Privacy statement – Nuclear Energy Organisation (NEO NL .V.)

Version: 1.0. – Last updated: February 16, 2026

 

1. Controller and contact

This privacy statement is issued by Nucleaire Energie Organisation B.V. / Nuclear Energy Organisation Netherlands (NEO NL .V.) (NEO NL, “we”, “us”), with registered office at Carel van Bylandtlaan 5, 2596 HP The Hague, Netherlands.

NEO NL acts as controller for the processing described in this privacy statement.

Privacy contact:

 

2. Scope

The aim of this Privacy Statement is to provide you with all the relevant information regarding the collection and further processing of your personal data by NEO NL.In particular, in relation to the collection and processing of information which may result from your use of:

  • the use of the NEO NL – www.neonl.com – (hereinafter “the website”);
  • other online and offline interactions (such as correspondence, recruitment, visitor registration, and business relationships).

 

3. Personal data we process

Depending on the purpose for which we process your personal data and how you interact with us, we may process the following personal data:

  1. Contact and correspondence data

Name, job title, organisation, address, email address, telephone number, and the content of your message/request.

2. Business relationship data

Contact details of persons working for (prospective) customers, suppliers and partners; communications; meeting notes; contractual and operational information necessary to manage and perform agreements; and (where relevant) invoicing/procurement administration.

3. Recruitment data

CV, cover letter, work history, education, information you provide during interviews, and notes from the recruitment process. If you voluntarily provide special categories of data (e.g. health information), we will only process this to the extent permitted by law and where necessary.

4. Visitor, access, and security data

Visitor name, organisation, contact details, date/time of visit, host, badge/access credential information, access logs.

5. CCTV data

Camera images and related metadata (date/time/location), where CCTV is used.

6. Website technical data

IP address, device/browser information, log data, and data necessary to maintain and secure the website. If we use analytics or third-party embedded content, additional data may be processed (see cookie statement).

We do not intentionally collect personal data from children under 16 via our website.

 

4. Purposes and legal bases

NEO NL processes personal data only where permitted under the GDPR and applicable Dutch law. Depending on the context, we rely on one or more of the following legal bases: performance of a contract, legal obligation, legitimate interests, and consent.

4.1 Handling questions, requests and correspondence

Purpose: responding to enquiries, providing information, and communicating with you.

Legal basis: legitimate interest (efficient communication and service) and/or steps prior to a contract where applicable. 

4.2 Recruitment and selection 

Purpose: processing applications, assessing suitability, communicating during the process, and making a hiring decision.

Legal basis: permission, legitimate interest (recruitment) and/or steps prior to a contract.

Retention “talent pool”: only with your consent (see Section 8).

4.3 Managing relationships and performing agreements 

Purpose: entering into and performing agreements, managing contacts, meetings and communications, and operational administration.

Legal basis: performance of a contract and/or legitimate interests (relationship management, business operations).

4.4 Visitor registration, access control and security (including CCTV) 

Purpose: safeguarding people and assets, managing reception/access, preventing and investigating incidents, and ensuring continuity and security.

Legal basis: legitimate interest (security and safety). If a specific legal obligation applies in a concrete case (e.g., based on sector-specific rules or a binding instruction by a competent authority), we may additionally rely on legal obligation for that processing.

4.5 Compliance, governance, and legal claims 

Purpose: compliance with applicable laws, handling complaints, audits, information security, and establishing/exercising/defending legal claims.

Legal basis: legal obligation (where applicable) and/or legitimate interests (governance, security, claims).

4.6 Continuation of business operations 

Objective: legitimate interest (relating to ensuring the continuity of business operations). 

Legal basis: legitimate interest (continuity of the organisation).

 

5. Recipients

We do not sell personal data. We may share personal data with: 

  • service providers (processors) acting on our behalf, such as IT and hosting providers, security services, recruitment agencies, and professional advisors (such as accountants, auditors, and lawyers), to the extent necessary.
  • government agencies or regulatory authorities, if required by law or authorized to do so.
  • other third parties, only when necessary for a specific purpose and in accordance with the GDPR.

Our website may include links to third-party websites, plug-ins services and applications. Those third parties are responsible for their own processing of personal data and cookie practices. If you use third-party services, their terms and privacy/cookie information apply.

Where required, we enter into a data processing agreement with processors.

 

6. International transfers

Personal data may be processed in the EEA and, depending on our suppliers and tooling, may be accessed or processed outside the EEA.

Where personal data is transferred outside the EEA, NEO NL ensures appropriate safeguards as required by the GDPR, such as:

  • an adequacy decision by the European Commission; and/or
  • the European Commission’s standard contractual clauses, supplemented as necessary by additional measures.

 

7. Security

NEO NL implements appropriate technical and organisational measures to protect personal data, taking into account the nature of the processing and risks. Measures typically include access controls, role-based authorisations, logging, secure configuration and patching, and confidentiality obligations.

 

8. Retention

We retain personal data no longer than necessary for the purposes described, unless a longer retention is required or permitted by law (e.g. statutory administrative retention periods) or needed for legal claims.

Indicative retention periods:

  • Inquiries and correspondence: for as long as necessary to process and follow up on them.
  • Business relationship data: during the course of the relationship and thereafter, in accordance with legal requirements and statutes of limitations.
  • Recruitment (unsuccessful candidates): up to 4 weeks after the conclusion of the process.
  • Talent Pool: up to 12 months, only with your consent. You may withdraw this consent at any time; we will delete the data unless another legal basis applies.
  • Visitor registration and access logs: 3 to 6 months, unless a longer retention period is necessary in connection with incidents.
  • Surveillance footage: up to 28 days, unless a longer retention period is required for an investigation or legal proceedings.

 

9. What are your rights and how can you exercise them?

Under the GDPR, you have the right to:

  1. access to your data;
  2. correction of inaccurate data;
  3. data deletion (in certain cases);
  4. restriction of processing (in certain cases);
  5. objection to processing based on legitimate interests;
  6. data portability (if applicable);
  7. Withdrawal of consent (if applicable).

How to exercise your rights: contact us via privacy@neonl.com. We may request additional information to verify your identity. We aim to respond within one month, unless the GDPR allows an extension.

NEO NL not NEO NL decisions with legal consequences or comparable significant consequences based solely on automated processing.

If you have concerns, contact us first via privacy@neonl.com.
You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

NEO NL has not appointed a statutory Data Protection Officer. For privacy matters, contact privacy@neonl.com.

 

10. Notification of changes to this policy

To ensure the highest standard of our compliance program, we will continuously monitor its adherence with the regulation and best practices and update this privacy statement regularly. The latest version will be published on our website with the updated date.