For the proper execution of operational processes, it is necessary to process personal data. The Marnix Academie observes the requirements set by the General Data Protection Regulation (GDPR) out of respect for the privacy of visitors, students and course participants, employees and other relations. The Executive Board is responsible for the data processing of the Stichting Hoger Beroepsonderwijs Utrecht (the Marnix Academie). The Executive Board has appointed a Data Protection Officer, who is tasked with the internal supervision of compliance with privacy law, and also provides advice.
The Marnix Academie ensures the proper protection of all personal data by implementing appropriate organisational measures and modern technical IT tools. The Marnix Acadmie’s “IT and Internet Usage Rules” Regulation (Regeling ‘Gebruiksregels ICT en internet’) sets out for the benefit of employees and students how data may be approached at an individual level.
Purposes and legal basis
What kinds of personal data are processed relates to the nature of the data subjects’ relationship with the Marnix Academie. Data are only collected for the purpose for which they are provided.
With regard to incidental visitors, online or otherwise, personal data are collected, among others, by telephone, through request forms (online or otherwise) and registration forms (online or otherwise). This information is used for marketing purposes or for registrations. The data may also be used for related activities, such as evaluations or invoicing.
Personal data of students, employees and course participants are collected in connection with enrolment for one of our programmes or courses, or because of an employment contract. The Marnix Academie only collects information that is necessary in order to properly carry out the relevant agreement, or in order to satisfy a legal requirement.
Access to personal data
With regard to access to data, the Marnix Academie applies the “need to know” principle. This means that data are only accessible by employees carrying out a specific task.
Provision to third parties
The Marnix Academie does not make data available to third parties, unless this is necessary for the execution of an agreement or in order to comply with a legal obligation. Data are not sold, lent, rented out or otherwise made public. If the Marnix Academie makes use of external service providers in the execution of its tasks, it requires these external service providers or processors to comply with the legal framework relating to the protection of personal data to the same extent as the Marnix Academie does.
Organisations with which personal data may be exchanged are, among others (depending on the nature of the agreement):
- Education Executive Agency (Dienst Uitvoering Onderwijs)
- Ministry of Education, Culture and Science
- Inspectorate of Higher Education (Inspectie voor het Hoger Onderwijs)
- Government agencies
- Studiekeuze 123 for the purposes of the National Student Survey (Nationale Studenten Enquête, NSE)
- Tax and Customs Administration
- Schools where the practical learning takes place
- Occupational health and safety service
- Partner organisations, national and international (on account of studies and internships abroad)
- Immigration and Naturalisation Service (for students requiring residence permits).
The Marnix Academie only provides personal data to third parties in countries outside the European Union if the receiver or the receiving country can guarantee an appropriate level of protection in accordance with European guidelines; see https://ec.europa.eu/info/law/law-topic/data-protection. This may occur, for example, in relation to internships abroad.
If such a level of protection cannot be provided and the exchange of data is nevertheless necessary, a solution is sought in consultation.
Personal data are never retained for longer than is necessary for the purpose for which they were collected, unless they are subject to a longer legal obligation of retention or express permission has been given for longer-term processing. Upon expiry of the retention period, the Marnix Academie destroys or anonymises the personal data. If the personal data are intended for historic, statistic or scientific purposes, these will be archived upon expiry of the retention period. Data stored for a longer duration with permission will be removed upon request.
Data of incidental visitors, online or otherwise, and course participants are removed no more than two years after the lapse of their purpose. To arrange an earlier removal of the data, please send an email FG@hsmarnix.nl.
For students and employees, the Marnix Academie applies the Selectielijst Hogescholen (University of Applied Sciences Selection List) as the guiding principle for the retention and destruction periods.
Rights with regard to data
Any person of whom the Marnix Academie has collected data has the right to inspect, correct, remove (if legally permitted), block or transfer these data or to object against the processing thereof. Requests for permission to view, correct etc. the data of persons below 16 years of age must be made by a parent (or legal representative). Questions and complaints about the processing of data or the Privacy Statement can be submitted to the Data Protection Officer. Should this not lead to a satisfactory solution, it is possible to submit a complaint to the Dutch Data Protection Authority.
Marnix Academie Executive Board
Vogelsanglaan 1 / P.O. Box 85002
3502 AA Utrecht
+ 31 (0)30 275 3400
Data Protection Officer: FG@hsmarnix.nl
Dutch Data Protection Authority: www.autoriteitpersoonsgegevens.nl