What are personal data?
Information is considered personal data if it says something about a specific person or if this information in combination with other data can be traced to this person. As soon as you are going to 'process' personal data, you have to follow certain rules. On this page you will find what personal data and special personal data are and what we mean by processing personal data.
Examples of personal data
Obvious information is someone's name, address and place of residence. But also telephone numbers, zip codes with house numbers and the IP address of the computer and a passport photo or someone's digits are personal data.
Special personal data
Special personal data are data that are so sensitive that their processing can seriously affect someone's privacy. The following data are regarded as special personal data:
- Personal data revealing racial or ethnic origin;
- Personal data revealing political views;
- Personal data revealing religious or philosophical beliefs;
- Personal data revealing membership of a trade union/association;
- Genetic data;
- Biometric data for the unique identification of a person;
- Data about someone's health;
- Data relating to a person's sexual behavior or sexual orientation.
Special personal data are extra protected by law. The GDPR assumes that the processing of these data is prohibited, but exceptions have been made for certain processing operations. One of the exceptions is that the data subject has given explicit consent to the processing. For more details, we refer to the Privacy & Protection of Personal Data policy and the possible theme policy.
Processing personal data: everything you do with personal data
The privacy legislation applies to any 'processing' of personal data. Processing is understood to mean much more than providing personal data to third parties. The law refers to 'collecting, recording, organizing, structuring, storing, updating or changing, retrieving, consulting, using, providing by transmission, distributing or otherwise making available, aligning or combining, blocking'. In short, everything you can do with personal data is covered by the term 'processing'. It does not matter whether the action is performed manually or automatically.
Protection of personal data is a legal obligation
Everyone must be able to trust that his or her personal data is adequately secured. According to the AVG, Tilburg University is legally obliged to protect personal data. As a person, you must be able to assume that your personal data is in safe hands. After all, poor security can lead to misuse of your personal data. The subjects of privacy, personal data protection and security are therefore closely interrelated. Everyone who has to deal with the processing of personal data has to deal with the AVG. That is why the university has included rules in its Privacy & Protection of Personal Data policy.