Tools

nl

Tools

Privacy Statements

Privacy Policy of Amberscript Transcription Service

Version 07-08-2024

In this privacy policy, we explain what happens to your personal data when you use Amberscript’s service for converting audio to text, or when your personal data is processed in Amberscript as a participant in an interview.

The following data is processed when using Amberscript:

  • Name information;
  • Contact information;
  • Personal data as part of the recording files;
  • Personal data as part of the transcribed text;
  • Personal data as part of the log data.

The following data is processed when participating in an interview:

  • Personal data as part of the recording files;
  • Personal data as part of the transcribed text.

For what purposes does UU process my personal data?

During qualitative research, researchers and/or students of the UU often conduct interviews. To enable further analysis of these interviews, they are recorded and later transcribed into text. Manually transcribing these audio recordings requires a lot of work and time. With the help of Amberscript, the audio recordings are automatically converted into written text. This saves a significant amount of time compared to manual transcription of the interviews and also ensures some quality assurance.

Can the UU process my personal data?

The UU may only process your personal data if we have a valid reason to do so. Such a reason must be specified in the law. This is referred to as a legal basis. The legal basis for processing personal data as part of the recording files must be determined on a case-by-case basis and communicated to the data subject.
For this transcription service, the UU processes your personal data based on one of the following legal grounds:

  • The processing is necessary for the performance of a task carried out in the public interest. All activities we undertake as part of our regular education fall under this legal basis. Under the Higher Education and Research Act, the UU is tasked with providing scientific education and conducting scientific research. Thus, the UU fulfills a task of public interest.
  • You have given consent for this processing of your personal data. If you participate in a study, for example, you may be asked if you consent to the processing of your personal data.

Who receives my personal data?

The data is processed by Amberscript. Amberscript converts the (audio) files into text through an automated process. Amberscript employees do not have access to the shared files unless the additional service is used, where an approved Amberscript employee manually improves the text after it has been automatically converted. Utrecht University has made agreements with Amberscript on how Amberscript should handle the collected and processed personal data. These agreements are formalized in a contract, the data processing agreement.

Amberscript uses Google Cloud Platform (GCP) as a sub-processor for managing their servers.

Within Amberscript, there is also the option to translate texts. For this, a connection with DEEPL is used to translate the text. The recording files are only shared with DEEPL when the translation function is used.

Organizations involved in the processing of your personal data may also be located outside the European Economic Area (EEA). When using Amberscript, no data is transferred to third countries outside the European Economic Area (EEA).

What are my rights under the GDPR?

The GDPR gives you as a student a large number of rights with regard to your personal data. For example, you have the right to be informed in a timely, clear and complete manner about the processing of your data. This privacy statement is intended to do just that. In addition, you have the right to view your data and to have it corrected or deleted. In certain cases, you have the right to have the processing of your data temporarily frozen (‘restricted’), the right to object to the processing and the right not to be subject to decisions resulting from fully automated processes (i.e. without human intervention) which may have serious consequences for you. And finally, in some cases you have the right to have a whole set of data that we have about you transferred to another organization. This is called the right to portability.

What about giving and withdrawing consent?

If we process your data on the basis of your consent, you have the right to withdraw this consent. This is always possible, even after we have already collected your data. You do not have to say why you withdraw your consent. Please note that if you withdraw your consent, we do not need to undo what we have done with your personal data up to that point. Withdrawing your consent therefore does not work retroactively.

Can I view, correct or delete my personal data?

You have the right to know which of your personal data we process and to check whether that data is correct. At your request, we will provide you with an overview of data free of charge, preferably as specific as possible. In doing so, we provide you with additional information, for example why we process that data, how long we store it, etc.

We must ensure that all your personal data stored on our systems is correct. If you notice (or think) that certain personal data is factually incorrect, you can request that we correct that data. And because our data must not only be correct, but also complete, you may supplement that data or have it completed.

There are situations in which you can ask us to delete certain data about you. You can do this, for example, if you feel that we no longer need this data or that we are processing it unlawfully, but also if you have withdrawn your consent or if you have objected to the processing. We will then check whether there are compelling reasons for us to keep your personal data (for example because we have an agreement with you). If these reasons are not present, we will delete your data.

When can I object to the processing?

In certain cases, we may process your personal data because it is necessary to perform a task carried out in the public interest or to pursue our legitimate interests (or those of another person or organisation). In such cases, we do not ask you to consent to the processing, but you can object to this based on your specific situation. If you object, we will suspend processing and balance your rights, freedoms and interests against our interests. We pay attention to your specific situation. If our interests outweigh yours, we will resume processing. If your rights, freedoms and interests outweigh ours in your specific case, we will permanently stop the processing. In either case, we’ll let you know what we’ve decided.

What does it mean that I can ‘limit’ the processing?

Restricting the processing is nothing more than temporarily ‘freezing’ the processing. If you request to restrict the processing of your personal data, we can’t do anything with your information other than storing it on our systems. The right to restriction of processing can be useful if, for example, there is a conflict or dispute in which your personal data plays a role. By restricting the processing, you prevent your personal data from being changed or deleted.

Does the UU make fully automated decisions?

There is no fully automated decision-making involved in this processing. This means that decisions are never made without human intervention. There is also no profiling involved.

How can I exercise these rights?

If you wish to exercise one or more of the aforementioned rights, you can submit a request using the Privacy Request Form (uu.nl). We will then have one month to respond to your request. For very complex requests (or if there are a lot of requests coming in at the same time), we sometimes need more time (up to two months extra). We will let you know within that first month.

When exercising your rights, we first need to establish your identity. We do this in a way that suits the situation at hand and the right you want to exercise.

Individual assessment

We would like to point out that the rights described above are not absolute rights. We assess each request individually. There may be circumstances that prevent us from responding to a particular request. If so , we’ll let you know why. There is one exception: if you object to the use of your data for direct marketing, we will always honor that objection.

How does the UU secure my personal data?

The UU makes sure that personal data is treated with confidentially. The UU takes appropriate technical and organisational measures to ensure that your personal data is properly protected.

Technical measures

In order to optimally protect your personal data against unauthorized access or use, the UU has appropriate security technology in use. We report (attempted) abuse. The UU also takes organisational measures to protect personal data against access by unauthorised persons.

Organisational measures

Within the organisation, the UU has taken a large number of measures to ensure that your data is not only technically secured, but that the chance of human error and misuse is also kept to a minimum. For example, the UU applies an information security policy and a privacy policy, the UU works with confidentiality agreements where necessary and the UU staff regularly follows awareness training in the field of data security and protection.

Questions? Complaints?

Do you have any specific questions or comments about this privacy statement? Please feel free to contact us via privacy@uu.nl.

The UU has appointed a Data Protection Officer (DPO). This is an internal advisor and supervisor on the application of the GDPR. When you have questions about the processing of your personal data or when you want to file a complaint, you can contact our DPO via fg@uu.nl.

We would like to point out that you also have the right to file a complaint with the supervisory authority, the Dutch Data Protection Authority.

Contact details Utrecht University

Heidelberglaan 8
3584 CS Utrecht
Tel. (030) 253 35 50