The Gerrit Rietveld Academie and Sandberg Instituut, hereinafter referred to as ‘the Academie’, respect the privacy of their students and staff and handle your personal data as required under the Personal Data Protection Act (Wet bescherming persoonsgegevens, Wbp) and from May 2018 onwards under the General Data Protection Regulation (Algemene verordening gegevensbescherming, AVG). In this privacy statement we explain what personal data we collect and use and for what purpose.
Storage and processing of personal data
Personal data need to be stored and processed for our business processes. This needs to be done with the greatest possible care, as improper use of personal data can cause substantial harm not only to students, staff and other persons concerned but also to the Academie itself. We at the Academie therefore attach importance to protecting the personal data supplied to us properly and using it for its intended purpose. Processing personal data correctly is the responsibility of the Executive Board of the Academie, but each member of staff and student is also individually responsible for handling other people’s personal data with care.
The Rietveld Academie has appointed a data protection officer, who is responsible for internally monitoring compliance with the data protection legislation in force and giving advice. The data protection officer is Pascal Pater, who can be contacted by email at fg[at]rietveldacademie.nl or fg[at]sandberg.nl.
Purposes and basic principles
The Academie processes personal data for various purposes.
If you are a student, we process your personal data because you have registered with us and/or enrolled with us for a course, a Bachelor’s degree programme at the Rietveld Academie or a Master’s degree programme at the Sandberg Instituut. We process your data to enable us to provide you with good teaching, monitor your progress and provide optimum support during your studies. We only process data that is relevant or necessary in order to meet our statutory obligations. Examples of databases or systems in which your data is processed are the Osiris student information system for registration, enrolment, course participants, exchange and progress records, the Lending Systems of the Library and Facilities Lending Service. Your data are also processed in a financial system for the processing of tuition fees. For detailed information on the purposes and basic principles involved in the processing of your student data please see Appendix 1.
If you are a member of staff of the Rietveld Academie and/or Sandberg Instituut we collect your data in order to support you in the performance of your duties, to pay your salary and to supervise you while you are working for us. Also, we only process data that are relevant or necessary in order to meet our statutory obligations. Examples of databases or systems in which we process these data are the personnel information system, which includes the payroll and personnel records, and the financial administration. For detailed information on the purposes and basic principles involved in the processing of staff data please see Appendix 2.
Data that you share in confidence may only be processed or passed on with your consent. This applies e.g. to information on a disability.
Provision of data to third parties
We may pass on your personal data to others, but only if this is necessary for the fulfilment of your teaching (or other) contract with us, or to comply with a statutory duty or duty of care. Organisations with which we exchange personal data include the following:
- The Education Executive Agency (DUO, Dienst Uitvoering Onderwijs)
- The Ministry of Education, Culture and Science
- The Higher Education Inspectorate
- Government bodies such as the ABP (civil service pension fund)
- Municipal authorities
- The Health & Safety Service
- The Tax and Customs Administration
- The Immigration and Naturalisation Service (IND) for students requiring a residence permit
Otherwise we will not pass on data supplied by you to other parties unless you have personally consented to this or it is statutorily required. On no account will we pass on your data to parties in countries outside the EU (‘third countries’).
The Rietveld Academie retains your personal data for no longer than is necessary for the purposes mentioned above. The Rietveld Academie destroys personal data once the retention period expires, unless the data are intended for historical, statistical or scientific purposes, in which case we archive the data. The Academie bases its retention and destruction periods on the Selection List for universities of applied sciences.
Information that we collect automatically (cookies)
A cookie is a small text file that is stored on your computer, tablet or smartphone the first time you visit the website. The cookies that we use are for technical, functional and analytical purposes. They ensure that the website works properly (e.g. by remembering your preferences) and are used to optimise the site. You have to consent to this. If you do not wish to consent you can configure your browser so that you do not receive cookies when visiting our site, but this may mean that you are not able to use all the facilities on our site(s).
The Academie uses CCTV in the buildings and on the grounds in order to protect our security and our property. The use of CCTV cameras is laid down in a CCTV protocol. The images from the cameras are not shared with unauthorised persons or third parties. The images are automatically destroyed after a period of four weeks.
You are entitled to access, correct or delete your personal data. If you do so, the data concerned will only be processed in order to meet a statutory obligation. If there is no such obligation they will be deleted. You are also entitled to withdraw any previous consent to data processing or to object to the processing of your personal data by the Academie. In addition you are entitled to data transferability, i.e. you can ask us to send in a computer file the personal data that we hold on you to you or an organisation designated by you.
If you wish to avail yourself of the above rights, send a request to the data protection officer at fg[at]rietveldacademie.nl or fg[at]sandberg.nl.
The Academie takes the protection of personal data seriously and takes appropriate steps to prevent improper use, loss, unauthorised access, undesirable disclosure and unauthorised editing of data. To protect personal data in the best possible way we store them on secure web servers. If you are of the opinion that the Academie has not acted correctly in processing and securing your personal data, or you suspect that this is the case, you can lodge a written complaint with the data protection officer. If the complaint does not ultimately produce the desired result you can lodge a complaint with the Dutch Data Protection Authority.
Privacy statements of third parties
This privacy statement does not apply to websites of third parties linked to the websites of the Rietveld Academie and Sandberg Instituut. The Academie does not accept any responsibility or liability in respect of the way in which these third parties handle personal data.
Amendments to this privacy statement
We may amend this privacy statement from time to time. The current privacy statement is published on our websites.
Explanations of the terms used in this Privacy Statement can be found here.