How the University of Twente handles your personal details
The University of Twente makes every effort to protect your privacy. In this privacy statement we will explain how we handle your personal details. We process personal details in accordance with the General Data Protection Regulation (GDPR).
This statement applies to information that is collected and used in computerized systems within the University of Twente, including our websites. This statement does not apply to websites that mention the University of Twente, but whose content we are unable to influence directly.
Collecting your personal details
The University of Twente collects personal details if this is necessary in order to provide services, conduct transactions, distribute information or grant access. The information that we collect is always intended for a specific purpose; in other words we do not collect more information than is necessary for that purpose. We may collect information on the following categories of data subjects:
- Staff, including applicants and doctoral candidates
- Prospective students
- External staff, including guest employees
Personal details are usually provided by the data subject. If necessary, this information may be sent to or entered into another system within the university, from an internal source system. We also receive personal details from the systems of third parties, which may be closed source systems such as Studielink or an open source system such as Twitter.
We may also collect your details if you leave them on the university’s websites, in order to keep you informed of the diverse activities at the university.
It is also permitted to collect personal information within the university within the framework of scientific research. This concerns the personal details of participants in a study. This information is processed in accordance with the law and the ‘Code of conduct for the use of personal details in scientific research’ (VSNU). If medical details are involved, Federa’s relevant codes of conduct will also apply (the codes on ‘Good conduct’ and ‘Proper Use’). If necessary, the study will be assessed beforehand by the university’s ethical committee.
Use of your personal details
The university uses personal details collected from you for operational management purposes and to be able to properly perform its legal tasks and obligations with regard to education and research. The following overview describes the most important processes that the University of Twente uses to collect personal information, stating the most important elements of each process:
- Education and educational support: applications and enrolment, education, recording results and study progress, advice and guidance, providing teaching materials, handling disputes, conducting audits, graduation, addresses and face books, timetables and the digital test system
- Research and research support: Research administration and research details
- External relations: campaigns, contact, mailing lists and newsletters, study and date of graduation, focussed on prospective students, alumni and participants in various activities; details of companies, organizations and persons with whom the university engages in diverse types of collaborations, such as contracts, processor agreements or collaboration agreements for the delivery or receipt of services and products
- Personnel matters: establishing salary agreements, arranging claims to benefits in connection to the termination of an employment contract, internal and accountant’s audits in connection to company medical care
- Operational management and finances: financial administration, purchase systems, payment systems, IT management and legal procedures
- Facilities: access and management systems, CCTV, identity management
- Web content management
- Library system
- Visual material for communications from the university
The responsible unit (faculty or department) must notify the ‘Data Protection Officer’ team (in Dutch: FG team) of registrations. This gives the University of Twente a complete overview of all registrations.
The data we collected can be used for statistical and scientific research. We always act in accordance with the legal requirements.
Website and web systems
The University of Twente uses various tools to make its websites more user-friendly and to ensure that they function optimally. This includes measuring surfing behaviour using web statistics and other systems that are integrated into the website to collect active feedback from users or to conduct research with various versions of websites.
In order to show users more relevant content that is tailored to their situation, information on some parts of websites may be personalized on the basis of information that users have filled in earlier, their location/country or on the basis of other choices made on the website.
Contact by Email
We roughly distinguish two types of automated email: transactional email that you have initiated/requested yourself, and recruiting email. Transactional email is an essential part of a service that you have chosen, such as resetting a password or confirming an application or a request for information. You therefore cannot unsubscribe for this type of email.
If you have consented to receiving recruiting emails such as newsletters or invitations to events, you may withdraw your consent. This type of email has opt-out options. Due to the decentralized nature of email communication, there is no university-wide opt-out option.
Just as for the websites, the University of Twente uses analysis tools to analyse the reading and clicking behaviour for newsletters in order to analyse and improve our newsletters. Linking this information to your personal details enables us to send you more relevant email communications or interest-related information.
Your personal details will not be kept for longer than is necessary to achieve the objectives for which they were collected and processed. An exception may be made if it is necessary to keep information for historical, statistical or scientific purposes or on the grounds of a statutory regulation.
Protection of your personal details
The University of Twente attaches great importance to protecting your privacy and takes appropriate measures in order to do so. We take organizational and technical measures to ensure that it is safe for you to visit our websites. We use the available resources to minimize the risk of unauthorized persons gaining access to your personal details or unlawful use or disclosure of your details.
Access of university staff / third parties
The information that the University of Twente collects about you cannot be accessed by everyone. Only employees and persons working for the university have access to information and then only if they need it in order to do their job. These persons are authorized to access information using name and password security. All staff with such access are bound by a confidentiality clause on the grounds of the Collective Labour Agreement for Universities in the Netherlands.
Issuing to third parties
The University of Twente will only pass on personal details to third parties under specific circumstances. For example, if we are legally obliged to do so or if the data subject has given us their consent. Examples of parties to which we provide information are Studielink, the Ministry or Education, Culture and Science, the ABP (pension fund for the government and education sectors), the Immigration and Naturalisation Service and the Tax Authorities. The University of Twente will only pass on your information if we consider it necessary in order to:
- comply with statutory regulations or legal processes concerning the University of Twente or its websites;
- protect the rights and property of the University of Twente and related websites;
- protect your personal safety under critical circumstances.
The University of Twente regularly engages other companies to perform limited services on its behalf, such as sending and delivering information (direct marketing) and answering questions. We only give these companies the personal details they need to provide the service in question. The University of Twente concludes processor agreements with these companies, which oblige them to handle all information confidentially and to refrain from using it for any other purpose.
Information that cannot be traced to individual persons may be issued to third parties for statistical and historical purposes.
Storing your information
Personal details that we have collected from you may be stored and processed in the Netherlands or any other country within the European Union. In exceptional situations, data may be processed in a country outside the European Union. We only permit this if the legally required security and privacy measures have been taken.
If the University of Twente has processed your personal details, you are entitled to inspect them. If you would like to exercise this right, please contact the Data Protection Officer team by using our privacy rights form.
If you consider that this information is incorrect or incomplete, you may ask us to rectify it. You may also ask us to delete or protect data, for example if they are not relevant to the purpose for which they were collected. You can reach the Data Protection Officer team at firstname.lastname@example.org.
This privacy statement informs you of the way in which the University of Twente handles your personal details. If you would like to known more on this topic, you can go to our website: www.utwente.nl/en/cybersafety.
File a complaint
If you are not satisfied with the way we handle your personal data and you do not agree with the Data Protection Officer, you can file a complaint to the supervisory authority. This is the Dutch Data Protection Supervisor (in Dutch: Autoriteit Persoonsgegevens). On the website www.autoriteitpersoonsgegevens.nl you can find how to submit a complaint.
Changes to the privacy statement
We may change the privacy statement if there are new developments in our working practice or if there are changes in the relevant laws or legal precedents. Therefore check it occasionally to see if anything has changed. The most recent substantive change to this privacy statement was made on 22 October 2018.