Kast met ordners, foto Viktor Talashuk

Handling personal data with care

When are you allowed to query and process data?

Every time you process personal data, it is an invasion of the privacy of the people it concerns. That is why you may only process personal data if there is really no other way. In other words: if you cannot achieve your goal without this data.

This means that you must have a good reason to process personal data. The AVG lists 6 reasons. The legal name for those reasons is fundamentals. You therefore need a basis to be able to process personal data. It is Tilburg University's responsibility to assess which basis applies to the processing. This basis must therefore be determined before starting to process data.

The 6 bases

The GDPR contains the following 6 principles for processing personal data:

Make sure that you are able to substantiate why the chosen basis applies. The basis must in any case be stated in the notification form for the processing register. For more information about this, see the page on Tilburg University's obligations.

Exception: special and criminal data

Please note that these rules only apply to 'ordinary' personal data. Do you want to process special personal data, such as data about someone's health? Or criminal data? That is prohibited. Unless you meet a number of strict requirements. In that case, having a basis is not enough. More information can be found on the page Which personal data should I handle with care?

Personal use

Processing personal data for purely personal use is always permitted. Think for example of a birthday calendar or a file with addresses of family and friends.