Privacy statement

This statement applies to the information that has been collected to be used in computerized systems within the Institute, including our websites. This statement does not apply to websites that mention IHE Delft, but the content of which we are unable to influence directly. 

Collecting your personal details

IHE Delft collects personal details (if this is necessary) in order to provide services, to conduct transactions, to register students in its programmes, to distribute information or to grant access. The information that we collect is always intended for a specific purpose: in other words we do not collect more information than is necessary for that purpose. We may collect information on the following categories of data subjects (persons):

• Prospective students
• Students
• Alumni
• Staff, including applicants, temporary staff, doctoral candidates, and visiting researchers
• External staff, including guest employees

Personal details are usually provided by the data subject (person). If necessary, this information may be sent to or entered into another system within the Institute, from an internal source system. We also receive personal details from the systems of third parties, which may be closed source systems such as Duo2Bron or an open source system such as Twitter.

We may also collect your details if you leave them on the Institute’s websites, in order to keep you informed of the diverse activities at the institute.

It is also permitted to collect personal information within the Institute within the framework of scientific research. This concerns the personal details of participants in a study. This information is processed in accordance with the law and the ‘Code of conduct for the use of personal details in scientific research’ (VSNU). If medical details are involved, Federa’s relevant codes of conduct will also apply (the codes on ‘Good conduct’ and ‘Proper Use’).  

Use of your personal details

The Institute uses personal details collected from you for operational management purposes and to be able to properly perform its legal tasks and obligations with regard to education and research. The following overview describes the most important processes that IHE Delft uses to collect personal information, stating the most important elements of each process:

• Education and educational support: applications and enrolment, education, recording results and study progress, advice and guidance, providing teaching materials, handling disputes, conducting audits, graduation, addresses and face books, timetables and the digital test system, as well as delivering support services such as providing student accommodation, providing bank facilities, obtaining a residence permit, obtaining an insurance, registration at municipality.
• Research and research support: Research administration and research details
• External relations: campaigns, contact, mailing lists and newsletters, study and date of graduation, focussed on prospective students, alumni and participants in various activities; details of companies, organizations and persons with whom the institute engages in diverse types of collaborations, such as contracts, processor agreements or collaboration agreements for the delivery or receipt of services and products
• Personnel matters: establishing salary agreements, arranging claims to benefits in connection to the termination of an employment contract, internal and accountant’s audits in connection to company medical care
• Operational management and finances: financial administration, purchase systems, payment systems, IT management and legal procedures
• Facilities: access and management systems, CCTV, identity management
• Generic: 

1. Web content management
2. Library system
3. Archiving
4. Visual material for communications from the institute
5. Participation

The responsible unit must notify the Data Protection Officer of registrations of data in order to ensure that IHE Delft has a complete overview of all data registration.

Website and web systems

IHE Delft uses various tools to make its websites more user-friendly and to ensure that they function optimally. This includes measuring surfing behaviour using web statistics and other systems that are integrated into the website to collect active feedback from users or to conduct research with various versions of websites.

Contact by e-mail

We roughly distinguish two types of automated email: transactional email that you have initiated/requested yourself, and recruiting email. Transactional email is an essential part of a service that you have chosen, such as resetting a password or confirming an application or a request for information. You therefore cannot unsubscribe for this type of email.

If you have consented to receiving recruiting emails such as newsletters or invitations to events, you may withdraw your consent. This type of email has opt-out options. Due to the decentralized nature of email communication, there is no institute-wide opt-out option.

Just as for the websites, IHE Delft uses analysis tools to analyse the reading and clicking behaviour for newsletters in order to analyse and improve our newsletters. We do not however link this information to your personal details.

Cookies

Cookies are small text files that are automatically placed on your computer, tablet, mobile telephone or other equipment when you visit our websites. There are various types of cookies. We always place functional cookies that ensure that our websites work properly. We inform you beforehand of how you can turn off any other cookies we may place (such as tracking cookies). If you continue to surf on our websites, these cookies will be installed. Read more about this in our cookie policy.

Retention period

Your personal details will not be kept for longer than is necessary to achieve the objectives for which they were collected and processed. An exception may be made if it is necessary to keep information for historical, statistical or scientific purposes or on the grounds of legislation.

Protection of your personal details

Measures

IHE Delft attaches great importance to protecting your privacy and takes appropriate measures in order to do so. We take organizational and technical measures to ensure that it is safe for you to visit our websites. We use the available resources to minimize the risk of unauthorized persons gaining access to your personal details or unlawful use or disclosure of your details.

Access of Institute staff / third parties

The information that IHE Delft collects about you cannot be accessed by everyone. Only employees and persons working for the Institute have access to information and then only if they need it in order to do their job. These persons are authorized to access information using name and password security. All staff with such access are bound by a confidentiality clause on the grounds of the Collective Labour Agreement for Universities in the Netherlands.

Issuing to third parties

IHE Delft will only pass on personal details to third parties under specific circumstances. For example, if we are legally obliged to do so or if the data subject has given us their consent. Examples of parties to which we provide information are Duo2Bron, the Ministry or Education, Culture and Science, the ABP (pension fund for the government and education sectors), the Immigration and Naturalisation Service, Nuffic or other sponsors, Duwo housing facilities, The Student Hotel, Municipality and the Tax Authorities. IHE Delft will only pass on your information if we consider it necessary in order to:

• comply with statutory regulations or legal processes concerning IHE Delft or its websites;
• protect the rights and property of IHE Delft and related websites;
• Protect your personal safety under critical circumstances;
• Fulfil the study contract e.g. in case of a PhD or joint programme: with partner universities;

IHE Delft regularly engages other companies to perform limited services on its behalf, such as sending and delivering information (direct marketing) and answering questions. We only give these companies the personal details they need to provide the service in question. IHE Delft concludes processor agreements with these companies, which oblige them to handle all information confidentially and to refrain from using it for any other purpose, and deleting the information when no longer of use.

Information that cannot be traced to individual persons may be issued to third parties for statistical and historical purposes. 

Storing your information

Personal details that we have collected from you may be stored and processed in the Netherlands or any other country within the European Union. In exceptional situations, data may be processed in a country outside the European Union. We only permit this if the legally required security and privacy measures have been taken.

Your rights

Inspection

If IHE Delft has processed your personal details, you are entitled to inspect them. If you would like to exercise this right, please contact the Data Protection Officer at dpo@un-ihe.org .

Rectification

If you consider that this information is incorrect or incomplete, you may ask us to rectify it. You may also ask us to delete or protect data, for example if they are not relevant to the purpose for which they were collected. You can also reach the Data Protection Officer at dpo@un-ihe.org .

Information

This privacy statement informs you of the way in which IHE Delft handles your personal details. If you would like to know more on this topic, you can go to this website: https://www.surf.nl/en/services-and-products/cybersave-yourself/index.htm.

Changes to the privacy statement

We may change the privacy statement if there are new developments in our working practice or if there are changes in the relevant laws or legal precedents. Therefore please check it occasionally to see if anything has changed. The most recent substantive change to this privacy statement was made on 25 May 2018.