Leiden University has access to personal data of both employees and students. This information is processed and stored in a number of ways. The University deals with personal data responsibly and in accordance with the Personal Data Protection Act.
What constitutes personal data?
Personal data is any information that either directly concerns a natural person, or that can lead back to this person. This includes a person’s name, address and city, but also bank account numbers, telephone numbers, and postal codes and house numbers. Sensitive data such as a person’s race, religion or health status are referred to as special personal data. These enjoy even more protection under the law.
Personal data protection at Leiden University
Use of personal data in scientific research
The University may also collect personal data in the context of scientific research and teaching. This is done in accordance with the Personal Data Protection Act and the Association of Universities in the Netherlands (VSNU) Code of Use of Personal Data in Research. Patient data, for example in LUMC research, is also subject to the applicable professional codes. If you collect privacy or other sensitive data as part of your research, you must take measures to protect it. For example by using Quantrics instead of a jotform.
Data Protection Officer
To map risks surrounding processing of personal data and prevent irregularities the Executive Board has appointed a Data Protection Officer, also referred to as a Privacy Officer.
- Monitors compliance with the statutory regulations.
- Initiates and supervises risk analyses and privacy audits.
- Advises the Executive Board.
- Deals with questions and complaints from parties within and outside the University.
Mandatory notification of data breaches
All measures notwithstanding, it may nevertheless happen that personal data are stolen or lost, through human error or the work of hackers. Leiden University is responsible for reporting any data breach to the Personal Data Authority. Should a data breach occur, please report this to the ISSC helpdesk (tel. 8888) or via email@example.com. In case of doubt, please first contact your information manager.
What can I do?
You also have an important role to play in protecting both your own personal data and that of others. See the following website for more information on Privacy en data breaches. You can also consult the Safe Internet Use website www.veiliginternetten.nl, a joint initiative of the government and the corporate sector. This website contains information on such topics as basic security, online banking and shopping, and social media.