Yes, but the device must be properly secured. It must be properly password protected, it should not be shared with others and your laptop’s hard disk must be encrypted.
You should immediately report this to firstname.lastname@example.org. Specify whether the hard disk was encrypted and whether the device was properly password protected.
No. As long as the registration is limited to the data necessary for the purpose for which the University of Twente was provided with that data (enrolment and education), no specific permission is required. If data is used for another purpose, explicit prior permission is required.
The Programme Committee deals with the education evaluations, a process that may involve serious (but always respectful) discussion about a specific education component. Within the university community, a link to a certain teacher can easily be made.
Students also want to share the information with other students/future students and include the reports on information carriers not managed by the university.
Try to work with aggregated data as much as possible.
Agree in advance with all those involved about the confidentiality of the documents.
Sometimes students carry out a survey as part of their graduation assignment without having implemented the education methodology.
More information is available on the Cyber Safety website, under Privacy, including the Privacy Rules Guideline.
Student assistants complete all kinds of assignments as ‘temps’. Sometimes they check interim examinations because they have specific expertise.
Students who are hired as student assistants, who work through UT Flex or who are granted a temporary contract are comparable to an employee of the University of Twente and are covered by the collective labour agreement. The codes of conduct of the University of Twente also apply to them. It is not a problem if they come into contact with personal details, but they are expected to deal with such information in a professional manner. Student assistants should be given instructions to ensure they know what is expected of them when carrying out the assignment.
Yes that is allowed. Organizing a parent's day is an extension of the activities that are organized from the study program around education. We assume that the study association in this service supports the study program. Requesting permission from the parents of students would require disproportionate efforts in relation to the importance of sharing their data. The impact on the privacy of the parents is very small. The data must be protected. The study association may not store the relevant data for longer than necessary for the organization of the parent's day and may not use it for other purposes.
Take a critical look at the documents to determine which ones should be kept and store these in JOIN. The paper forms need not be archived and can be destroyed.
Do so only if necessary and only share information that is relevant.
Information exchange with those involved within the chain is part of talks with students. Be transparent about the communication with others. Medical data may never be exchanged, unless the student has given express permission.
If the communication is anonymous, this is allowed.
If the communication cannot be anonymized, the student’s permission is required. When the student is younger than 16, his/her parents must give their consent.
Medical certificates and diagnostic reports may be viewed but never copied or stored in OSIRIS. The viewed information is only registered when necessary, using a PO coding system.
If the contents of the medical certificates or diagnostic reports are essential to student guidance, it can be stored in OSIRIS following the student’s express permission. Only designated and authorized persons may then have access to it.
Medical certificates may be assessed by designated persons. They can document their consent on the checked certificates without storing the documents themselves.
Personal notes (or work notes) are not covered by the General Data Protection Regulation. You may never share personal notes with others. The person involved is not entitled to inspect these personal notes.
Notes in OSIRIS are shared with colleagues within SACC and are therefore not personal notes. The person involved is entitled to inspect these notes.
In OSIRIS you can specify who can consult these notes; keep access as limited as possible.
Access within ‘Planzelf’ is limited to the planners themselves. The appointment will be adopted in the Outlook agenda of the Study Advisor in question. The Study Advisor should therefore limit access to his/her agenda to only those employees who have a need to know on the basis of their position. Only data necessary for the appointment should be obtained.
Internal: summary lists may be shared within the University of Twente through e-mail where necessary to pursue education or to make the necessary arrangements. Key consideration: the retention period of data in the e-mail should be no longer than necessary.
External: study progress data may not be shared with third parties (outside of the University of Twente) without the students’ permission.
Yes, this permission is included in the grant provider’s contract.
Example: a teacher has a graduation assignment and is looking for a student who is a good communicator, who can hold his/her own in a complex organization or who has gotten high marks for a subject that is essential to the graduation assignment.
Another example: teachers must determine who has/has not passed a module. Guidelines apply, but it may be necessary to share information in cases of doubt.
Information related to the purpose of registration of that information may be shared among teachers. Where the examples are concerned, looking for a student who ‘matches’ a graduation assignment fits that purpose, as does sharing information about a student’s results. Exchanging (relevant!) information in cases of doubt is not a problem because that is necessary to provide good education, proper student support and a high-level certificate.
But as always: be transparent, be careful and only exchange necessary personal details.
The university makes some websites – such as the portfolio website – available to students where everyone can see everything.
Personal details may not be included on a website, unless the person involved has given prior permission.
Peer-to-peer review is an accepted teaching method and will remain available under the General Data Protection Regulation. However, make sure that the exchanged personal details have a clear purpose and are necessary for the review. You should therefore provide as little data as possible and be transparent (up front) about this method and the data concerned.
Not all information is provided through the official student administration; interim tests of module components cannot be included in OSIRIS.
No, publication of these types of lists is never allowed and the information may not be posted on Blackboard/Canvas.
Anyone with a University of Twente account could determine the owner of an s number within seconds. Use the Grading Center instead.
If your question is not in the FAQ, please contact the Data Protection Officers team (email@example.com).