Privacy statement for job applicants

Utrecht University (UU) is committed to look after the personal data of everyone who visits our website. The privacy rules from the General Data Protection Regulation (GDPR) are crucially important to us, as this legislation is in line with our objective to provide education and do research at the highest level, our ambitions for good employment practices and our guiding principle of sustainability.

Utrecht University attaches great value to the privacy of job applicants. In this privacy statement for job applicants, we wish to be clear and transparent about the way we handle your personal data.

Who is responsible for processing my personal data?

UU is the controller within the meaning of the General Data Protection Regulation (GDPR) and is responsible for the processing of the personal data described in this privacy statement.

The UU is a legal entity under public law pursuant to Article 1.8 of the Higher Education and Scientific Research Act and is located at Heidelberglaan 8, (3584 CS) Utrecht. The UU has a legal obligation to process your personal data carefully. The UU believes it is essential that the personal data of its employees is treated and secured with the utmost care. The most important thing is that we strive to comply with the requirements of the GDPR in all cases.

Which personal data are processed?

The UU does not process more personal data than is necessary for the application procedure. These are as follows:

  • First and last name;
  • Address and place of residence;
  • E-mail address;
  • Phone number;
  • Curriculum vitae / resume;
  • Motivation letter;
  • IP-address.

For what purposes are my personal data processed?

Your personal data will only be processed for a specific purpose. In this case, your personal data will only be processed for the application procedure or to keep you informed of new, interesting vacancies that match your stated preferences. In any case, you are not obliged to leave your data, but it is necessary if you want to file an job application.

What is the legal basis?

Your personal data will only be processed if there is a legal basis for this. The basis for processing in the context of the application procedures is legitimate interest. The UU has an interest in processing your personal data in order to carry out the application process and hire new staff. Therefore it is necessary to process your personal data. No more personal data is processed than is necessary for the application procedure. Your rights and freedoms are guaranteed as much as possible.

How long will UU keep my personal data?

The UU does not store your personal data longer than necessary. The personal data obtained during the application procedure will be kept for 4 weeks. With your permission, we can also store this data for 1 year. This can be useful if a suitable position becomes available at a later stage that matches your profile. You are completely free to choose whether you want to give permission for this. You have the right to withdraw your consent at any time, without giving reasons. This has no further consequences for you or for the application procedure.

With whom will my personal data be shared?

Your personal data will only be shared with the digital environment called Ubeeo through which you can submit your application. A processing agreement has been concluded with this party in which, among other things, agreements have been made about the necessary technical and organizational security measures. There will be no further transfer of your personal data outside the European Union.

Automated decision making

No automated decisions are made in any way without any human intervention.

How is my personal data secured?

The UU handles personal data confidentially and has therefore taken appropriate technical and organizational measures to properly protect your personal data. For example, the UU uses appropriate security technology to protect your personal data against unauthorized access or unauthorized use. We report (attempted) abuse. In addition, the UU takes organizational measures to protect personal data against access by unauthorized persons and to minimize the risk of human error and misuse. If you have any further questions about this, please feel free to contact us at privacy@uu.nl.

What rights under the GDPR do I have?

When processing your personal data, you have a large number of rights with regard to your personal data. You have the right to be informed in a timely, transparant and complete manner about the manner in which your personal data is processed. You also have the right to inspect, change and limit your data. You can also request to have your data deleted. However, this is only possible to the extent that UU can still meet its legal obligations, such as the statutory retention periods. You also have the right to object to the processing and the right not to be subject to decisions resulting from fully automated processes (i.e. without human intervention) that could seriously affect you. And finally, in some cases you have the right to have an entire set of data that we have about you transferred to another organization. This is called the right to portability. Are you curious about your rights as an employee of the UU? Please consult the privacy statement for employees here.

You can submit your request via the following form: Privacy request form (uu.nl). When submitting your request, we may ask you a number of questions to determine your identity.

Contact and complaint options

Do you have any specific questions or comments about our Privacy Statement based on this information? Please feel free to contact us. You can use the contact form on the website or send an e-mail to privacy@uu.nl. If you want to file a complaint, you can send an e-mail to our Data Protection Officer (fg@uu.nl). You also have the right to file a complaint with the Dutch Data Protection Authority about the use of your personal data. This can be done via their website.

This Privacy Statement was last changed on March the 4th, 2024. The UU reserves the right to make changes to this Privacy Statement where necessary.