Within the school, student and personal data are processed and managed for educational purposes. The school, as the data controller, considers the protection and security of personal data and privacy to be a major responsibility. Through this privacy statement, we inform you about the measures the school takes to protect and secure personal data. This privacy statement also aims to inform you of the rights you have as a parent and/or legal representative regarding data processing.
Scope and Purpose
This regulation applies to all personal data processed about data subjects, including students, parents and/or legal representatives, employees, interns, and volunteers of the Groningse Schoolvereniging in Groningen. The purpose of this regulation is to:
- Provide and organize education, including student guidance
- Protect the privacy of those involved
- Ensure careful handling of personal data for which the school is responsible.
Information We Collect
We only collect personal information such as name and email address if you voluntarily provide it to us, for example by filling out a contact form or enrolling your child(ren). We use this information only to respond to your requests or to send you information you have requested. We also collect anonymous information about your visit to our website, such as your IP address, browser information, the time and date of your visit, and the pages you viewed. This information is used to improve our website and to compile statistics about visitor numbers and website behavior.
Key Definitions
- Personal Data: All data relating to a data subject known to us (an identified or identifiable natural person), including name, date of birth, gender, address, phone number, email address, grade reports and performance data, complaints, reports (including medical data), correspondence, images, login names, and passwords related to educational applications.
- Processing of Personal Data: Any operation or set of operations performed on personal data, including collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, sharing by transmission or other forms of disclosure, combining, linking, restricting, erasing, or destroying data.
- Data Subject: The student, parent, and/or legal representative to whom the personal data relates.
- Data Controller: The Groningse Schoolvereniging determines, as the data controller, the purpose and means of processing personal data, for example within the student tracking system.
- Processor: The person and/or organization that processes personal data on behalf of the school (as the data controller).
Types of Personal Data
From the moment your child is enrolled, personal data is collected such as name, address, postal code and city (NAW details), Citizen Service Number (BSN), date and place of birth, nationality, religion/denomination, and contact details of the general practitioner. The school also collects information about parents and/or legal representatives such as NAW details, profession, and education level. Explicit consent is always requested for the latter. The school adheres to legally established retention periods and does not store data longer than necessary.
How We Use Information
We use your personal information only for the purposes for which you provided it. We will never share, sell, or rent your personal information to third parties unless we are legally required to do so. We may use anonymous information to improve our website and to maintain statistics about visitor numbers and website behavior. This information is not shared with third parties.
Cookies
Our website uses cookies to remember your preferences and to compile statistics about visitor numbers and website behavior. You can adjust your browser settings to refuse cookies or to notify you when cookies are placed. However, refusing cookies may affect the functionality of our website.
Security
We take the security of your personal information very seriously and take measures to protect it against loss, misuse, unauthorized access, disclosure, alteration, and destruction. We use secure servers and encrypted communication to protect your personal information.
Protection of Personal Data
The school has implemented organizational and technical measures to protect personal data, including:
- Applying an internal privacy and information security policy
- Raising awareness among staff regarding risks of loss, destruction, or unauthorized access
- Account management and authorization systems to ensure employees only access information necessary for their role
- Securing and encrypting personal data
- An active firewall/IPS to monitor the school network
- Software to combat spam, viruses, and malware
- Secure transmission of personal data via encrypted email
- Monitoring retention periods to ensure data is not kept longer than necessary
- Periodic evaluation and improvement of school policies regarding data protection and privacy
Rights of Data Subjects
Under the General Data Protection Regulation (GDPR), data subjects have several rights. The school recognizes and acts in accordance with these rights.
- Right of Access: Every data subject whose personal data is processed has the right to access the data held. The school may verify identity if necessary.
- Right to Rectification or Supplementation: Data subjects may request correction, completion, or restriction of their personal data.
- Right to Share Data: Data subjects have the right to share their personal data with others and/or other organizations on their own initiative.
- Right to Erasure: If a data subject believes that the school processes personal data without a valid legal basis or consent, they may request the school to delete the data. Upon receiving a request, the school will inform the data subject in writing within one month about the progress or rejection of the request. For complex requests, this period may be extended by four weeks. Once approved, the school will implement the request as soon as possible.
Links to Other Websites
Our website contains links to other websites that are not under our control. We are not responsible for the privacy policies of those websites. We recommend that you carefully read the privacy policy of each website you visit.
Changes to This Privacy Statement
We reserve the right to modify this privacy statement at any time. We recommend checking this page regularly for updates.
Complaints
We prefer that complaints be discussed with the relevant teacher, team leader, or appointed Data Protection Officer. If the complaint does not lead to the desired outcome, it is possible to submit a privacy-related complaint to the Dutch Data Protection Authority.
Data Protection Officer (DPO)
On behalf of the school, a Data Protection Officer has been registered with the Dutch Data Protection Authority. If desired, you can be put in contact with the Data Protection Officer. Please contact the school administration for contact details.
Contact
If you have any questions about our privacy policy, please contact us via the contact form on our website. We will do our best to respond to your questions as quickly as possible.