UM General Privacy Statement
Protecting your privacy is important to Maastricht University (UM) and UM therefore treats your data with care. UM is the controller of your personal data. This privacy statement explains how UM handles personal data.
Your personal data may be collected and processed for a specific purpose. If this specific purpose is not expressly specified in this privacy statement, you will be informed in advance about this specific purpose in a separate privacy statement.
What personal data does UM process
UM always has a purpose for processes personal data, and does not process more data than is necessary for that purpose. A general overview of these purposes can be found further on in this privacy statement.
UM receives personal data directly from you or from a third party that is authorised or required to share this personal data with UM.
Here you can find an overview of the categories of (special) personal data that UM may process.
Sensitive personal data are data that are special in nature. For example, these can be data that reveal your race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation. The term sensitive personal data also includes data about your health, genetic data or biometric data through which you can be identified (e.g. a fingerprint). UM only processes sensitive data when it is permitted to do so by law.
Purposes
UM processes personal data for the following purposes:
Contact
If you have a query about this privacy statement or you want to know more about how UM handles personal data, or if you have a complaint, please contact:
Maastricht University
attn. Data Protection Officer
Postbus 616
6200 MD Maastricht
privacy@maastrichtuniversity.nl
You can also contact UM’s Data Protection Officer directly by emailing fg@maastrichtuniversity.nl.
Use this form to exercise your rights under the GDPR.
Lawful basis for the processing of personal data by UM
Whenever UM processes your personal data, it does so with a lawful basis for processing. A lawful basis for processing is the grounds for processing personal data.
UM primarily processes your personal data to perform its public tasks in the field of the provision of academic education and research. However, UM may also process your personal data:
- to perform a contract with you;
- to comply with a statutory obligation;
- to protect your vital interests or the vital interests of a third party;
- to serve the legitimate interests of UM or a third party;
- with your consent.
Further processing
The basic principle is that UM uses personal data for the purpose for which the data was collected. In some cases, UM uses the personal data collected for other purposes too. These purposes must always be compatible with the original purpose of processing. Before further processing takes place, UM therefore carefully considers whether the new purpose is compatible with the original purpose of processing.
According to the General Data Protection Regulation (GDPR), further processing of personal data for historical, statistical or scientific purposes is compatible with the original purpose of processing.
Changes to this privacy statement
This privacy statement will be revised from time to time to ensure that it remains up to date. In the event of major changes, you will be notified.