Privacy statement

It Don’t-PSD2-me-register and the corresponding website are an initiative of Privacy First Foundation, located at Keizersgracht 127, 1015 CJ Amsterdam. Personal data will be processed for this initiative. We therefore comply with the General Data Protection Regulation (AVG), Telecommunications Act and other applicable laws and regulations.

In this privacy statement we describe how we handle personal data and what we do to protect the privacy of website visitors, newsletter subscribers and Don’t-PSD2-me-Register register participants. This privacy statement only applies to the Don’t-PSD2-me-Register initiative. The general privacy statement of Stichting Privacy First is here to be found.

Privacy First processes as little as possible personal data. Not only because it is not necessary, but also to people who get in touch with us to protect, from activists to the file officials involved. Our principles for the processing of are personal data:

  • We process as little personal data as possible.
  • All our activities and information can be visited or consulted anonymously. If an email address is required, we don't mind if you use a pseudonym address.
  • We fit as much as possible privacy by design and privacy by default please.
  • Personal data will not be sold, further processed or provided to others.

Who processes your data?

Stichting Privacy First is responsible for the processing of personal data as set out in this privacy statement.

  • Contact details:
  • Privacy First Foundation, Don’t-PSD2-me-Register
  • to Mr. V. Böhre, Director
  • Keizersgracht 127
  • 1015 CJ Amsterdam

Personal data that we process

Our starting point is that we apply data minimization strictly. We only ask for data if it is necessary for our activities. We process personal data for the following purposes:

You visit the website? We don't use cookies. We do not measure website activity and don't follow your behavior. We process:

  • No personal data

Find your contact with us? If you mail, write or contact us via the website are contact details needed to make contact. We do not record these details and only use it to contact you. We process:

  • Contact details
  • Information shared by you

Do you sign up for the newsletters? If you subscribe to our newsletters it works the same as subscribing to a newsletter. You can unsubscribe or change your preferences at any time. The personal information you enter (e-mail address and any other fields) will only be used by us to send you messages. This information will never be given to third parties.

We keep track of how the newsletters are read. This is done by means of tracking pixels and monitoring clicks on links. This information cannot be traced back to persons.

We're processing:

  • E-mail address (mandatory)
  • First name and surname (not required)
  • Newsletter preferences
  • (on an aggregated level) how newsletters are read

Special and/or sensitive personal data that we process

The Don’t-PSD2-me-Register does not (yet) process any special personal data. In the future, however, we will be able to do so as soon as the register registers account numbers that can immediately be seen as special personal data.

Early on children are allowed to open a bank account and often before they're ten years old banking. We advise parents to be involved in their children's online activities. This also applies to banking. We encourage children and their parents to participate actively in the Don't-PSD2-me-Register.

How long we retain personal data

We do not retain your personal data longer than is strictly necessary to achieve the purposes for which your data is collected. As long as you participates in the initiative, subscribes to our newsletter and contacts we'll process your data.

As soon as you no longer want to participate in one of the activities, then you can revoke your consent to the processing. Because we use of a newsletters system you can easily do this with the unsubscribe link that you'll find under every mailing.

Sharing personal data with third parties

We only share personal information with third parties for the Don’t-PSD2-me-Register register or to comply with a legal obligation. When we engage third parties, Privacy First Foundation is the processor and the other party the processor. We close clear agreements with processors to ensure that you have personal data is secure.

Transfer of data outside the EU

We set up the Don’t-PSD2-me-Register and the website in such a way that we can only work with Dutch service providers who have their data centres in the Netherlands have. We don't transfer data outside the EU.

View, modify or delete data

You have the right to access, correct and delete your personal data. In addition, you have the right to give your consent to revoke the data processing or object to the processing of your personal data through Don’t-PSD2-me-Register and you have the right to data transferability. This means that you can submit a request to us to send the personal data we hold about you in a computer file to to send you or any other organization named by you.

You can request inspection, correction, removal, data protection of your personal data or request for the withdrawal of your personal data objection to the processing of your personal data to

To make sure that the request for inspection by you is done, we can ask you for a copy of your ID with the request to be sent along. Make in this copy your passport photo, MRZ (machine readable zone, the strip of numbers at the bottom of the passport), passport number and Citizen service number (BSN) black. This is to protect your privacy. We respond as soon as possible, but within four weeks, at your request.

If you have a complaint, we'll hear it. We want you on it. point out that you also have the legal right to complain to the national supervisory authority, the Personal Data Authority. This can be done via the next link:

How we secure personal data

We take the protection of your data seriously and take appropriate measures to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorised modification against to go. If you feel that your data isn't secure after all... if there are indications of abuse, please contact us at

Validity of this privacy statement

This is the last version of the privacy statement, dated 1 August. 2019. Where changes in processing take place, and for this reason the privacy statement must be amended then we report that on the site and addressed to the subscribers of the newsletters.

If you have any questions, comments, suggestions or compliments about how to we deal with personal data and how we put it into words, we'd like to hear that.

  • Privacy First Foundation
  • 1 August 2019