Protecting and securing buildings, staff, property and information

Read aloud

Our buildings hold confidential data, stocks of cash and gold, an art collection, and other items of considerable value. Our Security Department protects all these things and, of course, our staff.

We have taken security measures inside and outside our buildings. There is camera surveillance, we use licence plate recognition in our car park, and visitors are registered and checked. We may also record telephone conversations (voice logging) in relation to incidents and disputes. In addition, we use Wi-Fi and Bluetooth tracking.

Inside our buildings, some areas are freely accessible to the public, which entails increased risks. We monitor public sentiment to determine whether additional security measures are needed.

Camera surveillance
As a visitor to or passer-by of our buildings, you may be captured on video by our surveillance cameras.

Personal data categories
Camera images showing you

Legal grounds
We process these personal data because it is necessary for the performance of our public-interest task to protect objects of value (Article 6(1)(e) of the GDPR) and/or our legitimate interest to protect ourselves, our assets and the safety of our staff, guests and visitors (Article 6(1) opening words and (f) of the GDPR).

Your personal data and third parties
Footage may be shared with the police or the Public Prosecution Service on demand in the event of incidents, including e.g. accidents on public roads or pavements. 

Licence plate recognition
Permission to use our car park is restricted to a limited number of staff. On presentation of a staff ID card, a camera reads the vehicle’s licence plate, which is then verified against a database of vehicles authorised for our car park.

Personal data categories

  • Licence plate
  • Personal data linked to the staff ID card

Legal grounds
We process these personal data because we have a legitimate interest in protecting persons and property (Article 6(1)(f) of the GDPR).

Your personal data and third parties
Footage may be shared with the police or the Public Prosecution Service on demand or when filing a police report in the event of incidents, including e.g. accidents on public roads or pavements.

Access to secured areas
Access to secured areas in our buildings is limited to specific persons. Depending on the access level, persons are identified by means of a staff ID card only, or in combination with biometric data. This processing is designed to determine which persons are granted access to our secured areas.

Personal data categories
Name, staff number, card number, department, card photo, company name (in case of insourced personnel), biometric data, access level and movements of staff ID card holders 

Legal grounds
We process these personal data because it is necessary for the performance of our public-interest task to protect objects of value (Article 6(1)(e) of the GDPR) and/or our legitimate interest to protect ourself, our assets and the safety of our staff (Article 6(1) opening words and (f) of the GDPR).  

Visitor registration and verification

(non-public areas)
We have implemented an access policy in order to protect our staff and property. We register visitors in order to respond adequately in the event of an emergency. We verify the identity and presence of all our visitors by means of an identity document and a visitor pass. The identity document is scanned to verify its authenticity. Identifying data are recorded in the event that visitors want to use our guest Wi-Fi. Additional 4G antennas have been placed in the building so that the use of guest Wi-Fi by visitors is not necessary.

Personal data categories
Visitor name, visitor ID, visitor email address, reason for visit, times of presence in our building, movements inside the building.

Legal grounds
We process these personal data because the tasks we carry out in the public interest – i.e. protecting confidential data and objects of value – requires a high level of security (Article 6(1)(e) of the GDPR).

Your personal data and third parties
Scanning an identity document might produce an alert (for example, if the identity document is stolen). The results of these scans are not retained. If the system produces an alert we will contact the police.

Public areas
We aim for the public areas in our headquarters to be open and transparent. In addition, we organise events at the Frederiksplein location for the Dutch and international financial sectors and public themed events related to our tasks and responsibilities.

To protect our staff and assets, we collect information about possible actions directed against DNB and its staff from public and semi-public sources, including social media. This information concerns possible actions directed against DNB and/or its senior executives and public sentiment about issues related to the performance of our tasks.

Our aim is not to prevent such actions but to ensure the safety of our staff and visitors. This process includes a compatibility test.  

Legal grounds
We process these personal data because it is necessary for the performance of our public-interest tasks.

Recording calls (voice logging)
We record calls received on our information number and on the Security Department's telephone number. The recording is stopped once callers have been put through, unless they are put through to the Communications Department or the Security Department. These recordings allow us to analyse the telephone conversations in the event of incidents − such as bomb threats or other threats − so that we can take appropriate corrective and preventive measures.

We may also use recordings to improve our overall communications.

The telephone conversations of our staff in our dealing rooms are also recorded. In these calls, staff members negotiate with counterparties and customers about transactions and the settlement thereof. We record them with a view to providing clarity in disputes in order to settle them properly.

Personal data categories

  • Names
  • Telephone numbers
  • Conversation content

Recording calls is necessary for the performance of our tasks carried out in the public interest (Article 6(1)(e) of the GDPR). These tasks involve protecting confidential data and objects of value as well as conducting negotiations about transaction-related disputes.

Your personal data and third parties
We do not provide your personal data to third parties, but recordings may be used in legal proceedings.

Monitoring the use and security of digital corporate resources
With an eye to ensuring the reliability, integrity and confidentiality of our data, we monitor the use of digital corporate resources made available to our staff, including email, collaborative tools, internet access, and applications for the digital exchange of data.

Personal data categories
This is done by means of security monitoring, archiving security log files and the drawing up of reports on the basis of content filtering.

Legal grounds
In order to perform our statutory task, we process personal data, which places high demands on security (Article 6(1), under e, of the GDPR). 

Your personal data and third parties
Your personal data will not be shared with third parties, with the exception of any reports to the police and if we are required to provide your data in connection with a criminal investigation.

Wi-Fi and Bluetooth tracking

We monitor the number of people in the different security zones at Frederiksplein using Wi-Fi and Bluetooth tracking. These insights into building occupancy provide our Security Department with more information for evacuations in case of emergencies. In case of incidents – such as bomb threats or other threats – we can take more targeted appropriate corrective and preventive measures.

The insights are also used to optimise the layout of the building and its facilities to meet the needs of the organisation, and they provide input for the evaluation of exhibitions at De Nieuwe Schatkamer.

Personal data categories

  • MAC address (pseudonymised)
  • Location/location history

Legal grounds

We process these personal data because we have a legitimate interest in protecting persons and property (Article 6(1)(f) of the GDPR).

Your personal data and third parties

We do not provide your personal data to third parties. However, we do use a third-party service that processes your data on our behalf and under our responsibility.

You can contact our Privacy Office by email at privacy@dnb.nl. Please also use this email address or our postal address if you wish to withdraw your previously given consent.

You can contact our data protection officer by email at fg@dnb.nl.

DNB uses cookies

We use cookies to optimise the user-friendliness of our website. 
Read more about the cookies we use and the data they collect in our cookie notice.

To ensure the proper operation of the website, De Nederlandsche Bank (DNB) uses functional cookies and analytics cookies, and has taken measures to ensure that these cookies have little or no impact on the privacy of website users.

Some pages include embedded content from external websites. These websites may use proprietary (tracking) cookies. This allows third parties to track visitor statistics, show personalised content and display targeted ads, for example. You can make your choice about allowing these optional cookies both when you first visit the website and when you navigate to a page with embedded content.