Privacy Statement

This page tells you about what Biorizon does with personal data, how Biorizon protects personal data and how you can exercise the rights you have under privacy legislation.

Biorizon is a Shared Research Center, initiated by TNO, ECN part of TNO and VITO. It has no legal entity on itself. TNO and VITO are both joint data controller. On behalf of Biorizon, TNO is responsible for the correct handling of your personal data.

Biorizon shall handle the personal data in accordance with the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR’).


Personal data means any information that is traceable to you as a person. Your name, address or email address are examples of personal data. On the website of the Dutch Data Protection Authority (  you will find more information about personal data and privacy legislation.


Whenever you wish to receive information from Biorizon, we need your details so that we can send the information. Biorizon also saves the data you provide when you request, for example, a folder. In addition, Biorizon processes your personal data so that it can send the online newsletter and invitations to events. In such cases, Biorizon uses your personal data based on your consent and/or based on an existing professional relationship.

Your personal data may also be used when you participate in research conducted by Biorizon. For example when you participate in an interview that focuses on your professional view on the topic of bio-aromatics.

Biorizon shall process the personal data only with the informed consent obtained from the Data Subject, and shall not further exchange and/or process the Personal Data in a manner which is incompatible with the provisions laid down in the informed consent with the Data Subject.


Biorizon does not keep your personal data any longer than is necessary for the purpose for which it is being held. If you have signed up to receive information from Biorizon and you later sign off, Biorizon deletes your personal data.

When Biorizon completes a study that involves use of your data because you were a participant, your data are deleted once they are no longer needed for archiving purposes. By this we mean that for an extended period it needs to be possible to substantiate the results of the study by referring to the underlying data. In this situation, Biorizon will protect the personal data by giving them a pseudonym or rendering them anonymous, if possible. Data that have been given a pseudonym can no longer be traced directly to you as a participant. Data that have been rendered anonymous can never be traced to you.


Biorizon attaches great importance to ensuring that personal data provided by you are handled and kept secure with the greatest possible care. In order to optimally protect your personal data against loss, theft, unauthorised access or misuse, Biorizon takes the appropriate technical and organisational measures to keep your personal data secure, which includes the use of the latest security technology. In terms of organisation, Biorizon has arranged for research data to be accessible exclusively by employees involved in the research in question.


Biorizon adheres to the principle that it does not share your personal data with others than the initiating parties. The data will not be sold. However, there are exceptions whereby Biorizon is required to give personal data to others. These are always exceptional circumstances, such as legal proceedings or crime prevention.


Under the prevailing privacy legislation you have various rights you can exercise to keep control of the personal data an organisation collects about you and uses. For example, you are entitled to access the personal data that Biorizon has about you. This right of access is intended to enable you to check whether the data are correct and to make any rectifications as necessary. You can also check whether Biorizon has used the data lawfully. As well as the right of access, you have the right to object against the use of your data by Biorizon

If you wish to exercise your privacy rights, you can send an email to You can also send a letter to:

  • TNO (co-initiator of Biorizon)
  • attn. Corporate Legal department
  • Postbus 96800
  • 2509 JE Den Haag
  • The Netherlands

To ensure that your request is processed, you must include the following information in your email or letter:

  • your name and address;
  • the date and your signature;
  • a description of your request in which you state your relationship to Biorizon.
  • a copy of your ID. (Make sure you make a safe copy of your ID, f.e. by using the KopieID app.)

Your request will always be processed but this does not necessarily mean that your request can be granted. This is because the prevailing privacy legislation recognises exceptional situations in which your privacy rights are not valid. This may be the case, for example, where personal data are used to conduct research.

You will receive a reply to your request within a month. If your request cannot be processed within a month, you will be notified accordingly. Biorizon is required to process your request within three months at the latest.

Biorizon's response addressing the matter of your request is a decision governed by the Dutch General Administration Act. If you disagree with the decision because Biorizon has denied your request partially or in full, you can lodge an objection and subsequently apply to the administrative law courts in The Netherlands.


In spite of our precautionary measures designed to give personal data the best possible protection, it remains possible that an incident may occur in which personal data are involved. An incident of this type is called a data breach. If you believe that a data breach is occurring at Biorizon, always get in touch with us. The best way to do this is by email via

The following information should be supplied when reporting a data breach:

  • your name and contact details;
  • the nature of the incident;
  • which personal data are involved;
  • which systems are involved in the incident; and
  • when and how you discovered the incident.


Biorizon's website uses cookies. A cookie is a file that is sent to your computer (or other type of device) and records information about your visit to Biorizon's website uses cookies to help it work properly, for example by remembering your preferences or remembering that you have already filled in a survey. In addition Biorizon uses cookies to collect statistics about the use of its websites, such as visitor numbers, popular pages and searches. Biorizon uses this information to improve its website. To do this, Biorizon uses Google Analytics. Biorizon has set the settings of Google Analytics on its websites to be privacy friendly, in accordance with the (Handleiding privacyvriendelijk instellen van Google Analytics) published by the Dutch Data Protection Authority. Accordingly, Biorizon has:

  • concluded a data processing agreement with Google;
  • masked the last eight characters of the IP address; 
  • switched off 'share data'; 
  • ensured that no use is made of other Google services in combination with Google Analytics' own cookies. 


If you have any questions about this privacy statement, exercising your rights or Biorizon's activities in the field of personal data, you can get in touch online with Biorizon via

If you have a complaint about how Biorizon handles personal data, we would like to hear from you. You can also report your complaint to the Data Protection Officer at Biorizon. In addition, you are always entitled to submit a complaint to the Dutch Data Protection Authority.


This privacy statement may be changed at any time by Biorizon without prior announcement. Changes come into effect as soon as they are published on this website.

Biorizon is powered by


This project is made possible by a contribution from the European
Regional Development Fund (ERDF) within the framework of OP-Zuid.

Op Zuid