Frequently asked questions about the Business Register
- 4 May 2023
- Edited 1 Feb 2023
- 1 min
It is important to the Netherlands Chamber of Commerce KVK that your personal data are handled with care. This goes for all data registered in our customer system for the purpose of providing our services. Our customer system and the Business Register are both fully GDPR-compliant.
Although they generally contain the same information, these 2 registers are subject to different legal provisions with regard to data storage. The Business Register has a special exemption under the GDPR because it is a public register. Below are the most frequently asked questions on privacy and the Business Register.
Frequently asked questions
The Business Register contains the data of natural persons who own a business. Such as an eenmanszaak (sole proprietorship), vof (general partnership), and maatschap (partnership). And of officers of legal entities (such as directors).
For 'eenmanszaken' (sole proprietorships), vofs (general partnerships), and 'maatschappen' (partnerships), you can find the owner’s name, home address, date of birth, place of birth, and date of death, as well as indirectly identifiable personal information such as a KVK number, trade name (if it contains the owner's name), the business address (if it is the same as the residential address), a (mobile) phone number, and possibly an email address.
Furthermore, some details of officers of a legal entity are also considered personal data, such as their home address, (mobile) phone number, and date/place of birth. Please note that the details of legal entities themselves (for instance bvs (PLCs) and nvs (LLCs)) are not considered personal data.
For example: the KVK number, trade name, business address, telephone number, and email address of the legal entity Klusbedrijf Jansen BV are not personal data, not even if the business address is Mr Jansen's home address and the company phone number is the same as his own mobile number.
- date of birth
- date of passing away
- citizen service number
- Private adress
- private address official legal entity
The GDPR applies only to those data considered personal data (as described above), such as data belonging to natural persons who own a business (such as an ‘eenmanszaak’ (sole proprietorship), vof (general partnership), or ‘maatschap’ (partnership)) that can be traced back to a natural person and data belonging to officers of legal entities.
Note that while the GDPR protects the privacy of individuals, there is an exception for public records established by law, such as the Business Register. This means that the GDPR applies to the Business Register, but KVK has grounds for processing the data for its statutory duties (as described in article 2 of the Commercial Register Act). This means that some personal data in the Business Register are public and that if you are listed in the Business Register, there are several rights that you do not have. Among other things, you cannot request the removal of your data from the Business Register (the so-called right to be forgotten) or object to the processing of your data in the Business Register.
The home addresses listed in the Business Register are not public, with the exception of the home address of the keeper of the books and records. A home address and business address can be the same. But legally speaking, they are 2 different addresses. A business address is considered public.
In the case of a probable threat, it is possible to protect your business address in the Business Register by submitting a request to KVK, provided that you have already taken measures yourself to reduce the prominence of your address. If your request is honoured, your business address will no longer be public. Only employees of authorised governing bodies, lawyers, notaries, and bailiffs can view home addresses and protected business addresses.
Also see Private address in the Business Register.
No, the GDPR does not change the public nature of the Business Register. While it protects the privacy of personal data, there is an exception for public records established by law, such as the Business Register. This means that the GDPR does apply to the Business Register, but KVK has grounds for processing the data for its statutory duties (as described in article 2 of the Commercial Register Act).
Under the GDPR, anyone or any company purchasing Business Register data is responsible for processing personal data as a data controller. This means they are responsible for complying with GDPR requirements for processing personal data. As such, they are also required to notify anyone whose personal data they are processing. Processing covers all the actions you can perform with personal data. This includes collecting, disseminating, storing, consulting, updating, merging, and deleting data.
With regard to KVK processing data in the Business Register, KVK is not required to request consent for processing, as it has a legal duty to do so. No consent is required to process personal data in public registers established by law, such as the Business Register. KVK manages this register as part of its legal duties.
KVK exercises great care in handling the personal data of all persons appearing in its customer registrations. For more information, read our privacy statement.
No, this is not possible. KVK is required to provide public data from the Business Register. But providing a list of parties who accessed the register is not allowed, because such a list would contain non-public information.
Many parties buy information from the Business Register. For instance, entrepreneurs buying certificates to find out who they are doing business with before sending a shipment. Or organisations that use the Business Register to provide services. Banks, for example, may check the Business Register before they allow you to open a bank account or decide to extend credit. And municipalities can use the Business Register to issue permits or collect taxes. Under the current rules and regulations, KVK is required to provide Business Register information to all types of buyers, regardless of the purpose for which they request data.
No, KVK processes the (personal) data of entrepreneurs and officers of legal entities in the Business Register under the Commercial Register Act. Under privacy laws and the Commercial Register Act, KVK is a data controller, which means that processor agreements (with companies listed in the Business Register) are not needed.
We understand that it is annoying that being listed in the Business Register can lead to unwanted marketing. Under the Commercial Register Act, we are required to provide data from the Business Register if requested, so we cannot simply refuse to provide your data. However, the buyer must comply with applicable privacy laws and, if indicated, respect the wishes of business owners who do not wish to be exposed to direct marketing.
The Business Register Act also allows for the information from the Business Register to be used for direct marketing purposes, as does the GDPR.
Under the Commercial Register Act, we are required to provide data from the Business Register if requested, so we cannot simply refuse to share your data. If you do not want to be contacted for advertising and marketing purposes, you can set certain limitations. Read more about commercial solicitation.
As a business owner, you may face unwanted use of your contact details. Other companies use them, for example, to send you advertising or call you with a business offer. This data can come from the Business Register, but also from other sources. For instance, from data brokers, (online) business directories, or your company's website. If you do not want to be contacted for advertising and marketing purposes, you can limit this. You will find more information about this on this page.