Privacy Statement

TU Delft takes the utmost care with personal data and in doing so acts within the law, including the General Data Protection Regulation (GDPR). This Privacy Statement provides you with information about the purposes for which TU Delft processes personal data and about exercising your privacy rights. We also provide further information that may be of importance to you. In TU Delft's cookie policy you can read which cookies TU Delft uses.

The Privacy Statement applies to all TU Delft activities (including those via the website). Below you will find the most important information on the processing of personal data by TU Delft. If you still have questions after reading this, you can always contact the TU Delft Privacy Team. The contact details can be found at the end of this Privacy Statement.

Data controller and responsibility

TU Delft considers it to be of essential importance that the personal data of its students, researchers, staff and visitors is processed and secured with the utmost possible care. In this Privacy Statement TU Delft explains which personal data is processed by TU Delft and why. You can also read about your rights and about the other parties with whom TU Delft may share your personal data.

What personal data does TU Delft process and for what purposes?

TU Delft collects personal data from a variety of data subjects. TU Delft receives most personal data directly from the data subject, but may also receive personal data via other organisations.

Please see below for each type of data subject which personal data is processed and for what purposes. These overviews of personal data and purposes are based on the most common processes within TU Delft. Information on the incidental or very specific processing of personal data is provided in separate supplementary Privacy Statements. 

What is TU Delft's legal ground for processing your personal data?

TU Delft bases all processing of personal data on one of the six legal grounds laid down in the GDPR:

Sharing of data with third parties

TU Delft will not sell your personal data to third parties.

Third parties may provide certain services on behalf of TU Delft. TU Delft makes agreements with these data processors in order to guarantee confidential and careful handling of personal data. These agreements are laid down contractually in data processing agreements.

TU Delft also regularly works in partnership with external organisations. Partnerships exist, for example, in the field of education and research. Within those partnerships personal data can be processed and shared with those external partners but only, of course, if the requirements of the GDPR are met.

TU Delft provides personal data to enforcement authorities or organisations combating fraud if this is necessary in order to comply with a statutory obligation or a court decision.

The categories of third parties with which TU Delft shares data include:

  • Government agencies, such as DUO, the Tax and Customs Administration and the Immigration and Naturalisation Service (IND);
  • Investigating authorities;
  • Universities;
  • Research groups.

Transfer of personal data outside the European Union

In some cases personal data is processed in countries that are not part of the EU, or by suppliers based outside the EU.

TU Delft assesses each transfer of personal data by means of a standard process for the application of appropriate measures in order to guarantee an adequate level of protection for the processing of personal data both within and outside the EU. This process is regularly reviewed and is in line with the latest developments in laws and regulations.

How long is the personal data retained?

TU Delft retains your personal data in accordance with the GDPR. The exact retention period depends on the category of personal data and the purpose for which it is processed. The data is retained in accordance with the statutory retention period and for no longer than is strictly necessary in order to achieve the purposes for which the data was collected. 
TU Delft bases its legal retention periods on, among other things, the Basic Selection Document (BSD) for University Education 1985, the Selection List for Universities and University Medical Centres 2020, the Public Records Act and other laws (such as tax and labour laws).

What are your privacy rights?

As a data subject (the person to whom the personal data relates), you have certain rights under the privacy legislation. If you wish to exercise these rights, please send a request to the following e-mail address: privacy-tud@tudelft.nl.

When you make a request a member of the Privacy team will ask you to identify yourself to ensure that only you have access to your own personal data.

Your rights are:

  1. Right to access: you can request an overview and/or inspection of the personal data that we process about you.
  2. Right to rectification: if there are demonstrable mistakes in your personal data or they are incomplete, you can ask for the data to be rectified or added.
  3. Right to 'be forgotten': you can request that your personal data be deleted from the TU Delft files. Such a request may be rejected if TU Delft is legally obliged to retain the data for a longer period.
  4. Right to restrict the processing of your personal data: in certain cases you can ask TU Delft to stop processing your personal data temporarily.
  5. Right to data portability: in certain cases you can request that your personal data be transferred to an organisation designated by you.
  6. Right to object to the processing of your personal data: in certain situations you can object to the processing of your personal data.

In addition, you always have the option of submitting a complaint about the use of your personal data to the Dutch Data Protection Authority. Further information is available on the website of the Dutch Data Protection Authority.

Technical security

TU Delft handles personal data confidentially. TU Delft applies appropriate technical and organisational measures in order to provide optimum protection for your personal data against unauthorised access or use. TU Delft reports any abuse or attempted abuse of personal data. 

Third parties’ privacy policy

The TU Delft website includes links to other websites that are not part of TU Delft. TU Delft has no responsibility for the way in which these parties process personal data and therefore advises you to inform yourself of these parties’ privacy policies or to contact them for a more detailed explanation of their policy on the use of personal data. 

Questions

If, after reading this information, you have specific questions or comments about TU Delft’s Privacy Statement, please do not hesitate to contact us by sending an e-mail to privacy-tud@tudelft.nl. The TU Delft Data Protection Officer can also be contacted at the e-mail address fg@tudelft.nl.

This Privacy Statement was most recently updated in July 2022.