Privacy statement SURF

SURF values the privacy of both its member institutions and of visitors to its website. When we ask you for your personal details, we handle them with care. We always comply with the General Data Protection Regulation (GDPR). You can read all about this in our privacy statement.


 

How do we handle your data?

Privacy

If SURF requests and processes your personal data, then your privacy is our prime concern. This means, among other things, that:

  • we clearly state for what purposes we are processing your personal data; we do this by means of this privacy statement;
  • we ask for only the personal data that is needed for legitimate purposes;
  • we keep your personal data very safe and also demand the same from the parties, which process your personal data on our behalf; and
  • you may view, correct or delete your personal data at any time. 

Security measures

Among other things, we have applied the following security measures to protect your personal data:

  • Our system is accessible only over the SURF-network, using a secure VPN connection;
  • We use secure (HTTPS) connections to guarantee the security of data transfers; and
  • We apply organizational and physical access controls.

For what do we use your data?

We process your data to allow you:

Registration for events

If you register for an event via our website, we ask you for the following personal details:

  • first name and surname (mandatory);
  • email address (mandatory);
  • organization for which you work (mandatory);
  • sector of the organization where you work;
  • job-title;
  • payment details;
  • dietary preferences; and
  • other information that you can provide optionally.

Why do we ask for this information?

We need your details in order to process your registration (legal basis for processing: performance of an agreement). In addition, we can carry out statistical research using this information in order to improve our services (legal basis for processing: SURF's legitimate interest) 

How long do we retain your details?

SURF retains your data for up to 13 months after the event, in order to carry out statistical research. If you register for a paid event, SURF will retain your data for 10 years. This is the legal retention period. 

SURF Magazine

If you subscribe to the quarterly SURF Magazine via our website, we ask you for the following personal details:

  • first name and surname;
  • gender;
  • address;
  • email address;
  • telephone number;
  • organization for which you work;
  • sector of the organization where you work; and
  • job-title.

Why do we ask for this information?

We need your details in order to process your subscription to SURF Magazine (legal basis for processing: performance of an agreement). In every SURF Magazine there are instructions on how to unsubscribe. You unsubscribe by sending an email to communicatie@surf.nl

How long do we retain your details?

We retain your details for as long as you are a subscriber to SURF Magazine. Once you unsubscribe, we immediately delete your details. 

Web forms

On our website, you can fill out forms for a variety of reasons. For example, you may register as a speaker for an event or fill out a feedback form. When you fill out a web form, SURF may ask you for the following details:

  • first name and surname;
  • address;
  • email address;
  • telephone number;
  • area of interest;
  • organization for which you work;
  • sector of the organization where you work;
  • job-title; and
  • other information that you can provide optionally.

Why do we ask for this information?

We need your details in order to process your registration or request (legal basis for processing: performance of an agreement).

How long do we retain your details?

We retain your data up to 1 month after your request or registration has been fully processed, so that we can still answer any follow-up questions. 

Our SURF Nieuws newsletter

If you subscribe to our SURF Nieuws online newsletter, we ask you for the following personal details:

  • first name and surname;
  • email address;
  • organization for which you work; and
  • area of interest.
  • Every newsletter from SURF includes a link at the foot of the newsletter to allow you to unsubscribe.

Why do we ask for this information?

We need your details in order to process your registration (legal basis for processing: performance of an agreement).

How long do we retain your details?

We retain your details for as long as you are a subscriber to SURF Nieuws. Once you unsubscribe, we immediately delete your details.

CRM

SURF uses a CRM system to store details of contracts with institutions, vendors and other business partners. This also stores details of contacts defined by SURF. SURF may process the following data in its CRM system:

  • first name and surname; 
  • gender;
  • address;
  • telephone number;
  • cell number;
  • role or job-title;
  • department;
  • institution or organization with which you are affiliated;
  • email address; and
  • short business visit report, if our relationship manager has visited you

Why do we process this information?

We need these data in order to contact you in order to offer support (legal basis for processing: performance of an agreement between SURF and you, or the institution or company for which you work). 

How long do we retain your details?

Data that are required to be retained by law will be retained for the period the law requires. We therefore retain the data included in the legal basic administration for up to 10 years after the end of the contract. In all other cases, we retain your data for up to 1 year from the end of the agreement. 

To whom do we transfer your data?

We only pass on the data you provided us to third parties when this is necessary to be able to provide you with the respective services.

We will only supply your data to other parties with your agreement, unless it is legally required of us or permitted to transfer your data. For example, the police may require us to provide data as part of a fraud investigation. SURF is then legally required to provide these data.

What rights do you have in relation to your data?

We process your personal data and you can therefore decide what is done with them. To do so, you can contact SURF; see the contact details at the foot of this page. What exactly can you do with the data provided to us?

  • You may request to see your data that we are processing.
  • You may ask us to amend your data, to complete them, or to remove them if they are incorrect or not (no longer) relevant.
  • You may object if we process your data on the basis of SURF's legitimate interests. 
  • You may ask us to restrict the processing of your data.
  • You may request a digital copy of your data that we process and you have the right to transfer these data to a different service provider.
  • You may withdraw your consent to the processing of your personal data, for example by unsubscribing from a newsletter. Note: the processing of your personal data before you withdrew your consent remains legal.

If you believe that SURF is not handling your personal data correctly, then you may file a complaint with SURF. If you and SURF are unable to resolve the issue, then you can submit a complaint about SURF to the Personal Data Authority

Third-party websites

This privacy statement does not apply to third-party websites to which we have links on our website. SURF is unable to guarantee that these third parties will handle your data in a trustworthy or secure manner. We recommend that you read the privacy statement(s) on those websites before you make use of such website(s).

Amendments to privacy statement

SURF may amend this privacy statement. We therefore recommend that you review this privacy statement regularly.

Cookie policy

Also read our cookie statement, where we explain what cookies we use on our website and why. 

SURF contact details

General

SURF
Moreelsepark 48
3511 EP  Utrecht
communicatie@surf.nl
+31-887873000                                                     

Data Protection Administrator

Evelijn Jeunink
evelijn.jeunink@surfnet.nl

This privacy statement was last revised on 28 June 2018.

 

Latest modifications 19 Jul 2018