Privacy and our registrations

KVK places great importance on treating your personal data with care. This applies both to the registration in the Business Register and to data that we record for our services in our customer systems. Although this often concerns the same information, the Business Register is subject to different legal provisions from our customer systems such as CRM, in terms of how the data must be recorded.

The Business Register has a special status under the GDPR because it is a public register. This means that some personal data in the Business Register is public, and several of the rights described in the GDPR do not apply here. These include the right to have personal data deleted and the right to object to data processing in the Business Register. The same applies to the UBO register, which is part of the Business Register. The different rules applicable to KVK and the Business Register are detailed below.

What about...

Personal data is considered to be:

the details of owners (sole traders or sole proprietorships, eenmanszaken), partners (commercial partnerships, vof), members of public partnerships (maatschappen), officers of legal entities (such as directors), and UBOs. Data pertaining to legal entities (such as private limited companies (bv) or public limited companies (nv)) is not regarded as personal data.

Personal data that is public:

the name, address, date of birth, place and country of birth, and date of death of owners (sole traders or sole proprietorships), partners (vof), and members of public partnerships. For UBOs, the first name, surname, month of birth, year of birth, nationality, and country of residence are public.

Personal data that is not public:

the citizen service number (BSN), signature, and gender of the persons listed above. The private address of an officer of a legal entity is not public. The date, country and place of birth, and address of UBOs are also not public.

Private addresses that are public:

the addresses of owners (sole traders or sole proprietorships), partners (vof), and members of public partnerships. This is because they are jointly and severally liable for the undertaking and must be physically traceable. This ensures legal certainty that gives entrepreneurs in the Netherlands the confidence to do business with each other. In exceptional cases, it is possible to conceal a private address in the Business Register. Read more here*.

Commercial use of:

Business Register information is possible because, among other reasons, an undertaking’s address and email address are publicly available. The advantage of this is that a company or entrepreneur is easily reachable for other entrepreneurs and customers. What is often perceived as a disadvantage is that other companies use the data for direct marketing purposes.

Advertising mail and door-to-door sales can be limited:

through KVK’s Non Mailing Indicator (NMI). This indicates that the entrepreneur does not wish to be approached with postal advertising or door-to-door sales. If an entrepreneur is contacted, they can report the sender for non-compliance with the NMI.

Telephone marketing:

must follow rules. Do you have a sole proprietorship, commercial partnership, or public partnership? With effect from 1 July 2021, companies are not allowed to phone you without consent. This does not apply to private limited companies, public limited companies, or other legal entities, as that would constitute an obstacle to trade. Since 25 September, phone numbers in the Business Register are shielded. More information on telemarketing rules can be found on the website of the Authority for Consumers and Markets (ACM).

Spam and other electronic communications such as text messages:

may only be sent if prior consent has been given. An exception applies if an entrepreneur or business is an existing customer of the sender, unless the customer indicates that they no longer wishes to receive such correspondence. You may tell a sender to stop if they send you unauthorised emails or messages. If this has no effect, a complaint can be lodged with the ACM. The spam ban is regulated in the Netherlands by the Telecommunications Act.

Finally:

Pay attention to business data that can be found on other websites or platforms. This data may be used by commercial data providers to enrich Business Register data and then resell it for direct marketing purposes.

The GDPR applies to:

all companies and organisations, including KVK and its customer registrations. For the Business Register, the GDPR applies to the data in the register that is considered personal data (see the information above).

An exception is provided for the Business Register:

this is because the GDPR makes an exception for public registers. As a result, authorisation is not required to process personal data in the Business Register, as this is done under the Business Register Act.

This means that some personal data in the Business Register is public, and several of the rights described in the GDPR do not apply here. These include the right to have personal data deleted and the right to object to data processing in the Business Register. The same applies to the UBO register, which is part of the Business Register.

Providing Business Register data to third parties:

is a legal obligation of KVK. This obligation also applies under the current privacy legislation (GDPR). This means that some personal data in the Business Register is public and can be provided to third parties upon request.

A KVK processing agreement:

with companies registered in the Business Register is not required. KVK processes personal data in the Business Register in accordance with the Business Register Act.