Privacy statement ISNI

Assigning ISNI's

Utrecht University aims at the careful processing of personal data of everyone who works, studies or performs research.

Utrecht University processes your personal data when it assigns you with an International Standard Name Identifier (ISNI). In this Privacy Statement we inform you about the purposes for which personal data are processed, how you can exercise your privacy rights and other information which may be of importance to you.

1. Controller and responsibility

Utrecht University is the data controller within the framework of the GDPR. Utrecht University finds it essential that the personal data it controls and processes are treated and secured with the utmost care. We also want to be open about the way your data is processed by us. That is why we explain this below.

2. For what purposes does UU process your personal data?

The processing of personal data of researchers, including year of birth data, has the following purposes:

  • Assigning unique identifiers (ISNIs) to link the name of a researcher to the correct publication and to include this in the ISNI database, thus distinguishing between namesakes and preventing publications from being linked to the wrong researcher (with the same name). This also serves a copyright purpose;
  • Increasing the findability of publications in international databases and search systems;
  • Being able to merge all name variations under which the researcher publishes;
  • Adding an ISNI and related metadata to the researcher’s own records in the catalogue of the Institutions in order to make this information visible and retrievable in the context of carrying out the public task and building up the institution's own collection;
  • Assigning an ISNI to researchers so as to contribute to unique identifiers for all publishing researchers in the Netherlands.

3. From whom does Utrecht University collect personal data?

When creating ISNI’s, Utrecht University collects data from researchers who once held or currently hold an appointment at Utrecht University and who have at least one publication in Pure. This also applies to researchers who once held or currently hold an appointment at UMC Utrecht and who are affiliated with the Utrecht University Faculty of Medicine. Pure is the current research information system (CRIS) of Utrecht University. A CRIS (Current Research Information System) is a research information system in which all information about completed, current and future research can be recorded: information about research groups, researchers and research publications.

4. What personal data does Utrecht University collect?

The following personal data are collected:

  • Name
  • Name Variant
  • UUID
  • DAI
  • Year of birth
  • Affiliation
  • Publications
  • Organisations > Job title
  • ID
  • SEP/KUOZ unit associations > Staff type
  • Title of the contribution in original language
  • Journal > Journal
  • Journal > ISSN

Utrecht University already has this data. In order to create ISNIs, the year of birth is taken from SAP HR and the other information from Pure.

5. Basis for data processing

Your data are processed based on Utrecht University's legitimate interests in disseminating knowledge and thus fulfilling its public task.

How does Utrecht University ensure confidentiality of personal data?

Utrecht University handles personal data with confidentiality. Utrecht University takes appropriate technical and organisational measures to protect personal data. Utrecht University only shares personal data in accordance with this Privacy Statement and only with third parties when it is permitted and with due care.

6. Data sharing with third parties

The name, name variety, year of birth, affiliation and publications will be shared with the administrator of the ISNI database. The personal data, apart from the year of birth, will also be publicly accessible via the ISNI database on the website https://isni.org.

7. Transfer of your data outside the EU

No personal data is transferred outside the EU.

8. How long will your data be kept?

After the ISNIs have been created, the work file with the collected personal data will be deleted. This does not mean that the personal data in Pure and SAP HR will also be deleted.

9. How can you access, correct or delete your data?

You can send your request for inspection or correction to Utrecht University or to ISNI.org, the administrator of the ISNI database. Please indicate clearly that it concerns an inspection or correction request under the GDPR. You can also request that your data be deleted, but only insofar as Utrecht University can still fulfil its legal obligations, such as the legal retention periods.
Please note that the provision of a copy of an identification document may be necessary in order to verify your identity. Making a secure copy of your ID is easy with the government's 'KopieID' app, which you can download from the app store.
Please send your request to the following email address: privacy@uu.nl and mention in the subject line what the request is about.
You are also entitled to lodge a complaint about the use of your data with the Dutch Data Protection Authority.

10. Technical security

In order to optimally protect your personal data from unauthorised access or use, Utrecht University uses appropriate security technology. We report any abuse, or attempted abuse, to the police. Utrecht University also takes organisational measures to protect personal data from unauthorised access.

11. Questions

Do you have any specific questions or comments about our Privacy Statement with reference to this information? Please feel free to contact us. You can use the contact form on the website or send a message to privacy@uu.nl. The Data Protection Officer of Utrecht University may also be contacted via this e-mail address.

Privacy statement - version

This Privacy statement was drawn up on 14 December 2021. Utrecht University reserves the right to make changes to the Privacy Statement where necessary.