Privacy is important. It gives us freedom and protects our personal living environment. The arts and freedom are also inseparably connected. ArtEZ therefore is very diligent in dealing with personal data, in accordance with the conditions of the European Privacy law, the General Data Protection Regulation (GDPR). In this privacy statement, ArtEZ amongst other things, explains how she handles the personal data of potential students, (external) relations and visitors.
Categories of personal data
ArtEZ collects data through telephone and (online) application- and registration forms (a.o.). In all these forms of collecting, you yourself are the one providing the personal data to ArtEZ. Generally this concerns contact data, areas of interest and in appropriate cases financial data, for instance when participating in an event.
Goals of processing
ArtEZ uses data only for the goal they were acquired for. If you have registered for an activity, event or other type of gathering, your data will be used for:
- Communication regarding the activity;
- Internal business operations in connection to the (practical) organization of the activity;
- Evaluation of the activity and
- If applicable, billing and financial accountability.
Bases for the processing of categories of personal data
The data that are acquired in registering for an activity are processed on the basis of “contract”. Data will not be used for other goals without permission. For sending newsletters, the basis is “consent”. This consent may at any time be revoked.
Providing data to third parties
ArtEZ wil not provide your data to third parties, unless this is necessary for the performance of our services to you. Your data will not be lent, sold or made public by ArtEZ in any other way.
Third party websites
The ArtEZ website can contain hyperlinks to third party websites. On these websites, another privacy statement might be applicable. ArtEZ does not have control over other websites and does not carry any responsibility for their content or operation.
Security of personal data
ArtEZ has taken fitting technical and organizational measures in order to secure personal data against loss or unlawful processing. Amongst these are encryption and pseudonymization of personal data, encrypted communication, confidential handling of personal data and use of a firewall. Personal data are registered at locations that are physically and technically secured.
ArtEZ terrains and buildings are under camera surveillance. Visitors are made aware of this through texts and images. ArtEZ uses these images to guarantee the safety of her students, employees and other visitors, as well as for the security of her buildings and terrains.
ArtEZ does not retain your information any longer than is necessary for the purpose of the processing. The duration depends on the type of personal data. If a legal retention period applies, it will be adhered to. If the legal and the agreed upon periods diverge, the longest retention period is adhered to. If you want to have your personal data removed sooner, you can file a request for this.
You have right of access to the data ArtEZ processes of you and can, if needed, request to improve, add to, remove, shield or transfer your personal data. Also, you always have the right to withdraw any permission for processing previously given.
Exercising your rights
If you want to exercise your rights, you can turn to the ArtEZ Data Protection Officer. See Supervision and questions.
ArtEZ will judge your question or request individually. If your request cannot be heeded, we will always motivate this. In principle, ArtEZ will respond to your question or request within a month’s time. If the answering of it takes more time, for instance because of the number of requests received or their complexity, you will be informed about this. Under any circumstance, you will receive an answer within three months. No costs will be charged for the exercising of your rights, unless in case of abuse. ArtEZ may ask you to identify yourself before your request will be taken care of. With that, we can
prevent that personal data fall into the wrong hands, wrongful changes to personal data are made, or that the manner of processing is adapted wrongfully.
Supervision and questions
The ArtEZ Data Protection Officer (Functionaris Gegevensbescherming / FG) advises about the privacy legislation and supervises the compliance to it within ArtEZ. The Data Protection Officer is independent and reports to the Executive Board. Also, the Data Protection Officer (FG) is the contact person for those involved with ArtEZ, such as students, employees, and the national supervisor, the Dutch Data Protection Authority.
With questions and requests regarding the privacy regulations and your privacy rights, you can contact the Data Protection Officer (FG):
- Via e-mail: firstname.lastname@example.org
- Or via post: Postbus 49, 6800 AA Arnhem
You may also file a complaint with the Dutch Data Protection Authority, concerning the processing of personal data by ArtEZ.