Privacy statement on newsletters and group e-mails
One of the ways to inform employees, students, external relations, and other interested parties is through group emails and newsletters. A newsletter is a periodical publication, sent to a permanent email list belonging to a specific part of the organisation. Alternatively, the list can also belong to a specific project or concern a specific topic. A group email is an email in the branding of Utrecht University, which is sent only once.We find it important to keep all recipients well informed about the reason why they are receiving these emails. This may also be the reason why you are visiting this internet page.
This page describes:
- When you are receiving email from us;
- Which data we use;
- What you can do if you disagree with our use of data.
Firstly, a few basic definitions:
Personal data are data about you, which can lead back to you, for example an email address. When an organisation is using personal data, it needs to have a so-called basis to do so. A basis is a legal accreditation for doing what this organisation wants or should do. What it wants or should do, is called a processing objective. A retention period is the period of time for storing the data. As these data are about you, you are called the interested party. As an interested party, you have certain rights. You will find more information about your rights at the end of this page.
Lastly, it is important to know that these regulations do not concern personal emails, such as those from a colleague, a teacher, or a personal contact.
Consent is one of the processing objectives that permits us to send you a group email or a newsletter. This is a permission that you have given by subscribing to a newsletter, or by expressing your interest in it, for example by ticking the subscription box when signing up for an event.
Should you have no interest in receiving a newsletter anymore, you can withdraw your consent any time via the ‘unsubscribe’ link in the footer of the newsletter. Please note that this unsubscribes you only from a specific newsletter
Legitimate interest is the second processing objective. As the term says, it is in our interest to send you newsletters and group emails. However, we cannot do this just like that. This is why we have carefully researched when it is appropriate and, therefore, allowed legally. We are allowed to email you in these cases:
- When we, within the framework of good employment practices, want to inform our employees about issues that are necessary for their work, relevant for their position, about the segment of organisation where they work, and/or about policies or strategies of Utrecht University;
- When we need to inform our students about issues that are necessary for their studies, or that are relevant for their faculty or study programme, concerning student councelling and development, about preconditions (such as IT, or study places), which enable studying, and/or policies and strategies of Utrecht University;
- When we want to inform external parties about a project in which they are involved, whereby the external party is working for an organisation that has been contracted by Utrecht University, or in case the external party has a great interest in that project;
- When we want to inform employees, students or external parties about a major event, calamity, or a crisis that affects them;
- When we want to inform employees, students or external parties about (changes in) rules and regulations;
- When we want to involve our employees or students in community forming, or keep them engaged.
As explained, we use your personal data for sending you emails. Next to your email address, we have the following data:
|First and last name
|Faculty / Department / Name of organisation
* Optional; choose when signing up.
** A segment means the (building) project, department or study in which you participate.
Although we have these data, it doesn’t mean that we will be using them in every email.
Period of use and retention
It is useful to know that your personal data are stored only once in our email and newsletter database, and are connected to a list. Examples of these lists are:
|Personal data 1
|Personal data 2
The above information is important for understanding that we can delete your data only when you are no longer subscribed to any group email or newsletter. In the example of ‘Personal data 2’, this means withdrawing your consent for both newsletters. The data will be deleted at the latest within one calendar month after withdrawing the last consent.
In the example of ‘Personal data 1’, it is possible that all consents have been withdrawn, but that personal data cannot yet be deleted, due to still having a legitimate interest for sending emails. The data can only be deleted when not needed for all connected lists anymore, for example in these cases:
- After having sent the last message and deleting the list. When no (active) lists are connected, the data will be deleted after one month at the latest;
- If you are not an employee or student anymore, and your data have been deleted from the employee or student register. After having removed the data, they are also deleted in our group email and newsletter database.
When deleting personal data, all sent messages disappear as well. In other cases, the sent message, including the affiliation, will be kept stored in our database until one year after being sent. Deleting the affiliation means that all historical data have been deleted, and that recipients of each group email cannot be traced anymore.
The statistics of sent messages (opened and clicked on) are always anonymous and are stored for a maximum of one year for the purpose of reporting and/or comparing between different messages.
We have described above how Utrecht University uses your data for newsletters and group emails. We have done our best to find a sound balance in explaining it clearly. However, it is possible that we have overlooked certain details. If you have any questions or comments, please email us at firstname.lastname@example.org.
In case of complaints, if an informal solution cannot be found, there is also a possibility of a formal solution. According to the GDPR, you have the following rights:
- The right to inspect;
- The right to rectification;
- The right to restriction of data processing;
- The right to object;
- The right to erasure.