Privacy statement alumni

Utrecht University (UU) is committed to look after the personal data of everyone who has studied with us. The privacy rules from the General Data Protection Regulation (GDPR) are crucially important to us, as this legislation is in line with our objective to provide education and research at the highest level, our ambitions for good employment practices and our guiding principle of sustainability.

In this privacy statement, we will inform you of the personal data we process, the purposes for which we do this, your privacy rights and other matters that are important to you.

The personal data we collect from you is processed by the UU for the following purposes:

Validating, correcting and deleting alumni registration
Encouraging the development of an alumni community
Keeping a CRM (Client Relation Management) administration of alumni
Keeping track of alumni participation in events
Supporting alumni associations
Sending newsletters to alumni

Your personal data will not be processed without your consent for a purpose that is not compatible with the above.

The UU processes the following data from you as an alumnus. Not all of this information may apply to you:

Name
Titles
Date of birth
Gender
Language
Address(es)
Email address(es)
Telephone number
Student number
Communication preference

In addition, there are data that are only processed from a limited group of alumni:

Job function
Study
Graduation date
Degree obtained
Personal relationship(s) with other alumni or organizations
Foundations or trusts in which the alumnus is or has been involved

This data is collected to create a profile of the relationship in order to determine whether someone could or would like to contribute to the goals of the UU.

The UU receives most data automatically via our student registration system Osiris or our PhD registration system MyPhD. We collect a number of data, such as your preferred language or communication preferences, directly from you. Finally, data from a limited group of alumni is collected by our relationship managers via public sources such as LinkedIn or newspapers.

The UU can only process your personal data if we have a good reason to do so. Such a reason must be indicated in the GDPR. This is called a legal basis. The UU processes your personal data in accordance with the legal basis of the legitimate interest of the UU or of a third party. This legitimate interest includes maintaining an alumni registration system and stimulating the connection of alumni with the UU.

The UU stores your personal data in accordance with the rules in the GDPR. This means that we do not store the data longer than is strictly necessary to achieve the purposes for which the data was collected.

The data in the alumni registration system will be kept for up to two years after your death. This retention period was chosen because once you’ve studied at the UU, you stay an alumnus for a lifetime. Moreover, many alumni choose to include the UU in their will. By keeping data for a while after your death, the UU has sufficient time to connect these donations to the appropriate alumnus and – where appropriate – express our condolences to the bereaved families.

The UU may instruct other organisations to arrange or organise certain elements of our activities on our behalf. If the relevant organisations process personal data in the context of that assignment, we call them data processors. The UU has so-called data processing agreements with these processors to ensure confidential and careful handling of personal data. The supplier of our alumni registration system is an example of such a processor.

Your personal data will never be rented out or sold. The UU can share your (personal) data with third parties (outside data processors) if, for example, you have given permission for this yourself or if this is necessary to be able to execute an agreement between you and the UU. In certain cases, we are also legally obliged to provide your personal data to third parties. An example is the Dutch tax authority in the case of donations.

In some cases, the UU can exchange personal data to countries outside the EU.

The UU makes sure that personal data is treated with confidentially. The UU takes appropriate technical and organisational measures to ensure that your personal data is properly protected.

Technical measures

In order to optimally protect your personal data against unauthorised access or use, the UU has appropriate security technology in use. We report (attempted) abuse.

Organisational measures

Within the organisation, the UU has taken a large number of measures to ensure that your data is not only technically secured, but that the chance of human error and misuse is also kept to a minimum.

Based on the above information, do you have any specific questions or comments about this privacy statement? Please feel free to contact us via privacy@uu.nl.

The UU has appointed a Data Protection Officer (DPO). This is an internal advisor and supervisor on the application of the GDPR. When you have questions about the processing of your personal data or when you want to file a complaint, you can contact our DPO via fg@uu.nl.

We would like to point out that you also have the right to file a complaint with the supervisory authority, the Dutch Data Protection Authority.

Contact details Utrecht University

Heidelberglaan 8
3584 CS Utrecht
Tel. +31(0) 30 253 35 50

Privacy statement - version

This privacy statement was last amended on 16 August 2023. From time to time, changes are made to this privacy statement. Please check our website to make sure you are consulting the most recent version.

Privacy statement alumni

For what purposes does the UU process my personal data?

What personal data does the UU collect from me?

Can the UU process my personal data?

How long does the UU store my personal data?

With whom is my personal data shared?

How does the UU secure my personal data?

Technical measures

Organisational measures

Questions? Complaints?

Contact details Utrecht University

Privacy statement - version

Contact

Follow UU