Privacy policy

1. Introduction
The Dutch Travel Guarantee Fund Foundation (SGR) attaches great importance to the careful and transparent handling of personal data. In this privacy statement, we explain which personal data we process, for what purposes, on which legal bases, and what rights data subjects have. SGR processes personal data in accordance with the General Data Protection Regulation (GDPR).

2. Whose personal data do we process?
We process personal data of, among others:

  • consumers and other individuals who submit a claim or are involved in a bankruptcy or settlement in which SGR plays a role;
  • travel companies and other participants (current and prospective);
  • users of our websites, portals, and digital services;
  • individuals who contact us (for example, by email or telephone).

3. What personal data do we process?
Depending on the purpose, we process, among other things:

  • identification and contact details (name, address, city, email, telephone number);
  • company data (for participants);
  • financial data (such as IBAN and payment information);
  • data necessary for claims handling;
  • correspondence and file information;
  • technical data such as IP address and browser data.

We may also receive personal data from other sources, such as:

  • the Trade Register of the Chamber of Commerce (participants);
  • public sources, such as websites (participants);
  • information from trustees or other involved parties (participants and consumers).

We do not process more data than necessary for the relevant purpose.

4. Purposes and legal bases
Where processing is based on consent, such consent may be withdrawn at any time.

Purposes and legal bases for data processing:
We process personal data solely for the purposes described below and based on the corresponding legal grounds as referred to in the GDPR:

Execution of guarantee schemes
Processing is necessary for the performance of the agreement to which the data subject is a party.

Handling of claims
Processing is necessary for the pursuit of our legitimate interests, such as careful handling of claims, and/or to comply with a legal obligation.

Compliance with legal obligations
Processing is necessary to comply with legal obligations applicable to us.

Communication and customer service
Processing is necessary for the pursuit of our legitimate interest, namely maintaining contact with customers and providing adequate support.

Website improvement
Processing is necessary for the pursuit of our legitimate interest to analyze and optimize our website and services.

Marketing and communication
Processing takes place on the basis of the data subject’s consent, where required by law.

5. Retention periods
We do not retain personal data longer than necessary. In some cases, the law determines how long we may or must retain data. In other cases, we determine retention periods based on laws and regulations.

Indicative retention periods are:

  • claims and settlement files: up to 7 years after completion;
  • financial and administrative data: in accordance with statutory retention periods (usually 7 years);
  • email and other correspondence: up to 2 years, unless part of a file;
  • technical data and cookies: in accordance with the cookie policy (up to 14 months).

6. Sharing data with third parties
We may share personal data with third parties if this is necessary for the performance of our tasks or to comply with legal obligations. This may include:

  • Travel Payment Platform Foundation
  • organizations affiliated with SGR:
  • Calamity Fund Foundation for Travel
  • Dutch Travel Guarantee Fund BusinessDutch Travel Guarantee Fund for Specialized Tour Operators
  • (re)insurers;
  • trustees, administrators, and travel service providers;
  • IT service providers;
  • other professional advisors, such as accountants and lawyers.

We conclude data processing agreements with parties that process personal data on our behalf, in accordance with Article 28 GDPR.

7. Use and cookies
We use functional and analytical cookies. Upon first visit, we request consent for:

  • Google Analytics (with IP anonymization)
  • settings and preferences

Cookies can be refused or deleted via your browser settings. This may affect the optimal functioning of our website.

We collect (anonymous) usage data to improve the content and functioning of the website and to tailor it to users’ needs. This non-identifiable information may be stored for future use and, where necessary, shared with service providers.

More information about our cookie policy can be found on our website.

8. Your rights
Under the GDPR, you have the following rights:

  • right of access to your personal data;
  • right to rectification;
  • right to erasure (to the extent legally permitted);
  • right to restriction of processing;
  • right to object to processing;
  • right to data portability.

A request can be submitted via sgr@sgr.nl.
For verification, you may be asked to provide a copy of a valid ID, with your citizen service number (BSN) and photo redacted. SGR will respond to the request within one month.

You also have the right to lodge a complaint with the Dutch Data Protection Authority.

9. Security and data breaches
We take appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access. In the event of a data breach, we will act in accordance with the notification obligation to the Dutch Data Protection Authority.

10. External websites
This privacy statement does not apply to third-party websites to which references are made. We are not responsible for the privacy policies of external websites.

11. Data Protection Officer
We have appointed a Data Protection Officer (DPO).
For questions about privacy or data protection, you can contact sgr@sgr.nl.

12. Changes
We reserve the right to amend this privacy policy. The most current version is always available on the website.

Disclaimer

Disclaimer for translation errors The official language of SGR is Dutch. The translation of this text was prepared with the utmost care. However, SGR does not accept any liability for errors or omissions in this translation or the direct or indirect consequences of acting or failing to act based on this translation. It is not possible to derive any rights, of whatever nature, based on this translation. In the event of any discrepancy between the Dutch text and the English translation, the Dutch text shall be binding.

© 2026 SGR