Privacy Statement COMMA

This privacy statement informs users of COMMA about the processing of personal data in COMMA. For more information or questions about this privacy declaration you can mail to:

Last updated on 4 November 2022

Purpose and necessity of personal data processing
COMMA processes personal data for the following purposes:

The processing of personal data by COMMA takes place as part of the operational management of the consular services. The legal ground for the processing of personal data is legitimate interest.

Categories of personal data and reports
COMMA processes the following personal data of its users:

Furthermore, the status of the exam (‘followed’/’passed’) is processed. In conclusion, the use of COMMA is automatically processed in reports. These reports provide the previously mentioned data as well as the following details:

Based on the ‘need to know’ principle, users can see their own results in COMMA. Reports about the use of COMMA by all users can be seen, essentially, only by the staff members that are authorized to put together these reports for the benefit of heads of department and/or heads of unit. Only managers at DCV are then allowed to examine the content of these reports (via the Tableau reporting tool and through data from BZIAM) from COMMA. In view of the degree and the way in which COMMA is being used by all users they can then make decisions about the further development of COMMA as a learning instrument. No reports are made at individual level. DCV does not check who has followed/finished which e-learnings nor does DCV look at individual results. There are no consequences when a final test is not passed. At their request and via the mission film, managers and/or COMMA contacts at the missions abroad can be informed on the use of COMMA at their own mission, still only based on anonymous totals, not at individual level.

Data sharing
Personal data of users will only be shared with third parties in case of I) a legal obligation to do so and/or II) the sharing is necessary in order to provide the COMMA services. In the latter case, the Ministry of Foreign Affairs concludes a data processing agreement to ensure the same level of security and confidentiality of the personal data of COMMA users. For the use of COMMA, the Ministry is currently cooperating with the following contractors: Tele’Train Education BV and Creapolis Media BV. A data processing agreement was concluded with both contractors.

Retention period and data security
The processed personal data will be deleted two months after the termination of a position or at the request of a user through the Self Service Portal (SSP). The Ministry of Foreign Affairs ensures that personal data for which it is responsible is appropriately protected.

Privacy rights
A user of Comma can submit a request in the following situations:

A request can be submitted to the Ministry by sending an e-mail to or by regular mail. The mail address is:

Ministry of Foreign Affairs
Legal Affairs Department (DJZ/NR)
P.O. Box 20061
2500 EB The Hague
The Netherlands
Requests for inspection and correction can also be made via an SSP request.

Contacting the data protection officer
The Ministry of Foreign Affairs has a Data Protection Officer. This officer monitors internal compliance with privacy legislation. This officer can be contacted by sending an e-mail to or by regular mail. The mail address is: Data Protection Officer
Ministry of Foreign Affairs
Security, Crisis Management and Integrity Group (VCI)
P.O. Box 20061
2500 EB The Hague
The Netherlands

Personal Data Authority
Any complaints can be filed with the Dutch privacy regulator, the Personal Data Authority.

Phishing messages
If phishing messages are suspected, please refer to the procedure for reporting phishing messages.

Data breaches
In case of (suspected) data breaches, please refer to the SSP-form for reporting data breaches.

Other Information Security (IB) incident
Other IB incidents can be reported via