Data processing: Lost & Found

Schiphol Nederland B.V. (“Schiphol”) is committed to protecting your personal data. In this privacy statement, Schiphol explains how Schiphol collects, uses and protects your personal data within the context of ‘Lost & Found’.

Which personal data do we process?

If you lose something at Amsterdam Airport Schiphol, you can report the loss via Schiphol’s website. Depending on the information you enter on the site, we will process the following personal data:

  • first name and surname.
  • address.
  • town/city.
  • country.
  • telephone number.
  • email address.
  • IP-address.
  • Type Identity document and Identity document number.
  • date of birth.
  • gender.
  • signature.
  • description about the item(s) you lost.

Furthermore, we obviously collect items that are left behind at Amsterdam Airport Schiphol. For example, if you lose your wallet or proof of identity, we will also process the personal data connected with these items.

When we get in direct contact with you to retrieve lost items, it is possible that we will process financial data. This includes processing your bank details to refund an amount of money.

Why do we process your personal data?

Schiphol is required by national laws and regulations to manage and return lost property. This responsibility involves safeguarding lost items and, when possible, returning them to their rightful owners. To fulfill this 'task of public interest,' we need to process certain personal data. We process your data solely for the purpose of returning lost property to you, and we do not use this data for any other purposes.

How long do we retain your personal data?

For the execution of Lost & Found, Schiphol uses a system in which reports of lost items and reports of found items are recorded. If a person reports a lost item, the data that this person shares with Schiphol in that context is stored in the system for a maximum of 13 months. If an item is found at Schiphol, the data describing that item, including personal data if applicable, is stored for a maximum of 24 months.

Different retention periods apply to items found by us. Found identity documents are always handed over to the Royal Netherlands Marechaussee within two days. Bank cards and credit cards are destroyed after approximately four weeks. Most other data carriers (documents, USB sticks, electronics) are destroyed after three months.

Our mailbox is periodically cleaned to ensure that the personal data we process in direct contact is also deleted.

Who do we share your data with?

Lost & Found services is managed by an external organization, who also has access to the data. A data processing agreement has been concluded with this party. We will hand your proof of identity to the Royal Netherlands Marechaussee. Furthermore, we will obviously share your data with a delivery service if we send your lost item back to you.

Which rights do you have?

Access to, amendment and deletion of your personal data
You have the right to know what personal data on you are processed by Schiphol. If we have not obtained the data directly from you, you also have the right to know from what source they derive and to receive a copy thereof.

If your personal data proves to be incorrect, you can ask us to amend your data. You can also request us to delete personal data and to discontinue their use.

Restriction of processing
If in your opinion we are not processing your data in a correct manner, you can request a restriction of the processing.

Lodging an objection
You can also object to the processing of personal data by Schiphol. If you lodge an objection, we will in principle temporarily discontinue or restrict the processing. If your objection is accepted, we will definitively discontinue or restrict the processing.

You can also ask us to share the rationale of our legitimate interest.

Your request and our response
If you have a question, a request or if you wish to lodge a objection, email our Data Protection Officer via dpo@schiphol.nl. We will do our utmost to respond to your request in a timely manner.

We may ask you to send us a copy of a valid ID if this is necessary in order to confirm your identity.

If any part of your request is unclear to us, we may ask you to specify your request and/or to supplement it, to enable us to provide you with the best possible service.

Whose privacy statement is this and how can you contact us?

Who is the controller? This privacy statement is issued by Schiphol Nederland B.V.
Our contact details:

Schiphol Nederland B.V.
P.O. Box 7501
1118 ZG Schiphol

How to contact our Data Protection Officer (DPO)
Schiphol has a Data Protection Officer (DPO) for all your questions concerning privacy. The DPO also provides advice to us and monitors compliance with the privacy laws and regulations by Schiphol.

Do you have any questions or requests concerning your data? If so, you can send an email to the DPO via dpo@schiphol.nl or send a letter to our postal address, for the attention of the Data Protection Officer. Together with your request, please provide your name, address, email address and telephone number.

Filing a complaint with the Dutch Data Protection Authority?

If you are not satisfied with the way we handle your privacy or the handling of your request or objection, you can submit a complaint to the Dutch Data Protection Authority.

Where can you find the latest version of this privacy statement?

If necessary, we will update this privacy statement. This may be due to changes in policies, changes in the processes in which we incorporate your personal data or changes in the systems we use to process data.

This version was issued on October 2024.