Open State Foundation is a non-profit organization that promotes digital transparency of governments. We collect personal data for some of our projects, events and newsletter. If you have any questions about your privacy or personal data and how Open State Foundation handles that, please contact us through

Below we share about the type of personal data we may have of you, how we get that and how we use it. This privacy policy covers, other platforms we support and handle personal data have their own privacy policy.

We will never sell your personal data to third parties, and only make use of the services we list below. These services may be in ‘third countries’, being outside of the EEA.

In that case we use appropriate safeguards so that we can share the personal data with those countries. In the case of Mailchimp and Google Analytics the American countries are certified with the so-called Privacy Shield. We also use the most privacy-friendly settings those services offer.

Ways we collect (personal) data

Newsletter via Mailchimp
When you want to keep informed about what Open State Foundation does (news, announcements, information about open government) you can give us permission to share our semi-monthly newsletter with you. We will send it a maximum of 13 times a year. You can retract this permission at any time by clicking ‘unsubscribe’ in the newsletter your received, or by sending us an email through We’ll take care of it as soon as possible.

We use the programme Mailchimp to send our newsletters. They save the personal data you share with us when you subscribe to the newsletter. We keep the information for as long as you give us permission to do so.

Possible personal data:

  • Last Name, First Name
  • E-mail address

Lawful basis: Permission

Website statistics with Google Analytics
We measure information on our website like which pages are visited most often and how long people stay there. This helps us set priorities on which part of the website to improve, and which blog posts do well. We use Google Analytics to gather this data. We have set Analytics in the privacy-friendly setting the programme offers. This means we only save part of the IP-address (it deletes 3 numbers of it). Because these are analytical cookies and we do not save your whole IP-address, we are not asking your permission to do this. May you object nonetheless, there are a lot of (free) cookie blockers available on the market where your can stop us doing this in your own browser.

Possible (personal)data:

  • Partial IP-address

No lawful permission required.

Invoices and other administrative data

When you engage with Open State in a contractual manner (such as you hire us to do a project, or we hire you to do work for us) we keep invoice information for as long as we need for the duration of the contract. The Belastingdienst (Tax Office) and other official institutions also require us to keep data for longer. We only keep that data for as long as the law requires us to do so. We use Exact (bookkeeping software) to help us with that, as well as an external professional bookkeeper.

Possible (personal) data

  • Invoice- and address information
  • BTW (VAT) KvK-numbers

Lawful basis: contractual agreement, legal obligations

Job hunting at Open State Foundation
When someone applies for a job at Open State Foundation, that being for an employee position or an intern, we collect personal data. These are all the data you give us in a CV and cover letter. We keep this information for as long as the hiring process lasts, and an additional 4 weeks to contact your. When we do not hire you we delete this information.

Possible personal data

  • Address- and contact information
  • Employment and education history
  • Other personal information shared by applicant

Lawful basis: (future) contractual agreement

Your rights as a data subject

As a data subject (someone of who we process personal data) you have rights. Below we share those briefly, and we happily refer you to your competent agency for more information. In The Netherlands this is the Autoriteit Persoonsgegevens. If you would like to file a complaint against us, you can do so at the Autoriteit Persoonsgegevens as well. You can use this link.

The GDPR gives you the following rights as a data subject:

  • you must get an explanation about which personal data we have and what we do with it;
  • you may access to which personal data we have of you;
  • you can rectify our mistakes in your personal data;
  • you can ask us to remove out of date personal data;
  • you can retract permission you have given in the past;
  • you have a right to data-portability;
  • you can object to a certain use of your personal data.

In case you want to make use of your rights under the GDPR please let us know who you are (the name under which we would most likely know you, and an e-mail address should be sufficient in most cases). This will help us identify you so we do not change or delete the personal data of the wrong person.

Such requests can be made through We will get back to you as soon as we can, and within a month at most.

Changing the privacy policy

It is possible that we will change the contents of this privacy policy. In case we hire different software partners for example. We will publish a new version in place of this one. This version was published on April 28th 2020.