General privacy statement of the VUB
This page contains the general privacy statement of the VUB and the privacy statement for the apps of the VUB.
Like other academic institutions, the VUB processes personal data. The VUB is committed to protecting personal data and handling it with the utmost care in order to safeguard the privacy of those concerned. In this privacy statement you can read more about our guidelines for handling personal data, about questions and services you may request from us, and about our point of contact for further information regarding privacy and data protection at the VUB.
Which personal data is processed and why
Personal data the VUB processes
The VUB is responsible for processing large amounts of personal data: not just from students, researchers and staff, but also from alumni, third party experts and visitors, as well as data that is required to perform academic research. We process this data either to fulfil the legal requirements necessary to provide education and perform research, or in order to improve our services as a university.
The purposes for which it is processed
- Providing education
In order to provide our educational services, the VUB is in charge of extensive record keeping on student affairs.
(This includes, for example, informing and recruiting prospective students, tailoring our communication and information feeds towards interested prospective students based on their preferences in order to improve their choice of studies and our services, managing internal and external information flows; registering study results; issuing certificates, diplomas, qualifications and degrees; concluding contracts with students; formulating policy on education matters; developing and writing policy and management reports in the context of accreditation demands; being able to provide advice, guidance, and counselling; settling disputes, providing training and education in medical studies; ensuring procedural justice in the election of members for participatory bodies etc.)
- Performing academic research:
The researchers affiliated with the VUB gather, analyse, and manage large quantities of data, necessary for the advancement of the scientific disciplines represented at the University – from Archaeology to Zoology. Many of the activities carried out by researchers involve processing personal data.
- Human resources
Searching for, selecting and recruiting new employees; concluding of contracts; negotiating salaries, benefits, and pensions; information regarding the membership of a trade union; information on the termination of employment; being able to comply with obligations arising from employment and health & safety legislation; registering leaves of absence etc.
- Strategy, business administration, policy and management
Keeping records on the financial affairs of (parts of) the VUB, managing IT-, purchase and payment systems, litigating on behalf of the VUB; managing contacts and contracts with suppliers, clients, consumers, suppliers, business partners; ensuring the wellbeing of students, staff and visitors, being able to improve policy, organizational analysis, management, and dispute resolution etc.
- Facility management
Ensuring the health and safety of students, staff and visitors; ensuring accessibility and maintenance of the campus and of (automated) systems; providing appropriate security measures and supervision; maintaining contacts with facility management services and partners etc.
- Valorisation, outreach, marketing and communication
Recruitment of prospective students; performing market research; concluding and fulfilling contracts with other educational institutions (e.g. high schools); improving public and customer relations; improving marketing and branding of the VUB; managing and improving our website, libraries, library systems, archival services etc.
All these various types of data will be treated with the utmost care; none will be freely accessible. Employees of the VUB and persons acting on behalf of the VUB who work with such data will only be authorised to do so to the extent necessary for the performance of their duties. Additionally, the VUB is continuously committed to maintaining the proper technical and organizational safeguards with regard to information security and data protection.
Categories of personal data processed by the VUB
Because the VUB performs activities in all the areas listed, a lot of personal data is gathered and stored. In light of these activities, it is possible that the VUB processes the following categories of personal data:
- Place of Birth
- Bank Account Number
- Telephone number
- Date of Birth
- Information regarding user interaction (e.g. IP address, cookies, clicking behaviour, information from contact forms etc.)
- Images (photos and videos)
- Information regarding choice of study programme, study progress and study results
- Data gathered in the context of academic research
In principle, the personal data processed by the VUB has been disclosed to the VUB directly. However, it may also be the case that the VUB receives personal data from third parties. We often collaborate with universities, research centres and (international) organisations located abroad, both inside and outside the EU. Within the scope of such collaborative projects, it is possible for personal data to be disclosed to these third parties: naturally, this will always happen in compliance with all relevant privacy and data protection laws and regulations and the VUB will always strive for the shortest possible retention period of relevant data.
Provision of data to third parties
The VUB will not exchange personal data with third parties for financial gain. Personal data will only be transferred to a third party when there is a legal basis to do so (e.g. this is required by law, it is necessary for the fulfilment of a contract with the data subject, it is necessary for the legitimate interests of the VUB or a third party, or when the data subject has given his or her explicit, informed consent).
There is a range of possible scenarios in which the VUB transfers personal data to a third party. For example, our human resource department may ask the assistance of professors from other universities to take a seat in a selection committee for an academic position, or collaborate with an external recruitment agency. Researchers might collaborate with fellow researchers from other institutions and may need to share or publish their research data. One can also consider the legal obligations that the Flemish authorities set with regard to rewarding university diploma’s: some of these obligations include sharing personal data of students and alumni with the education authorities – which means the VUB is legally obliged to share personal data with a third party (i.c. the Flemish authorities). Another option is (automated) online marketing in our efforts to improve our outreach to potential students and our alumni: in order to be as effective as possible, data from various online sources is used. This means all of us are continuously sharing personal data with platforms such as facebook and linkedin.
The VUB can also instruct third parties to perform services for it, in which case the VUB will draw up an agreement in which it lays down the duties for the service provider with regard to the processing of personal data (a so-called "data processor agreement”). In this contract it is then stipulated that the third party will handle any disclosed personal data confidentially, carefully, and in compliance with privacy legislation.
Subjects’ rights with regard to their personal data
On May 25th 2018, the "General Data Protection Regulation" will take effect. The GDPR is a European regulation which grants individuals rights with respect to the way their personal data is handled and protected. Individuals may, for example - depending on the legal basis for the processing of their personal data and dependent on the fulfilment of certain conditions - exercise a right to:
inquire as to what personal data is processed and, when the data is provided to the VUB by a third party, inquire into the source of this information;
request the correction of data insofar as it is incorrect;
- Object to the processing of his or her data;
- Know of the existence of possible automated decision making processes, and, when these are used to create profiles, inquire into the logic underlying these processes, the purposes they serve, and their consequences;
- ‘Be forgotten’ by an institution that has processed their personal data.
The competent national authority concerning privacy and data protection is the Commission for the Protection of Privacy (or CBPL: “Commissie voor de bescherming van de persoonlijke levenssfeer”). This is the authority that monitors privacy law compliance and where any individual can file a complaint regarding privacy and the processing of personal data.
Further questions regarding the different rights and obligations in the field of privacy can be directed to VUB’s Data Protection Officer (DPO) via dpo[at]vub.be.
Privacy statement for the apps of the VUB
WeAreVUB Student app
The “WeAreVUB Student” app (also referred to as “App”) is provided to you by the Vrije Universiteit Brussel, with registered offices at Pleinlaan 2, 1050 Elsene (KBO 0449.012.406) (also referred to as “VUB”),. The App processes personal data. This privacy statement explains our guidelines for handling personal data according to the principles stipulated by the European General Data Protection Regulation (GDPR), that was enforced on 25 May 2018.
Protection of Personal Data
VUB attaches great importance to the protection of your privacy. VUB reserves the right to make changes to the privacy statement, if needed, to address the needs and requirements of society, as well as to abide by the relevant laws and regulations.
Guarantees for processing personal data
The Vrije Universiteit Brussel, with registered offices at Pleinlaan 2, 1050 Elsene (KBO 0449.012.406) (also referred to as “VUB”), is responsible for processing personal data from students, researchers and staff, alumni, third party experts and visitors. We process these data for different reasons, which we explain in detail in the “purpose and legal basis” section.
Your personal data is always treated in accordance with the applicable privacy regulations. Processing of personal data is limited to the intended objective. Personal data will not be disclosed to third parties.
VUB takes the best possible security measures to prevent third parties from misusing your personal data.
Data, purpose, legal basis, transfer and retention time
When using our App, you can access most of the information without having to provide any personal information.
Certain personal data, such as those processed through cookies, are used to develop user statistics and to improve the security of our website. As for cookies, we refer to the cookie section hereunder.
- The App may be downloaded by anyone, but login and personalisation of messages is only possible for students enrolled at VUB. Students automatically receive an account on the App. Access to the App is done through the Single Sign On application linked to the VUB account of the student.
- Data: names, email address & password; names and email address are provided through VUB’s SSO (single sign on). The time of the last use of the App is also registered.
- Purpose: access to the App
- Legal basis: execution of the contract between the student and the VUB (art. 6.1.b GDPR)
- Transfer: your data are not transferred to third parties
- Retention time: your data are stored for as long as you are enrolled as a student at VUB
- The main purpose of the App is to provide a platform to our students to deliver information, to send out messages and to serve as a one-stop-shop to access other platforms, tools and billboards.
- Whenever students desire so, they may specify their status (Ba-/Ma-student, PhD-student, Postdoc, …) and interests in order to deliver a tailored digest of messages.
- Data: language of preference, status, department, enrolment, campus, methods of commuting, …
- Purpose: personalising the information digest
- Legal basis: consent (art. 6.1.a GDPR)
- Transfer: your data are not transferred to third parties
- Retention time: your data are stored for as long as the student is enrolled at VUB, or until the student chooses to withdraw its consent
- The servers keep track of the number of views of the different messages. These analytical data are captured in an anonymous way and are not considered as “personal data” in the sense of the GDPR.
Privacy Policies of Other Websites
Storage of Your Personal Data
We securely store your personal data. We apply the following protection and security measures:
- Data are sent encrypted via https to dedicated servers that are secured in line with the market
- Data are treated confidentially
- Analytical data are only visible to the administrator in a summarized or aggregated way so that reidentification is impossible
- Personalisation settings may be accessed by administrators only
- VUB has appointed a DPO (firstname.lastname@example.org)
Data subjects’ rights
VUB would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
- right to access – You have the right to request VUB for copies of your personal data.
- right to rectification – You have the right to request that VUB corrects any information that is inaccurate. You also have the right to request VUB to complete the information that is incomplete.
- right to erasure – You have the right to request that VUB deletes your personal data under the conditions determined by law.
- right to restrict processing – You have the right to request that VUB restricts the processing of your personal date, under certain conditions.
- right to object to processing – You have the right to object to the processing of your personal data, under certain conditions.
- right to data portability – You have the right to request that VUB transfers the data that we have collected to another organization, or directly to you, under certain conditions and as far it is technically possible.
When our processing activity is based on your prior consent (art. 6.1.a GDPR), withdrawal of such given consent is always possible without this affecting the lawfulness of the processing of personal data before the withdrawal.
To exercise your rights as a concerned party, it suffices to send your request to email@example.com or to DPO, Pleinlaan 2, 1050 Brussels – Building M – Office 508. In both cases, add a copy of the front your identity card, with your name and your ID picture. If you do not wish to share a scan of your ID documentation, please provide us with other information by which we can verify the legitimacy of your request.
Accountability and processing – data protection officer
The Vrije Universiteit Brussel values your right to privacy. The Vrije Universiteit Brussel, with registered office at Pleinlaan 2, 1050 Brussel, represented by its rector, is responsible for processing your personal data. In case you have specific questions about your rights concerning the processing of your data, you can contact the university’s data protection officer, at firstname.lastname@example.org or DPO, Pleinlaan 2, 1050 Brussels – Building M – Office 508.
Finally, should you wish to file a complaint about how your information is treated, you can contact the Belgian Data Protection Authority, which is responsible for upholding the law on data protection: Data Protection Authority (GBA), Drukpersstraat 35, 1000 Brussel, +32 2 274 48 00, email@example.com, www.gegevensbeschermingsautoriteit.be
Complaints filed with the GBA do not limit your right to lodge legal proceedings before the competent court in any way; nor does it limit the possibility to request compensation for damage suffered.
The WeAreVUB Student App uses the ORTEC Relevance platform, which in its turn uses secure, encrypted session cookies for the app(s) and web-app. The session-duration is configurable from the dashboard and session-duration (cookie validity) is actively checked in the backend systems to prevent tampering.
The cookies used on the App are necessary or exclusively technical in nature, and therefore do not require your prior consent.
|Cookie name||Cookie description||Cookie value|
|ess.session||Used to define active user session||Start date of session|
|ess.uid||Used to store the user's UID for login||Relevance platform user UID|
|ess.magazine||Used to store the magazine ID for login||Relevance platform magazine ID|
|ess.language||Used to store the user's language as defined by plugin||User language|
|ess.auth0.accessToken||Used to store Auth0 access token for login||Auth0 Access Token|