logo Crosstalks

Menu

Like other academic institutions, the VUB processes personal data.  The VUB is committed to protecting personal data and handling it with the utmost care in order to safeguard the privacy of those concerned. In this privacy statement you can read more about our guidelines for handling personal data, about questions and services you may request from us, and about our point of contact for further information regarding privacy and data protection at the VUB.

 

Which personal data is processed and why

Personal data the VUB processes 
The VUB is responsible for processing large amounts of personal data: not just from students, researchers and staff, but also from alumni, third party experts and visitors, as well as data that is required to perform academic research. We process this data either to fulfil the legal requirements necessary to provide education and perform research, or in order to improve our services as a university.

The purposes for which it is processed

  • Providing education

In order to provide our educational services, the VUB is in charge of extensive record keeping on student affairs.
(This includes, for example, informing and recruiting prospective students, tailoring our communication and information feeds towards interested prospective students based on their preferences in order to improve their choice of studies and our services, managing internal and external information flows; registering study results; issuing certificates, diplomas, qualifications and degrees; concluding contracts with students; formulating policy on education matters; developing and writing policy and management reports in the context of accreditation demands; being able to provide advice, guidance, and counselling; settling disputes, providing training and education in medical studies; ensuring procedural justice in the election of members for participatory bodies etc.)

  • Performing academic research:

The researchers affiliated with the VUB gather, analyse, and manage large quantities of data, necessary for the advancement of the scientific disciplines represented at the University – from Archaeology to Zoology. Many of the activities carried out by researchers involve processing personal data.

  • Human resources

Searching for, selecting and recruiting new employees; concluding of contracts; negotiating salaries, benefits, and pensions; information regarding the membership of a trade union; information on the termination of employment; being able to comply with obligations arising from employment and health & safety legislation; registering leaves of absence etc.

  • Strategy, business administration, policy and management

Keeping records on the financial affairs of (parts of) the VUB, managing IT-, purchase and payment systems, litigating on behalf of the VUB; managing contacts and contracts with suppliers, clients, consumers, suppliers, business partners; ensuring  the wellbeing of students, staff and visitors, being able to improve policy, organizational analysis, management,  and dispute resolution etc.

  • Facility management

Ensuring the health and safety of students, staff and visitors; ensuring accessibility and maintenance of the campus and of (automated) systems; providing appropriate security measures and supervision; maintaining contacts with facility management services and partners etc.

  • Valorisation, outreach, marketing and communication

Recruitment of prospective students; performing market research; concluding and fulfilling contracts with other educational institutions (e.g. high schools); improving public and customer relations; improving marketing and branding of the VUB; managing and improving our website, libraries, library systems, archival services etc.

All these various types of data will be treated with the utmost care; none will be freely accessible. Employees of the VUB and persons acting on behalf of the VUB who work with such data will only be authorised to do so to the extent necessary for the performance of their duties. Additionally, the VUB is continuously committed to maintaining the proper technical and organizational safeguards with regard to information security and data protection.

Categories of personal data processed by the VUB

Because the VUB performs activities in all the areas listed, a lot of personal data is gathered and stored. In light of these activities, it is possible that the VUB processes the following categories of personal data:

  • Name
  • Address 
  • Place of Birth 
  • Bank Account Number
  • Telephone number
  • Date of Birth
  • Sex/Gender
  • Email-address
  • Information regarding user interaction (e.g. IP address, cookies, clicking behaviour, information from contact forms etc.)
  • Images (photos and videos)
  • Information regarding choice of study programme, study progress and study results
  • Data gathered in the context of academic research

In principle, the personal data processed by the VUB has been disclosed to the VUB directly. However, it may also be the case that the VUB receives personal data from third parties. We often collaborate with universities, research centres and (international) organisations located abroad, both inside and outside the EU. Within the scope of such collaborative projects, it is possible for personal data to be disclosed to these third parties: naturally, this will always happen in compliance with all relevant privacy and data protection laws and regulations and the VUB will always strive for the shortest possible retention period of relevant data.

Provision of data to third parties

The VUB will not exchange personal data with third parties for financial gain. Personal data will only be transferred to a third party when there is a legal basis to do so (e.g. this is required by law, it is necessary for the fulfilment of a contract with the data subject, it is necessary for the legitimate interests of the VUB or a third party, or when the data subject has given his or her explicit, informed consent).

There is a range of possible scenarios in which the VUB transfers personal data to a third party. For example, our human resource department may ask the assistance of professors from other universities to take a seat in a selection committee for an academic position, or collaborate with an external recruitment agency. Researchers might collaborate with fellow researchers from other institutions and may need to share or publish their research data. One can also consider the legal obligations that the Flemish authorities set with regard to rewarding university diploma’s: some of these obligations include sharing personal data of students and alumni with the education authorities – which means the VUB is legally obliged to share personal data with a third party (i.c. the Flemish authorities). Another option is (automated) online marketing in our efforts to improve our outreach to potential students and our alumni: in order to be as effective as possible, data from various online sources is used. This means all of us are continuously sharing personal data with platforms such as facebook and linkedin.

The VUB can also instruct third parties to perform services for it, in which case the VUB will draw up an agreement in which it lays down the duties for the service provider with regard to the processing of personal data (a so-called "data processor agreement”). In this contract it is then stipulated that the third party will handle any disclosed personal data confidentially, carefully, and in compliance with privacy legislation.

Subjects’ rights with regard to their personal data

On May 25th 2018, the "General Data Protection Regulation" will take effect. The GDPR is a European regulation which grants individuals rights with respect to the way their personal data is handled and protected. Individuals may, for example - depending on the legal basis for the processing of their personal data and dependent on the fulfilment of certain conditions - exercise a right to:
inquire as to what personal data is processed and, when the data is provided to the VUB by a third party, inquire into the source of this information;
request the correction of data insofar as it is incorrect;

  • Object to the processing of his or her data;
  • Know of the existence of possible automated decision making processes, and, when these are used to create profiles, inquire into the logic underlying these processes, the purposes they serve, and their consequences;
  • ‘Be forgotten’ by an institution that has processed their personal data.

The competent national authority concerning privacy and data protection is the Commission for the Protection of Privacy (or CBPL: “Commissie voor de bescherming van de persoonlijke levenssfeer”). This is the authority that monitors privacy law compliance and where any individual can file a complaint regarding privacy and the processing of personal data. 
Further questions regarding the different rights and obligations in the field of privacy can be directed to VUB’s Data Protection Officer (DPO) via dpo[at]vub.be.