Privacy Statement

QuSoft is a collaboration of University of Amsterdam and CWI. On this web page, where reference is made to “University of Amsterdam”, this should be understood as “QuSoft”.

University of Amsterdam processes personal data and uses cookies for this website. This Privacy Statement provides you with information about the purposes for which University of Amsterdam processes personal data and about exercising your privacy rights. We also provide further information that may be of importance to you. In University of Amsterdam’s cookie policy, you can read which cookies University of Amsterdam uses.

The Privacy Statement applies to all University of Amsterdam activities (including those via the website). We have included the most relevant information on each topic.

University of Amsterdam takes the utmost care with personal data and in doing so acts within the law, including the General Data Protection Regulation (GDPR).

Data controller and responsibility

Under the GDPR, University of Amsterdam is defined as the data controller. University of Amsterdam considers it to be of essential importance that the personal data of its students, researchers, staff and visitors is processed and secured with the utmost possible care.

University of Amsterdam aims to be open about the way in which it processes your data. That is why this is explained below. In all cases, University of Amsterdam aims to meet the requirements and obligations of the GDPR.

For what purposes does University of Amsterdam process your personal data?

The personal data collected by University of Amsterdam is used for operational purposes and to enable it to carry out its statutory tasks and responsibilities for education and research properly.

The most important processes for which University of Amsterdam Users personal data are:

a)  Education administration and support: recruitment & selection of new students, student administration, internal and external provision of information, recording results, issuing certificates, diplomas and degrees, entering into and executing agreements with students, customer engagement, account management and marketing, health, safety and security, organisational analysis, development and management reports, collecting evidence for accreditations, advice and support, handling disputes, enabling audits to be conducted;

b)  Human resource management: determining salary agreements, implementing appointments, making arrangements for payments in connection with the termination of employment contracts, internal and external audits and in connection with occupational medical care, HR management, recruitment & selection of new employees and applicants, entering into and executing agreements with employees, data concerning performance;

c)  Operations and finance: financial administration, managing processing and payment systems, implementing and managing IT procedures, legal affairs and other operations, recruitment, internal and external information provision, entering into and executing agreements with customers, suppliers and commercial partners, customer engagement, account management, marketing and market research, health, safety and security, organisational analysis, development and management reporting, complaints handling;

d)  Facility management: access and management systems, camera surveillance;

e) General processes: Web content management, library system, sport and culture facilities, physical and digital archiving, employee participation and elections, complaints procedure and objections and appeals;

F) Scientific research: University of Amsterdam’s scientific research. University of Amsterdam records all processes in which personal data is processed in a register of processing activities.

Whose personal data does University of Amsterdam collect?

In the processes listed above, University of Amsterdam collects data from the following categories of parties:

  • Students;
  • Applying and prospective students;
  • Alumni;
  • Staff, including doctoral
    candidates and job applicants;
  • External parties, including temporary and agency staff;
  • Visitors to the website(s);
    Research subjects.

Whose personal data does University of Amsterdam collect?

Different personal data is collected in each process, the most frequent being the following:

  • Name and address details;
  • Bank account number (IBAN);
  • Telephone number;
  • Date of birth;
  • Gender;
  • E-mail address;
  • IP address;
  • interaction information (e.g. cookie or information received when you contact University of Amsterdam);
  • Visual images (photographs and videos);
  • Study information, study progress and study results;
  • Website visit and click behaviour;
  • Research data.


University of Amsterdam collects personal and other data directly from the individual involved, but it can also receive personal data via third parties insofar as this is in accordance with the law.

How does University of Amsterdam ensure that personal data is handled confidentially?

University of Amsterdam handles personal data confidentially. University of Amsterdam takes appropriate technical and organisational measures to ensure that personal data is protected.

University of Amsterdam will only share personal data in accordance with this Privacy Statement and only with third parties if this is authorised and is done with care.

Providing and withdrawing permission

University of Amsterdam offers some activities that require your explicit permission. This may, for example, include using your e-mail address to send a newsletter, promotional e-mails or your study characteristics for conducting research. Your data will be used only if you have given explicit permission for this. In this regard, you will always be notified of the purposes for which your data will be used, which data is involved and to whom it will be provided.

If you give University of Amsterdam permission to use personal data, you are also entitled to withdraw this permission at a later stage. Withdrawal cannot apply retrospectively. The requirement for permission does not apply if you are sent newsletters or e-mails within the context of your degree programme or appointment.

Sharing of data with third parties

Third parties may provide certain services, on behalf of University of Amsterdam, in executing an agreement. University of Amsterdam makes agreements with these data processors in order to guarantee confidential and careful handling of personal data. These agreements are laid down contractually in data processor agreements.

Personal data being processed as research data within a research project may  be shared with research partners within that project. The processing of this personal data is done in accordance with the provisions of the GDPR related to the processing of research data.

Your personal data will not be sold to third parties. University of Amsterdam can share your (personal) data with third parties if, for example, you yourself have given permission for this or if it is necessary to implement an agreement.

University of Amsterdam provides personal data to enforcement authorities or organisations combating fraud if this is necessary in order to meet a statutory obligation.

The categories of third parties with which University of Amsterdam shares data are:

  • Government authorities, such as the Education Executive Agency (DUO), the Tax and Customs Administration, the Immigration and Naturalisation Service (IND);
  • Investigative authorities;
  • Research groups.

Passing on your data outside the EU

In some cases, University of Amsterdam provides personal data to countries outside the EU. This happens in the following situations: for communication with international students who intend to study at University of Amsterdam, University of Amsterdam students studying abroad and within the context of scientific research.

How long is data retained?
University of Amsterdam retains your personal data in accordance with the GDPR. The data is retained in accordance with the statutory retention period and for no longer than is strictly necessary in order to achieve the purposes for which the data was collected.

How can you consult, correct or delete your data?

You can submit a request to University of Amsterdam to consult or correct your data, clearly indicating that you are making the request on the grounds of the GDPR. You can also ask to have your data deleted, insofar as University of Amsterdam is still able to meet its statutory obligations, such as the statutory retention periods. You must bear in mind that you may need to provide a copy of your proof of identity in order to verify your identity.

It is easy to create a secure copy of your proof of identity using the government’s ‘Kopie Id’ app that you can download from the appstore.

You are also entitled to submit a complaint about the use of your data to the Dutch Data Protection Authority.

Technical security

University of Amsterdam applies appropriate security technology in order to provide optimum protection for your personal data against unauthorised access or use. University of Amsterdam reports any abuse or attempted abuse. In addition, University of Amsterdam takes technical and organisational measures in order to secure personal data against unauthorised access.

Cookie policy

General information on visits to our website is recorded, such as the most requested pages. This general information on website visits is intended to optimise the design of the website. University of Amsterdam uses various tools to enable the website to function as effectively as possible, improve user convenience and obtain active feedback from users.

Third parties’ privacy policy

The University of Amsterdam website includes links to other websites that are not part of University of Amsterdam. University of Amsterdam has no responsibility for the way in which these parties deal with personal data and therefore advises you to inform yourself of these parties’ privacy policies or to contact them for a more detailed explanation of their policy on the use of personal data.


If, after reading this information, you have specific questions or comments about University of Amsterdam’s privacy statement, please do not hesitate to contact us. You can e-mail  to do this. The University of Amsterdam Data Protection Officer can also be contacted at this e-mail address.