Support

• we record the details of the caller
• we hold personal data of individual citizens in attachment files

This document explains how we handle this privacy-sensitive information.

Determining policy regarding incident reporting

Why do we process your personal data?

Our clients’ contacts – generally one or more application or system administrators, policy staff, etc. – can report incidents via Centric’s Customer Portal. We record the personal details of these contacts in order to get back to them to discuss the incident they reported.

Which categories of personal data do we process?

We record contacts’ first name, initials, surname, gender, business telephone number (landline and mobile), and work email address.

Who has access to your personal data?

Only Centric employees who are authorised for this have access to your personal data. This authorisation is given on an individual basis.

What is the legal basis for processing your personal data?

We process the personal data of the contacts in order to be able to handle and resolve the queries and reports they have submitted through the various communication channels (by phone, email, via the Customer Portal, or using the call feature in TeamViewer).

How long do we keep the incident reporter’s details?

At your request, we can delete the details of the person reporting the incident and, so doing, block his or her access to the Customer Portal. Please also notify Centric when a contact changes jobs and no longer needs to have access to the Customer Portal.

What personal data security measures are taken?

The Customer Portal is only accessible to client contacts and Centric employees expressly authorised for this. On termination of the employment of an application and/or system administrator or policy staff member, or if such a person changes jobs, this person’s access will be blocked. Your organisation is responsible for promptly notifying Centric when such a change occurs.

Determining the policy regarding attachment files

Why do we process the personal data of individual citizens?

When a software problem occurs in a particular citizen’s file (for example, the benefits for the file cannot be processed properly), the personal data of the person concerned is needed to analyse and solve the problem.

What personal data of citizens do we process?

Your organisation decides which personal details will be shared. In general, this will be the first name, initials, surname, date of birth, citizen service number (BSN), and gender.

Who has access to the personal data of individual citizens?

Only Centric employees who are authorised for this have access to the personal data of individual citizens. This authorisation is given on an individual basis.

After the citizen’s personal details have been uploaded via an attachment in the Customer Portal, the content of the attachment is no longer visible to the contact who uploaded it. The attachment can only be accessed by expressly authorised Centric employees.

What is the legal basis for processing citizens’ personal data?

We process citizens’ personal data solely for the purpose of handling queries and resolving incident reports submitted by contacts from your organisation by phone, email, via the Customer Portal, or using the call feature in TeamViewer.

How long do we hold a citizen’s personal data?

We delete attachments containing the personal details of citizens three months after the incident has been closed. If a change is linked to this, the relevant attachment will be deleted three months after the change has been completed.

What personal data security measures are taken?

The Customer Portal is only accessible to the contacts of the organisation and to expressly authorised Centric employees. Personal data of citizens provided in support of a query or incident report may only be uploaded via an attachment in the Customer Portal. Sending files with personal data via other channels (including email) is not permitted and, for this reason, staff at Centric’s public sector service desk (Servicedesk Overheid) may not process these.

Nor may a citizen’s personal details be included in the explanation or description of the incident. You, as the incident reporter, are responsible for ensuring this does not occur. The file name of the attachment may not include any personal details either.

On receipt, the public sector service desk will screen the information provided. If the file name, description, or explanation contains personal data, the incident/matter will not be processed.

Version

15 December 2022