point and the access point you are connected to.
Accidents: If you are injured at The Park, we will provide and/or call for assistance as needed. This may require us to process your personal data. This is done on the basis of consent, to the extent possible, which you may withdraw at any time.
School campaigns: If you support The Park through a school campaign, we collect your contact details as well as information about the participants, operating on the assumption that you are allowed and/or have consent to process the personal data from the participants concerned or, if a participant is under 16 years of age, from their legal representative(s)/parent(s). This consent may be withdrawn at any time.

Job applications and volunteer registrations:

If you apply for a job at The Park or register as a volunteer, we collect the information you provide in your application or registration, as well as personal information that we collect at your request, for example from references. We process your personal data in the legitimate interest of processing your application or registration. If we make you an offer, we will process these data as needed to enter into an agreement with you. If you apply for a job or register as a volunteer but are not offered a position, we will retain your personal data for no more than four weeks after the end of the application/registration process, unless you give us consent to keep your personal data longer to contact you about the position in question or other positions at a later date. You may withdraw your consent at any time.

Suppliers:

If you or the company you work for is a supplier to The Park, we will process the following information in the legitimate interest of contacting you: your name, business address, email address, telephone number, company name, Chamber of Commerce registration number and job title.

Restructuring of The Park:

In the event of a restructuring of The Park or a financing transaction, it may be necessary for The Park to process personal data on the grounds of legitimate interest. In these cases, we will aggregate or anonymise your personal data to the extent reasonably possible.

Complaints and legal proceedings:

It may be necessary for The Park to process your personal data in the legitimate interest of handling and resolving complaints or in connection with legal proceedings.

Contact:

If you provide us with your contact details either at The Park, on the website or in some other form, we will process this information in accordance with this Privacy Statement.

Retention of your personal data

Where no retention period is specified for the processing activities described above, we will retain your personal data as long as needed for processing purposes. If there is no legitimate interest for keeping your personal data longer than this, The Park will destroy your personal data.

Provision of your personal data to third parties

We may share your personal data with third parties, including external IT service providers (such as cloud services, website operators and marketing automation platforms), payment service providers for processing online payments, and printing and mailing services for producing and mailing your visitor cards. We may also share your personal data with law, consultancy and accountancy firms whose services we use, or with government agencies when required to do so by law, for example providing the campsite's night register to the municipality of Ede when reporting tourist tax.

Provision of your personal data outside the European Economic Area

We process your personal data inside the European Economic Area (EEA) wherever possible. Where we share your personal data with third parties in countries outside the EEA without an adequate level of data protection, we will ensure that appropriate measures are taken to adequately protect your personal data.

Personal data processing and your rights

You have a number of privacy rights in relation to any personal information of yours that we process. For example, you can ask us what personal data we are processing about you and, if it is incorrect, ask us to supplement, rectify or, in certain cases, delete, transfer or limit the processing of your personal data. You may also object to us processing your personal data. If you do not agree with the way we are using your personal data, you can lodge a complaint with the Dutch Data Protection Authority. If you have consented to us processing your personal data, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawful processing of your personal data prior to the withdrawal of your consent.

You can exercise your rights as described above by sending an email to privacy@hogeveluwe.nl or a letter to: Stichting Het Nationale Park De Hoge Veluwe, Antwoordnummer 2001, 7350 ZX Hoenderloo, The Netherlands. We may ask you for proof of identity.

 

July 2024 VERSION