Privacy

Source: https://www.tue.nl/en/our-university/about-the-university/support-services/library-and-information-services/privacy Parent: https://www.tue.nl/en/education/bachelor-college

Privacy statement TU/e

Privacy

• Menu

Support Services - Library and Information Services

- [About LIS](https://www.tue.nl/en/our-university/about-the-university/support-services/library-and-information-services/about-lis)
- [Remote Assistance](https://www.tue.nl/en/our-university/about-the-university/support-services/library-and-information-services/remote-assistance)
- [Privacy & Information Security](https://www.tue.nl/en/our-university/about-the-university/support-services/library-and-information-services/privacy-security)

  - [Privacy](https://www.tue.nl/en/our-university/about-the-university/support-services/library-and-information-services/privacy-security/privacy)
  - [Information Security](https://www.tue.nl/en/our-university/about-the-university/support-services/library-and-information-services/privacy-security/security)

• FOR EMPLOYEES AND STUDENTS, MORE INFORMATION ON PRIVACY AND SECURITY CAN BE FOUND ON INTRANET

Eindhoven University of Technology (hereinafter referred to as TU/e) handles personal data responsibly and in compliance with the General Data Protection Regulation (GDPR) and other applicable laws and regulations (such as the Telecommunications Act, Civil Code and Higher Education and Research Act). This Privacy statement provides information about the personal data the TU/e has collected regarding your relation with us, the purposes for which it is collected, and how your personal data is stored and processed. It also explains how you can use your privacy rights and provides additional relevant information.

This Privacy statement applies to personal data that is processed within TU/e, excluding our websites. For details on how we handle website visitor data and use cookies, please refer to TU/e’s cookie statement.

We have tried to present all information in a clear and readable way. However, if you still have questions after reading this, you can always contact us via the contact details at the end of this Privacy statement.

Responsibility for your personal data

The Executive Board of TU/e is responsible for processing your data as defined by the GDPR (in the GDPR this is called the “controller”). This means that the TU/e’s Executive Board is responsible for carefully processing your personal data.

Personal data we process and its purposes

TU/e processes personal data from various individuals for different purposes, depending on the relationship they, and therefore you, have with TU/e. We receive most of this personal data directly from you, but we may also receive personal data from other organizations who are authorized or required to share this with us.

Below you will find detailed information on the types of personal data processed and the purposes for each type of relationship. These overviews are based on the most common processes within TU/e. Information on incidental or very specific processing of personal data will be provided in separate supplementary privacy statements.

• Applicants & employees

Read more

In this context, employees are understood to be: employees with an employment contract, temporary employees, student (teaching) assistants, seconded staff members, persons who perform work in the context of an assignment, former staff members and trainees. An applicant is understood to be anyone who presents themselves to TU/e as a candidate for an employment position at the university.

TU/e processes, among others, the following personal data of applicants and employees:

• Identification details, such as name, signature, title, (biological) sex, date and place of birth, nationality
• Contact details, such as e-mail address, residential address, telephone number
• Professional experience and employment history, as provided in your CV and motivation letter, and, where applicable, obtained from publicly available sources such as professional social media platforms (e.g. LinkedIn)
• Education and training, such as academic title, certificates
• If applicable, data obtained from screening checks, such as a Certificate of Conduct (Verklaring Omtrent Gedrag) or knowledge safety screening

When an employee changes positions within TU/e, certain personal data may be requested or processed again. This will only occur when necessary for the performance of the new role or to comply with legal obligations.

TU/e processes, among others, the following personal data of employees:

• Copy of an identification document, including citizen service number (BSN), residence permit or visa
• Employment information, such as organizational section, workplace, employee number, TU/e relationship number, type of employment, ancillary activities
• Registration of sick days and leave, including special leave and maternity leave
• Performance data, such as personal feedback, results and progress interviews
• Financial data, such as bank account number, (salary) payments and expense claims
• Trade union membership (for tax settlement of trade union dues)
• Correspondence and interaction, such as e-mails, letters or other exchanged information, contact details of the person you have assigned as emergency contact
• Use of ICT-facilities, such as username, IP-address, room bookings, video and audio recordings, logging
• Surveillance footage

In most cases, we obtain this data directly from you, except when it comes from public sources, such as social media (for example, LinkedIn). Additionally, we may also receive personal data from third parties (e.g. the Tax and Customs Administration, Immigration and Naturalisation Service (IND), public employment services organization (UWV) and pension funds) if permitted by law or if you have explicitly consented. Furthermore, at your own initiative and with your explicit permission, we may process information about your health, for us to, for example, be able to respond appropriately in case of emergency situations to ensure your well-being, or to adjust your workplace for health reasons.

TU/e processes the personal data of applicants and employees for the following purposes:

• Organizing the recruitment and employee selection process, including performing screening checks, such as a Certificate of Conduct (Verklaring Omtrent Gedrag) or knowledge safety screening
• Fulfilling the employment contract agreed upon with an employee
• Ensuring correct and efficient personnel and salary administration
• Planning the deployment of employees in a balanced and well-structured way
• Supporting in case of sickness and absenteeism of employees, including reintegration
• Ensuring good opportunities for employees to develop themselves
• Complying with statutory obligations, like the obligation to keep and retain records
• Engaging external evaluators with specialized knowledge for job interviews for scientific positions
• Conducting internal controls regarding our cybersecurity measures, financial administration and the audit of the financial statements by certified external auditors
• Conducting surveys by TU/e or external organizations, for example on employee satisfaction
• Organizing and holding elections for employee participation bodies
• Organizing security and access management for TU/e buildings, including campus card administration via our supplier ID-Ware and camera surveillance
• Maintaining, testing and securing ICT facilities
• Providing access to sports and parking facilities

Close

• (Prospective) students

Read more

TU/e processes, among others, the following personal data of current and prospective students:

• Identification details, such as name, signature, title, (biological) sex, date and place of birth, nationality
• Contact details, such as e-mail address, residential address, telephone number
• Personal identifiers, such as student number, Studielink number, TU/e relationship number
• Passport photo and citizen service number (BSN)
• Financial data, such as bank account number and (tuition) payment information
• Education details, such as grades, (submissions and answers to) exams, study progress, diplomas
• Data relating to prior education and outcomes of entrance/admission exams
• Participation in student (recruitment) activities, study interests
• Health data in the context of study facilities and study support
• Notes from student counsellors and student psychologists (only accessible to them)
• Correspondence and interaction, such as e-mails, letters or other exchanged information, contact details of the person you have assigned as emergency contact
• Use of ICT-facilities, such as username, IP-address, room bookings, video and audio recordings, learning data, logging
• Surveillance footage

In most cases, we obtain this data directly from you. However, we may also receive personal data from third parties (e.g. Studielink, Education Executive Agency (DUO), Personal Records Database (BRP)), if permitted by law or if you have explicitly consented.

TU/e processes the personal data of current and prospective students for its public task to provide education and to conduct scientific research. We also have to comply with legal obligations for which we process your personal data. We process your personal data for the following purposes:

• Recruiting new students and promoting the university
• Informing (prospective) students about TU/e study programs, study associations and other related activities
• Application, selection, and enrollment in a study program
• Calculating, establishing and collecting tuition and examination fees
• Ensuring effective organization and advancement of the (online) education and (online) examinations
• Tracking and measuring study progress, and providing grade lists and certification (diploma)
• Conducting exchange programs and arranging traineeships and research
• Assessing and implementing special accommodations for students with a disability
• Supporting and mentoring students by a study advisor and/or psychologist
• Providing effective student (career) guidance
• Nomination for membership, award, or other recognitions
• Measuring and improving the quality of education and educational facilities, including by conducting (statistical) research, learning analytics, and conducting surveys
• Taking action in response to suspicions of plagiarism and exam fraud
• Providing support in finding housing facilities for students and promoting student societies
• Organizing and holding elections for student participation parties
• Organizing security and access management for TU/e buildings, including campus card administration via our supplier ID-Ware and camera surveillance
• Maintaining, testing, and securing ICT facilities
• Providing access to sports and parking facilities

Close

• Alumni

Read more

TU/e processes, among others, the following personal data of alumni:

• Identification details, such as name, signature, title, (biological) sex, date and place of birth, nationality
• Contact details, such as e-mail address, residential address, telephone number
• Personal characteristics, such as current job position, language and communication preferences and name of partner (in case of donations after death)
• Education details, such as student number, followed program, graduation and graduation date
• Details on your contacts with TU/e, including possible interest in membership of an alumni association, attendance of alumni events, relationships with other alumni or donors
• Photo and video material of alumni events
• Financial data, such as bank account number, donations, fields of interest

This data is collected to create a profile of your relationship in order to determine whether someone could or would like to contribute to the goals of TU/e. In most cases, we obtain this data directly from you through your registration on the TU/e Alumni Community, event-signups via the Alumni website or through other forms of communications with us. Additionally, we receive some data automatically via our student registration system Osiris or our PhD registration system HoraFinita. We improve and update our alumni database by gathering data from publicly available sources such as LinkedIn or newspapers.

TU/e processes the personal data of alumni for the following purposes:

• Maintaining an up-to-date alumni database using a CRM (Customer Relationship Management) system
• Maintaining contact with alumni and send them information and newsletters
• Inviting alumni to TU/e events, lectures and/or information days
• Conducting surveys, either by TU/e or through external organizations, e.g. on job prospects after graduation
• Approaching alumni to provide coaching, workshops, (guest) lectures and to make donations
• Fulfilment of (tax) legal obligations regarding financial donations to Stichting Universiteitsfonds Eindhoven
• Providing access to sports facilities
• Measuring and improving the quality of education and evaluating career opportunities, by conducting statistical research, market research and data analysis

Close

• Campus visitors

Read more

TU/e processes, among others, the following personal data of campus visitors:

• Identification details, such as name, title, company
• Contact details, such as e-mail address
• Surveillance footage

If you park at the TU/e campus, our external service provider IP-Parking processes your license plate number, the date and time of entry and exit, and your parking location (transaction data). If you pay at the payment terminal, these payment details are also processed by IP-Parking. This data is not shared with TU/e. Additional data will be processed for students and employees who have linked their campus card for parking. More information about this can be found on Intranet.

TU/e processes the personal data of campus visitors for the following purposes:

• Visitor reception
• Security and access management for TU/e buildings, including camera surveillance
• Providing access to parking facilities

Close

• Visitors to the TU/e network

Read more

When you use TU/e ICT facilities, such as the Wi-Fi-network or access the TU/e network as a visitor or guest (e.g. through applications like Microsoft Teams), we process your personal data to facilitate your usage and monitor the network to secure TU/e’s ICT facilities and prevent misuse. The personal data involved in network monitoring primarily consists of IP addresses, user names (email address), first names, last names and log data. For more information on network monitoring, please refer to the Regulation on computer and network usage.

Close

• Research participants

Read more

TU/e conducts a wide variety of scientific research projects, each unique in its scope and nature. This can range from laboratory experiments and building prototypes to computational simulations and mathematical analysis. In addition, research may involve interviews, surveys, observations or collecting data from websites (webscraping). To find out what personal data is processed for a specific research project, please refer to the information letter, introductory materials, or privacy statement provided for that research project. All personal data in scientific research is processed in accordance with the Netherlands Code of Conduct for Research Integrity.

The most common personal data we process in the context of scientific research projects are:

• Name and signature (included in the informed consent form)
• Demographic data, such as age and education level to contextualize survey data
• Research data: the data collected during the research that is necessary for answering the research question or for achieving the research goal. This may also include special categories of personal data such as data related to health, religion, sexuality, ethnicity

In most cases, we obtain this data directly from you. Occasionally, other organizations may share your personal data with us. When possible, they will inform you about this. If that is not feasible or would require disproportionate effort, they will implement additional safeguards to protect your privacy (e.g. by anonymizing or pseudonymizing your data). We handle all personal data – whether collected directly from you or received from others – in accordance with applicable laws and our organizational and technical safeguards.

TU/e processes your personal data primarily to answer specific research questions or achieve particular research objectives. You can read which questions or objectives it concerns in the information letter, the introductory information or the privacy statement for the research you are participating in. Additionally, we will retain your name and signature to be able to prove that you have given permission to participate in a certain research project, or you have given your consent to processing special categories of personal data (or that of your child) in the context of such a project.

Close

Legal basis for processing your personal data

To process your personal data, TU/e must have a valid reason. The GDPR specifies several legal bases for data processing, and all data processing at TU/e is based on one of these legal bases.

• Performance of a contract

Read more

TU/e processes personal data to execute a contract to which you are party, or to take steps at your request prior to entering into a contract. This includes entering into and fulfilling employment contracts for staff members, managing secondary working conditions based on these agreements, and granting access to sports facilities through a contract with the Student Sports Centre.

Close

• Legal obligation

Read more

TU/e processes personal data as required by law. Examples of processing personal data by TU/e based on legal obligations include:

• Disclosing student data to the Education Executive Agency (DUO)
• Disclosing salary data to the Tax and Customs Administration and pension fund
• Disclosing data to Statistics Netherlands (CBS) for statistical analysis purposes
• Storing theses in our archives based on the Public Records Act (Archiefwet)
• Provision of personal data to the external auditor for the annual accounts’ audit
• Maintaining a student administration for the purpose of awarding degrees in accordance with the Dutch Higher Education and Research Act
• Complying with the norms on occupational health and safety (Arbowet), e.g. through conducting Employee Experience Surveys and effective laboratory management

Close

• Public task

Read more

TU/e processes personal data based on its public task, given that it is a university entrusted with the public task of carrying out scientific research and providing higher education. These activities are supported by specific legislation like the Higher Education and Research Act, but can also be mentioned in policy documents from the Ministry of Education, Culture and Science. Examples of data processing necessary to facilitate our services in the context of education are creating timetables, issuing grading lists and deploying anti-plagiarism software. Additionally, learning analytics to improve the quality of education and to support students in their learning path is also based on the legal basis of a public task.

Research conducted to increase society's knowledge generally relies on the legal basis of a public task. If, during a research project, your personal data proves valuable for new, socially important research, we may reuse it for the new research. According to the GDPR, further processing for scientific research purposes shall not be considered to be incompatible with the initial purposes, as long as appropriate safeguards are in place. Therefore, we do this only when your data is truly necessary, the recognized ethical standards for scientific research are followed and the research purposes align with the original research project.

Close

• Legitimate interest

Read more

TU/e may process personal data to pursue a legitimate interest, unless the interests or fundamental rights and freedoms of the person involved, which oblige the protection of personal data, prevail. If TU/e processes personal data on the basis of a legitimate interest, the interests of the person involved are always weighed against the legitimate interests. This means that processing must be necessary and proportionate and must have as little negative impact as possible on the persons involved. Examples of processing by TU/e based on legitimate interest include:

• Use security cameras on campus to protect people, property and buildings
• Managing visitor access efficiently
• Managing access control by means of the TU/e campus card
• Recruiting qualified employees with the necessary skills and qualifications, including the assessment of their suitability and reliability via screening checks
• Monitoring browsing behavior or network activity to secure ICT facilities and prevent misuse
• Turn personal data into anonymous statistical information to analyze trends, improve processes, refine policies, and support better decision-making (sometimes in collaboration with third parties)
• Maintaining an alumni registration system and fostering alumni engagement with TU/e
• Performing scientific research that is not primarily aimed at increasing society’s knowledge, such as research commissioned by an external party (e.g. government agencies or large companies)

Close

• Consent

Read more

If the processing of your personal data does not fall under one of the above-mentioned legal bases, we will seek your consent. You can therefore assume that if you are not asked for consent, all personal data processing by TU/e is necessary either to facilitate educational or research activities, comply with legal obligations or contracts, or to serve a legitimate interest. When consent is required, you will be informed about the purposes for which your data will be used, the specific data involved, who will have access to it and how you can withdraw your consent. Examples of the processing that TU/e does based on consent include:

• Using your e-mail address to send newsletters or promotional e-mails (unless directly related to your degree program or employment, in which case the TU/e relies on legitimate interest)
• Retaining your CV to inform you about future job opportunities
• Handling the tax settlement of trade union dues for trade union members

If you give TU/e permission to use your personal data, you can withdraw this consent at any time, but it will not apply retroactively. Instructions on how to withdraw consent will be provided when you first give your consent. If you no longer have this information, you can also contact us via the contact details at the end of this Privacy statement.

If we process special category personal data (such as information about your health, genetics, religion, political affiliation, ethnicity or sexuality) for scientific research, we generally ask for the explicit consent of the participants to derogate from the prohibition on processing such data. Sometimes, however, asking for permission is impossible or requires a disproportionate amount of effort. As long as the research also serves the public interest, the university is exempt from asking for permission. If this is the case, we will always ensure that the rights and freedoms of the participants are not disproportionately harmed and that the appropriate safeguards are put in place.

Close

• Vital interest

Read more

In exceptional cases, TU/e may process personal data to protect the vital interests of individuals. This could occur when there is an urgent medical necessity. Think of a situation in which there is a\ life-threatening situation (e.g. a serious accident) in which you are unable to give permission for the processing of your data, but this processing is necessary to save your life.

Close

Sharing of your personal data

The basic principle is that only TU/e will use your personal data, and access is restricted to employees who need your personal data to perform their work. Your personal data will never be rented or sold. However, there are certain situations where we share your personal data with other parties. When we do, we ensure that only the minimum necessary data is provided, and that these parties are obligated to handle your personal data with care through contractual agreements.

These other parties fall into the following categories:

Government agencies and supervisory authorities\ In some cases we are legally required to share your personal data with third parties such as government agencies or supervisory authorities. These could be for example:

• Government agencies such as the Tax and Customs Administration, the Immigration and Naturalisation Service (IND, in case of an employee or student from outside the EU), Employee Insurance Agency (UWV), Education Executive Agency (DUO)
• The Occupational Health and Safety Service
• Law enforcement agencies (e.g. the police) and other supervisory authorities
• External accountant (e.g. audits by the European Commission for research subsidies)
• Pension fund ABP

Additionally, when you have given permission for this yourself, we may share your data with a trade union or interest group.

Other education and research institutions\ TU/e may share your personal data with other educational and research institutions if this is necessary for providing education or conducting scientific research. This may include collaborative programs (such as a joint degree), exchange programs and collaborative research projects. We ensure that these parties handle your data confidentially and carefully by establishing written agreements.

Additionally, TU/e may share personal data of employees with research funding organizations, such as the Dutch Research Council NWO, the European Union (Horizon Europe) to secure research grants and subsidies.

Data processors\ TU/e may engage other organizations to manage or organize certain aspects of our activities on our behalf. When these organizations handle personal data in this context, they are referred to as data processors. TU/e has agreements in place with these data processors to ensure confidential and careful handling of personal data. Examples of such processors are our student registration system Osiris, safe exam workspace Schoolyear, PhD registration system HoraFinita, campus card supplier ID-Ware, applicant tracking system Varbi, service management system TOPdesk, HR and payroll system AFAS, financial systems ProActis and Unit4, and learning management system Canvas.

University Fund (specifically for alumni)\ Alumni data is shared with Stichting Universiteitsfonds Eindhoven (hereinafter referred to as UFe), to promote TU/e’s mission by offering expertise in fundraising and alumni relations. The sharing of data with UFe is regulated in a Covenant on data protection in accordance with the GDPR, to ensure that alumni data is handled confidentially and carefully. Additionally, we may share alumni data with affiliated organizations that support alumni, such as alumni associations and alumni circles.

Processing personal data outside the European Economic Area (EEA)

TU/e strives to process your data only within the European Economic Area ("EEA") by storing your data on a server in the EEA whenever possible. However, there may be exceptions, such as transferring data to a university outside the EEA in the context of an exchange program.

When engaging processors, we require them to store personal data on servers in the EEA. When this is not possible, we implement necessary measures to ensure adequate protection of your personal data.

Each transfer of personal data is carefully assessed through a standardized process to ensure adequate protection, both within and outside the EEA. This process is regularly updated to comply with the latest legal and regulatory developments.

Retention period

TU/e retains your personal data in compliance with the GDPR, ensuring that data is not kept longer than necessary to achieve its intended purposes. The exact retention period depends on the type of personal data and the purpose for which it is processed. We adhere to statutory retention periods where applicable, such as those specified in the Selection List for Universities and University Medical Centres 2020, the Public Records Act, and other laws (such as tax and labor laws).

Job application\ If you are not hired, TU/e will keep your data for a period of 4 weeks after the application procedure ends. If you have given permission to process your data with a view to being informed about other vacancies, we keep your data in accordance with the consent you have given, for 1 year after the end of the application process.

Scientific research\ You can find the retention period for your personal data in the information letter, introductory materials, or privacy statement accompanying your research. Generally, for research conducted in the public interest, we will retain your data for at least 10 years after publication of the research results. This is necessary to verify the research results and ensure the research is repeatable. We never retain more data than necessary for this purpose and anonymize or pseudonymize it as soon as possible. Contact information, for example, is often deleted soon after the conclusion of the research project.

Camera surveillance\ Surveillance footage from security cameras is retained for a maximum of 1 week. If an incident such as a theft or accident has occurred on campus, the images may be retained for a longer period to analyze what exactly happened or to share the images with the police. If this is the case, images will be deleted after the incident has been fully dealt with.

Security

TU/e makes sure that personal data is treated confidentially. We take appropriate technical and organizational measures in order to protect data against loss or any form of unlawful processing. Our security policy and standards are regularly brought in line with new regulations, best practices and developments.

Technical measures\ To optimally protect your personal data against unauthorized access or use, TU/e has appropriate security technology in use. For example, many of our systems work with two-factor authentication and we have implemented email scanning to detect spam and malware. For research data, we use well‑secured storage infrastructure. Data communication takes place via secure connections.

Organizational measures\ TU/e has taken a large number of measures to ensure that your data is not only technically secured, but that the chance of human error and misuse is also kept to a minimum. Your personal data can only be accessed by employees who need your data to properly carry out their duties. Additionally, employees are to be screened if necessary and have a duty of confidentiality. When we engage a third party in order to process personal data, we always check that this third party has an adequate level of security.\

If despite this strict security, an incident occurs, we will resolve the incident as soon as possible and take measures to ensure it cannot happen again. We report data breaches that pose a risk to the rights and freedoms of data subjects to the Dutch Data Protection Authority.

Your rights

The GDPR provides you with a large number of rights with regard to your personal data. You have the right to view your data and to have it corrected or deleted. In certain cases, you have the right to have the processing of your data temporarily frozen ('restricted') and the right to object to the processing of your data. And finally, in some cases you have the right to have a whole set of data that we have about you transferred to another organization. This is called the right to data portability.

If you wish to exercise these rights, please contact us at privacy@remove-this.tue.nl or the (postal) address at the bottom of this webpage. Please note that we may ask for additional information to verify your identity when exercising these rights, if we are unsure about the requester’s identity.

If you have given consent to process your personal data for a certain purpose, you may always withdraw this consent. Note however that withdrawal of your consent is not retroactive. Instructions on how to withdraw consent will be provided when you first give your consent. If you no longer have this information, you can also contact us via the contact details at the end of this Privacy statement.

Questions or complaints

If you have questions about how we process your personal data, please contact us via privacy@remove-this.tue.nl or the (postal) address at the bottom of this webpage. We will be happy to assist you.

If you believe that your personal data is being processed in breach of the GDPR or you are unhappy about how a request related to your rights has been handled, you may submit a complaint to our Data Protection Officer (DPO) via dataprotectionofficer@remove-this.tue.nl. The DPO is the link between TU/e and the Dutch Data Protection Authority. The DPO acts independently and can discuss your complaint with or ask for advice from the Dutch Data Protection Authority. If you disagree with the outcome of the DPO’s handling of your complaint, you can submit a complaint directly to the Dutch Data Protection Authority.

For IT security incidents and emergencies, you can contact CERT@remove-this.tue.nl. For any related questions, you can reach out to the security team at security.operations@remove-this.tue.nl.

This privacy statement was last amended in October 2025 and is subject to change. Please check our website to make sure you are consulting the most recent version.