- ACCOUNTABLE PARTY AND ACCOUNTABILITY
Stichting Netspar and executive organization Netspar Center are part of Tilburg University. Stichting Netspar is accountable within the meaning of the General Data Protection Regulation (GDPR) and is transparent about how personal data are processed, as can be read in this privacy statement. First and foremost, the university complies with all the requirements in the GDPR.
- HOW DOES NETSPAR PROCESS YOUR DATA?
Netspar Center takes its legal duty to protect personal data very seriously. Personal data need to be processed for education, for research, and for many of the other Netspar Center activities. Netspar Center conforms to the GDPR policy of Tilburg University. The projects financed by Netspar foundation and administered by Netspar Center are required to honor the codes of conduct of the VSNU and the GDPR policy as defined by the coordinating university.
- TO WHAT END DOES NETSPAR PROCESS YOUR PERSONAL DATA?
Netspar Center uses personal data for operational management, and for the proper performance of al Netspar activities. The most important processes for which Netspar Center collects personal data are the following:
>Participation at events
Administration; organizational analysis; development and management reporting; annual reporting to partners and audits.
General educational administration is carried out at university level. Administration for specific Netspar activities is gathered by Netspar Center as well: administration; organizational analysis; development and management reporting; annual reporting and audits.
>Operational Management and Finances
Financial administration; management of purchasing systems and payment systems; carrying out and managing IT-related activities;; all other matters relating to operational management. Recruitment and selection of new employees and candidates;; internal and external provision of information; drafting and executing agreements with employees, clients, consumers, suppliers, and business partners; client engagement; relationship management; marketing and market research; health, safety, and security; organizational analysis; development and management reporting; complaints handling.
>Processing on the website
Netspar Center processes personal data through the website, for instance through the use of contact forms (see the Disclaimer webpage for additional information). This takes place on the basis of consent. All processes in which personal data are processed are recorded in a register of data processing activities. Netspar Center thus has a complete and up-to-date overview of all processes involving data processing. The purposes of the data processing are further specified in the Data Processing Register.
WHO DOES NETSPAR CENTER COLLECT PERSONAL DATA ON?
In the processes mentioned above, the persons that Netspar Center collects data on belong to various categories, including:
>Authors of Netspar related publications;
>Project leaders, -members and or other fellows;
>Body members (e.g. PRC, EB and SC);
>People enlisted for one or more Netspar mailing services;
>Visitors of the website (using GoogleAnalytics’ most minimalistic settings).
The data processing per category data subjects are further specified in the Data Processing Register.
- WHAT DATA DOES NETSPAR CENTER COLLECT?
In each process, different personal data are collected. The data most frequently collected are:
>name, address, and place of residence;
>bank account number (IBAN);
>personal professional websites;
>photographs and videos;
>activity or gremia participation.
Netspar Center collects personal and other data immediately from the person concerned, but may also receive personal data from third parties insofar as this is in accordance with the law. The data processing are further specified in the Data Processing Register.
- DATA PROCESSING REGISTER
The Data Processing Register of Stichting Netspar can be found here: DataProcessingRegister
- DATA SUBJECTS’ RIGHTS
The General Data Protection Regulation gives people more control over their personal data. In the Netspar Center data processing register you can see which data we process for each category of data subjects, for what purposes this data is processed, how we have obtained this information and to whom we provide the data. Netspar Center strives for greater transparency. All individuals therefor have the following rights:
>Right of access
Subjects have the right to ask what data Netspar Center has about them. They are permitted to ask to see this data.
>Right to rectification
People have the right to have inaccurate personal data rectified or to add additional information to their personal data.
>Right to be forgotten
Netspar Center will erase personal data in a certain number of cases if a data subject (the person whose data the organization is processing) requests this. In such a case the record of the data subject will be made anonymous.
If a person requests that only certain data be deleted, for example unsubscribing from a mailing, Netspar Center will comply.
>Right to restriction of processing
In certain situations, the General Data Protection Regulation gives people the right to restrict the use of their data. The right to restriction of processing applies in situations that meet one of the following criteria:
– The data may be inaccurate;
– The processing is unlawful;
– The data is no longer needed;
– The data subject has objected.
>Right to transfer data
The General Data Protection Regulation gives people in certain situations the right to receive the personal data in a structured, current and machine-readable form for the transfer to another controller. If technically possible, Netspar provides this transfer to the other organization itself. The right to data portability applies in situations that meet the following criteria:
– Data is obtained on the basis of permission or agreement;
– The processing is automated.
>Right to object
If someone objects to the processing of his or her personal data, the organization must refrain from processing the data.
>Right to file a complaint with a supervisory authority
If someone has followed the usual procedures of request and / or objection and is not satisfied by the followed procedure or the answer, someone can submit a complaint to a supervisory authority. The first point of contact for complaints is the internal supervisor, the Data Protection Officer at email@example.com
- CONTACT DETAILS
If you still have any questions about the protection of personal data by Netspar Center or Stichting Netspar, do not hesitate to contact us at: firstname.lastname@example.org.