What is your study programme?
Information for
[ enrolled students ]
What is your study programme?

Privacy glossary

Last modified on 15-02-2024 11:42
Here you can find the most important privacy-related terms with a brief explanation.
Show information for your study programme
You're currently viewing general information. Choose your study programme to see additional information that's specific to your study programme, such as deadlines, regulations and contact details.
What is your study programme?

Data subjects

The persons whose information is processed are usually referred to as 'data subjects'. In the UvA's case, these persons include: employees, students, guests, visitors and external relations, but also scientific research subjects.

Personal data

By 'personal data', we mean all information on the basis of which someone can be identified or which can be directly or indirectly traced back to a natural person. This information includes a name, identification number UvAnetID, telephone number, assessments and research data, but also a combination of data which can jointly result in an image so unique that it can only relate to one person.

Study details

By 'study details', we mean: faculties, courses, schedules, attendance lists.


Processing includes any act involving personal data. Such acts include collecting, recording, structuring, storing, changing, requesting and deleting data.


Processors are the entities that perform the processing. While the UvA usually acts as the processor itself, the UvA often engages an external party for the processing. As the processor has an executive task, it has no control of the manner in which data are processed. Both controllers and processors must comply with various obligations. For example, processing at the UvA is subject to a registration obligation (keeping a record of the processing that takes place) and must be properly secured.


The controller – which, in this case, is the UvA – is the party that determines the objective and the means of processing. The GDPR imposes obligations on controllers. For example, as a controller, the UvA has a registration obligation, the obligation to appoint a Data Protection Officer (Functionaris Gegevensbescherming, FG – fg@uva.nlExternal link), the obligation to secure the systems properly and the obligation to comply with the rights of data subjects.

Processing agreement

When the UvA engages an external processor or the UvA itself acts as a processor for a third party, an agreement is drawn up to provide for the rights of the data subjects. In a so-called 'processing agreement', the objective, the duration and the extent of processing are laid down, while arrangements are made on the retention periods and the security measures for the personal data.