Breda University of Applied Sciences deals with personal data on students, staff and visitors carefully and in accordance with the requirements set by the General Data Protection Regulation (GDPR).
This privacy statement is a summary of how Breda University of Applied Sciences handles your personal data and what rights you have in the context of the privacy legislation.
Persons involved and Breda University of Applied Sciences as the party responsible
The GDPR serves to protect the personal data of natural persons, also referred to as persons involved. In this context, Breda University of Applied Sciences processes personal data of students, staff and any other persons involved. Breda University of Applied Sciences is the party responsible within the meaning of the GDPR. As the party responsible, Breda University of Applied Sciences has to ensure compliance with laws that regulate the use of personal data.
Security of personal data
Breda University of Applied Sciences has to ensure the proper organisational and technical security of personal data that are processed. Technical security involves the various login procedures that are in place at Breda University of Applied Sciences. Organisational security is organised according to a strict authorisation plan. Only people that need to access certain data in the context of their job duties may examine the data.
Data protection officer
Breda University of Applied Sciences has appointed a data protection officer (DPO) to guarantee privacy rights and obligations for all those concerned and monitor compliance with privacy legislation. The DPO is registered with the Dutch Data Protection Authority.
Types of personal data
Breda University of Applied Sciences is a university of applied sciences. To be able to work towards its main purpose, i.e. delivering education, the following personal data can be processed by Breda University of Applied Sciences:
- Name and address details (name, address, place, e-mail address and telephone number), date and place of birth, passport photo, IBAN, student number, OC&W correspondence number, BSN, copy of identity document, diploma/degree of previous education
- Academic results obtained, other study details and academic progress data
- Personal data or special personal data that are necessary for supervising students and staff properly as regards health and well-being
- Insurance data of staff; and insurance data of students only if they stay abroad
- Other legally required personal data on the basis of specific legislation (e.g. Higher Education and Research Act (WHW), Tax legislation, Compulsory Identification Act, Eligibility for Permanent Incapacity Benefit (Restrictions) Act, etc.)
Breda University of Applied Sciences is committed to not processing more personal data than necessary. Breda University of Applied Sciences must process certain personal data on the grounds of a legal obligation. Other reasons for processing data are, for example enrolment for a certain study programme. And for some data to be processed you need to give your explicit approval. In that case, think, for example of the situation in which you need extra facilities because of a medical condition to successfully complete your studies.
The data that Breda University of Applied Sciences collects and processes are not collected without a good reason. Breda University of Applied Sciences processes personal data for the following goals:
- enrolling for a study programme or appointing an employee
- processing academic results, study progress and related information
- dealing with the study information you requested, literature or publications
- executing and improving our services
- providing more detailed information about current developments, conferences, seminars, etc.
- recruiting and selecting new students and staff
- compiling user statistics (with anonymised data)
- securing and improving our websites
- ensuring that employees and students can perform optimally
Rights of persons involved
As a student, employee or, for example visitor of Breda University of Applied Sciences, you are considered one of the persons involved. Persons involved are people whose personal data are processed by Breda University of Applied Sciences. On the grounds of the GDPR, you have certain rights.
You are entitled to inspect your personal data. If you want to inspect personal data about you that Breda University of Applied Sciences processes and controls, you can send an e-mail to the DPO via email@example.com. The DPO will deal with your request, and you will receive an overview of the personal data processed by Breda University of Applied Sciences within a week. You will be sent the information in pdf via e-mail.
Is the data we have of you incorrect? It is easy for you yourself to change certain data via your student portal/employee portal. If some personal data is incorrect and you cannot change them yourself, you can submit a request for rectification to the DPO. In this context, it is important to know that Breda University of Applied Sciences is obliged to stick to the personal data made available by DUO. This data is linked to the Personal Records Database of the municipality you are registered with.
Right to be forgotten
If you want Breda University of Applied Sciences to no longer control or process your personal data, you can submit your request to the DPO for deleting the data from the systems of Breda University of Applied Sciences. There are, however, legal (Breda University of Applied Sciences is obliged to store certain personal data during a term prescribed by law) and technological limitations on this right. As far as there are no limitations, the DPO will deal with and agree to your request.
If you want Breda University of Applied Sciences to send your personal data to a body/authority you have indicated, you can file a request to the DPO to provide them with your personal data processed by Breda University of Applied Sciences. Breda University of Applied Sciences will then send this data to this body/authority in a generally legible format.
Complaints and legal remedies
If you have a complaint about the processing of your personal data by Breda University of Applied Sciences, you are advised to first file your complaint to the DPO. We can try to take away your concerns by mutual consultation. If we are unsuccessful, however, you are free to file a complaint to the Dutch Data Protection Authority or start legal proceedings at the competent court.
Provision of data to third parties
Breda University of Applied Sciences makes use of all types of digital systems for, for example its student administration. These systems are made available by various service providers. The parties who process personal data commissioned by and on behalf of Breda University of Applied Sciences are regarded as data processors.
Breda University of Applied Sciences concludes processing agreements with these data processors (e.g. Surf or Osiris), in which it is agreed which processing of personal data are allowed and which are not. Furthermore, agreements are also made with these parties about technical and organisational security of the data provided. Personal data are not provided to any third parties other than data processors unless Breda University of Applied Sciences is obliged to do so on the grounds of a legal provision.
Breda University of Applied Sciences ensures that personal data are only processed or controlled within the EEA (and not outside the EEA) unless the person involved has given his/her explicit permission.
Procedure for reporting data leaks
If you are of the opinion that unauthorised parties have access to the personal data of students and staff of Breda University of Applied Sciences, or you suspect this to be the case, we would like to ask you to report this to the DPO without any delay via firstname.lastname@example.org. The procedure for analysing, solving and if necessary, reporting the data incident to the Dutch Data Protection Authority, will come into force.
Breda University of Applied Sciences attaches great value to the safety of its students, staff and their possessions. Therefore, they are protected by, among other things, camera surveillance in our buildings. The footage recorded by these cameras is automatically deleted after one month.
For storing personal data of students and former students, employees and former employees and other persons involved, Breda University of Applied Sciences adheres to the document retention periods of the selection lists of the Dutch Association of Universities of Applied Sciences. Breda University of Applied Sciences has aligned its internal retention procedure and protocols with them.
Breda University of Applied Sciences attaches great value to privacy and tries to make its students and staff aware of it. News is published and workshops are delivered at regular intervals to further raise awareness and secure the safe handling of personal data.
Breda University of Applied Sciences is permitted to change parts of this privacy statement. If changes as regards content are made, this will be announced via Myportal, which students and employees can log onto.
Apart from this general privacy statement, with which Breda University of Applied Sciences wants to briefly inform you about how Breda University of Applied Sciences handles privacy and personal data, Breda University of Applied Sciences has drawn up privacy regulations for students and privacy regulations for employees. If you should have any questions, do not hesitate to contact the DPO via email@example.com.