This Privacy Statement applies to all activities of The institute for Medical Technology Assessment, hereafter referred to as iMTA. This Privacy Statement gives the most relevant information about the relevant topics.
iMTA handles personal data in a careful manner and acts within the limits of the law, including the Dutch Personal Data Protection Act (Wbp) and, after May 25 2018, the General Data Protection Regulation (GDPR).
Responsible party and responsibility
iMTA is within the terms of the Wbp and GDPR the responsible party. iMTA considers it essential that the personal details of its students, employees and visitors are handled and secured with the utmost care. We also want to be open about the way in which your data is processed by us. That is why we give the undermentioned explanation. Most importantly, we always comply with the requirements set by the Wbp and GDPR.
For what purposes does the iMTA process your personal data?
The personal data collected from you will be used iMTA used for business operations and for the proper performance of (legal) tasks and duties for education and research. The most important processes for which iMTA personal data are processed are:
- Education administration and educational support: recruitment, recruitment & selection of new students, student administration, internal and external information provision, recording of results, issuing certificates, diplomas and degrees, formation and execution of agreements with students, customer involvement, relationship management and marketing, health, safety and security, organization analysis, development and management reporting, substantiation for accreditation studies, advice and guidance, handling of disputes, being able to perform an audit.
- Personnel matters: salary entitlements, execution of the employment contract, settlement of claims for benefits in connection with the termination of employment, internal and auditing and in connection with the company medical care.
- Operational management and finances: financial administration, managing purchasing systems and payment systems, executing and managing procedures aimed at IT, legal affairs and other business operations. Recruitment, recruitment and selection of new employees and candidates, personnel management, internal and external information provision, realization and execution of agreements with employees, customers, consumers, suppliers and business partners, customer engagement, relationship management, marketing and market research, health, safety and security, organization analysis, development and management reporting, complaint handling.
- Facility processes: access and management systems.
- General processes: Web content management, library system, physical and digital archiving, complaints procedure and appeal and objection.
- (Scientific) research.
iMTA processes personal data by means of the various websites of iMTA, such as personal data obtained via contact forms. This is based on permission by the subject involved or because of the legitimate interest of iMTA. All processes in which personal data are processed are recorded in a register of processing activities. iMTA thus has a complete and up-to-date overview of all data processing processes.
From whom does iMTA collect personal data?
In the processes mentioned above, iMTA collects data from different categories of data subjects. These are:
- Employees, including PhD students and applicants
- External parties, including temporary staff
- Visitors to the website (s)
- Research subjects
Which personal data does iMTA collect?
In each process, other personal data is collected. The most common data are:
- name and address details (name, address, place of residence);
- bank account number (IBAN);
- phone number;
- date of birth;
- e-mail address;
- interaction data (eg cookie or information received when you contact us)
- Images (photos and videos)
- Study information, study progress and study results
- Webbrowsing and click behavior
- Research data
iMTA collects (personal) data directly from you, but in some cases iMTA also receives personal data via third parties to the extent that this is in accordance with the law.
Giving and revoking of consent
iMTA offers various activities that can only be carried out by using your personal details. For example of your e-mail address for sending a newsletter, promotional e-mails or your study characteristics for conducting research. Your data will only be used if you give explicit permission for this. You will always be informed of the purposes for which your data will be used, which data it concerns and to whom it is provided. If you give iMTA permission for the use of personal data, you can always revoke this consent at a later date.
How does iMTA ensure confidential handling of personal data?
iMTA deals confidentially with personal data. iMTA takes appropriate technical and organizational measures to protect personal data. iMTA only shares personal data in accordance with this Privacy Statement and only with third parties if this is permitted and is done carefully.
Data sharing with third parties
By order of iMTA, third parties can provide services needed to execute an agreement. iMTA makes agreements with these service providers to ensure confidential and careful handling of personal data. These agreements are contractually laid down in so-called ‘processor agreements’.
Your personal data will not be rented, sold or otherwise shared with or provided to third parties. iMTA may share your (personal) data with third parties if, for example, you have given your consent or if this is necessary for the execution of the agreement.
iMTA provides personal data to enforcement authorities or anti-fraud organizations when this is necessary to comply with a legal obligation.
If you do not agree with the processing of your personal data where this is necessary to comply with a legal obligation or if this is necessary for the execution of the agreement, this may result in the execution of the agreement being discontinued.
Transfer of your data outside the European Union
iMTA provides in some cases personal data to countries outside the European Union. This occurs in the following situations: for communication with foreign students who are going to study at, students of iMTA who study abroad and in the context of scientific research.
How long will data be stored?
iMTA will keep your personal data in accordance with the Wbp / GDPR. The data is not stored longer than is strictly necessary to achieve the purposes for which the data were collected.
How can you view, correct or delete your data?
You can direct a request for inspection or correction to iMTA. Please indicate clearly that this is a request for inspection or correction under the GDPR. You can also request that your data be deleted, however this is only possible if iMTA can still fulfill its legal obligations, such as the statutory retention periods. Please note that providing a copy of a proof of identity may be necessary to check your identity. You can easily create a secure copy of your identity card with the ‘Kopie Id’ app from the Dutch government that you can download in the appstore.
Send your request to the following email address: iMTA and write down the request in the subject.
You are also entitled to submit a complaint about the use of your data with the Autoriteit Persoonsgegevens.
In order to optimally protect your personal data against unauthorized access or unauthorized use, iMTA applies appropriate security technology. We will reports (attempts of) abuse to the police. iMTA also takes organizational measures to protect personal data against unauthorized access.
Cookies and click behavior
General visitor data is kept on our website, such as the most requested pages. The purpose of collecting these general visitor data is to optimize the layout of the website for you. iMTA uses various tools to make the website function optimally and to improve the user-friendliness and to actively retrieve feedback from users. Read more about the cookies that iMTA uses.
Do you have any specific questions or comments about our privacy statement as a result of this information? Please feel free to contact us. You can use the contact form on the website or send a letter to firstname.lastname@example.org . The Data Protection Officer (FG) of iMTA can be contacted via the email address email@example.com.