No. As long as the registration is limited to the data necessary for the purpose for which the University of Twente was provided with that data (enrolment and education), no specific permission is required. If data is used for another purpose, explicit prior permission is required.
The Programme Committee deals with the education evaluations, a process that may involve serious (but always respectful) discussion about a specific education component. Within the university community, a link to a certain teacher can easily be made.
Students also want to share the information with other students/future students and include the reports on information carriers not managed by the university.
Try to work with aggregated data as much as possible.
Agree in advance with all those involved about the confidentiality of the documents.
Sometimes students carry out a survey as part of their graduation assignment without having implemented the education methodology.
More information is available on the Cyber Safety website, under Privacy, including the Guideline Privacy Rules.
You can use Google Forms within your G Suite environment (with your UT Google account). It is not allowed to use such tools with a private account when processing personal data.
The UT has also developed various tools that may be used.
The IP address is not linked to the questionnaire and is therefore not part of the result set. Only the administrator of the website has knowledge of the IP address. The university has an agreement with Google that complies with the AVG. Google may therefore process the IP address in this context.
But if you just do not save the name and location, the question is whether the data is actually anonymous. It may be possible to trace the results to a person in a different way. It will therefore have to be considered on a case-by-case basis to what extent the results can be traced to a person. If that is not the case, the results are anonymous and you do not have to take the AVG into account.
Student assistants complete all kinds of assignments as ‘temps’. Sometimes they check interim examinations because they have specific expertise.
Students who are hired as student assistants, who work through UT Flex or who are granted a temporary contract are comparable to an employee of the University of Twente and are covered by the collective labour agreement. The codes of conduct of the University of Twente also apply to them. It is not a problem if they come into contact with personal details, but they are expected to deal with such information in a professional manner. Student assistants should be given instructions to ensure they know what is expected of them when carrying out the assignment.
Take a critical look at the documents to determine which ones should be kept and store these in JOIN. The paper forms need not be archived and can be destroyed.
Do so only if necessary and only share information that is relevant.
Information exchange with those involved within the chain is part of talks with students. Be transparent about the communication with others. Medical data may never be exchanged, unless the student has given express permission.
If the communication is anonymous, this is allowed.
If the communication cannot be anonymized, the student’s permission is required. When the student is younger than 16, his/her parents must give their consent.
Medical certificates and diagnostic reports may be viewed but never copied or stored in OSIRIS. The viewed information is only registered when necessary, using a PO coding system.
If the contents of the medical certificates or diagnostic reports are essential to student guidance, it can be stored in OSIRIS following the student’s express permission. Only designated and authorized persons may then have access to it.
Medical certificates may be assessed by designated persons. They can document their consent on the checked certificates without storing the documents themselves.
Personal notes (or work notes) are not covered by the General Data Protection Regulation. You may never share personal notes with others. The person involved is not entitled to inspect these personal notes.
Notes in OSIRIS are shared with colleagues within SACC and are therefore not personal notes. The person involved is entitled to inspect these notes.
In OSIRIS you can specify who can consult these notes; keep access as limited as possible.
Access within ‘Planzelf’ is limited to the planners themselves. The appointment will be adopted in the Outlook agenda of the Study Advisor in question. The Study Advisor should therefore limit access to his/her agenda to only those employees who have a need to know on the basis of their position. Only data necessary for the appointment should be obtained.
Internal: summary lists may be shared within the University of Twente through e-mail where necessary to pursue education or to make the necessary arrangements. Key consideration: the retention period of data in the e-mail should be no longer than necessary.
External: study progress data may not be shared with third parties (outside of the University of Twente) without the students’ permission.
Yes, this permission is included in the grant provider’s contract.
Example: a teacher has a graduation assignment and is looking for a student who is a good communicator, who can hold his/her own in a complex organization or who has gotten high marks for a subject that is essential to the graduation assignment.
Another example: teachers must determine who has/has not passed a module. Guidelines apply, but it may be necessary to share information in cases of doubt.
Information related to the purpose of registration of that information may be shared among teachers. Where the examples are concerned, looking for a student who ‘matches’ a graduation assignment fits that purpose, as does sharing information about a student’s results. Exchanging (relevant!) information in cases of doubt is not a problem because that is necessary to provide good education, proper student support and a high-level certificate.
But as always: be transparent, be careful and only exchange necessary personal details.
The university makes some websites – such as the portfolio website – available to students where everyone can see everything.
Personal details may not be included on a website, unless the person involved has given prior permission.
Peer-to-peer review is an accepted teaching method and will remain available under the General Data Protection Regulation. However, make sure that the exchanged personal details have a clear purpose and are necessary for the review. You should therefore provide as little data as possible and be transparent (up front) about this method and the data concerned.
Not all information is provided through the official student administration; interim tests of module components cannot be included in OSIRIS.
No, publication of these types of lists is never allowed and the information may not be posted on Canvas.
Anyone with a University of Twente account could determine the owner of an s number within seconds. Use the Grading Center instead.