Privacy statement


Privacy is important. It gives us freedom and protects our personal lives. Privacy is extremely significant for the arts. After all, the arts and freedom are inextricably intertwined. ArtEZ therefore handles personal data with great care in accordance with the terms and conditions of the European Privacy Act, the General Data Protection Regulation (GDPR). This privacy statement explains what personal data ArtEZ collects, for what purposes, on the basis of what, how the rights of students, members of staff and others are guaranteed, and more.

Categories of personal data

ArtEZ may process various categories of personal data, including:

  • name, address, date and place of birth, sex, nationality, student number, staff number, account number, BSN (citizen service number), passport photo and OCW correspondence number,
  • information about registration and deregistration for a course, such as course, course form, stage of study, academic year, date of registration/application, date of and reason for deregistration,
  • information on preliminary education, such as the previous course followed and diplomas,
  • information about study progress, such as registered and completed courses, obtained certificates, dates of completing short courses and certificates and binding study advice,
  • data necessary for proper counselling of students and members of staff on health and well-being,
  • name, address, place and date of birth, sex and nationality of parents/guardians of students,
  • details of appointment or hiring, such as job title, responsibilities, powers, duration, attendance, assessment, course and merits,
  • images (videos and photos),
  • internet behaviour,(check wi-fi network and cookies)
  • research data,
  • insurance data.

Processing purposes

ArtEZ may use personal data for the following purposes:

  • registration as a student or short-course participant,
  • providing education,
  • processing of study results and keeping track of study progress,
  • determining and collecting contributions for study resources, such as tuition and examination fees,
  • appointment or hiring as a member of staff,
  • compliance with employment law obligations,
  • staff and payroll records, including staff counselling, assessment, training and care,
  • compliance with agreements with external parties,
  • archive management,
  • dispatch of requested publications or other information,
  • information about current affairs and events,
  • financial accounting and management of purchasing and payment systems,
  • audits and accreditation,
  • ICT management, including maintenance, management, security and use of ICT facilities,
  • security and enhancement of the websites,
  • security of buildings, grounds, people and property,
  • research into improving the quality of business operations and education and research policy,
  • use of multimedia centre systems,
  • provision and use of communication equipment,
  • visa applications,
  • recruitment and selection,
  • organisation of and standing for participation elections,
  • use of parking facilities,
  • dispute resolution,
  • accounts receivable administration,
  • alumni policy,
  • user statistics.

Bases for the processing of categories of personal data

ArtEZ processes personal data only on the basis of one of the following principles:

  • consent,
  • performance of an agreement to which you are or will become a party,
  • compliance with a statutory obligation,
  • protection of the vital interests of the data subject or of other people,
  • performance of a task in the public interest or in the exercise of public authority,
  • promotion of legitimate interests of ArtEZ or of a third party, except where the interests or fundamental rights and freedoms of the data subject outweigh those interests in the matter.

Bases for the processing special categories of personal data

Special categories of personal data will only be processed if, in the specific case, there is an exception to the prohibition on processing special personal data. These exceptions include the following:

  •  consent,
  • processing necessary for the performance of obligations and the exercise of specific rights of a data subject and only in the areas of employment law and social security and social protection law,
  • processing necessary to protect the vital interests of the data subject or of another natural person, provided that they are physically or legally incapable of giving consent,
  • the processing relates to personal data which has apparently been made public by the data subject,
  • processing necessary for the institution or the assertion or substantiation of a legal claim,
  • processing necessary for reasons of important public interest,
  • processing necessary for purposes of a preventive or (occupational) medical nature,
  • processing necessary for reasons of public interest in the field of public health,
  • processing necessary for archiving in the public interest, for scientific or historical research or for statistical purposes.

Provision to third parties

ArtEZ provides personal data to third parties because of a statutory obligation or for the performance of an agreement. These parties process the data in accordance with their published privacy statement. External parties include:

  •  public bodies and legal entities governed by public law, such as the Ministry of Education, Culture and Science, the Inspectorate of Education, the Education Executive Agency, the Tax and Customs Administration, the Immigration and Naturalisation Service, benefit agencies and municipalities,
  • subsidising authorities,
  • bank,
  • insurer,
  • telecommunications company,
  • accountant,
  • collection agency,
  • partner institutions at home and abroad (study and internship abroad),
  • Studiekeuze123,
  • Studielink,
  • internship hosts,
  • study and student associations,
  • pension funds,
  • benefit agencies,
  • income insurer,
  • occupational health and safety service,
  • temporary employment agency,
  • VH (Association of Universities of Applied Sciences),
  • provider of legal assistance,
  • external counselling agencies,
  • NS.

Furthermore, ArtEZ uses the services of companies and institutions that require personal data from ArtEZ for this purpose. ArtEZ enters into data processing agreements or other agreements with these companies and institutions to safeguard the privacy of the data subjects. ArtEZ will not provide more personal data than is necessary for the provision of a service, unless it is obliged to do so by law or you have given your permission to do so.

Third-party websites

The ArtEZ website may contain hyperlinks to websites of third parties, which may be subject to a different privacy statement. ArtEZ has no control over other websites and is not liable for their content or operation.

Transfers to countries outside the EEA

ArtEZ will not provide personal data to countries outside the European Economic Area (EU Member States, Norway, Iceland and Liechtenstein), unless you are there for training, an internship as part of your course or short course or work for ArtEZ.

Profiling and automated decision-making

ArtEZ does not use profiling or automated decision-making.

Security of personal data

ArtEZ has taken appropriate technical and organisational measures to protect personal data against loss or unlawful processing. These include encryption and pseudonymisation of personal data, encrypted communications, confidential treatment of personal data and use of a firewall. Personal data is stored in locations that are physically and technically secured. Students and members of staff can report security incidents to the Data Breach Notification Centre, after which the incident is investigated and, if necessary, measures are taken.

Wi-Fi network and cookies

As an educational institution, ArtEZ uses Eduroam's Wi-Fi network. Information about your connection and computer or telephone is only processed to establish the Wi-Fi connection.

ArtEZ uses cookies when you visit its website. This allows surfing behaviour to be stored and used on a next visit. ArtEZ also uses Google Analytics. This allows keeping anonymous statistics about such things as the number of visitors and pages visited, which can be used to improve the website. These statistics are not traceable to any individuals or users. Further information can be found in ArtEZ's Cookie Statement.

CCTV

ArtEZ has CCTV on its sites and in its buildings. Visitors are reminded of this with text and images. ArtEZ uses these images to guarantee the safety of its students, members of staff and other visitors and for the security of its buildings and grounds.

Retention period

ArtEZ will retain your personal data no longer than necessary and only for the purpose of processing. The duration depends on the type of personal data. Any applicable statutory retention periods will be observed. If statutory and agreed periods differ, the longest retention period will be used. If you would like to have your personal data removed sooner, you can submit a request to this effect.

Your rights

As with other institutions, you have various rights at ArtEZ that help protect your privacy.

Right of inspection

You have the right to check what personal data ArtEZ processes about you.

Right of correction and deletion

You have the right to correct or delete your personal data if your data is incorrect, incomplete or if the processing is not or no longer justified.

Right of objection

You have the right to object to certain processing of your data on account of your situation or position. Your objection may succeed if the processing is not based on your consent, the performance of an agreement concluded with you, a statutory obligation or the protection of a vital interest of you or others.

If you object to ArtEZ processing personal data about you in order to inform you about ArtEZ's activities, ArtEZ will always meet this objection. If you object to a different type of processing of your personal data, ArtEZ will ascertain whether your objection can be met. If your interest outweighs ArtEZ's interest in the further processing of your personal data, ArtEZ will stop processing your personal data. If ArtEZ thinks it has a more important legitimate interest in continuing to process your personal data, this will be explained.

Right to withdraw consent

If ArtEZ processes your personal data on the basis of your consent, you can always withdraw it. ArtEZ will cease processing the personal data based thereon from that moment. Previous processing remains lawful.

Right to restriction

You may have the right to restrict the processing of your personal data. You can invoke this right if you have submitted a request for correction or objection, if your personal data should be deleted but instead of being deleted you request the continuation or restriction of the processing of your data, or if ArtEZ no longer needs your personal data but you still need it in connection with legal proceedings.

Right to data portability

If we process personal data about you on the basis of your consent or an agreement concluded with you, you have the right to receive the digital data you have provided back in a common file format. You are then free to forward that data to another party.

Exercise of your rights

If you wish to exercise your rights, please contact ArtEZ's Data Protection Officer. See Supervision and questions.

ArtEZ will assess your question or request individually. If your request cannot be complied with, this will always be motivated. ArtEZ will in principle respond to your question or request within one month. If it takes more time to answer it, for example because of the number of requests received or their complexity, you will be notified. You will in any event receive an answer within three months. No fees will be charged for the exercise of your rights, except in the event of abuse.

ArtEZ may ask you to provide proof of identity before your request is processed, which will prevent personal data falling into the wrong hands, changes being wrongly made to your personal data or the method of processing being wrongly adjusted.

Supervision and questions

ArtEZ has a Data Protection Officer, who advises on privacy legislation and supervises compliance within ArtEZ. The Data Protection Officer is independent and reports to the Executive Board. The Data Protection Officer is also the point of contact for ArtEZ data subjects, such as students and members of staff, and the national supervisor, the Dutch Data Protection Authority.

If you have any questions or requests concerning the privacy regulations and your privacy rights, please contact the Data Protection Officer:

by email: fg.avg@artez.nl

or by post: PO Box 49, 6800 AA Arnhem.

You can also lodge a complaint about the processing of personal data by ArtEZ with the Personal Data Authority. Her contact details can be found on her website.

Final provisions

The privacy statement of ArtEZ has been adopted by the Executive Board, on advice of the Participation Council, and has been in force since 25 May 2018. The privacy statement is subject to change. You can always find the most recent version on this website.