General privacy statement: NEWAVE
Date: 5 February 2020
The NEWAVE Network finds privacy important. In this privacy statement, we describe how we deal with your personal data and how your privacy is safeguarded.
1. Who is responsible for the processing of my personal data?
The Vrije Universiteit Amsterdam (Stichting VU, Boelelaan 1105 Amsterdam) and the beneficiaries and partners of the NEWAVE Network are also (independently) responsible for the data processing that is described in this privacy statement.
For more detail about specific subjects see:
- Application process: https://www.nextwatergovernance.net/recruitment-privacy-policy
- Newsletter: https://www.nextwatergovernance.net/newsletter-sign-up
- Cookies: https://www.nextwatergovernance.net/cookie-policy
2. What (categories of) personal data will be processed?
We will process the following personal data:
- Contact details (e-mail, telephone number, address);
- Website use;
- Information that is provided in applications. For example formal education and previous work experience, language skills, knowledge of computer tools, additional education and professional training.
3. For which purposes are my personal data processed, and on the basis of which legal grounds?
The personal data will only be used for the following purposes:
- Conducting and managing our research project;
- Recruitment process;
- Sending you the newsletter of NEWAVE;
- Optimising our website;
- Internal control and business security;
- The implementation or application of legislation.
We process your personal data on the basis of the following legal grounds:
- The processing is necessary for the purpose of pursuing our legitimate interests. These legitimate interests consist of the purposes mentioned above; and/or
- The processing is necessary for the performance of an agreement to which you are a party.
- The processing is necessary in order to comply with a legal obligation that applies to us. This legal obligation consists for example of labour law; and/or
- You have given consent to the processing of your personal data. In that case you have the right to withdraw your consent at any time by contacting us via the contact details below.
4. Who has access to my personal data?
The personal data will only be accessed by employees of NEWAVE Consortium Beneficiaries of NEWAVE who by reason of their function have a role in the processing of your personal data for the abovementioned purposes and for whom it is necessary that they have access to the personal data.
You can think of the following: employees who participate in the HR and recruitment process (e.g. staff in the HR, heads of organizational units in which the work will be carried out and their superiors, supervisory teams of the position you are applying to, employees in the field of IT who have access to the database to execute their job).
5. Will my personal data be shared with third parties?
We may share your personal data with third parties, such as the suppliers of IT systems that we use for the processing of your personal data.
If we share your personal data with third parties that process your personal data on our instructions, we enter into a data processing agreement with them in order to ensure that your personal data are processed carefully, securely and in accordance with the GDPR. We continue to be the data controller in respect of this processing.
It is possible that we share your personal data with other parties, such as public bodies, if this is for example necessary in order to comply with a legal obligation or a court order.
6. Will my personal data be transferred to countries outside of the European Economic Area?
Yes, it is possible that your personal data will be transferred to countries outside of the European Economic Area (EEA). The EEA includes all EU countries plus Norway, Liechtenstein and Iceland. Additional requirements apply to the transfer of personal data outside these countries on the basis of the GDPR. We will only transfer your personal data outside these countries if the transfer is subject to appropriate safeguards on the basis of the GDPR. You can request a copy of the document stipulating these appropriate safeguards via the contact details below.
7. For how long will my personal data be retained?
Unless a specific retention period is prescribed by law, we will retain your personal data for as long as this is necessary in order to accomplish the abovementioned purposes. Via the contact details below you can request more information about how long we retain your personal data.
8. How will my personal data be secured?
We take appropriate technical and organizational measures to protect your personal data against loss and any form of unlawful processing.
9. Who can I contact with questions about the processing of my personal data?
You can ask questions about how we process your personal data via email@example.com or +31 20 59 82952.
10. How can I exercise my privacy rights?
On the basis of the GDPR you have the right – under certain conditions – to access your personal data that we process, to correct your personal data if it contains factual inaccuracies, to delete your personal data, to limit the processing of your personal data, to portability of your personal data and to object to the processing of your personal data.
If you wish to exercise any of these privacy rights, you can contact the Data Protection Officer of VU Amsterdam via:Data Protection Officer De Boelelaan 1105 1081 HV AMSTERDAM firstname.lastname@example.org
To be able to deal with your request, you will be asked to provide proof of identity. In this way it will be verified that the request has been made by the right person. If you are not satisfied with the way in which we deal with your personal data, you have the right to submit a complaint with a supervisory authority.