Preventing fraud and abuse
Information on the use of your information to prevent and investigate fraud.
What personal data do we use?
Unfortunately, fraud and abuse are facts of life when it comes to claims, refund requests and credit card payments. In order to investigate and prevent suspected fraud or abuse, we use information such as your contact details, payment info, card info, and travel information. For credit card payments, we may process all data necessary to complete the transaction, including the IP address, for example.
If you are the holder or booker of an NS-Business Card from NS Zakelijk, we will use your business contact details if possible. We may obtain this information from an employer.
What do we use your personal data for?
If we suspect that fraud has been committed with an OV-chipkaart while travelling with NS, we may choose to send you a letter asking you to repay an outstanding amount. In addition, based on detected fraud and abuse, we can determine the deployment of staff and carry out more targeted checks.
The basis for processing the data is: legitimate interest.
NS has a commercial interest in preventing fraud. We take every precaution to prevent infringements on your privacy. For example, we only use the information necessary and will opt for less impactful measures where possible.
With whom do we share data?
If the fraud potentially involves a criminal act, we may pass along your information to investigative agencies such as the police to facilitate the investigation and prevention of criminal activity. We contract third parties to provide IT services.
These third parties process our data solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal data.
We are authorised to provide your personal data to parties outside the European Economic Community under certain circumstances. In that event, we will take suitable measures with these parties, for example by agreeing to the standard provisions required by the European Commission.
If you fail to meet your payment obligations, we will share your contact details with BOS Incasso to collect the outstanding amount. In case of fraud or suspected fraud or abuse involving the NS Business Card, we will share your data with the relevant chain partner. For payments via iDeal or credit card, we will share your payment details with third parties for the processing of the transaction and to combat fraud.
How long do we store your data?
For suspected cases of fraud, we will store your data for a maximum of 3 years from the most recent suspicious incident. In case of proven fraud, we will store all investigation data for a maximum of 5 years from the last incident.