Privacy statement Utrecht University
Studio M aims for a careful treatment of personal data.
This Privacy Statement applies to all activities (including the activities via the website) of Studio M, hereinafter referred to as “Studio M”. Per topic, the Privacy Statement provides the most relevant information.
UU handles personal data with care and acts within the limits of the law.
- Responsible party and responsibility
Studio M is the responsible party within the meaning of the GDPR. Studio M believes it is essential that the personal data of its members and visitors are handled and protected with the utmost care. We also want to be open and transparent about the way in which your data is processed by us. That is why we have explained this process in detail below. Our first priority is to comply at all times with the requirements set out in the GDPR.
- For what purposes does Studio M process your personal data?
The personal data collected from you are used by Studio M for operational management and for the proper performance of its legal tasks and duties. The most important processes for which Studio M uses personal data are:
- A. Operational management and finances: financial administration, management of purchasing and payment systems, performance and management of procedures specifically focused on IT, legal affairs and other operational matters; marketing and market research, health, safety and security, organisational analysis, development and management reporting, complaint handling.
- B. Facilities management: access and management systems, camera surveillance, management of parking facilities.
- C. Member management: insert thing here
- Whose personal data is collected by Studio M?
In the above-mentioned processes, Studio M collects data from different categories of data subjects. These include:
- External parties
- Visitors to the website(s)
- Research subjects
- What kind of personal data does Studio M collect?
In each process, different types of personal data are collected. The most common data are:
- Name, address and place of residence
- Bank account number (IBAN)
- Telephone number
- Date of birth
- Email address
- Interaction data (e.g. cookies or information received when you contact us)
- Images (photos and videos)
- Degree programme information
- Surf and click behaviour
- Research data
Studio M collects (personal) data directly from you, but in some cases Studio M also receives personal data via third parties, insofar as this is in accordance with the law.
- Granting and withdrawal of permission
Studio M offers various activities that can only be carried out by using your personal data. Examples of such data include your email address for the purpose of sending a newsletter.
How does Studio M ensure the confidential handling of personal data?
Studio M treats personal data as confidential. We take appropriate technical and organisational measures to protect personal data. Studio M will only share personal data in accordance with this Privacy Statement and only with third parties if this is lawful and done with care.
6. Data sharing with third parties
Under the instructions of Studio M, third parties may provide certain parts of the services required for the performance of an agreement. Studio M makes agreements with these data processors to ensure the confidential and careful handling of personal data. These agreements are contractually laid down in so-called ‘Data Processor Agreements’.
Your personal data will not be rented, sold or otherwise shared with or provided to third parties. Studio M may share your (personal) data with third parties if you have given permission for this yourself or if this is necessary for the performance of the agreement.
Studio M provides personal data to enforcement authorities or anti-fraud organisations when this is necessary for complying with a legal obligation.
7. The categories of third parties with which Studio M shares data include:
- Public authorities, such as the Dutch Education Executive Agency (DUO), Tax and Customs Administration and the Immigration and Naturalisation Service (IND)
- Investigative authorities
- Universities, especially Utrecht University
- Research groups7. How long are the data stored?
Studio M stores your personal data in accordance with the GDPR. The data will not be stored longer than is strictly necessary to achieve the purposes for which the data have been collected.
8. How can you access, rectify or erase your data?
You are entitled to submit an access or rectification request to the Studio M. When making this request, please indicate clearly that this relates to an access or rectification request based on the GDPR. You may also request that your data be erased, although this is only possible insofar as this allows Studio M to continue to fulfil its legal obligations, such as the legal retention period. Please note that you may be asked to provide a copy of a valid ID so that your identity can be verified.
Send your request to the email address firstname.lastname@example.org, clearly mentioning the type of request in the subject line of your mail.
You may also submit a complaint to the Dutch Data Protection Authority regarding the use of your data.
9. Technical security
To optimally protect your personal data against unauthorised access or unauthorised use, Studio M applies appropriate security technology. Any apparent or actual misuse of data will be reported to the relevant law enforcement authorities. In addition, Studio M takes organisational measures to protect personal data against unauthorised access.
10. Cookies and click behaviour
General visitor data are stored on our website, such as the most requested pages. The purpose of collecting these general visitor data is to optimise the layout of the website for you. Studio Muses various tools to make the website function optimally, improve user-friendliness and actively collect feedback from users.
Do you have any specific questions or comments about our Privacy Statement based on this information? If so, do not hesitate to get in touch with us. You may either use the contact form on the website or send a message to email@example.com. The UU Data Protection Officer (FG) can also be reached via this email address.