Privacy statement Ede Christian University of Applied Sciences (CHE)
The CHE respects your privacy and handles your personal data per the General Data Protection Regulation (GDPR) requirements. In this Privacy Statement, the CHE provides information concerning the way in which the CHE handles your personal data and your rights regarding these data.
The CHE is the responsible party for processing personal data and additional personal data of students and employees associated with the CHE in the meaning of the GDPR.
The CHE's data protection officer (FG) ensures that the processing of personal data by the CHE is in accordance with privacy legislation.
Types of personal data
The following personal data and special personal data are processed by the CHE:
- Name and address details, date and place of birth, passport photo, IBAN (bank account number),
- student number, correspondence number, citizen service number, copy of identity document, diploma of previous education, student data and study progress data, personal data or special personal data that are requisite for student or staff supervision concerning health and well-being,
- student or employee insurance details in the event of a staff member's or student's stay abroad,
- other legally required personal data on the basis of specific legislation (for example, the Higher Education and Scientific Research Act (WHW), the Tax Act, the Obligation to Identify Act, the Gatekeeper Improvement Act, etc.).
The CHE uses personal data for the following purposes:
- entry application for education or employee appointment (including teaching obligations and other tasks carried out by employees),
- student guidance, course participants and staff,
- processing student results, study progress and related information,
- handling of (study) information or publications requested by you,
- to implement and improve services,
- additional information regarding current developments, congresses, seminars, etc.,
- recruitment and selection,
- compiling user statistics,
- security and improvement of our websites,
The personal data are only used for the purposes as mentioned above. Your permission will be explicitly requested if this information is required for other purposes.
Personal rights (of participants)
As the owner of your personal data, you have specific rights under privacy legislation.
Participant's rights are:
- Right of access: you can send a request to the DPO to receive a statement of your personal data that we process and manage.
- Right to correction: if we misuse your personal data, you can request a correction, whereby the CHE is obliged to use the personal data of the Education Executive Agency (DUO), based on the data in the Personal Records Database (BRP) of your place of residence.
- Right to be 'forgotten': you can request to have your data removed from the CHE files. Take into account technological and legal restrictions (for example, based on the Archives Act).
- A request to forget may be refused on the basis of the agreement or the law right to data portability: you can request for your personal data to be transferred to an authority designated by you.
Requests for any of the above can be addressed to the CHE Data Protection Officer (FG), via email@example.com.
Provision to third parties
For the processing of personal data, the CHE uses service providers, who act as processors on behalf of and for the benefit of the CHE. Processors work on the basis of a processor agreement arranged for that purpose. In addition, the personal data is not provided to third parties, unless the CHE is obliged to do so under specific legislation.
The CHE - together with any processors - ensures appropriate organizational and technical security of personal data. In this way, we ensure that this data is only accessible to persons who are authorized to do so by virtue of their function or task and that the information is only used for the purposes for which it was obtained and based on legal agreement. The CHE ensures that personal data are only processed or managed within the European Area and not outside.
Procedure for reporting data leaks
If you think that personal data of CHE students or employees are accessible to unauthorized persons or if you have a suspicion that this may be the case, we ask you to report this immediately via firstname.lastname@example.org.
This will set the procedure for analyzing, solving and possibly reporting to the Dutch Data Protection Authority in motion.
The CHE protects your safety and property, and this includes camera surveillance in its buildings. The images from these cameras are automatically destroyed. Camera images can be transferred to the police if a crime is suspected.
Student and employee personal data are stored (and deleted) in accordance with the retention periods listed in the documentation of the Association of Universities of Applied Sciences (VH).
The CHE constantly aims to increase staff and students' awareness regarding safe handling of personal data. From May 2018, extra attention has been drawn to proper handling of personal data and information security. At least one awareness campaign is organized every year with regard to privacy and information security for students and staff.
The CHE reserves the right to make changes to the Privacy Statement. We, therefore, advise you to read the Privacy Statement for any changes regularly.
More information regarding privacy, working with personal data and information security can be found in Topdesk (search term AVG), the CHE intranet and the website of the Dutch Data Protection Authority (AP).
Questions, comments or complaints
The CHE welcomes your questions and comments regarding this privacy statement. If you believe that this privacy statement is not being complied with or if you have a complaint about the use of your personal data by the CHE or wish to submit a request to exercise your rights as a data owner, you can let the FG know directly via the e-mail address: email@example.com.
You can also file a complaint with the Dutch Data Protection Authority via the AP's site.
CHE Privacy statement