The UvA processes personal data according to the principles of the GDPR. These principles are:
All processing performed by the UvA is in accordance with the GDPR and in proportion to the objective to be achieved. The UvA will inform its data subjects of the work methods used in and the objective of the processing. Current information can be found in the privacy statement. Information on your rights with regard to this processing can be found here.
The UvA only processes personal data for the objective for which they are collected. Your personal data may be used for a different purpose if the new purpose is related to the original objective of their collection.
The UvA does not collect more data than required for the objective of its collection. Where possible, the UvA will delete or anonymise data as soon as possible.
The UvA safeguards the correctness of personal data and updates these when required. You can check your data by submitting a request for inspection and can subsequently request that the UvA adapts, restricts, deletes or 'forgets' your personal data.
The UvA and its processors do not store personal data for longer than is required for the processing. Exceptions to this rule are the retention obligation that arises from tax laws, among other things, as well as the admissibility with regard to archiving and research.
By means of fitting technical and organisational measures, personal data are processed in such manner that appropriate security is safeguarded.
Personal data are processed under the responsibility of the controller, who must ensure and be able to demonstrate that the processing is in accordance with the GDPR.
The UvA only processes personal data if the processing takes place on one or more of the following bases:
Though it is a common misunderstanding, this fact means that processing does not always require permission.