Search

Privacy

Leiden University of Applied Sciences respects the privacy of visitors to this website and ensures that the personal information you provide with your visit is treated confidentially. Personal data provided on our website will not be passed on to third parties, except for legal obligations.

Leiden University of Applied Sciences (HSL) respects the privacy of its employees, students and other data subjects and handles your personal data carefully and confidentially. In doing so, HSL complies with the requirements of the General Data Protection Regulation (GDPR) and other related legislation.

This Privacy Statement explains which personal data HSL processes and why. It also indicates which rights you have and with which other parties HSL may share your data.

HSL is responsible for processing personal data of data subjects, which concerns all actions that an organisation can perform with personal data, from collection to deletion. Data subjects are the persons whose personal data HSL processes. To HSL ‘data subjects' include: employees, students and other persons involved.

Employees
  • Employees with an employment contract;
  • Temporary workers;
  • Secondees;
  • Persons who perform work under the scope of an assignment;
  • Applicants;
  • Former employees;
  • Interns.
Student
  • Students;
  • Course participants;
  • Prospective students;
  • Alumni.
Other data subjects

The Data Protection Officer (FG, Functionaris Gegevensbescherming) of HSL is registered with the Dutch Data Protection Authority (AP). The Data Protection Officer (FG, Functionaris Gegevensbescherming) ensures that the processing of personal data by HSL complies with the requirements of the law. The FG can be reached via the email address: [email protected].

What personal data do we process from whom and why do we do this?

The following categories of personal data may be processed by HSL, per category of data subjects:

Student
  • Identification data (e.g. name and address details, date and place of birth, student number, user name);
  • Contact details and e-data (e.g. email address, telephone number, logging, IP addresses);
  • Health data (e.g. physical and psychological data in the context of study guidance);
  • Copy of ID and Citizen Service Number;
  • Nationality;
  • Financial data (e.g. bank account number);
  • Personal characteristics (e.g. gender);
  • Education and training (e.g. grades, diplomas, study progress);
  • Profession and position (e.g. resume, work placement company or employer);
  • Assessment data (e.g. personal feedback, reports);
  • Image and sound recordings (e.g. photo, video).
Employees
  • Identification data (e.g. name and address details, date and place of birth, employee number, user name);
  • Contact details and e-data (e.g. email address, telephone number, logging, IP addresses);
  • Health information (to determine eligibility for wage payments in the event of disability and to meet the requirements of the Eligibility for Permanent Incapacity Benefit Restrictions Act [Wet verbetering Poortwachter]);
  • Copy of ID and Citizen Service Number;
  • Nationality;
  • Membership of a trade union (for the tax settlement of trade union dues);
  • Criminal record data (Certificate of Conduct (VOG));
  • Financial data (e.g. bank account number);
  • Personal characteristics (e.g. gender);
  • Education and training (e.g. grades, diplomas, progress);
  • Occupation and position (e.g. resume, type of employment, ancillary positions);
  • Assessment data (e.g. personal feedback, reports);
  • Image and sound recordings (e.g. photo, video);
  • Location data (e.g. workplace).
Other data subjects

HSL may only process your personal data if there is a demonstrable purpose for this. Read below per category of data subject for which purposes we use personal data.

Student
  • Good orientation regarding study choice and your registration for education;
  • Good organisation and progress of education and internal examinations;
  • Monitoring, measuring and supervising study progress;
  • Handling complaints, objections and appeals;
  • Providing effective guidance counselling;
  • Assessing and executing an application for special facilities for a student with a (physical) disability;
  • Preventing and investigating suspicions of plagiarism and fraud and taking (legal) measures in the event of detected irregularities;
  • Nomination for membership, prize or nomination;
  • Evaluation of the quality and accessibility of education and the organisation of HSL;
  • Conducting research by (other organisations than) HSL, such as but not limited to HBO Monitor, 100 day-research, National Student Survey and study results;
  • Protection of company assets, (personal) data and intellectual property rights of HSL;
  • Managing the availability, improving, testing, expanding and securing the capacity of ICT facilities;
  • Security of ICT facilities, including preventing unlawful use (as referred to in the regulations for dealing with ICT facilities and (personal) data by HSL employees);
  • Reporting domestic violence and sexual offences.
Employees
  • Well-organised recruitment and selection of employees;
  • Ensuring good opportunities for employees to develop;
  • Correct and efficient employee administration and balanced and clear deployment and planning of employees;
  • Prevention and development of employees;
  • Good employee assessment system;
  • Guidance of illness and absenteeism of employees;
  • Consulting confidential advisor;
  • Works council elections;
  • Handling of complaints, data leaks, requests for rights of data subjects, objections and appeals by employees;
  • Legal advice and protection;
  • Conducting investigations by (other organisations than) HSL for the purpose of, for example, equal treatment and employee satisfaction;
  • Protection of company assets, (personal) data and the intellectual property rights of HSL;
  • Managing availability, improving, testing, expanding and securing capacity of ICT facilities;
  • Security of ICT facilities, including preventing unlawful use (as referred to in the regulations for dealing with ICT facilities and (personal) data by employees HSL).
Other data subjects
  • Informing interested and other third parties about HSL and the content of its study programmes;
  • Maintaining good contacts with the professional field;
  • Providing digital services, including access to ICT facilities;
  • Registering participants for an event;
  • Involving external contacts of social importance in education, such as guest lectures and symposia;
  • Evaluating, concluding, managing and administering agreements;
  • Conducting research by HSL, with or without the cooperation of organisations other than HSL (for example universities with which HSL collaborates);
  • Handling data leaks, complaints, objections, appeals and requests for the rights of data subjects;
  • Optimising the website and gaining insight into the use of the website.

On what grounds do we process personal data?

HSL may only process your personal data if the processing is lawful. Processing is lawful if it meets the conditions stated in the law.

Student
  • HSL processes personal data of students on the basis of legal obligations regarding the processing of personal data (such as the administration of exams, the issuing of certificates and the provision of study advice) and general interest (such as the importance of the quality assurance of education). HSL also uses the following principles in a limited number of processing processes: performance of the contract, legitimate interest, consent and vital interest.
Employees
  • HSL processes personal data of employees based on an agreement between the employees and HSL. In addition, HSL also has certain legal obligations regarding the processing of your personal data, such as on the basis of the Eligibility for Permanent Incapacity Benefit Restrictions Act [Wet verbetering Poortwachter] and the Wages and Salaries Tax Act [Wet op de Loonbelasting]. HSL also uses the grounds of legitimate interest, general interest, consent and vital interest in a limited number of processing processes.
Other data subjects
  • The most important basis for the processing of personal data from other data subjects by HSL is consent. If data is processed on the basis of consent, you have the right to withdraw this consent at any time. You can withdraw your consent by contacting Loket Privacy (Privacy Desk), by sending an email to: [email protected]. In addition, HSL uses the foundations in a limited number of processing processes, namely performance of an agreement, legal obligation, legitimate interest and general interest.

How long do we store personal data?

Personal data will not be stored for longer than necessary for the purpose in question. Retention periods may be regulated by law. In that case, the statutory retention periods will be followed. If no statutory retention period applies, Selectielijst hogescholen will serve as a guideline for determining the retention periods. Where the Selection List of Universities of Applied Sciences does not provide a definitive answer, conscious and appropriate choices will be made.

With whom do we share personal data?

HSL may use (ICT) service providers for the processing of personal data. We conclude contracts with these service providers that state exactly which data is shared under which conditions. HSL demands, among other things, that the data provided is used exclusively for the described purpose, that the data is protected and destroyed after use.

In some cases, it is also possible that HSL receives your personal data from other parties (for example DUO, Studielink or the occupational health services) and in some cases personal data is shared with partner institutions at home and abroad (for example in the event of an exchange, or for the HBO Monitor or for the National Student Survey) or municipalities (for example in the event of an integration process).

In addition, HSL provides personal data to other organisations if required to do so by law (for example, DUO, the Tax Authorities, or the Employee Insurance Agency (UWV)). In principle, HSL only processes personal data within the European Economic Area (EEA). If personal data is nevertheless processed outside the EEA, this is only permitted if an appropriate level of protection is guaranteed.

How is personal data secured?

HSL - together with any processors - ensures appropriate organisational and technical security of your personal data. HSL has a Privacy and Information Security policy, which describes technical and organisational measures to protect your personal data against loss and unlawful use.

Examples of security measures include physical and digital access security, authorisation management, data encryption, logging and monitoring of ICT facilities, use of firewalls, employee training, employee confidentiality and supplier management.

In this way, HSL ensures that this data is only accessible to persons who are authorised to do so based on their position and that the data is only used for the purposes for which it was obtained.

What rights do you have?

As the person to whom the personal data relates (data subject), you have certain rights under privacy legislation. If you want to exercise these rights, please send your request per email to:

If you submit a request, you may be asked to identify yourself to ensure that only you have access to your own personal data..

Your rights include:

  1. Right of acces: you can obtain an overview and/or access to the personal data that we process about you.
  2. Right to rectification and supplement: if there are demonstrable errors in your personal data or if they are incomplete, you can request that the data be rectified or supplemented.
  3. Right to 'being forgotten': you can request to have your personal data removed from the files of HSL. There are limitations to this, for example because we have a legal obligation to process your personal data, such as on the basis of the Wages and Salaries Tax Act [Wet op de Loonbelasting] and the Eligibility for Permanent Incapacity Benefit Restrictions Act [Wet verbetering Poortwachter].
  4. Right to restriction of processing of your personal data: in certain cases you can request HSL to temporarily stop processing your personal data.
  5. Right to data portability: in certain cases, you can request to transfer your personal data to an agency specified by you. This only applies if HSL processes your data on the basis of an agreement or on the basis of your explicit consent.
  6. Right to object against the processing of your personal data: You can object to the processing of your personal data in certain situations. More information about the procedure for submitting the above requests can be found here.

What is the procedure for reporting data breaches?

HSL does everything it can to protect your personal data as well as possible. Despite all (security) measures, a data breach may still occur. 

There are 3 categories of data breaches:

  • Breach of confidentiality
    When there is an unauthorised or accidental disclosure of, or access to, personal data.
  • Breach of integrity
    When there is an unauthorised or unintentional change to personal data.
  • Breach of accessibility
    When there is an unauthorised or accidental loss of access to, or destruction of, personal data.

It is important to signal a (possible) breach of data as soon as possible and to limit the (possible) consequences. HSL is very alert to this, but your help is also indispensable.

If you are aware of a data breach or suspect a data breach, we ask you to report this immediately to the Service Desk via (+31 0)71-5188 900 or to the Reception Desk. The procedure for investigating, resolving and possibly reporting the data breach to the Dutch Data Protection Authority (Dutch DPA) will then come into effect.

Changes to the Privacy Statement

HSL reserves the right to make changes to the Privacy Statement. We therefore advise you to regularly read the Privacy Statement for any changes.

Questions, comments or complaints

If you believe that this Privacy Statement is not being complied with, have a complaint about the use of your personal data by HSL or wish to submit a request to exercise your rights, you can inform the Data Protection Officer via the email address:  

If your complaint is not handled to your satisfaction, you can file a complaint with the Dutch Data Protection Authority via the website

More information about HSL' Policy on Processing Personal Data, the processing of personal data and information security can be found for students and employees on mijn.hsleiden.nl (sharepoint.com). You can also consult the website of the Dutch Data Protection Authority.

This privacy statement was established by the Executive Board on 10 June, 2024.

The procedure behandeling verzoeken betreffende rechten van data subjects (pdf) (procedure handling requests concerning data subject rights) describes how requests from data subjects concerning their personal data are handled.

For more information about the policy on processing personal data at HSL, please contact the Data Protection Officer. Their contact details can be found in the above privacy statement.