1. Accountable party and accountability
As Netspar Center (part of Tilburg University) is accountable within the meaning of the General Data Protection Regulation (GDPR), it is transparent about how personal data are processed, as can be read in this privacy statement. First and foremost, the university complies with all the requirements in the GDPR.
2. How does Netspar process your data?
Netspar Center takes it legal duty to protect personal data very seriously. Personal data need to be processed for education, for research, and for many of the other Netspar Center activities. Netspar Center conforms to the GDPR policy of Tilburg University. The projects financed by Netspar foundation and administered by Netspar Center are required to honor the codes of conduct of the VSNU, including the Code of use of personal data in research and the GDPR policy as defined by the coordinating university.
3. To what end does Netspar process your personal data?
Netspar Center uses personal data for operational management, and for the proper performance of al Netspar activities. The most important processes for which Netspar Center collects personal data are the following:
- Participation at events
Administration; organizational analysis; development and management reporting; annual reporting and audits.
- Educational administration
General educational administration is carried out at university level. Administration for specific Netspar activities and the Track is gathered by Netspar Center as well: administration; organizational analysis; development and management reporting; annual reporting and audits.
- Operational Management and Finances
Financial administration; management of purchasing systems and payment systems; carrying out and managing IT-related activities; legal affairs; all other matters relating to operational management. Recruitment and selection of new employees and candidates; human resources management; internal and external provision of information; drafting and executing agreements with employees, clients, consumers, suppliers, and business partners; client engagement; relationship management; marketing and market research; health, safety, and security; organizational analysis; development and management reporting; complaints handling.
- Processing on the website
Netspar Center processes personal data through the website, for instance through the use of contact forms (see the Disclaimer webpage for additional information). This takes place on the basis of consent. All processes in which personal data are processed are recorded in a register of data processing activities. Netspar Center thus has a complete and up-to-date overview of all processes involving data processing. The purposes of the data processing are further specified in the Data Register.
4. Who does Netspar Center collect personal data on?
In the processes mentioned above, the persons that Netspar Center collects data on belong to various categories, including:
- Event participant;
- Authors of Netspar related publications;
- Projectleaders, -members and or other fellows;
- Gremia members (PRC, EB and SC);
- People enlisted for one or more Netspar mailing services;
- Visitors of the website (using GoogleAnalytics most minimalistic settings).
The data processing per category data subjects are further specified in the Data register.
5. What data does Netspar Center collect?
In each process, different personal data are collected. The data most frequently collected are:
- name, address, and place of residence;
- bank account number (IBAN);
- telephone number;
- e-mail address;
- photographs and videos;
- activity or gremia participation.
Netspar Center collects personal and other data immediately from the person concerned, but may also receive personal data from third parties insofar as this is in accordance with the law.
The data processing are further specified in the Data Register.
6. Data Register
- Losse excellijsten
- Voortgang projecten
Netspar Center also makes use of some of the Tilburg University systems (for instance Blackboard, Osiris, SAP and Esize). For more information see the Tilburg University privacy statement.
7. Data subjects’ rights
The General Data Protection Regulation gives people more control over their personal data.
In the Netspar Center data register you can see which data we process for each category of data subjects, for what purposes this data is processed, how we have obtained this information and to whom we provide the data.
Netspar Center strives for greater transparency. All individuals therefor have the following rights:
- Right of access
Subjects have the right to ask what data Netspar Center has about them. They are permitted to ask to see this data.
- Right to rectification
People have the right to have inaccurate personal data rectified or to add additional information to their personal data.
- Right to be forgotten
Netspar Center will erase personal data in a certain number of cases if a data subject (the person whose data the organization is processing) requests this. In such a case the record of the data subject will be made anonymous.
- Right to restriction of processing
In certain situations, the General Data Protection Regulation gives people the right to restrict the use of their data. The right to restriction of processing applies in situations that meet one of the following criteria:
- The data may be inaccurate;
- The processing is unlawful;
- The data is no longer needed;
- The data subject has objected.
- Right to transfer data
The General Data Protection Regulation gives people in certain situations the right to receive the personal data in a structured, current and machine-readable form for the transfer to another controller. If technically possible, Netspar provides this transfer to the other organization itself. The right to data portability applies in situations that meet the following criteria:
- Data is obtained on the basis of permission or agreement;
- The processing is automated.
- Right to object
If someone objects to the processing of his or her personal data, the organization must refrain from processing the data.
- Right to file a complaint with a supervisory authority
If someone has followed the usual procedures of request and / or objection and is not satisfied by the followed procedure or the answer, someone can submit a complaint to a supervisory authority. The first point of contact for complaints is the internal supervisor, the Data Protection Officer.
8. Contact Details
Data Protection Officer
If you still have any questions about the protection of personal data by Netspar Center, do not hesitate to contact our Data Protection Officer at e-mail: firstname.lastname@example.org.