1. Introduction

If you use the Muiderslot website, we will process your personal data. We treat your personal data carefully and do so in accordance with the General Data Protection Regulation (GDPR).

In this privacy statement, we describe who we are, how and for which purposes we process your data, how you can exercise your privacy rights and all other information that may be important to you.

We have done our best to write down all information clearly and comprehensibly. If you do have any questions about the use of your personal data after reading this privacy statement, you can contact us via the contact information at the end of this privacy statement.

For information on how we use cookies and similar technologies, we would like to refer you to our cookie statement.

At Muiderslot, we are continuously improving and developing our services. If this leads to changes in the way we process your personal data, this will be adjusted in this privacy statement. For this reason, we advise you to regularly check this privacy statement for any changes. At the end of this privacy statement, you can check when this privacy statement has last been changed.

2. Who are we?

Stichting Rijksmuseum Muiderslot is the controller for all the processing of personal data by the Muiderslot. Our contact details are: Herengracht 1, 1398 AA Muiden, the Netherlands, telephone +31(0) 29 4256262.
If you would like to contact us, please use the contact details at the end of this privacy statement.

3. For which purposes do we process your personal data?

The Muiderslot processes your personal data for the following purposes:

Communication and marketing
We process your personal data in order to perform marketing activities.

  • Via this website or when purchasing an e-ticket, you can subscribe to the online Muiderslot newsletter, which you will then receive up to 4x per year via email.
  • We also ask the four numbers of your postcode or country of origin at the cash register in order to know where our visitors come from.
  • This website uses Google Analytics Cookies. We collect data and do not share this with Google. Your complete IP address cannot be traced (anonymised IP tracking). The Google Analytics cookies are automatically deleted after 14 months.
  • We also answer your questions about our services on social media.

Collaborating parties process your data for the following purposes:

e-ticket sales
For the purchase of e-tickets for entrance to the Muiderslot, you will be redirected to Global Tickets’ online environment. Global Tickets is the controller for this data processing and for questions concerning this we would like to refer you to their general terms and conditions
If you buy an e-ticket for Muiderslot via Global Ticket Sales, Muiderslot does not receive your personal data.

Audience research
We are off course interested in the opinions of our visitors. You may be asked to be part of our online audience research during your visit to Muiderslot. This research is conducted by Hendrik Beerda Brand Consultancy (HBBC) for Muiderslot. HBBC is the controller for this data processing and for questions concerning this we would like to refer you to their general terms and conditions. Muiderslot only receives aggregated reports from Hendrik Beerda Consultancy on the results of the audience research. These do not contain personal data.

4. Which of your personal data do we process?

Muiderslot processes the following categories of your personal data, which you supply yourself during your visit to our website, leave or provide when contacting us:

  • Contact details (name, email address, numbers of your postcode, etc.)
  • Marketing and Communication data (social media data etc.)
  • Data obtained via cookies (geographic data, etc.)

5. Based on which legal basses do we process your personal data?

All processing of personal data must be supported by a legal basis as is stated in the General Data Protection Regulation (GDPR). We process your personal data based on the ‘consent’ you have given. You can always withdraw your consent. See the section “Can I withdraw my consent?” below.

6. With whom do we share your personal data?

We can disclose your personal data to third parties if this is in agreement with this privacy statement and for as far as legally allowed.

In some cases there is a legal obligation to share your personal data with the police or other governmental parties. For example, if we need to comply with a judicial order or if it is necessary in order to detect punishable offences.

These parties only process your data following our instructions and for the purposes we indicate. The processors are contractually bound not to use your personal data for other purposes.

7. Are your personal data processed outside the European Economic Area?

Your personal data may be processed outside the European Economic Area. We have taken measures to ensure secure transfer and meet all legal requirements when doing so.

Your personal data are processed in the following countries:

  • United States

In order to safeguard an appropriate level of data protection for the transfer to the above mentioned countries, we have taken the following measures:

The parties that process our data:

  • have joined the EU-US Privacy Shield, or
  • have agreed to the standard agreement provisions as determined by the European Committee.

8. Which storage periods do we use?

We remove or anonymise your personal data when they are no longer necessary for the purposes as stated in this privacy statement. For example, when you have subscribed to the newsletter, we retain your data for as long as you want to keep receiving the newsletter. We send our newsletter via the Mailchimp programme. For questions concerning this, we would like to refer you to their general terms and conditions.

9. How can you exercise your privacy rights?

You can request access, correction or removal of your data at any time. You can also request the restriction of the processing of your personal data or object to the processing of your data for example in the context of direct marketing and profiling. You can also exercise your right to data portability. If you want to exercise any of these rights, contact us via the contact information at the end of this privacy statement.

Keep in mind that we may ask for further information in order to verify your identity.

10. Can I withdraw my consent?

You can always withdraw your given consent. However, this withdrawal does not work retroactively.

If you no longer wish to receive our newsletter, you can opt out at the end of the newsletter.

If you want to withdraw consent for other processing, please contact us via the contact information at the end of this privacy statement.

11. Where can I lodge a complaint?

If you have a complaint about the way we treat your personal data, you can lodge a complaint with us via the contact information at the end of this privacy statement.

You can also lodge a complaint on how we deal with your personal data with the privacy supervisor, the Data Protection Authority. Address: Bezuidenhoutseweg 30, 2594 AV, The Hague, the Netherlands or via www.autoriteitspersoonsgegevens.nl.

12. How do I contact the Muiderslot?

If you have questions about the use of your personal data by Muiderslot that are not answered by this privacy statement or you wish to exercise your privacy rights, contact us via the following information:

Stichting Rijksmuseum Muiderslot
to L. Wolf (data protection officer)
Herengracht 1
1298 AA Muiden, The Netherlands
info@muiden.nl

13. When was this privacy statement changed last?

This privacy statement was last changed on 24 May 2018.