Privacy statement SURF

SURF values the privacy of both its member institutions and of visitors to its website. When we ask you for your personal details, we handle them with care. We always comply with the General Data Protection Regulation (GDPR). You can read all about this in our privacy statement.

Please note: this privacy statement explicitly does not apply to the processing operations that take place within the SURFspot service.


 

How do we handle your data?

Privacy

If SURF requests and processes your personal data, then your privacy is our prime concern. This means, among other things, that:

  • we clearly state for what purposes we are processing your personal data; we do this by means of this privacy statement;
  • we ask for only the personal data that is needed for legitimate purposes;
  • we keep your personal data very safe and also demand the same from the parties, which process your personal data on our behalf; and
  • you may view, correct or delete your personal data at any time. 

Security measures

Among other things, we have applied the following security measures to protect your personal data:

  • Our system is accessible only over the SURF-network, using a secure VPN connection;
  • We use secure (HTTPS) connections to guarantee the security of data transfers; and
  • We apply organizational and physical access controls.

For what do we use your data?

We process your data to:

Registration for events

If you register for an event via our website, we ask you for the following personal details:

  • first name and surname (mandatory);
  • email address (mandatory);
  • organization for which you work (mandatory);
  • sector of the organization where you work;
  • job-title;
  • payment details;
  • dietary preferences; and
  • other information that you can provide optionally.

Why do we ask for this information?

We need your details in order to process your registration (legal basis for processing: performance of an agreement). In addition, we can carry out statistical research using this information in order to improve our services (legal basis for processing: SURF's legitimate interest) 

How long do we retain your details?

SURF retains your data for up to 18 months after the event, in order to carry out statistical research. If you register for a paid event, SURF will retain your data for 10 years. This is the legal retention period. 

SURF Magazine

If you subscribe to the quarterly SURF Magazine via our website, we ask you for the following personal details:

  • first name and surname;
  • gender;
  • address;
  • email address;
  • telephone number;
  • organization for which you work;
  • sector of the organization where you work; and
  • job-title.

Why do we ask for this information?

We need your details in order to process your subscription to SURF Magazine (legal basis for processing: performance of an agreement). In every SURF Magazine there are instructions on how to unsubscribe. You unsubscribe by sending an email to communicatie@surf.nl

How long do we retain your details?

We retain your details for as long as you are a subscriber to SURF Magazine. Once you unsubscribe, we immediately delete your details. 

Web forms

On our website, you can fill out forms for a variety of reasons. For example, you may register as a speaker for an event or fill out a feedback form. When you fill out a web form, SURF may ask you for the following details:

  • first name and surname;
  • address;
  • email address;
  • telephone number;
  • area of interest;
  • organization for which you work;
  • sector of the organization where you work;
  • job-title; and
  • other information that you can provide optionally.

Why do we ask for this information?

We need your details in order to process your registration or request (legal basis for processing: performance of an agreement).

How long do we retain your details?

We retain your data up to 1 month after your request or registration has been fully processed, so that we can still answer any follow-up questions. 

Our SURF News newsletter

If you subscribe to our SURF News online newsletter, we ask you for the following personal details:

  • first name and surname;
  • email address;
  • organization for which you work; and
  • area of interest.
  • Every newsletter from SURF includes a link at the foot of the newsletter to allow you to unsubscribe.

Why do we ask for this information?

We need your details in order to process your registration (legal basis for processing: performance of an agreement).

How long do we retain your details?

Directly after you have signed out of SURF News, you will not receive the newsletter anymore.

Customer relationship management

We process personal data in the context of our customer relationship management, in order to fulfil our obligations under the agreements with our relations. For example, we can record data of contact persons of institutions, suppliers and other business relations in the SURF-wide CRM system. For the purpose of relationship management, we may process the following data:

  • first name and surname; 
  • gender;
  • address;
  • telephone number;
  • cell number;
  • role or job-title;
  • department;
  • institution or organization with which you are affiliated;
  • email address; and
  • short business visit report, if our relationship manager has visited you

Why do we process this information?

We need this information for the purposes of our customer relationship management (legal basis for processing: SURF's legitimate interest).

How long do we retain your details?

Data that are required to be retained by law will be retained for the period the law requires. We therefore retain the data included in the legal basic administration for up to 10 years after the end of the contract. In all other cases, we retain your data for up to 1 year from the end of the agreement. 

To whom do we transfer your data?

We only pass on the data you provided us to third parties when this is necessary to be able to provide you with the respective services.

We will only supply your data to other parties with your agreement, unless it is legally required of us or permitted to transfer your data. For example, the police may require us to provide data as part of a fraud investigation. SURF is then legally required to provide these data.

In addition to the cases referred to above, we may provide your details in the following situation: when processing them in the context of relationship management, we may provide your contact details to your institution's SURF Coordinating Contact Person if this is necessary for proper coordination of communication on SURF-related topics. For this purpose, we may provide your name, business e-mail address, and the SURF committee or group in which you are involved. Your details will be provided on the basis of the legitimate interests of SURF and the institution.

What rights do you have in relation to your data?

We process your personal data and you can therefore decide what is done with them. To do so, you can contact SURF; see the contact details at the foot of this page. What exactly can you do with the data provided to us?

  • You may request to see your data that we are processing.
  • You may ask us to amend your data, to complete them, or to remove them if they are incorrect or not (no longer) relevant.
  • You may ask us to restrict the processing of your data.
  • You may request a digital copy of your data that we process and you have the right to transfer these data to a different service provider.
  • You may withdraw your consent to the processing of your personal data, for example by unsubscribing from a newsletter. Note: the processing of your personal data before you withdrew your consent remains legal.

If you believe that SURF is not handling your personal data correctly, then you may file a complaint with SURF. If you and SURF are unable to resolve the issue, then you can submit a complaint about SURF to the Personal Data Authority

Right of objection

In addition to the rights referred to above, you may also object to processing that takes place on the grounds of the legitimate interest of SURF or a third party. This may be for reasons related to your specific situation. You can object via the contact details at the bottom of this privacy statement.

Third-party websites

This privacy statement does not apply to third-party websites to which we have links on our website. SURF is unable to guarantee that these third parties will handle your data in a trustworthy or secure manner. We recommend that you read the privacy statement(s) on those websites before you make use of such website(s).

Amendments to privacy statement

SURF may amend this privacy statement. We therefore recommend that you review this privacy statement regularly.

Cookie policy

Also read our cookie statement, where we explain what cookies we use on our website and why. 

SURF contact details

General

SURF
Moreelsepark 48
3511 EP  Utrecht
communicatie@surf.nl
+31-887873000

Latest modifications 31 Jan 2019