First see if you can find any contact information on the website. Webshops and other providers of online services are always obliged to state contact details on their website. This will in any case be an email address or a contact form.

Are you unable to find any contact details on the website? Then you can find out who the owner of the website is by consulting a website with domain registrations.

Finding the contact data of a Dutch website

Does it concern a Dutch website, ending in .nl? Then look up the owner of the website through the website of the Foundation for Internet Domain Registration in the Netherlands (Dutch abbreviation: SIDN).

Then contact the person or the organisation mentioned as the 'holder' (owner) of the domain.

Note: you will only see the email address of the owner. Are you unable to reach the owner using this address? In some cases, you can ask SIDN for more contact details. See: SIDN and privacy.

The police have access to more extensive data in the WHOIS register. In the case of serious offences and crimes, we recommend that you report these.

Finding the contact data of a foreign website

Does it concern a foreign website? Search via Whois.net then.

Do you have a question about your internet provider's invoice for your data usage? Do you want to know, for example, which websites or apps used how many data at what times? Your internet provider can only give you access if you have given advance consent for retaining these data. If you have not done this, your provider will not have the data. 

Data traffic contents

Your internet provider is in principle not allowed to know anything about the contents of your data traffic, such as which websites you have visited. This requires analysis of the data traffic (‘deep packet inspection’). An internet provider is only allowed to carry out such analysis if this is strictly necessary for a technical purpose, such as network management.

When carrying out such analysis, your internet provider must anonymise your data immediately. Your provider is not allowed to retain analyses at an individual level. Unless you, as a customer, have give advance consent for this purpose. Your provider must inform you about this option.

When you organise an event, you will often want to know in advance who will attend. In that case, it is convenient when visitors can register through the Internet. Pay attention then to the following things, in any case.

Security

The data of the registration form must be sent through a secure connection.

Quantity of data

Do not ask for more data than necessary. Do you only want to know the number of visitors and make name badges? Then asking for the first name, last name, position and organisation is usually enough.

Another example: registering the age is not necessary if you only want to know if someone is an adult. In that case, you can ask if someone was born before a specific year.

Informing

Explain properly why you collect the data. You can do this in your privacy statement. But explaining this in the form often provides more clarity.

Retaining data

Do not retain the data longer than necessary. This usually means that you have to remove the data after the end of the event. Do you need the data longer, for example for collecting payments? Then you must remove the data immediately after you have done this.

You are allowed retain aggregated, anonymous data, though. For example, that a total of 10 people had registered for your event.

Newsletter

Do you want to send visitors a newsletter about your products or services? This is only allowed if visitors state clearly in advance that they want to receive that newsletter. For example, by ticking a box. You must also offer the visitors the option to unsubscribe in every newsletter you send.

External registration system

Do you want to use a registration system that is offered by another organisation? This is possible, but you will have to conclude a processing agreement with that organisation in this case. In this agreement, you have to set out, among other things, that the organisation will not use the collected data for its own purposes and secure the data properly. In this case, the points for attention described above will also apply. You remain responsible for the data processing.

Sharing a list of participants

Do you want to share the list of participants of your event among your visitors, to facilitate networking by them, for example? Then ask the visitors in advance which contact details they want to share. Maybe they want to share a business telephone number, but do not want to have their private number placed on the list.

You can simply ask for consent at the time a person registers for the event. This consent must be given freely and unambiguously. You must be able to demonstrate that you have obtained consent.