STC Group values the protection of your privacy and the safety of your personal data. We only process personal data in accordance to the EU General Data Protection Regulation (GDPR) and the Dutch law ‘Wet bescherming persoonsgegevens (Wbp)’.
According to both GDPR and Wbp, STC Group is responsible for the processing of personal data of (prospective) students and employees associated with STC.
The Data Protection Officer (DPO) of STC group is registered with the Dutch Data Protection Authority (DPA). The DPA ensures that the processing of personal data by STC Group is in accordance with the privacy legislation.
Processing personal data
The following personal data and may be requested and processed by STC Group:
- Name and address details, date and place of birth, passport photo, bank account number (IBAN), student number, correspondence number Ministry of Education, Culture and Science, Citizen Service Number (BSN), diploma(s) of previous education.
- Study data and data regarding study progress.
- Other statutory personal data.
- Personal data necessary for extra personal student guidance with regard to health and well-being.
- Insurance details.
- Other statutory personal data based on specific Dutch legislation such as the Dutch Education and Vocational Education Act, the Secondary Education Act, the Tax Act, Identification Requirements and the Eligibility for Permanent Incapacity Benefit (Restrictions) Act (Wet Poortwachter).
STC Group processes personal data for the following objectives:
- Application and enrolment of prospective students.
- Processing study results, study progress and related information.
- Guidance of students who need extra support with regard to health and well-being.
- Processing requested (study) information or publications (brochures).
- Providing further information about STC Group developments and meetings.
- Recruitment of students.
- Employment (appointment).
- For the optimal functioning of employees.
- Handling of complaints.
- Security and improvement of STC Group websites.
- Monitoring the reputation of STC Group en all its entities.
Personal data is only used for the purposes mentioned above. For other purposes, explicit permission is requested.
Rights of data subject
As the owner of personal data (data subject) you have certain rights according to the GDPR.
- Right of access by the data subject.
To obtain a statement of personal data processed and managed by STC Group, a request can be sent to the DPO
- Right rectification.
In case STC Grouip uses personal data incorrectly, the data subject may ask for rectification, in which STC is bound to follow personal data as registered in the The Education Executive Agency of the Dutch Ministry of Education, Culture and Science (DUO), which is based on the data registered in the Dutch BRP Register.
- Right to erasure.
All data of the data subject can be deleted from STC files. However, there are technological and legal limitations to take in to account, as stated in for example the Public Records Act.
- Right to data portability.
The data subject has the right to receive the personal data concerning him or her and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
Requests for this can be addressed to the Data Protection Officer of STC Group via email@example.com.
Transfers of personal data to third parties
For the processing of personal data, STC can make use of service providers that act as processor only on behalf of and for the benefit of STC Group. Processors work on the basis of a processing agreement concluded for that purpose. No personal data will be provided to third parties outside this, unless required to do so by specific legislation.
STC, together with potential processors, ensures appropriate organisational and technical security of personal data. In this way, STC ensures that this information is only accessible to persons who are authorized to do so by virtue of their position or duties. The data itself is only used for the purposes for which it was obtained and on the basis of a legal basis.
STC Group ensures that the storage, management and processing of the personal data takes place within the European Union.
Procedure to report personal data breaches
If a data subject suspects or believes that personal data of students or employees of STC Group are accessible to unauthorized persons, we ask you to report this directly via the general number of STC or at the service desk. Reporting ensures that te procedure for analysing, resolving and possibly reporting to the AP of the data incident will come into force.
STC Group protects security and property of all its students, employees and visitors through camera surveillance in the buildings. The images from these cameras are automatically destroyed after 72 hours.
Online media monitoring and web care
STC Group uses the services of Obi4Wan B.V. for online media monitoring and web care. The purpose is to provide information to people who make their requests known through social media and to monitor the reputation of STC Group. Obi4Wan contains an online search engine that searches public data from sources such as Facebook, Twitter, other social media, blogs, news sites and forums. This is done on the basis of the name of the STC Group organisation and associated entities. Obi4Wan collects these public data but does not use it for its own purposes. As a processor of personal data, Obi4Wan is therefore responsible for data protection.
WhatsApp, Twitter DM and Facebook Messenger
Platforms including WhatsApp, Twitter DM and Facebook Messenger can be used to ask questions to STC Group. STC Group only uses these platform to reply to questions and does not use them to send messages to multiple people at once. STC stores conversations and associated personal data, making it easier to respond to questions. STC Group can store the conversations for a maximum of 6 months for use for training, coaching, and evaluation purposes of employees.
Newsletters and e-mailings
Unsubscribe to newsletters and e-mailings
You have the possibility to unsubscribe from newsletters and e-mailings via MailCamp at any time. Click on the ‘unsubscribe’ link at the bottom of the e-mail.
All STC Group websites contain cookies. Cookies are small text files which are stored on your computer, tablet or phone when you visit a specific web page. If STC Group processes personal data (such as an IP address), STC complies with applicable privacy legislation.
Functional cookies provide more user-friendly websites and can be placed without permission. By placing functional cookies, STC Group ensures that we recognize you on a subsequent visit to our website, we track web statistics and resolve errors. These types of cookies make your (next) visit to our websites easier and more efficient. These cookies are stored for a maximum of 1 year.
Analytical cookies are used to improve our websites based on the behaviour of visitors. With the information obtained we can see for example which parts of the websites are viewed (less) well. This way we can ensure that particular pages can be found easily or better. Some analytical cookies may be placed without permission. For other analytical cookies, explicit permission is required. Analytical cookies are stored for a maximum of 26 months.
STC Group uses Google Analytics to keep track of how users access and use our websites. This ensures that we can adapt and improve our websites. For this purpose, your data will be anonymously shared with Google Analytics. Therefore, STC Group has signed a processor agreement with Google. When sharing your data, part of your IP address will be withheld by us for your privacy. As such, your data can not be traced back to you and cannot be used by third parties. Also, the ‘Data sharing with Google Analytics’ feature is turned off.
You can automatically or manually delete cookies in your internet browser. It is also possible to adjust the settings in your internet browser so that you receive a message when a cookie is placed. Another possibility is set up that certain cookies cannot be placed. For this option, view the help function of your browser.
Any questions about privacy on our online communication channels can be asked via the e-mail address firstname.lastname@example.org.
Usage of imagery
STC Group uses photos and videos on its websites and social media channels for PR purposes. STC Group carefully handles the interests of all persons involved. The aim is to never use visual material on which persons are recognizable before permission has been requested from the data subjects. If, despite our care, it still happens that material has been uploaded without permission, please contact the Communications department of STC Group at email@example.com.
The personal details of students and employees are saved in accordance with the statutory guidelines for retention periods.
STC Group reserves the right to make changes to its Privacy Statement. More information about privacy, working with personal data and information security can be found on the website of the Dutch Data Protection Authority.
Questions, comments or complaints
STC Group greatly appreciates questions and comments regarding this privacy statement. In case you feel this privacy statement is not complied with or if you have a complaint about the use of personal data, you can practice your legal rights as data subject. Please direct your complaints to our data protection officer: firstname.lastname@example.org.
Furthermore, there is always the possibility to submit a complaint to the Dutch Data Protection Authority via their website.