rule, personal data may only be disclosed if such disclosure is compatible with the purpose for which they were collected. Whether this is the case will depend on the specific circumstances, which may vary in each situation.
Compatible with the Purpose
To answer the question whether a disclosure is compatible, several factors should be taken into account. These include:
Grounds for Disclosure
In addition to the general rule of compatibility, data disclosure should be based on one of the 6 grounds (also called “foundations”) in Article 8 of the Personal Data Protection Act BES (PDPA BES), which are:
Yes, it can. An organization can disclose your personal data to another organization if this is necessary to perform a contract with you. For example, if you have ordered a mobile phone from a telecom company, this company may disclose your personal data to a delivery service.
Yes, it can. An organization can disclose your personal data to another organization if this is necessary to perform a contract with you. For example, if you have ordered a mobile phone from a telecom company, this company may disclose your personal data to a delivery service.
Yes, it can. An example of a vital interest is an urgent medical need. However, it is better to ask for your consent. Only when this is no longer possible (e.g. because you have lost consciousness) may an organization disclose your personal data without your consent.
A government organization may disclose your personal data if this is required for the proper fulfillment of a public-law duty. This may be either a duty of the organization itself or a duty of the government organization receiving the data.
For example, the Prosecutor’s Office may disclose information about a criminal offense, such as a fraud case, to insurers in order to allow recovery of the damages from the perpetrator. Such disclosure arises from the Prosecutor’s Office’s duties, which include serving the interests of victims.
Yes, an organization may disclose your data if this is necessary for the purposes of legitimate interests pursued by that organization, such as acts that are part of an organization’s normal business operations or day-to-day management.
The organization will have to analyze, however, whether it can achieve the same result with fewer data or via a less intrusive procedure. The organization should also conduct a privacy review. This means that the organization should weigh your interests against the interest of the organization in disclosing your data.
The Commission is charged with monitoring whether organizations comply with statutory rules and regulations on personal data use. There are many laws, decrees, and regulations governing personal data processing. The three laws supervised by the Commission are:
The Personal Data Protection Act BES (PDPA BES) provides the main rules for dealing with personal data in the Caribbean Netherlands.
The police uses all sorts of personal data required to properly fulfill its duties, e.g. to investigate perpetrators of criminal offenses. Personal data protection by the police is regulated in the Police Records Act (PRA).
A well-functioning population registry in the Caribbean Netherlands is regulated in the BES Personal Records Act. The population register includes personal data of the inhabitants of the Caribbean Netherlands. The BES Personal Records Act regulates the proper use of these data, including the procedure for recording, altering, and disclosing them.