Scope of application
This privacy statement supplement applies to the processing of personal data by Division Human Resources. Division HR is part of Radboud University (RU). This privacy statement supplement is to be read in conjunction with Radboud University's Privacy Statement. Division HR respects your privacy and ensures that your personal data is processed in accordance with applicable laws and regulations. In this statement we inform you about how Division HR handles your personal data, for what purposes and on what basis this occurs, how your personal data is processed, what rights you have when your personal data is processed, and where you can direct questions or requests about your privacy.
What is personal data?
Personal data are information that tells us something about an identified or identifiable natural person.
Processing of personal data by Division Human Resources
Division HR processes the following personal data from you:
Contact info (name, home address, e-mail address, phone number); gender; nationality and place of birth; unique registration number; citizen service number (BSN); bank account number (IBAN); (details about) your work, the training programmes in that context and your functioning in general; financial details provided by you to us; correspondence and interaction details (e-mails, letters, messages or other information exchanged when you contact us or we contact you); contact details of the person you have assigned as a contact person with us (in case of emergencies); visual material.
In most cases, this is data we have obtained directly from you. We also sometimes receive personal data through third parties, insofar as this is in accordance with the law or if you have given your explicit consent to do so. At your own request and with your explicit permission, we may also process your medical data. This may involve, for example, data that is necessary to be able to act properly in case of an emergency.
Objectives of Processing
Division HR processes your personal data for the following purposes:
- to execute the agreement(s) entered into with you;
- to conduct administration and internal management of activities;
- to allow us to send digital newsletters via e-mail;
- to comply with legal obligations, such as administrative obligations and the obligation to retain this information;
Your personal data will not be processed further without your permission for a purpose that is not in keeping with this.
Grounds for Processing
Division HR exchanges your personal data on the basis of one of the following grounds:
- the processing is necessary for the execution of a contract to which you are a party, or to take measures at your request prior to the conclusion of a contract;
- the processing is necessary to comply with a statutory obligations incumbent upon us.
- you have granted us permission to process your personal data;
Processing special categories of personal data shall only take place if the conditions specifically stated in the law have been met, or if one of the grounds for exception stated in the applicable laws and regulations have been met.
Compulsory or voluntary provision
If we ask for your personal data, we will make clear if the
provision of the data requested is necessary or mandatory and what the (potential) consequences are if the data are not provided. The basic principle is that we do not process more personal data than is necessary for the described purposes.
Exchange with Third Parties
As part of the performance of its duties, Division HR may share your data with third parties outside Radboud University. Division HR will provide your data to the following third parties in the context of the performance of its tasks: Belastingdienst, ABP, UWV, Loyalis, a digital career coaching tool, Digitaal Feedback Instrument Nederlandse Universiteiten, H-traject, KPP Steuerberatungsgesellschaft mbH, learning platform (LMS), e-recruitment system.
If Division HR shares your data with a third party that processes the data on behalf of Division HR, we will enter into a processing agreement with that third party that meets the requirements of the applicable privacy laws and regulations.
It should be noted that no processing agreement will be drawn up with the Belastingdienst, ABP, UWV and Loyalis, because we are obliged by law to exchange data with them. Furthermore, not all systems exchange the personal data of all employees. This often involves a specific group of employees and limited personal information.
Division HR does not provide personal data to third parties who are going to use the data for their own purposes, unless this is necessary to meet legal obligations or unless you have given us permission for this.
If a third party outside the European Economic Area should process any personal data, measures will be taken to ensure an appropriate security level.
Automated decision-making and profiling*
Division HR currently makes limited use of profiling in conjunction with automated decision-making, in that it determines which user rights are granted based on the job title. However, there is no decision based solely on automated processing, including profiling, which produces legal consequences for you or otherwise significantly affects you.
*Profiling is any form of automated processing of personal data whereby, on the basis of personal data, certain personal aspects of a natural person are evaluated, in particular with a view to analysing or predicting his/her professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or moves. It involves the automated construction of a picture about the personal aspects of an individual, e.g. tracking, purchase or payment behaviour in a postal code area.
Retention Period
We do not store your data for longer than is legally required. We determine the retention period based on applicable laws and regulations. If statutory or agreed periods differ, the longest retention period will be used. Should you want to have your personal data erased at an earlier stage, this is possible in certain circumstances. See also the information under the heading 'Right of Rectification and Erasure'.
Security of Personal Data
Division HR will undertake all appropriate technical and organizational measures to protect your personal data against loss or any form of unlawful processing. Measures that are applied as far as possible in this context include encryption and pseudonymisation of personal data, encrypted communications, and the handling of personal data as confidential.
Your rights
Division HR respects the rights you have under applicable laws and regulations. Below we will inform you about these rights and how you can exercise them.
Right of Inspection
You have the right to review your personal data that is processed by Division HR.
Right of Rectification and Erasure
Under certain circumstances, you have the right to have your personal data changed or deleted if the data is currently not or no longer correct, or if the processing is currently not or no longer justified.
Right to Object
If we process your personal data on the basis of a legitimate interest or a task of public interest, you have the right to object to this.
If you object to the use of your personal data to inform you about activities of Division HR and similar processing ('direct marketing'), we will always honour this objection. Your data will then no longer be used for this purpose.
If you object to other forms of processing of your personal data, we will check whether we can honour your objection. If the interest you have stated outweighs the interest we have in the processing of your personal data, we will stop processing this data. If we believe that we have a more serious legitimate interest in continuing the processing of the personal data, we will explain that.
Right to Restriction
Under certain circumstances, you are also entitled to restrict the processing of your data. This means that Division HR temporarily ‘freezes’ the processing of your data. You can invoke this right:
- pending review of a correction request;
- if you have requested that the data be erased due to unlawful processing, but instead of requesting that the data be erased, you request that the processing of the data be restricted;
- if Division HR no longer needs the data while you still need the data (to prepare) for a lawsuit or pending the evaluation of an objection.
Right to Data Portability
If we process your personal data on the basis of your consent or an agreement concluded with you, you have this data returned to you digitally by us in a common file format. You are free to then forward that data to another party.
Withdrawal of Consent
If we process your personal data on the basis of your consent, you often have the right to withdraw your consent. We will then cease processing immediately. Withdrawal of consent has no retro-active effect. This means that all processing that has already taken place remains lawful.
Exercising the aforementioned rights
If you wish to exercise one of the abovementioned rights, you can contact the Radboud University Data Protection Officer via: mijnprivacy [at] ru.nl.
Radboud University does not charge you for exercising your abovementioned rights, with the exception of abuse.
Time limits
In principle, we will respond to your request within a month. Should the answer to your question or request take more time, we will inform you of this within a month. Due to the complexity of the requests and/or the number of requests, the answer period may increase to a maximum of three months.
Identification
For any request, we are permitted to request further proof of your identity. We do this to prevent us from providing personal data to the wrong party, unlawfully making changes to the personal data, or processing your data in an inappropriate fashion. In order to make the processing of your request as smooth as possible, we ask that you present your ID.
Each request is assessed individually
We would like to point out that the rights described above are not absolute rights. There may be circumstances that prevent us from complying with a particular request. We will assess each request individually. If we are unable to comply with a particular request, we will inform you of this and include the reasoning for our decision. However, the right to object to the use of data for direct marketing purposes is absolute. Requests to unsubscribe from any commercial communications will therefore be honoured in all cases.
Monitoring
Data protection officer
Radboud University has appointed a Data Protection Officer (DPO).
The DPO supervises compliance with the privacy legislation at Radboud University and advises on privacy legislation. The DPO is independent. The DPO reports directly to the Executive Board. Furthermore, the DPO is the contact person for questions concerning privacy, both for you as a data subject and for the supervisor.
For requests concerning information about exercising one of the abovementioned rights, please contact the DPO office by e-mail via mijnprivacy [at] ru.nl.
If you have any questions or complaints about this privacy statement or our privacy policy, you can contact the DPO Office by e-mail via privacy [at] ru.nl.
Compliance Officer
Pursuant to privacy laws and regulations, you can also submit complaints to the national supervisory body, the Data Protection Authority. You can find the contact details on the website of the Data Protection Authority (www.autoriteitpersoonsgegevens.nl).