Understanding Society

Tilburg University is convinced that it can contribute to solving social issues by developing and transferring knowledge and bringing together people from various disciplines and organizations.

Tilburg University Privacy Statement

Tilburg University takes its legal duty to protect personal data very seriously. Personal data need to be processed for education, for research, and for support processes.

Accountable party and accountability

As Tilburg University is accountable within the meaning of the General Data Protection Regulation (GDPR), it is transparent about how personal data are processed, as can be read in this privacy statement. First and foremost, the university complies with all the requirements in the GDPR.

How does Tilburg University process your data?

Tilburg University takes it legal duty to protect personal data very seriously. Personal data need to be processed for education, for research, and for support processes. Tilburg University conforms to the codes of conduct of the VSNU, including the Code of use of personal data in research.

In addition, a strategy for the protection of personal data has been determined which is further developed in the Privacy & Personal Data Protection Policy and in specific thematic policies for the subjects education and students, scientific research, employee data*, external relations and camera surveillance.

Tilburg University regularly aligns its policies and procedures with the opinions of the authorities in the field of personal data protection, such as the Dutch Data Protection Authority and the European Data Protection Board (EDPB).

Further information and procedures for employees can be found on the intranet page Privacy & Security (staff only).

* in development

To what end does Tilburg University process your personal data?

Tilburg University uses your personal data for operational management, and for the proper performance of its legal duties and obligations in regard to education and research. The most important processes for which Tilburg University collects personal data are the following.

Educational administration and educational support

Recruitment and selection of new students; student administration; external and external provision of information; recording of grades; issuing of certificates, diplomas, and degrees; drafting and executing agreements with students; client engagement, stakeholder management, and marketing; health, safety, and security; organizational analysis; development and management reporting; providing information for accreditation assessments; advice, coaching and supervision; handling disputes; audits.

Human Resources Management

Determining salary levels; executing employment contracts; arranging benefits in relation to termination of employment; internal and external audits; use in connection with the activities of the university’s occupational health physician.

Operational Management and Finances

Financial administration; management of purchasing systems and payment systems; carrying out and managing IT-related activities; legal affairs; all other matters relating to operational management. Recruitment and selection of new employees and candidates; human resources management; internal and external provision of information; drafting and executing agreements with employees, clients, consumers, suppliers, and business partners; client engagement; relationship management; marketing and market research; health, safety, and security; organizational analysis; development and management reporting; complaints handling.

Facilities Management

Access and management systems; camera surveillance; management of parking facilities.

General Processes

Web content management; library system; physical and digital archiving; employee participation and elections; complaints handling procedures; appeals and objections.

Academic Research

Sound academic research cannot do without good data, either existing data or data collected by the researchers themselves. Personal data play an important role in the various academic fields studied at our university.

Processing on the website

Tilburg University processes personal data through the various websites, for instance through the use of contact forms (see the Disclaimer webpage for additional information). This takes place on the basis of consent or the university’s legitimate interests. All processes in which personal data are processed are recorded in a register of data processing activities. Tilburg University thus has a complete and up-to-date overview of all processes involving data processing.

The purposes of the data processing are further specified in the Data Register (see 'Data Register & Privacy Statements Individual Units').

Who does Tilburg University collect which personal data on?

In the processes mentioned above, the persons that Tilburg University collects data on belong to various categories, including:


In each process, different personal data are collected. Tilburg University collects personal and other data immediately from the person concerned, but may also receive personal data from third parties insofar as this is in accordance with the law.


Data subjects’ rights

Right of access

The General Data Protection Regulation gives people more control over their personal data. They have the right to ask what data Tilburg University has about them. They are permitted to ask to see this data.

In the Tilburg University data register you can see which data we process for each category of data subjects, for what purposes this data is processed, how we have obtained this information and to whom we provide the data.

Tilburg University strives for greater transparency. Via our portals, more information is visible and can be updated by datasubjects themselves.

More information

For further information on the Tilburg University procedures, see the document Request to Access Personal Data.

Right to rectification

The General Data Protection Regulation gives people the right to have inaccurate personal data rectified or to add additional information to their personal data.

Every organization is responsible for ensuring that the personal data processed is accurate and that it is updated when necessary.

If, in view of the purpose for which it is being processed, personal data is incorrect, the organization concerned is obliged to take all reasonable measures to rectify or supplement this data. If an organization has provided third parties with inaccurate or incomplete personal data, it must also pass on the amended or additional data to these third parties.

Tilburg University strives for greater transparency. Via our portals, more information is visible and can be updated by datasubjects themselves.

More information

For more information about the procedures of Tilburg University, see the request to rectify personal data.

Right to be forgotten

Article 17 of the General Data Protection Regulation includes what is known as the right to be forgotten. According to this right, organizations must erase personal data in a certain number of cases if a data subject (the person whose data the organization is processing) requests this.

The right to be forgotten does not always apply. The right to be forgotten is applicable in a number of clearly-defined situations only.

The General Data Protection Regulation gives people the right to have inaccurate personal data rectified or to add additional information to their personal data.

More information

For more information about the procedures of Tilburg University, see the request to erasure personal data.



Right to restriction of processing

In certain situations, the General Data Protection Regulation gives people the right to restrict the use of their data. The right to restriction of processing applies in situations that meet one of the following criteria:

  • The data may be inaccurate
  • The processing is unlawful
  • The data is no longer needed
  • The data subject has objected

More information

For more information about the procedures of Tilburg University, see the request to restrict personal data.

Right to transfer data

The General Data Protection Regulation gives people in certain situations the right to receive the personal data in a structured, current and machine-readable form for the transfer to another controller. If technically possible, Tilburg University provides this transfer to the other organization itself. The right to data portability applies in situations that meet the following criteria:

  • Data is obtained on the basis of permission or agreement.
  • The processing is automated.

More information

For more information about the procedures of Tilburg University, see the request to transfer personal data.



Right to object

The General Data Protection Regulation gives people the right to object to the processing of their personal data. If an organization processes personal data for the purposes of performing a task in the public interest or on the grounds of a legitimate interest, data subjects have the right to object to the processing of this data. If someone objects to the processing of his or her personal data, the organization must refrain from processing the data.

If someone objects to the processing of his or her personal data, the organization must refrain from processing the data, unless there are grounds that outweigh the interest of the person concerned. This consideration does not apply to direct marketing.

More information

For more information about the procedures of Tilburg University, see the object to the processing of personal data.





Right to file a complaint with a supervisory authority

The General Data Protection Regulation gives people the right to file a complaint with a supervisory authority.

If you have followed the usual procedures of request and / or objection and you arr not satisfied by the followed procedure of the answer, you can submit a complaint to a supervisory authority.

The first point of contact for complaints is the internal supervisor, the Data Protection Officer.

The contact details can be found at the Data Protection Officer (see 'Data Protection Officer'). Based on article 36 UAVG you can also submit a complaint to the external supervisory authority, the Dutch Data Protection Authority.




Contact Details

Data Protection Office

If you still have any questions about the protection of personal data, do not hesitate to contact our Data Protection Officer Mr M.R.G. Herregodts at e-mail: fg@tilburguniversity.edu

Contact Details Tilburg University

Visiting Address

Warandelaan 2

5037 AB Tilburg

Mailing Address

Postbus 90153

5000 LE Tilburg

Telefoonnummer: + 0031 (0) 13 - 466 9111