Privacy
What should you arrange in advance if you are going to use, store, or share personal data? What is allowed, what is not allowed, and how do you ensure that you comply with Privacy legislation (GDPR) and university rules? Tilburg University has developed policies regarding privacy and protection of personal data.
Privacy & Personal Data Protection Policy (GDPR)
Tilburg University is providing transparency with regard to what Tilburg University does with personal data and assigning duties, powers and responsibilities within the organization. The Privacy & Personal Data Protection Policy safeguards the quality of personal data processing by stipulating the basic principles and procedures and ensuring a good balance between privacy, security and functionality. The policy provides a framework for assessing personal data processing in accordance with established best practices or standards by which Tilburg University complies with European and Dutch laws and regulations. There is an important relationship and partial overlap with the related policy area of information management and information security. The policy is in line with the Fair Information Principles.
- Download Privacy & Personal Data Protection Policy
- Download theme policy education and students
- Download theme policy scientific research (and the corresponding one-pager)
- Download theme policy employees
- Download theme policy external relations
- Download theme policy camera surveillance
- Download guideline Publishing personal data
As an employee, what do I need to think about?
For employees, specific procedures and models (login required) are available via intranet. The pages below provide more information about privacy issues you may encounter in your daily work.
-
Data breaches
It can happen to anyone: you accidentally send an email to the wrong person. Or your work laptop is stolen. This is not only unpleasant for you, but possibly also for others: it could cause a data breach. On this page we explain what a data breach is, why it is important to pay attention to it and what you should do if you are confronted with one.
-
GDPR principles
When are you allowed to query and process data? Every time you process personal data, it is an invasion of the privacy of the people it concerns. Therefore, the processing of personal data may only be done in accordance with the principles set forth in the AVG.
-
Personal data
Information is considered personal data if it says something directly about a specific person or if this information can be traced to a person. As soon as you are going to 'process' personal data, you have to follow certain rules. On this page you will find what personal data and special personal data are and what we mean by processing personal data.
-
Retention periods
The content of a digital or paper file contains a lot of information about a person. In order to be able to keep proper records and perform its services, Tilburg University must therefore retain certain personal data for a certain period of time. However, this data may not be kept longer than necessary.
-
Processing agreement
What if I want to make use of an external party for my classes, research, or business? The GDPR obliges us to make proper arrangements with third parties regarding the care of processing personal data and the determination of responsibilities.
-
Contact persons
Who is responsible for what? Providing an adequate level of data protection (and thus complying with the AVG) is a responsibility of all Tilburg University employees. Each organizational unit has its own first point of contact for questions relating to privacy and the GDPR.
-
Portrait rights and privacy
How do you control portrait rights and privacy rights when using portrait or event photos?
-
Privacy statement
Tilburg University is a data controller within the meaning of the General Data Protection Regulation (GDPR). As set out in this privacy statement, the university is therefore open about the way in which data are processed by Tilburg University and its processors. It is of paramount importance that the university complies with the requirements set by the GDPR at all times.