Version March 3, 2019
TU/e Skillslab respects the privacy of students, employees and other persons whose personal data it processes.
TU/e Skillslab processes personal data for purposes including the provision of research & valorization, education and its operational management, within the framework of statutory obligations and to protect legitimate interests of TU/e Skillslab and third parties.
TU/e Skillslab acknowledges that the personal data which it processes are valuable for the data subjects and that careless treatment of personal data by TU/e Skillslab may result in infringements of privacy and may lead to other disadvantages or damage to data subjects.
TU/e Skillslab is part of the TU/e, specialized in professional skills and organizing workshops to develop these professional skills.
TU/e Skillslab states that:
• TU/e Skillslab assumes responsibility for the careful treatment of the personal data which it processes;
• TU/e Skillslab will comply with applicable legislation and regulations, such as the General Data Protection Regulation (GDPR);
• TU/e Skillslab will be transparent proactively about the processing of personal data, the purpose of such processing and the manner of its execution;
• TU/e Skillslab applies privacy-by-design and privacy-by-default as starting points in the processing of personal data; and
• TU/e Skillslab will adequately protect the personal data for whose processing it is responsible.
(Contact details) Data Protection Officer
Data Protection Officer (DPO)
General questions and/or complaints in connection with (the processing of) personal data can be reported via email@example.com. This mailbox is managed jointly by the Chief Information & Security Officer, the Privacy & Security Officer and the Data Protection Officer. Please mention that this email was send from TU/e Skillslab.
A register will be kept of questions or complaints with a (potentially) significant impact. If the personal data of the data subject(s) or the business processes, the finances or the reputation of TU/e Skillslab are seriously jeopardized, in any case the Executive Board and the Data Protection Officer will be notified.
The University has appointed Ms. A.H.J. (Annuska) van den Eijnden as Data Protection Officer. As an independent, internal supervisor and advisor she is charged with the supervision of the compliance with the applicable legislation in the area of personal data. The Data Protection Officer can be reached via telephone number 040-2476079 and/or email address firstname.lastname@example.org.
Computer Emergency Response Team (CERT)
The core task of the CERT is the detection and correction of incidents, more specifically the signaling and handling of information security incidents on the basis of predetermined categories and prioritization. If criteria are satisfied, the CERT alerts the local or central TU/e emergency team. Incidents that cannot be handled within the scenarios and frameworks are escalated to the Chief Information Security Officer (CISO).
The CERT can be reached via telephone number 040 - 247 5678 and email address email@example.com
Duty to report data leaks
There is a data leak when there is a breach of the security of personal data which leads to any unauthorized processing of the data. This may be a theft of a laptop, a USB stick that has been left on the train or an email that has been sent to the wrong person. Data leaks must be reported to the supervisor within 72 hours after their discovery and in some cases the data subject(s) must also be informed.
A data leak may arise both within and outside TU/e. Anyone who notices a (possible) data leak or suspects that they themselves are part of a data leak must contact the hotline for data leaks of personal data TU/e via firstname.lastname@example.org. A report of a (possible) data leak must be made as soon as possible. A register will be kept of every data leak and its handling.
Rights of data subjects
The General Data Protection Regulation (GDPR) gives Data Subjects rights with which they can exercise control over the Processing of their Personal Data. A request for information, inspection, rectification, addition, removal or restriction of the Processing can be submitted in writing to email@example.com. This mailbox is managed jointly by the Chief Information & Security Officer, the Privacy & Security Officer and the Data Protection Officer.
The university ensures that the information and communication is provided to the Data Subject in a concise, easily accessible and understandable way and in clear and plain language. The language will be attuned to the target group.
A request from a Data Subject will be responded to in writing as soon as possible, but no later than within four weeks after its submission. Hereby the Data Subject will in any case be notified about the action that has been taken on the request. If the time period of four weeks is not reasonably feasible, the Data Subject will be informed thereof within this period. In that case the university will take action on the request of the Data Subject within two months after the expiry of the first period.
In the provision of the relevant information the university ensures that the identity of the person making the request is ascertained properly. To this end TU/e and TU/e Skillslab can ask for extra information.
A request for the exercise of one of the rights as elaborated in this chapter by a Data Subject, being a Minor, a person subject to a guardianship order or for whose benefit an administration or a mentorship has been granted, is made by that person’s legal representative. A reaction by TU/e or TU/e Skillslab will also be sent to this legal representative.
Right to object
For Data Subjects there are two grounds for objecting to a Processing:
1. In connection with his or her personal circumstances, every Data Subject can object to Processing at the university, if this Processing takes place pursuant to
a) the performance of a task carried out in the public interest or within the context of the exercise of official authority of the Controller, or
b) the pursuit of the legitimate interest of TU/e Skillslab or of a Third Party to which the data are provided.
In case of objection TU/e and TU/e Skillslab will in principle cease the further Processing. If TU/e or TU/e Skillslab can show that its compelling legitimate interests override the interests or fundamental rights and the fundamental freedoms of the Data Subject, the Processing will be continued. If the objection is legitimate, TU/e and TU/e Skillslab will (free of charge) take the measures that are required to stop processing the Personal Data for the relevant purposes.
2. In a Processing for the purpose of ‘direct marketing’, a Data Subject will have the right to object at any time. In case of objection TU/e or TU/e Skillslab will immediately stop the Processing for direct marketing purposes (free of charge) and not resume this.
If the Data Subject is of opinion that the legal provisions regarding the privacy protection or the provisions of these regulations are not enforced correctly towards him or her, he or she can lodge a complaint in writing with the Data Protection Officer, firstname.lastname@example.org
If TU/e or TU/e Skillslab has rejected a request and/or TU/e or TU/e Skillslab has rejected the Data Subject’s request, the Data Subject can:
1. file a complaint with a supervisory authority, the Personal Data Authority (www.autoriteitpersoonsgegevens.nl);
2. initiate application proceedings before the subdistrict court. The application must be lodged with the subdistrict court within six weeks of receipt of the response from TU/e. If TU/e has not responded to the Data Subject’s request within the set period, the application must be lodged within six weeks after expiry of that period. It is not necessary for an application to be lodged by a lawyer;
3. start an objection procedure, in conformity with the General Administrative Law Act [Algemene wet bestuursrecht; Awb]. An objection procedure must always be started within 6 weeks after notification of a decision from the university. Appeal against a decision on an objection lies to the District Court.