International Relations Office & Internship Office Privacy Statement

Your privacy is important to Maastricht University (UM) and UM therefore treats your data with care. UM is the controller of your personal data. This privacy statement explains how UM safeguards your privacy.

This privacy statement specifically concerns the activities of your faculty's International Relations Office and Internship Office. The International Relations Office and the Internship Office process not only the data of UM students who move away for a period to study or do an internship, but also the data of students from other universities who come to study at UM for a while. The privacy statement concerns both groups of students.

UM also has a general privacy statement, which can be found at This general privacy statement concerns the processing of data not specifically referred to in this International Relations Office & Internship Office Privacy Statement. The general privacy statement will be referred to from time to time in this document for information purposes.

What personal data does UM process?

For the purpose of the activities of your faculty's International Relations Office and/or Internship Office, UM may process the following personal data:

  • First name
  • Surname
  • Sex
  • Address
  • Pigeonhole
  • Email address
  • Alternative email address
  • Telephone number
  • UM ID number
  • Nationality
  • Date of birth
  • Place and country of birth
  • Bank account number
  • Copy of your ID document or certain data on it
  • Name of your home university, internship organisation or the educational institution where you are a guest
  • Academic progress
  • Specialisation
  • Language proficiency statement
  • Letter of recommendation
  • CV
  • Visa documents
  • Insurance documents
  • List of marks
  • Prior education diplomas/degree certificates
  • Contact details of an emergency contact person
  • Anything that might impede your academic progress, such as a medical condition
  • Duration of the exchange, including start and end date
  • Study reports

As regards UM students, UM will obtain the necessary data from those students directly. As regards exchange students, UM will obtain their personal data either from those students themselves or from their home institution.

Sensitive personal data

Sensitive personal data are data that are special in nature. For example, these can be data that reveal your race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation. The term ‘sensitive personal data’ also includes data about your health, genetic data or biometric data through which you can be identified (e.g. a fingerprint).

UM processes sensitive personal data when it is permitted to do so by law, you have made these data public yourself or have granted explicit permission for the processing of such personal data.

In principle, UM processes no sensitive personal data for the purpose of the activities of the International Relations Office and the Internship Office. However, it may do so on occasion, for example in the instances specified below, if you have indicated that you require special facilities or if you offer up these data unsolicited. UM handles your data with diligence and care.

Visa applications

Some countries require a fingerprint scan for a visa application. UM will facilitate this by, for example, reserving a room for the visa agency and the student to meet. However, responsibility for processing your data in this instance rests with the visa agency, not with UM.

Medical data required for internship purposes

Some clients require interns to supply certain medical or other sensitive personal data. For instance, this could be a statement of the vaccinations that you have received. UM will facilitate this by asking the student for these data. However, it will only do so if directed by the client, who is the data controller in this instance. The data in question will be deleted as soon as possible.


UM processes the above personal data for the following purposes:

  • to enable UM students to study/do an internship elsewhere in the Netherlands or abroad. This covers their taking part in a selection procedure, nomination and enrolment at the host institution, but also the award of a scholarship and the communication of emergencies to the designated contact person(s);
  • to enable exchange students to study at UM. This covers checking whether exchange students meet UM requirements, processing their enrolment and taking the necessary measures in case of a medical condition, but also the communication of emergencies to the designated contact person(s).

Lawful basis for processing

Whenever UM processes your personal data, it does so with a lawful basis for processing. A lawful basis for processing is the grounds for processing personal data. UM primarily processes your personal data to perform its public duties in the field of the provision of academic education and research. UM may require additional permission from you to process certain personal data. In that case, the lawful basis for processing is ‘permission’.

Retention periods

UM does not keep personal data for longer than is necessary to achieve the purpose of processing or to comply with a legal obligation. Most retention periods are specified in the Basic Selection Document for Research Universities 1985. This document specifies how research universities should implement the Public Records Act (Archiefwet).

As regards exchange students, UM keeps most of their data for as long as it keeps degree student data. Student files, for example, are kept for 30 years after the completion of their studies. Correspondence relating to exchange students is kept for seven years.

At the end of the retention period, the data are anonymised and used further for quality assurance purposes. Data that cannot be anonymised are deleted, unless otherwise indicated in the Basic Selection Document.

Recipients of personal data

UM has taken steps to ensure that only those individuals who need to process your personal data have access to them. Your personal data are not shared with third parties, with the exception of the exchange university or internship organisation. In addition, your data may be shared with the organisation that awarded you a scholarship, such as the European Union (Erasmus).


The International Relations Office may be contacted from time to time by recruiters or potential employers asking for a reference. If the recruiter or potential employer can demonstrate that you have granted permission for the sharing of information held by the International Relations Office and/or the Internship Office, the requested information will be shared.

Study reports

Some (but not all) students are asked to write a report on their experiences when they return from their stay abroad or their internship. This report is posted on the intranet after a period of time communicated beforehand, provided the student in question grants permission for this.

Other parties

Personal data may also be accessed by parties that enable UM to carry out the activities of the International Relations Office and/or the Internship Office. UM has concluded written agreements with these parties concerning the processing and security of personal data.

Your rights

Privacy legislation gives you a number of rights in relation to your personal data. These are outlined below. The general privacy statement at contains more information about each of these rights and how to exercise them.

You have the right to inspect, rectify or delete your personal data. In addition, you have the right to restrict processing, to have your data transferred to another party and to object if your data are processed on the basis of a legitimate interest.

If you wish to exercise one of the rights described below, please email or contact the Data Protection Officer directly at

If you have a complaint about the way UM processes your personal data, please contact UM using the contact details above. Moreover, you have the right to submit a complaint to the Dutch Data Protection Authority. Details of how to do this can be found on the Data Protection Authority's website.