Universiteit Leiden

nl en

Personal data

Leiden University has access to personal data of both employees and students. This information is processed and stored in a number of ways. The University deals with personal data responsibly and in accordance with the Personal Data Protection Act.

What constitutes personal data?

Personal data is any information that either directly concerns a natural person, or that can lead back to this person. This includes a person’s name, address and city, but also bank account numbers, telephone numbers, and postal codes and house numbers. Sensitive data such as a person’s race, religion or health status are referred to as special personal data. These enjoy even more protection under the law.

Personal data protection at Leiden University

In all its operations Leiden University aims to process personal data in a lawful, fair and transparent manner. This is why our organisation implements all statutory rules surrounding the registration and use of personal data. You can read about our procedure for dealing with personal data in the University Privacy Statement. This document describes among other things how data is used, who has access to it, and how security and storage are organised. Via a system of monitoring, evaluation and privacy audits, the University continuously monitors the effectiveness of its privacy policy.

Use of personal data in scientific research

The University may also collect personal data in the context of scientific research and teaching. This is done in accordance with the Personal Data Protection Act and the Association of Universities in the Netherlands (VSNU)  Code of Use of Personal Data in Research. Patient data, for example in LUMC research, is also subject to the applicable professional codes. If you collect privacy or other sensitive data as part of your research, you must take measures to protect it. For example by using Quantrics instead of a jotform.

Data Protection Officer

To map risks surrounding processing of personal data and prevent irregularities the Executive Board has appointed a Data Protection Officer, also referred to as a Privacy Officer. 

This officer:

  • Monitors compliance with the statutory regulations.
  • Initiates and supervises risk analyses and privacy audits.
  • Advises the Executive Board.
  • Deals with questions and complaints from parties within and outside the University.

Mandatory notification of data breaches

All measures notwithstanding, it may nevertheless happen that personal data are stolen or lost, through human error or the work of hackers. Leiden University is responsible for reporting any data breach to the Personal Data Authority. Should a data breach occur, please report this to the ISSC helpdesk (tel. 8888) or via abuse@leidenuniv.nl. In case of doubt, please first contact your information manager.

What can I do?

You also have an important role to play in protecting both your own personal data and that of others. See the following website for more information on Privacy en data breaches. You can also consult the Safe Internet Use website www.veiliginternetten.nl, a joint initiative of the government and the corporate sector. This website contains information on such topics as basic security, online banking and shopping, and social media. 

This website uses cookies. Read more