The Privacy Statement applies to all TU Delft activities (including those via the website). We have included the most relevant information on each topic.
TU Delft takes the utmost care with personal data and in doing so acts within the law, including the General Data Protection Regulation (GDPR).
Data controller and responsibility
Under the GDPR, TU Delft is defined as the data controller. TU Delft considers it to be of essential importance that the personal data of its students, researchers, staff and visitors is processed and secured with the utmost possible care. TU Delft aims to be open about the way in which it processes your data. That is why this is explained below. In all cases, TU Delft aims to meet the requirements and obligations of the GDPR.
- For what purposes does TU Delft process your personal data?
The personal data collected by TU Delft is used for operational purposes and to enable it to carry out its statutory tasks and responsibilities for education and research properly.
The most important processes for which TU Delft Users personal data are:
a) Education administration and support: recruitment & selection of new students, student administration, internal and external provision of information, recording results, issuing certificates, diplomas and degrees, entering into and executing agreements with students, customer engagement, account management and marketing, health, safety and security, organisational analysis, development and management reports, collecting evidence for accreditations, advice and support, handling disputes, enabling audits to be conducted;
b) Human resource management: determining salary agreements, implementing appointments, making arrangements for payments in connection with the termination of employment contracts, internal and external audits and in connection with occupational medical care, HR management, recruitment & selection of new employees and applicants, entering into and executing agreements with employees, data concerning performance;
c) Operations and finance: financial administration, managing processing and payment systems, implementing and managing IT procedures, legal affairs and other operations, recruitment, internal and external information provision, entering into and executing agreements with customers, suppliers and commercial partners, customer engagement, account management, marketing and market research, health, safety and security, organisational analysis, development and management reporting, complaints handling;
d) Facility management: access and management systems, camera surveillance;
e) General processes: Web content management, library system, sport and culture facilities, physical and digital archiving, employee participation and elections, complaints procedure and objections and appeals;
F) Scientific research: TU Delft's scientific research.
TU Delft records all processes in which personal data is processed in a register of processing activities.
- Whose personal data does TU Delft collect?
In the processes listed above, TU Delft collects data from the following categories of parties:
• Applying and prospective students;
• Staff, including doctoral candidates and job applicants;
• External parties, including temporary and agency staff;
• Visitors to the website(s);
• Research subjects.
- What personal data does TU Delft collect?
Different personal data is collected in each process, the most frequent being the following:
• Name and address details;
• bank account number (IBAN);
• telephone number;
• date of birth;
• e-mail address;
• interaction information (e.g. cookie or information received when you
contact TU Delft);
• Visual images (photographs and videos);
• Study information, study progress and study results;
• Website visit and click behaviour;
• Research data.
TU Delft collects personal and other data directly from the individual involved, but it can also receive personal data via third parties insofar as this is in accordance with the law.
- How does TU Delft ensure that personal data is handled confidentially?
TU Delft handles personal data confidentially. TU Delft takes appropriate technical and organisational measures to ensure that personal data is protected. TU Delft will only share personal data in accordance with this Privacy Statement and only with third parties if this is authorised and is done with care.
- Providing and withdrawing permission
TU Delft offers some activities that require your explicit permission. This may, for example, include using your e-mail address to send a newsletter, promotional e-mails or your study characteristics for conducting research. Your data will be used only if you have given explicit permission for this. In this regard, you will always be notified of the purposes for which your data will be used, which data is involved and to whom it will be provided. If you give TU Delft permission to use personal data, you are also entitled to withdraw this permission at a later stage. Withdrawal cannot apply retrospectively. The requirement for permission does not apply if you are sent newsletters or e-mails within the context of your degree programme or appointment.
- Sharing of data with third parties
Third parties may provide certain services, on behalf of TU Delft, in executing an agreement. TU Delft makes agreements with these data processors in order to guarantee confidential and careful handling of personal data. These agreements are laid down contractually in data processor agreements.
Your personal data will not be sold to third parties. TU Delft can share your (personal) data with third parties if, for example, you yourself have given permission for this or if it is necessary to implement an agreement.
TU Delft provides personal data to enforcement authorities or organisations combating fraud if this is necessary in order to meet a statutory obligation.
The categories of third parties with which TU Delft shares data are:
• Government authorities, such as the Education Executive Agency (DUO), the Tax and Customs Administration, the Immigration and Naturalisation Service (IND);
• Investigative authorities;
• Research groups.
- Passing on your data outside the EU
In some cases, TU Delft provides personal data to countries outside the EU. This happens in the following situations: for communication with international students who intend to study at TU Delft, TU Delft students studying abroad and within the context of scientific research.
- How long is data retained?
TU Delft retains your personal data in accordance with the GDPR. The data is retained in accordance with the statutory retention period and for no longer than is strictly necessary in order to achieve the purposes for which the data was collected.
- How can you consult, correct or delete your data?
You can submit a request to TU Delft to consult or correct your data, clearly indicating that you are making the request on the grounds of the GDPR. You can also ask to have your data deleted, insofar as TU Delft is still able to meet its statutory obligations, such as the statutory retention periods. You must bear in mind that you may need to provide a copy of your proof of identity in order to verify your identity.
It is easy to create a secure copy of your proof of identity using the government’s ‘Kopie Id’ app that you can download from the appstore.
You are also entitled to submit a complaint about the use of your data to the Dutch Data Protection Authority.
- Technical security
TU Delft applies appropriate security technology in order to provide optimum protection for your personal data against unauthorised access or use. TU Delft reports any abuse or attempted abuse. In addition, TU Delft takes technical and organisational measures in order to secure personal data against unauthorised access.
General information on visits to our website is recorded, such as the most requested pages. This general information on website visits is intended to optimise the design of the website. TU Delft uses various tools to enable the website to function as effectively as possible, improve user convenience and obtain active feedback from users.
The TU Delft website includes links to other websites that are not part of TU Delft. TU Delft has no responsibility for the way in which these parties deal with personal data and therefore advises you to inform yourself of these parties’ privacy policies or to contact them for a more detailed explanation of their policy on the use of personal data.
If, after reading this information, you have specific questions or comments about TU Delft’s privacy statement, please do not hesitate to contact us. You can e-mail firstname.lastname@example.org to do this. The TU Delft Data Protection Officer can also be contacted at this e-mail address.