Data processing: Crowd management

To ensure that your visit to Schiphol runs as smoothly as possible, we track the flow of visitors at Schiphol. We do this in two ways.

People counters
Firstly, there are sensors (so-called people counters) in various places in the terminal that measure the number of people passing through. These people counters do not store any data other than the number of people passing a particular point.

Wifi and bluetooth tracking
Secondly, we use wifi and bluetooth tracking.This means that if your phone, your laptop or any of your other devices have the wifi or Bluetooth function turned on, your device will make contact with our sensors. By turning off the wifi and bluetooth on your devices when your arrive at Schiphol, we will no longer be able to follow you via wifi and bluetooth tracking.

We store an encrypted version of the unique characteristic of your device (a so called ‘hash’ of your MAC address). We do this so that we can provide insight into passenger flows through the terminal. We take all kinds of technical measures to ensure your privacy is protected.

We convert the measurement data from both sensors into aggregated reports about arrival and departure patterns, walking routes, occupancy rates in certain areas and waiting times.

We use the data collected by the people counters and the wifi and bluetooth trackers to optimize the flow of visitors at Schiphol. This is very important for Schiphol. We can prevent queues or even dangerous situations as much as possible. We therefore have a legitimate interest in collecting this data.

The images taken by the people counters are converted into numbers in the camera. The images do no leave the camera, only in exceptional cases. In these exceptional cases we do store these images to test if the people counter is working properly. Once that test is over, we delete the camera images.

We store the encrypted version of your device’s unique identifier collected by wifi and bluetooth tracking for up to 24 hours. This means we can track the encrypted version of your device for up to 24 hours. After that we delete this data and can no longer track your device.

We retain the other measurement data for 14 months for (re)calculations. The general reports on visitor flows, which do not contain any directly identifiable personal data, are retained for 5 years.

On behalf of Schiphol, our software and hardware supplier processes personal data in the context of maintenance and support, such as repairing hardware. In addition, they remotely carry out software update for the hardware and may (remotely) monitor the hardware and software to ensure that they are working properly.

In turn they engage a subcontractor for the validation and calibration of people counters. Our software and supplier has full control over which sensors can be accessed. Considering the subcontractor has access to this data from the United States, standard contractual clauses have been concluded by our software and hardware supplier and additional measures have been taken.

In some cases, we share general reports on visitor flows with the Koninklijke Marechaussee and the Royal Dutch Airline: Koninklijke Luchtvaart Maatschappij (KLM).

Access to and amendment of your personal data
You have the right to know what personal data on you are processed by Schiphol.

If your personal data prove to be incorrect, you can ask us to amend your data. You can also request us to delete personal data and to discontinue their use. As we keep the hash of your MAC address for a maximum of 24 hours, we cannot delete or limit the processing after these 24 hours.

Lodging an objection
You can also object to the processing of personal data by Schiphol. You can object to the use of your personal data owing to your specific situation. If you lodge an objection, we will in principle stop processing your personal data if you object within 24 hours of the processing taking place.

Your request and our response
If you have a question, a request or if you wish to lodge an objection, email our Data Protection Officer (DPO) via dpo@schiphol.nl. We will do our utmost to respond to your request in a timely manner.

We may ask you to send us a copy of a valid ID if this is necessary in order to confirm your identity.

If any part of your request is unclear to us, we may ask you to specify your request and/or to supplement it, to enable us to provide you with the best possible service.

Who is the controller?
This privacy statement is issued by Schiphol Nederland B.V. Our contact details:

Schiphol Nederland B.V.
P.O. Box 7501
1118 ZG Schiphol

How to contact our Data Protection Officer (DPO)
Schiphol has a Data Protection Officer (DPO) for all your questions concerning privacy. The DPO also provides advice to us and monitors compliance with the privacy laws and regulations by Schiphol.

Do you have any questions or requests concerning your data? If so, you can send an email to the DPO via dpo@schiphol.nl or send a letter to our postal address, for the attention of the Data Protection Officer. Together with your request, please provide your name, address, email address and telephone number.

If you are dissatisfied with the way in which we treat your privacy or handle your request or objection, you can file a complaint with the Dutch Data Protection Authority.

If necessary, we will update this privacy statement. This may be due to changes in policies, changes in the data processing operations or changes in the systems we use to process data.