SCOPE OF APPLICATION
This privacy statement applies in relation to the processing of personal data by the University Library. The University Library is part of Radboud University. This privacy statement must be read in conjunction with Radboud University’s general Privacy Statement. The University Library respects your privacy and will ensure that your personal data is processed in accordance with the applicable legislation and regulations. In this statement we inform you about the manner in which the University Library deals with your personal data, the purposes for and the grounds on which that occurs, how your personal data is processed, the rights that you have if your personal data is processed and whom you may approach with any questions or requests pertaining to your privacy..
What is personal data?
Personal data is any data that provides information about an identified or identifiable natural person.
The processing of personal data by the University Library
In order to avail yourself of the University Library’s services in your capacity as a Radboud University student or member of staff, we require a limited amount of personal data, namely, your:
- first and last names
- email address
- library card barcode
- RU student or staff number (E, U or Z number)
In the case of alumni, post-active staff and external borrowers (external PhD candidates, HAN University of Applied Sciences students and staff and UKB borrowers) we also process the following address details:
- the street name
- the street number
- the postcode
Purposes of processing
The University Library will process your personal data for the following purposes:
- to execute any agreement concluded with you;
- to maintain administrative records;
- to calculate, record and collect amounts payable, which is deemed to include outsourcing claims to other parties;
- to enter into contact with you and to reply to any questions that you may raise;
- to lend and recover materials comprising part of the library’s collection.
Your personal data will not be processed further for any purpose that cannot be reconciled with these without your consent.
Principles governing processing
The University Library will process your personal data in accordance with the following principles:
- you have consented to your personal data being processed;
- such processing is necessary for the purposes of executing an agreement to which you are party or to take action at your request before entering into an agreement.
Mandatory or voluntary provision
If we ask you to provide personal data, we will clarify whether the provision of the data that is requested is necessary or mandatory and what the potential consequences could be if such data is not supplied. Our premise in this respect is that we will not process more personal data than is required for the above-mentioned purposes.
Exchange with other parties
If the University Library shares your data with another party that processes it at Radboud University’s behest, we will enter into a data processing agreement with that party in accordance with the applicable privacy legislation and regulations.
The University Library will not supply personal data to any other party that would use such data for their own purposes, unless this is required in order to comply with its legal obligations or you consent to this.
Where personal data is processed by another party outside the European Economic Area, measures will be adopted to ensure an appropriate level of security.
Automated decision-making and profiling
At present the University Library does not use profiling in combination with automated decision-making.
Retention periods
The retention period for your data will be determined in accordance with the following criteria. Only current loans will be recorded in the library system. Your personal borrowing history will not be retained. All of your personal data will be deleted when your library subscription expiry date is reached or 365 days after you were last active in the library system as a borrower.
In the event that legally stipulated retention periods apply in respect of specific personal data, we comply with them. Where legally stipulated or agreed retention periods vary, we abide by the longest one. If you would like to have your personal data deleted sooner, it is possible to do so in specific circumstances. See also the information under the subheading, "Right to correct and delete".
Personal data security
The University Library will adopt appropriate technical and organisational measures to secure personal data against loss or any form of unlawful processing.
YOUR RIGHTS
The University Library respects the rights that you have in accordance with the applicable legislation and regulations. Below we provide information for you about those rights and the manner in which you may exercise them.
Right of inspection;
You are entitled to inspect the personal data pertaining to you that the University Library processes.
Right to correct and delete;
In certain circumstances you are entitled to arrange for your personal data to be amended or deleted if that data is not (or no longer) correct or where there are no (or no longer any) grounds to process it.
Right to object;
If we process your personal data on the basis of a legitimate interest or a duty in the general interest, you are entitled to object to this.
Should you object to any other way in which your personal data is processed, we will examine whether we can accommodate your objection. If the interest that you claim weighs more heavily than the interest that we have in processing your personal data (further), we will stop processing that data. Should we believe that our legitimate interest in continuing to process your personal data weighs more heavily, we will explain that.
Right to limit processing;
You are also entitled to limit the processing of your personal data in specific circumstances. This means that the University Library will temporarily ‘freeze’ the processing of your data. You may exercise this right in anticipation of the assessment of a request for correction, if your data would need to be deleted because processing it is unlawful but you request a limitation of the processing of your data instead of its deletion, or should [the name of the category or component] no longer require your data but you do for a lawsuit (or to prepare for one) or while waiting for an objection to be assessed.
Right to data portability;
If we process your personal data based on your consent or an agreement concluded with you, you are entitled to receive the data that you have supplied in electronic form in a generally accepted file format. You will then be at liberty to pass that data on to another party.
Revocation of consent;
If we process your personal data based on your consent, you are usually entitled to revoke your consent. In this case we will immediately cease processing. The revocation of consent will not apply retrospectively. As such, any processing that has already occurred will remain lawful.
Exercising the above-mentioned rights
Should you wish to exercise the above-mentioned rights, you may approach the Radboud University data protection officer at privacy [at] ru.nl (mijnprivacy[at]ru[dot]nl).
Radboud University will not charge you a fee to exercise the above-mentioned rights except where they are misused.
Deadlines
In principle, we will respond to your request within a month. In the unlikely event that more time is required to respond to your question or request, we will notify you accordingly within a month. The deadline for providing a response may extend to no more than three months because of the complexity of the request(s) and/or the number of requests.
Identification
We may request further proof of your identity in the case of any request. This we will do to ensure that we do not provide your personal data to the wrong party or wrongly modify your personal data or the manner in which we process it. In order to ensure that your request is dealt with as smoothly as possible, we will therefore ask you to present proof of your identity.
Individual consideration in the case of each request
We would like to draw your attention to the fact that the above-mentioned rights are not absolute. Circumstances may occur as a result of which we may not be able to respond to a specific request. We will assess every request individually. Should we fail to respond to a specific request (or be unable to do so), we will naturally notify you accordingly citing reasons for this. Nevertheless, the right to object to the use of your data for direct marketing purposes is absolute. Whatever the case, we will honour any request declining commercial exposure.
OVERSIGHT
Data protection officer
Radboud University has a data protection officer (DPO). The DPO oversees compliance with privacy legislation within Radboud University (or any part of it) and provides advice on such legislation. The DPO is independent and reports directly to the Executive Board. In addition, the DPO acts as a contact person with regard to any questions concerning privacy both in relation to you as a data subject and the regulatory authority.
With regard to any request concerning the exercise of the aforementioned rights, you may contact the office of the DPO directly by email at privacy [at] ru.nl (mijnprivacy[at]ru[dot]nl). If you have a question or complaint in relation to this privacy statement or our policy on privacy, you may contact the office of the DPO directly by email at privacy [at] ru.nl (privacy[at]ru[dot]nl).
Regulatory authority
In accordance with the privacy legislation and regulations you may also submit a complaint to the national regulatory authority, the Dutch Data Protection Authority. You will find the Dutch Data Protection Authority’s contact details on its website (https://www.autoriteitpersoonsgegevens.nl/en).