Privacy Statement Erasmus Universiteit Rotterdam (EUR)

The Erasmus University Rotterdam (EUR) processes personal data and uses cookies for this website. In this Privacy Statement, we inform you of the purposes for which personal data are processed and how you can exercise your privacy rights, and provide other information that could be important for you. The cookie statement explains which cookies are used.
 
This Privacy Statement applies to all activities of the EUR, including the activities via the website. This Privacy Statement provides the most relevant information on each subject.
The EUR treats personal data with care and acts within the limits of the law, including the Personal Data Protection Act (Wbp) and, after 25 May 2018, the General Data Protection Regulation (GDPR).

Controller and responsibility

The EUR is the controller, within the meaning of the Wbp and the GDPR. The EUR regards it as essential that the personal data of its students, researchers, employees and visitors are handled and secured with the greatest possible care. We also want to be open about the way in which we process your data. For that reason, we explain this below. Priority is given to compliance with the requirements of the Wbp and the GDPR in all cases.

For which purposes does the EUR process your personal data?

The EUR uses your personal data that we gather for its business operations and for correct implementation of its statutory tasks and obligations for education and research. The main purposes for which the EUR processes personal data are: 
A.    Educational administration and support: recruitment & selection of new students, student administration, internal and external information provision, recording results, the issue of certificates, diplomas and degrees, the contracting and execution of agreements with students, customer engagement, relationship management and marketing, health, safety and security, organisational analysis, development and management reports, support for accreditation investigations, advice and supervision, handling disputes and the ability to conduct audits.  
B.    Personnel matters: determining salary entitlements, implementing employment contracts, regulating benefit claims in connection with the termination of employment contracts, internal and external audits and in connection with occupational health care. 
C.    Business operations and finance: financial administration, management of the purchasing systems and payment systems, implementation and management of procedures for IT, legal affairs and other business operations. Recruitment & selection of new employees and job candidates, personnel management, internal and external information provision, recording results, the issue of certificates, diplomas and degrees, the contracting and execution of agreements with employees, customers, consumers, suppliers and business partners, customer engagement, relationship management, marketing and market surveys, health, safety and security, organisational analysis, development and management reports, settlement of complaints.
D.    Facilities: access and management systems, camera surveillance, management of parking facilities.  
E.    General processes:  Web content management, library system, physical and digital archiving, participation in decision-making and elections, complaints procedure and objections and appeals.
F.    Scientific research: the conduct of scientific research, research in both the general interest and for specific interests and social or commercial research.

The EUR processes personal data via its various websites, such as personal data acquired via contact forms. This takes place on the basis of permission or on the grounds of the justified interests of the EUR. All processes in which personal data are processed are recorded in a register of processing activities. This gives the EUR a complete and up-to-date overview of all data processing processes. 

Whose personal data does the EUR gather?

In the processes referred to above, the EUR gathers data from different categories of data subjects. These are: 
•    Students
•    Prospective students 
•    Alumni
•    Employees, including PhD students and job applicants 
•    External parties, including temporary agency workers 
•    Visitors to the website(s)
•    Research subjects

Which personal data does the EUR gather?

Different personal data are gathered in each process. The most common data are: 
•    Name and address details (NAW data);
•    bank account numbers (IBAN numbers);
•    telephone numbers;
•    dates of birth;
•    gender data;
•    e-mail addresses;
•    interaction data (e.g. cookies or information received when you contact us.)  
•    Images (photographs and videos) 
•    Course information, study progress and study results
•    Surfing and clicking behaviour
•    Research data

The EUR gathers (personal) data directly from you, and where applicable, the EUR also receives personal data from third parties, in as far as this is in compliance with the law.

Granting and withdrawal of permission 

The EUR offers various activities that can only be performed by making use of your personal data. These could include your e-mail address, in order to send newsletters, promotional e-mails or your course features for conducting surveys. Your data are used only if you give your explicit permission for this. You will always be informed of the purposes for which your data are used, which data are involved and to which parties these are provided. If you grant the EUR permission to use personal data, you can always withdraw this permission at a later date. 

How does the EUR ensure confidential handling of personal data?

The EUR treats personal data as confidential. The EUR takes appropriate technical and organisational measures to protect personal data. The EUR shares personal data only in accordance with this Privacy Statement and with third parties only if this is warranted and takes place with care.

Sharing data with third parties

On the instructions of the EUR, third parties may provide certain parts of the services for the execution of an agreement. The EUR contracts agreements with these processors in order to ensure that personal data are handled confidentially and with due care. These agreements are contracted in ‘processor’s agreements'.

Your personal data will not be leased, sold or shared in any other way with or provided to third parties. The EUR may share your (personal) data with third parties if, for example, you have personally granted permission for this or if this is necessary for the execution of the agreement.  

The EUR provides personal data to enforcement authorities or fraud control organisations if this is necessary in order to comply with a statutory obligation. 

The categories of third parties with which the EUR shares data are: 
•    Government agencies such as the Education Implementing Service (DUO), the Tax and Customs Authority and the Immigration and Naturalisation Service (IND)
•    Intelligence organisations
•    Universities
•    Research groups

Passing on your data outside the EU

In some cases, the EUR provides personal data to countries outside the EU. This takes place in the following situations: for communications with international students who are to study at the EUR and EUR students studying abroad and in relation to scientific research.

For how long are data stored? 

The EUR stores your personal data in compliance with the Wbp/GDPR. The data are not stored for longer than is strictly necessary in order to realise the objectives for which the data are gathered.
How can you view, correct or delete your data?

You can send a viewing or correction request to the EUR. Clearly state that this concerns a viewing or correction request pursuant to the GDPR. You can also request the deletion of your data, but this is only possible in as far as the EUR can still comply with its statutory obligations, such as the statutory term for storage. Bear in mind that you may be required to provide a copy of an identity document in order to verify your identity. You can make a secure copy of your proof of identity quite simply with the government ‘Kopie Id’ app which you can download in the app store.

Digital office

Click here to submit a request for viewing, changes or corrections.

You also have the right to submit a complaint concerning the use of your data to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Technical security

The EUR uses appropriate security technology for optimal protection of your personal data against unauthorised access or unauthorised use. We report (attempts at) abuse. The EUR also takes organisational measures to protect personal data against unauthorised access.

Cookies and clicking behaviour

General visitor data, such as the most commonly requested pages, are recorded on our website. The purpose of collecting this general information on visits to the website is to optimise the design of the website for you. The EUR uses different tools for the optimal functioning of the website and to improve its user-friendliness, and in order to retrieve active feedback from users. Read more about the cookies that the EUR uses here

Third party privacy policies

The EUR website contains links to other websites that do not belong to the EUR. We cannot accept any responsibility concerning the way in which these parties treat personal data. We therefore advise you to always inform yourself of the privacy policy of these parties or to contact them for a more detailed explanation of their policies relating to the use of personal data. 

Questions

Do you still have any specific questions or comments regarding our privacy statement after reading this information? Then please feel free to contact us. You can use the contact form on the website for this, or send a letter to privacy@eur.nl. The EUR data protection officer can also be contacted via this e-mail address.  

  • This Privacy Statement was changed lastly in:

    May 2018: Digital office added for rights of data subjects, and addition to scientific research processing

    30 March 2018 The EUR reserves the right to add changes to the privacy statement when nessecary.