NLR processes personal data and uses cookies. In this privacy statement, we explain how and to which purposes we process personal data, how you can exercise your privacy rights, and what other information might be important for you to understand. This privacy statement applies to all our services and activities, including our website(s).

NLR places a high value on your data privacy and processes your personal data with extreme care. We comply with Dutch law, including the General Data Protection Regulation (hereinafter: GDPR). This privacy statement provides the most relevant information per topic. Because this information may be subject to change, you may want to consult this page on a regular basis. You can always access or change your personal data that we maintain via or Postbus 95005, 1090 HA, Amsterdam, The Netherlands.

Who is responsible for your personal data?

NLR is responsible for the processing of your personal data as detailed by the GDPR and has its registered office at Wibautstraat 137k, 1097 DN, Amsterdam, The Netherlands.

To NLR, data privacy is of vital importance, and we want to be open and transparent about the processing and protection of the personal data of persons we interact with. Therefore, we elaborate on our privacy policies in this privacy statement. Above all, we comply with the GDPR in all cases.

To which purposes does NLR process your personal data?

NLR processes data of persons with whom it has a relationship. Personal data is also acquired by the filling out of contact forms on the website(s) of NLR.

All processes that deal with personal data are recorded in a register of processing activities. The register provides NLR with a complete and up-​to-​date overview of all data-​handling processes.

The most important purposes for which NLR processes personal data, are:

  • The conclusion and execution of contracts with donors, volunteers, suppliers, and business partners;
  • The engagement of our network;
  • Our donor administration;
  • The administration of all of our projects;
  • The offering of goods and services, such as the free donation box and purchases from our online shop;
  • The sending of a (news)letter;
  • Relationship management, and promotion and marketing activities;
  • The participation in or conduct of scientific research;
  • The registration of your settings and preferences regarding the use of the website(s) (via cookies);
  • Our HR administration, including the execution of employment contracts and recruitment and selection of new employees;
  • Our archives;
  • Our business management and financial administration, including the execution and management of procedures that deal with finances, information technology (IT), legal affairs, and internal and external communication;
  • General processes, such as the execution of the complaints procedure.

Whose personal data does NLR collect?

By the above-​mentioned processes, NLR collects data of concerned persons in different categories. These categories are:

  • Visitors of the website(s) and online shop;
  • Donors (including potential donors and former donors);
  • Volunteers and ambassadors;
  • (Potential) business partners;
  • Participants at events, such as the Leprosy run;
  • Employees and applicants;
  • Committee members and members of the Supervisory Board;
  • Affiliates, including temporary workers, pupils, and students;
  • Target groups of the projects that NLR runs, such as (former) leprosy patients;
  • Partners of NLR.

What personal data does NLR  collect?

NLR collects different types of personal data, which may change per process and category of persons concerned. Among others, NLR collects the following data:

  • Name, address, and city;
  • Bank account number (IBAN);
  • Phone number;
  • Date of birth;
  • Sex;
  • Email address;
  • Interactional data (e.g., cookies or data that is received when you contact us);
  • Donation history;
  • Contact history;
  • Images (e.g., of organised events).

NLR collects (personal) data directly from you, or via third parties in as far as this is within the confines of the law.

Giving and withdrawing permission

For some activities, NLR needs your permission. Think of the use of your email address or postal address to send newsletters or promotional emails regarding NLR’s activities. We also ask your permission for the use of images. When using your data, we will always inform you about the purpose of this use and the data that is concerned so as to provide clarity about the consent you give. You may still withdraw your permission at a later point.

Social media

Our website(s) contain(s) buttons to promote or share pages on the following social networks: Facebook, YouTube, LinkedIn, and Twitter. These buttons are produced by a code that these social media supply. This code places a cookie, among others. Read the privacy statement of these social media to learn how they process your personal data.

How does NLR ensure confidential processing of your personal data?

NLR ensures confidential processing of your personal data. NLR takes appropriate technical and organisational measures to protect personal data. NLR will only share personal data conform to this privacy statement and will only share personal data with third parties when this is lawful and done with extreme care.

Sharing data with third parties

NLR may contract service providers to perform parts of its services, for example, to acquire new donors or send snail mail. NLR enters into contractual agreements (so-​called “processor agreements”) with these service providers to ensure confidential and careful processing of personal data.

Your personal data is not let to, sold to, or otherwise shared with or provided to third parties. NLR may share your (personal) data with third parties in case you have permitted us to do so.

NLR provides personal data to enforcing authorities or anti-​fraud organisations if the law requires this (e.g., in case of a claim).

Transmission of your data outside the European Union (hereinafter: EU)

In a limited number of cases, NLR provides personal data to countries outside the EU. For example, for scientific research.

Retention periods

NLR retains your personal data in compliance with the GDPR. Data is not retained any longer than is strictly necessary for the execution of duties and activities resulting from the relationship NLR has with you.

How can you access or delete your data?

You can send a request to NLR to access or correct your data. Please indicate clearly that your access or correction request is based on the GDPR. You can also request to have your data deleted. However, this will only be possible in so far NLR can meet its legal obligations. For example, should the legal retention period have expired, NLR may no longer be able to delete donor data as it may have been deleted already. Please note that you may be asked to provide a copy of your ID for identity verification.

Send your request to or by mail to Postbus 95005, 1090 HA, Amsterdam, The Netherlands.

Furthermore, you have the right to submit a complaint about the use of your data to the Dutch Data Protection Authority (DPA).


If you wish to no longer receive mail from us, you can make this known to us via the above-​mentioned (email) address. Do you not yet appear in our donor administration? Then we will ask for your address to ensure you will not receive mail from us in the future. If you do not want this, you can unsubscribe via

Technical security

To ensure the best possible protection of your personal data against unauthorised access or use, NLR has implemented appropriate protective measures. NLR also takes organisational measures to prevent unauthorised access of personal data.

Cookies and clicking behaviour

On our website(s), we collect general visitor data, for example, about the most frequently visited pages. The objective of collecting general visitor data is to optimise the design of our website(s). We use a variety of tools to ensure optimal performance of our website(s), improve their ease of use, and we actively collect feedback from users. To learn more about the cookies NLR uses, read our cookie policy.

Third-​party privacy policies

The website(s) of NLR may contain links to other websites that NLR is not affiliated with. NLR is not responsible for the processing of personal data performed by these parties. Therefore, we advise you always to consult the privacy policies of these parties, or to contact them to enquire for additional explanation about their policies regarding personal data.


Do you have specific questions or comments about our privacy statement after having read this information? Do not hesitate to contact us at or 020 – 595 05 00.

This privacy statement was last updated on: 25 May 2018

NLR retains the right to change this privacy statement if necessary. You are responsible for remaining up to date of the latest version of our privacy statement. NLR recommends you check on a regular basis if changes have been made.