Privacy Statement UMIO | Maastricht University

This policy applies to all personal data processed by UMIO. This concerns every individual who has (had) contact with UMIO, such as visitors, interested parties, participants, alumni, applicants, external lecturers and business contacts, across all domains associated with UMIO, including MaastrichtMBA.com and our learning environments (Canvas).

Personal data are all data that can be traced back to a specific individual. These include, for example, your name, telephone number, address and email address. Data such as your IP address, username or student number also fall under this definition, as do other unique identifiers such as the programmes you have expressed interest in, the programmes you are enrolled in, or registrations for events and mailings. Information about content you have downloaded – for example an e-book – or your online browsing behaviour is also included. In addition, data are recorded when you visit one of our locations as a guest.

UMIO processes your personal data in situations where there is direct or indirect contact between you and UMIO. We receive data directly from you, for example when you visit our website, create an account, enter data via a contact form, or contact our programme advisors and/or programme management. In some cases, your data are provided to us by third parties. For example, if someone registers you for an in-company programme or an event, we receive your name and contact details from your employer or the relevant organiser. It is also possible that we obtain data from other parties, but only when you have given permission for certain data to be shared with us.

For a complete overview of the purposes for which we process your data, we refer to the section “Which data do we process, for what purposes are they used, and how long are they retained?”

UMIO processes personal data only when this is necessary for a specific, predefined purpose. These purposes vary depending on the different groups of data subjects – in other words, the individuals whose data we process. Below you will find an overview per group indicating which data are processed, for what purposes, and which retention periods apply. For some purposes, the collected information is briefly summarised, while more complex purposes are explained in greater detail.

Note: In certain cases, overlapping data processing may occur across different groups of data subjects. These duplications are not explained repeatedly below. For example, information relevant to you as a participant may appear under both “Information for participants” and “Information for website visitors”. Information on (personalised) email communication and other online contact can be found under “Information for website visitors (including contact via other channels)”.

Data for processing a specific request
In order to adequately respond to and process your request, we collect the necessary data when you, for example, express interest in:

• a specific programme or programme category and download a brochure;
• a publication (such as an e-book, white paper or one-pager);
• registering for an event, such as an information session or webinar;
• requesting a CV assessment;
• or submitting another specific request, such as a contact or advice request, a quotation request or a scholarship application.

When you submit such a request, we will – with your prior consent – contact you by telephone and email. This contact is used to advise you as effectively as possible, verify whether you meet the admission criteria, or communicate any changes to programmes or events. Depending on the request, we collect relevant information such as your name, email address, career level, prior education level, country and telephone number.

Personalisation: optimal and relevant services
In certain situations, UMIO may decide to personalise its communication. This means that we tailor information and offers to your specific profile, allowing you to find relevant content more quickly and receive less irrelevant information. Such personalisation takes place solely on the basis of a valid legal ground.

• Personalised emails
  We send you emails with news, event information and updates that contribute to your professional and personal development. In addition to generic content, these emails may also be based on your previous interests or purchases. These emails are sent only if you have given consent or if you are already a customer of UMIO. If you later object, you can unsubscribe via the unsubscribe link in each email.
• Analysis of email behaviour
  Our email technology tracks whether emails are opened and which hyperlinks are clicked. These data are used for analytical purposes, allowing us to assess the effectiveness of our communication. As this constitutes a limited infringement of your privacy, no explicit consent is required. UMIO relies on a legitimate interest here, namely gaining insight into the interests of our recipients. If desired, you can unsubscribe from our email communications, after which this analysis tool will no longer be applied to you.
• Personalised advertisements
  Based on your previous visits to our and third-party websites, we display relevant advertisements in cooperation with our advertising networks and media agencies. This involves the use of techniques such as cookies, your IP address and device-related advertising identifiers. These data are collected only if you have consented to marketing cookies. Each type of cookie has a specific, limited retention period. Further details can be found in our cookie policy.
• Non-personalised recommendations
  When you view a programme or knowledge article on UMIO.nl or related domains, we also display suggestions for other relevant programmes or articles. These recommendations are based solely on the content you are viewing at that moment and are not personalised. In such cases, everyone sees the same recommendations.

Profiling upon contact
In order to serve you optimally, we may maintain a profile of you as a (prospective) customer. This profile may include data from your website visits (via cookies), brochure downloads, previous purchases or contact moments with our advisory and management teams – only if you have given consent. This profile enables us to approach you more specifically and make recommendations.
This is based on a legitimate interest, namely providing efficient and personalised services. If you object to this profiling or to receiving personalised emails, you can contact us (see contact details at the end of this privacy policy) or adjust your cookie settings.

Cookies: for technology, analysis, personalisation and marketing
To help you find what you are looking for and ensure that our online services function optimally, we use cookies. When visiting our platforms, data such as your IP address, browser information, language and operating system settings are collected. For detailed information about the use of cookies, please consult our cookie policy.

Data for fraud prevention
Where necessary, we use personal data (such as IP addresses and browsing, search and purchasing behaviour) to investigate, prevent and combat unauthorised access and fraud. This processing is based on our legitimate interest in preventing fraud. In the event of fraud, the relevant data are retained for up to two years after discovery.

Market and customer satisfaction surveys
To continuously improve our services and offerings, UMIO may use your data (such as name and address details, customer ID and enrolment information) to invite you to participate in voluntary surveys. These surveys may also be conducted by third parties. Participation is entirely voluntary. Retention periods for linked data vary per survey. Once a survey is definitively concluded, identifiable data are deleted.
Our analysis of survey results and click and purchase behaviour takes place at an aggregated level, so individual data cannot be traced back to you.

Data relating to your contact with our programme advisors
You can contact UMIO at any time (24/7) by telephone (during business days) or email. We use these contact details to respond as quickly as possible to your interest, question or complaint. In addition, we make these details available to our programme advisors so that they can provide you with relevant alternative proposals and appropriate advice based on your expressed interests.

Telephone conversations
Some telephone conversations with our advisors may be recorded for training and analytical purposes; you will be informed of this prior to the conversation. These recordings are based on our legitimate interest in improving our services. Call recordings are retained for a maximum of one month, unless you object. If you object, we advise you to submit further questions or requests for telephone contact via our contact form.

Application process
When you apply for a programme at UMIO, the following data may be processed:

• Name, address, place of residence, telephone number and email address (NAWTE data);
• Country;
• Career level;
• Prior education;
• Curriculum Vitae (CV);
• Copies of diplomas or transcripts;
• Results and notes from intake interviews;
• Motivation letter;
• Test results (e.g. IELTS, SHL);
• Any other data provided by you during contact with UMIO.

These data are processed, among other things, for:

• Preparing your application to UMIO (depending on the programme, specific data may be required);
• Maintaining contact in response to your request;
• Providing information, for example via newsletters, which you may subscribe to (you can unsubscribe at any time via the opt-out link in the emails);
• Market and customer satisfaction surveys.

Retention periods
UMIO does not retain your data longer than strictly necessary for the purposes for which they were collected. This means that:

• Data you provide during contact are retained for as long as necessary to properly handle the contact;
• Your email address is retained for as long as you wish to remain subscribed to information services;
• Data required to complete your application are retained until that process has been completed;
• Certain data falling under “Information for participants” are subject to specific retention periods.

Which personal data do we process?
For the execution of your programme, UMIO may process, among other things, the following data:

• Name, address, place of residence, telephone number and email address (NAWTE data);
• Country;
• Date and place of birth;
• Admission and invoicing details;
• Citizen Service Number (BSN);
• Passport details;
• Photographs, video and audio recordings;
• Study products (such as papers, essays, blogs, etc.);
• Study results (grades);
• Results of personality tests (for coaching);
• Data relating to diet and visa;
• Curriculum Vitae (CV);
• Copies of diplomas and transcripts.

Purposes of processing
These data are used to:

• Provide education and related (educational) activities;
• Support your development and assessment within your programme;
• Comply with legal obligations, such as reporting to the Central Register of Education for NVAO-accredited programmes;
• Conduct market and customer satisfaction surveys.

Retention periods
UMIO does not retain participants’ personal data longer than strictly necessary for the purposes for which they were collected.

Customer experiences and reviews
If you contribute a review or customer experience (text or video), you decide whether your personal data (such as name, photograph, position or organisation) will be visible. You may also use an alias and indicate whether we may contact you. These contributions are published only with your consent and are retained until you request deletion or until UMIO removes them independently.

Which personal data do we process?
For alumni, UMIO may process the following data:

• Name, address, place of residence, telephone number and email address (NAWTE data);
• Country;
• Date of birth;
• Programme information, such as degree obtained, graduation year and diploma;
• Copies of diplomas and transcripts.

For programme-specific ranking purposes (for example within M(Sc)BA), additional data may be processed, such as:

• Gender;
• Nationality;
• Prior education;
• Work experience (both before and after graduation);
• Salary data (after completion and three years thereafter).

Purposes of processing
These data are used to:

• Maintain contact with alumni at your request;
• Facilitate information provision, events and the alumni platform, for which registration is required (with the option to unsubscribe);
• Issue confirmations of obtained diplomas to third parties with your consent;
• Maintain the alumni register;
• Comply with legal obligations for accredited programmes, such as reporting to the Central Register of Education;
• Conduct market and customer satisfaction surveys.

Retention periods
UMIO does not retain your data longer than necessary:

• Your email address is retained as long as you remain subscribed and do not unsubscribe;
• In addition, UMIO is legally obliged to retain study results for 30 years for verification purposes.

Which personal data do we process?
External lecturers make an important contribution to education. For this group, UMIO may process, among other things, the following data:

• Name, address, place of residence, telephone number and email address (NAWTE data);
• Country;
• Date of birth;
• Information about primary appointment;
• Photograph;
• Gender;
• Nationality/nationalities;
• Contract and invoicing details;
• Evaluations.

Purposes of processing
These data are processed to enable you to perform your activities in accordance with the agreement concluded with you. Where applicable, this also serves to comply with legal obligations for accredited programmes.

Retention periods
UMIO does not retain these data longer than necessary. In accordance with legal obligations, name and address details, contract and invoicing data are retained for up to seven years, for example for tax authorities and accreditation purposes.

Which personal data do we process?
Via our website, you can apply for open vacancies or submit an open application. For this purpose, we request the necessary data, such as your name, address, place of residence, telephone number and email address (NAWTE data), motivation letter and CV.

Purposes of processing
These data are processed to:

• Consider your application;
• Execute the employment contract in the event of employment.

Retention periods
If your application does not result in employment, your data are generally retained no longer than six weeks after the conclusion of the application process, so that we can potentially approach you again if the decision changes. If you give consent for longer retention, your data may be retained for up to one year after the conclusion of the application process.

Cooperation partners
When you register via UMIO for a programme or event organised in cooperation with a partner, UMIO provides your name, email address, telephone number, the name of the relevant programme or component, and any additional relevant data (such as your education and career level). This information is necessary for the cooperation partner to perform the agreed services.

Other external service providers
We also engage various external service providers to serve you optimally. These include parties that support our website, customer relationship management systems, brochures, publications, enrolments for programmes or events, the online learning environment, distance education and the alumni platform. Within these systems, only the personal data necessary for the execution of the agreed assignment are processed. We do not transfer your data to these service providers for commercial purposes, and we conclude a data processing agreement with each service provider, setting out how your data are handled. Examples of activities include:

• Providing catering services;
• Delivering and maintaining digital services, such as hosting and support of websites and applications;
• Executing advertising and marketing campaigns;
• Conducting market research and collecting ratings and reviews;
• Personalising communication and optimising the accessibility of our online platforms;
• Providing financial services, such as payment services, collections and credit information;
• Conducting research and analyses to improve our services.

Distribution and logistics partners
In the context of supporting our activities, distribution and logistics partners may also be involved in processing your data. Details are communicated per situation where applicable.

Government authorities
In some cases, we are legally obliged to share personal data with government authorities. This may occur, for example, when an authority such as the Tax and Customs Administration requires these data for the performance of its tasks. Police or judicial authorities may also request data in cases of fraud or abuse, and supervisory authorities may obtain access in the context of an investigation.

Only at your request: with other companies
If you explicitly grant consent, we may share your personal data with other companies. An example is when a commercial partner has a specific offer for UMIO customers.

UMIO stores your data within the European Economic Area (EEA). However, it may occur that certain data are transferred to or stored outside the EEA, for example when a customer is located outside the EEA or when it is necessary to consult a global database for specific applications (such as plagiarism checks). In such cases, UMIO takes appropriate measures – such as incorporating standard data protection clauses in accordance with European Commission guidelines – to ensure the security and lawfulness of the data processing. If you have questions about this, you can contact us via info@umio.nl.

UMIO implements appropriate organisational and technical measures to protect your personal data. Strict access controls are applied, ensuring that only employees who actually need access to your data for their work are granted such access. In addition, we periodically have our security measures tested by external experts. For a large part of our IT services, we work together with Maastricht University (UM), allowing us to rely on a robust IT infrastructure and proactive measures against cyber threats.

Security measures by third parties
All parties we cooperate with store your data in encrypted form and transmit them securely. Multi-Factor Authentication and access logging are used to prevent unauthorised access and misuse. Both our employees and external lecturers and coaches are bound by confidentiality obligations.

If you have questions or comments regarding our security measures, you can contact us via info@umio.nl.

Right to information
You have the right to be informed in a clear and transparent manner about the processing of your personal data and the associated rights. In this privacy policy, we explain in detail which data we collect and how they are processed.

Right of access
At any time, you may request information from UMIO about the personal data we process about you. You can contact our Data Protection Officer for this purpose via info@umio.nl.

Right to rectification
If you find that your personal data are incorrect or outdated, you may request correction or supplementation. This can be done via your programme advisor, programme manager, alumni officer, faculty office, or directly via our Data Protection Officer (info@umio.nl).

Right to object
You have the right to object to the processing of your personal data if you do not agree with our practices, including the use of data for marketing purposes. You can indicate this via your contact person (such as your programme advisor, programme manager, alumni officer or faculty office) or via our Data Protection Officer. You can also prevent receiving (personalised) mailings at any time via the unsubscribe link in our emails. This right also applies to other data processed on the basis of our legitimate interest.

Right to data portability
You have the right to receive a copy of the personal data you have provided to us or that we have collected from you. We will provide these data in a structured, commonly used and machine-readable format, enabling you to transfer them to another service provider if desired. This right applies to data collected in the context of an agreement or with your explicit consent.

Right to restriction
You may request restriction of the processing of your data. This means that we will retain your data temporarily but not further process them, as long as you indicate this. Please contact our Data Protection Officer via info@umio.nl.

Right to be forgotten / request for account deletion
You have the right to request the deletion of all personal data that can be traced back to you. This does not apply to data we are legally obliged to retain (for example in cases of fraud or outstanding obligations) or when your account has ongoing activities, such as applications, enrolments or invoices. Seven years after your last activity as a customer or interested party, we will delete your data – with the exception of data in the diploma/alumni register, for which a statutory retention obligation applies.

Right to lodge a complaint
If you are dissatisfied with the way we process your data, you have the right to lodge a complaint. We aim to resolve any issues in consultation with you. You can contact your UMIO contact person or our Data Protection Officer via info@umio.nl. You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). More information about your rights is available on the website of the Autoriteit Persoonsgegevens.

If you have questions about the processing of your personal data or wish to submit a request under privacy legislation, we invite you to contact our Data Protection Officer. We make every effort to respond to your questions promptly. Please note that we apply a maximum response period of 30 days for handling requests; in the case of complex requests, this period may be extended. You will be informed accordingly.

You can contact us via:

Maastricht University
Attn: GDPR Team UM
P.O. Box 616
6200 MD Maastricht
privacy@maastrichtuniversity.nl