Privacy statement

THUAS processes personal data of the following 7 categories of data subjects:

1. Students (including potential students and alumni)
2. Employees (including external employees, temporary workers, assigned persons, trainees, PhD candidates, former employees and applicants)
3. Visitors of the THUAS website
4. Visitors of the locations of THUAS
5. Survey participants (e.g. interviewees and interviewees)
6. Relations involved in education and research of THUAS (e.g. internship and graduation companies, clients from the professional field or partner universities)
7. Relations providing services to THUAS (e.g. suppliers or business relations)

Below you will find per category which personal data THUAS processes and for what purposes. The examples per category are not exhaustive and subject to change, for example as a result of changes in the relevant laws and regulations. So other examples are also possible.

The tables per category contain an overview of personal data that are processed stating purposes and legal bases. We realize that it is impossible to be complete. For example, because personal data must also be processed for other or unforeseen purposes in the future. THUAS will continue to handle the personal data we obtain accurately and carefully. If THUAS wishes to process personal data for a purpose other than that for which the personal data were collected, data subjects will receive information about that purpose including associated information prior to that processing, unless this is not required under the GDPR.

If you do not want to provide personal data to us, or do not want THUAS to process personal data, this may make the execution of the agreement or services impossible or hinder the use of the website.

(including potential students and alumni)

Personal data:

• Identification data
• Name and address and contact details
• Contact details of parents, guardians or guardians (if necessary)
• Contactgegevens van ouders, voogden of verzorgers (indien noodzakelijk)
• Image/sound material
• Financial data 
• Education data, such as registration and progress data
• Communication from, to and with data subjects 
• Data on presence, availability, location, internet behavior 
• Data for health or well-being 
• Labour data
• Digital data

Learning Analytics

For Learning Analytics, THUAS may process special and/or sensitive personal data. This can be done, for example, in the case of study progress, personal and/or social factors that have an influence on your study such as experienced study pressure or having a disability. 

Children

We do not intend to collect personal data from visitors to our website who are under the age of 16 unless they have permission from parents or guardians. However, the website cannot check whether a visitor is older than 16 years. We therefore advise parents to be involved in the online activities of their children. This prevents their personal data from being collected without your consent.

Purposes:

• recruitment, recruitment & selection of new students 
• support with orientation study choice, information purposes, student administration 
• organizing and providing education, including testing and examination 
• providing or making available (digital) learning resources, internal and external information provision 
• recording results 
• issuing certificates, certificates and diplomas 
• preparation and execution of agreements with students 
• implementation or application of legal obligations, the organization or provision of study information, including study advice 
• customer engagement 
• promotional activities, relationship management and marketing 
• support with functional limitations 
• providing help, advice and personal guidance to students, including facilities, both for study problems and for problems of a psychological, social and/or emotional nature
• (research aimed at) quality improvement in education 
• maintaining contact: sending information, newsletters 
• internal and external information provision 
• sending questionnaires (also for rankings) 
• organizing events 
• volunteering or mentoring
• fundraising 
• registering alumni career developments for the purposes listed here. 
• safety and security, organizational analysis, internal control, development and management reporting, substantiations for accreditation studies 
• carrying out an audit
• financial administration (including calculating and collecting tuition fees, including placing claims in the hands of third parties) 
• management of purchasing and payment systems, execution and management of IT procedures, legal affairs 
• handling requests and disputes, complaint procedures and appeals and objections 
• (market) research, organizational analysis, development and management reports 
• library matters, physical and digital archiving 
• participation and elections.

Learning analytics

In the context of learning analytics, THUAS processes personal data with the following processing purposes: (research aimed at) tailor-made advice on quality and content of education, personal development and guidance of individual students, whereby analysis of the collected data improves the quality and possibilities thereof and policy development.

(including external employees, temporary workers, assigned persons, trainees, PhD candidates, former employees and applicants)

Personal data:

• Identification data
• Name and address and contact details
• Background information
• Image/sound material
• Financial data
• Appointment, contract, performance assessment data and career guidance
• Communication from, to and with data subjects 
• Data on presence, availability, location, internet behavior 
• Data on working conditions and absenteeism 
• Data of family members and former family members that are necessary for the purpose of an agreed employment condition 
• Data on courses, courses and internships followed and to be followed; 
• Level of education and diplomas
• Employment history
• Digital data

Purposes:

• recruitment, recruitment & selection 
• preparation and execution of the employment contract (including employment conditions) 
• preparation and execution of the transfer of the Person concerned to or his temporary employment at another part of the university of applied sciences; 
• determining salary entitlements, salary administration 
• arranging claims, internal and audit 
• handling of personnel matters 
• directing the activities of the person concerned 
• organization and care of company medical care, corporate social work or creating a safe environment for the person concerned 
• training/education of dismissal, performance of claims to benefits in connection with the termination of employment and updating pension rights 
• the administration of the staff association and of the association of former staff members; 
• (the possibility of) granting dismissal
• placing claims in the hands of third parties. 
• accounting • internal control and company security 
• management of purchasing and payment systems, execution and management of IT procedures, legal affairs, internal and external information provision, organizational analysis, development and management reporting 
• preparation and execution of agreements with customers, consumers, suppliers and business partners 
• relationship management, marketing, market, scientific, statistical or historical research 
• handling disputes, such as complaint, appeal and objection procedures 
• audit by an auditor or supervisory authorities 
• physical access and management systems, management of websites, the intranet and software systems 
• library matters
• physical and digital archiving 
• participation and elections 
• sending information, newsletters, mail or presents 

THUAS can provide information to government and semi-government bodies, due to the implementation of laws and regulations and also to organizations whose activities result from a statutory regulation.

Personal data:

Digital data (such as internet browser, device type, location data, data surfing behavior across multiple websites)

Purposes:

• marketing en marktet research 
• handling disputes (complaint, appeal and objection procedures, etc.)
• webcontent management
• analytic purposes.

Personal data:

• Image/sound material
• contact information 

Purposes:

• safety and security
• camera surveillance
• handling disputes (complaint, appeal and objection procedures, etc.)

(e.g. interviewees and interviewees)

Personal data:

• research data* 
• identification data
• contact details 
• image/sound material
• financial data 
• employment data 
• digital data 
• possible special personal data such as health, race, genetic or biometric data

* This data is processed in accordance with the GDPR and the Dutch Code of Conduct for Research Integrity (NGWI). Upon request, THUAS Ethics Advisory Committee will review the investigation.

Purposes:

• conducting and publishing scientific, practice-oriented and statistical research
• internal and external information provision 
• substantiation of integrity investigations 
• executing and managing IT procedures • handling disputes (e.g. complaint, appeal and objection procedures) 
• archiving (physical and digital).

(e.g. internship and graduation companies, clients from the professional field or partner universities)

Personal data:

• name
• contact details 
• company information
• image/sound material
• communication from, to and with data subjects

Purposes:

• preparing and executing an agreement 
• corporate security 
• executing and managing IT procedures, legal affairs, internal and external information provision, organizational analysis and formation and execution of agreements with customers / clients and (business) partners 
• relationship management, marketing and market research 
• handling disputes (e.g. complaint, appeal and objection procedures) 
• audit by an auditor and/or supervisory body 
• managing the websites, intranet/Sharepoint (THUAS) and software systems.

(e.g., suppliers or business relationships)

Personal data:

• name
• contact details 
• company information
• image/sound material
• communication from, to and with data subjects

Purposes:

• preparing and executing an agreement 
• corporate security 
• executing and managing IT procedures, legal affairs, internal and external information provision, organizational analysis and formation and execution of agreements with customers / clients and (business) partners 
• relationship management, marketing and market research 
• handling disputes (e.g. complaint, appeal and objection procedures) 
• audit by an auditor and/or supervisory body 
• managing the websites, intranet/Sharepoint (THUAS) and software systems.

• beheren van de websites, intranet/Sharepoint en softwaresystemen.

We do not simply provide your personal data to others. We only do this if you have given us permission to do so, if we are obliged to do so by law, if it is necessary for the execution of an agreement in which you are involved, if we have to fulfil our legal or educational task or if we have a legitimate interest in doing so.

Processors

If THUAS engages other parties in the execution (such as hosting the applications with which personal data is processed or if a researcher has interviews worked out), we conclude a processing agreement with these parties. In it, agreements are made for safe processing to protect your personal data. Similarly, the third party is obliged to comply with the GDPR.

Processing of personal data outside the EU/EEA

THUAS may also transfer your personal data to parties outside the EEA (European Economic Area = EU + Norway, Liechtenstein and Cyprus). For example, in the case of work or study outside the EEA for the execution of employment or internship agreements or exchange. This is only possible if that country has an adequate level of protection in accordance with European legislation. If this is the case, additional and appropriate agreements will be made in accordance with the criteria in the European Commission country list. In this way, we ensure that the personal data are adequately protected.

Special personal data

THUAS only provides special personal data to third parties with the explicit consent of the person concerned, for example via a consent form. 

Other

THUAS may provide personal data to enforcement authorities or anti-fraud organisations, for example to comply with a legal obligation.

Additional information:

• We provide data about, for example, registration, exam results, study progress, termination of registration to the Dienst Uitvoering Onderwijs (DUO), department Central Register of Registration higher education (CRIHO), on the basis of a legal obligation in the WHW. 
• If necessary, we exchange information with the educational staff about the study progress (data) of their former students. 
• In research aimed at quality improvement, permission may be granted to link external information to THUAS (e-mail address) files. This also applies to the linking of information from the HBO monitor via the student number to files of THUAS. 
• For Studiekeuze 123, an annual exchange of e-mail address files of students and alumni is possible and necessary to connect to the National Student Survey (NSE) and HBO monitor. 
• For requesting and passing on data to foreign educational institutions, internship companies and to the IND: 
  • when students want to follow a study or internship period abroad, THUAS may provide relevant personal data and study results of the student concerned to the relevant foreign institutions or companies. 
  • for the exchange of students who temporarily study at De THUAS, THUAS has the right to request relevant personal data and study results of the students concerned from their home institution.
  • on the basis of the Aliens Act 2000, we ask prospective students who do not have Dutch nationality for documentation in addition to the documents for registration and for a valid residence status. At the time of registration, the student must be legally resident in the Netherlands. According to the WHW and the Linking Act, THUAS is obliged to check this. 
  • with the registration as a student at THUAS and in accordance with the Code of Conduct for International Higher Education Student, the non-EEA student agrees that THUAS will inform the Immigration and Naturalization Service (IND) upon termination of the registration or if the institution has determined that the student no longer delivers a reasonable study performance.
• Sometimes we use or provide personal data to others to conduct research or use it for statistical purposes. There are then three possibilities: 
  • we usually make the personal data anonymous, so that no one knows that this research is being carried out with your data. 
  • sometimes it is necessary not to carry out the research anonymously. Then we ask for your permission in advance. 
  • in certain exceptions, obtaining your consent is not possible or not desirable, for example if this takes a disproportionate amount of time and effort. We will always weigh this carefully.

Additional information:

• THUAS only provides personal data to third parties due to a legal requirement and if this is necessary in order to: 
  • a condition of employment applicable to the person concerned 
  • the payroll administration 
  • the administration for benefit claims upon termination of employment 
  • the administration of the association of former employees 
  • the training 
  • the company medical organisation 
  • company security 
  • the transfer or temporary employment of the person concerned to another organisational unit of Stichting HBO Haaglanden 
  • (the possibility of) granting dismissal 
  • the transfer of claims to third parties 
  • handling disputes 
  • audit by an auditor or regulatory body
  • conducting employee satisfaction surveys or similar topics that are important for the organization. 
• THUAS may also provide information to government and semi-governmental bodies due to the implementation of laws and regulations entrusted to them and to organizations whose activities result from a statutory regulation. 
• Personal data may also be provided to third parties in more detail, if this is in the interest of the employees. Data subjects or their legal representatives will be informed of the intention to do so in good and timely manner and will be given the opportunity to object to this for a reasonable period of time.

On several occasions, De THUAS makes visual material (photos or videos). We use this material, for example, for teaching materials, recruitment or to show what we as employees and students are doing. Think of internships, (practical) lessons and meetings. You can also be seen on this footage. 

In portrait situations or related situations, we always ask for explicit, specific written permission. Of course we handle our visual material with care. We do not place any visual material that may harm students/employees or others. 

In situations that have not been staged, we do not ask for written permission. The footage is then collected on the basis of, for example, the legitimate interest for THUAS. Of course you can indicate to the photographer or camera crew that you do not want to be on footage.

Footage can be shared with photographers, camera crews or third parties who process the footage on behalf of De THUAS in publications or other expressions. Footage can also be shared in collaborations of De THUAS or for journalistic use.

In principle, THUAS uses the recommendations of the Dutch Data Protection Authority (hereinafter: AP) for the recording of visual and sound material. The DPA reports the following: 

"You can't just make recordings on which pupils or students can be seen. This is only allowed in exceptional situations. You must then be able to substantiate why this is necessary. And explain this clearly to your pupils or students in advance."

THUAS has translated this basic rule into implementing rules. In general terms, they are as follows: 

1. Lessons/educational situations in which students do not come into the picture and cannot be heard may be recorded and later made available to other groups or participants who later want to see this teaching or teaching situation (again). 
2. Lessons/educational situations in which students do come into the picture and/or can be heard may not be recorded, unless this is necessary. THUAS has designated the following situations as necessary and therefore as an exception:
   1. During and in the lesson in question, the teacher uses recordings to give feedback or assessment to the student. Just like it happens with physical education. 
   2. The teacher must check whether the recording is a necessary part of the feedback/assessment. If the feedback/assessment can take place with a less intrusive method (think of an audio recording or a report), then this method should be applied. 
   3. The teacher makes recordings (and did so even before the situation of digital education) as evidence for examination for archiving. The teacher therefore does not use this material as (teaching) material for another (lesson) situation.
3. Based on these rules, it is always the teacher who determines whether a lesson/teaching situation is included. Students are not allowed to record lessons/teaching situations.
   1. For students of THUAS, in accordance with Online Education and Behaviour
   2.  and Code of Conduct and Disciplinary Measures, they are not permitted to record and/or publish, distribute (via social media) and/or otherwise process teaching/teaching situations in which THUAS has a share. 
   3. For employees of THUAS, we refer to Online Education and Behaviour of January 19, 2021 when it comes to recording visual material in teaching / teaching situations.

The buildings of THUAS are monitored using (visible or hidden) camera surveillance (Protocol camera surveillance). On this imagery, people can be recognizable in the image. This means that THUAS processes your personal data for the purpose of: 

• protecting the safety and health of 1 or more natural persons, such as students and staff 
• securing (access to) THUAS buildings and grounds 
• preventing theft or destruction of goods in the buildings or on the premises of THUAS 
• recording possible incidents. 

THUAS collects this footage in the context of the aforementioned security purposes by camera surveillance on the basis of its legitimate interest. We delete the recorded footage after 4 weeks.

THUAS has chosen to use a remote test with online supervision as an alternative test form in certain cases i.e. if students can't come to campus to take a test. This alternative form of testing is only used if the Board of Examiners has ruled that another alternative, such as a paper or an open book exam without supervision, is not sufficient. 

THUAS considers privacy important and therefore handles your personal data with care. In this Privacy Statement Online Proctoring we describe what happens to your personal data and how your privacy is guaranteed if you take an THUAS test with online proctoring using proctoring software from ProctorExam.

Based on the GDPR, you have various rights with regard to the processing of your personal data. 

If you want to invoke your right of access, right to be forgotten or removed, you can request this via privacy@hhs.nl. To ensure that the request has been made by you, we will contact you for identification. 

We will respond within one month of receipt of your request in which way we have responded (or will do) to your request. Depending on the complexity and number of requests, this period may be extended by two months. We will also inform you about this within one month of receipt. The execution is free of charge for the person concerned.

You have the right to know whether THUAS processes your personal data. If your data is processed, you have the right to inspect this data.

You have the right to ask us to delete your personal data. For example, if the personal data are no longer necessary for the purposes for which we collected or processed them, or if you withdraw your consent to the use of your personal data. 

You cannot have your personal data deleted if THUAS has a legal obligation to process your data or to keep it for a certain period of time, or if the data is necessary to establish, exercise or defend a legal claim.

You have the right to change or rectify incorrect personal data that THUAS processes about you. You also have the right to have incomplete data about you filled in or completed, depending on the purposes of the processing.

You have the right to receive the personal data we process from you from us in a structured, commonly used and machine-readable format, if that personal data has been provided to us by you or on your behalf and used by us via automated systems.

If THUAS processing is based on the legal basis 'consent', you have the right to withdraw your consent to the processing of your data at any time. The processing of your data prior to the withdrawal of consent remains lawful.

You have the right to restrict the processing of your personal data if one of the following situations applies:

• data may be incorrect 
• processing is unlawful 
• data is no longer needed 
• the data subject objects.

If HHs has a legitimate interest in processing your personal data, you have the right to object to its processing due to your specific situation. We will stop processing your personal data unless we demonstrate a compelling legitimate interest in continuing its processing that exceeds your interests, rights and freedoms. Even if we need the data to establish, exercise or defend a legal claim, we may continue the processing. 

If you exercise your right to object, HHs will weigh your interests against the interests of HHs or the interests of relevant third parties, after which we will make a decision on your objection.