Last updated: 15 February 2022
Everyone says that they take your privacy seriously. We think we don’t need more seriousness; we need more responsibility! As a part of the CFI’s approach to Data Responsibility, we believe that any information about your privacy should be available in accessible and transparent language.
When you use the CFI website and some of the services we offer here (like our newsletter), we may access some information about you that can be classified as personal data.
I thought this was a website. How can you get my personal data?
Well, we collect information about you from three different sources:
- directly from you. This happens when you give us your email address and name for subscribing to our newsletter, when you send us an email with your information, when you apply for a job position, etc.
- from outside sources. Like any other organisation, we use third-party services to help us with our daily tasks. We use tools for distributing our newsletter, hosting our website, open and reply to emails, etc. These tools may often supply information in the form of aggregated data linked to the user’s use.
This information is necessary for running and optimising our website and services. Believe us; we only collect and process what is strictly necessary. Nothing else—unlike others, data is not our business. If you are interested in seeing our specific purposes for processing, click here.
Also, here are some important notes:
- We process the personal data you directly provide to us only on the basis of your consent. This is good news, you know why? Because you can always withdraw your consent.
- We will never share your data with others unless it is strictly necessary for our services providers to work (e.g., our newsletter tool needs your email address to send you the email) or we are legally obliged to (in case the police knock on our office door with a judicial warrant). Otherwise, your data will not move from our servers.
- In case we need to process your data outside the EU (e.g., we have a service provider with servers in the USA), we will take all the necessary safeguards to protect your data and follow the latest guidance available from the EU.
- We will delete your personal data as soon as it is not necessary any more. This means that we will store it only if needed to provide you with our services or comply with legal or regulatory obligations.
- We want to protect your data. We aim to uphold appropriate technical, administrative, and physical precautions to secure your personal data.
- We will not voluntarily process personal data of children under the age of 13.
- The GDPR provides you with very important rights! Look at them here. If you have any questions or want to make use of them, do not hesitate to contact us at firstname.lastname@example.org.
- If you have ANY other doubt, don’t be shy and contact us also at email@example.com.
Within the CFI Online Services, you may come across links to other websites, apps and services, or applications that allow you to share information with other websites, apps and services. We are not responsible for the privacy practices of these other websites, apps and services and we therefore recommend that you review the privacy policies of those websites, apps or services before accessing or using them.
Our principles of privacy
Information We Collect
The personal data we collect is related to the provision of the CFI Online Services and its functions and falls under three general categories:
- Information provided by you;
- Information We collect automatically;
- Information we obtain from outside sources.
In keeping with the principle of data minimisation, we aim to collect as little personal data as possible and only that data which is necessary for us to carry out our work.
Information provided by you
When you use or intend to use some of the CFI Online Services, we request and collect the personal data mentioned below. These data are necessary for the adequate performance of the services provided to you and for compliance with our obligations arising from our Terms of Service.
We may also process this data in the context of our legitimate interest to improve the CFI Online Services and provide our users with the best experience. Without this information, we may not be able to provide you with all the requested services and functions on the CFI Online Services.
Despite you do not need to provide us with your personal data in order to visit or use the Website, some of our services require do so:
- Newsletter subscription – If you subscribe to the CFI’s newsletter, we will collect personal information, such us:
- your email address;
- your name (optional);
- your organisation (optional).
- Messages – When you communicate with CFI by email, telephone, or other means, we collect data about your communications and any information you provide.
- Job Applications – If you apply for a job with us, we may collect personal data such us your name, address and contact details, including email address and telephone number, details of your qualifications, skills, experience and employment history, information about your current level of remuneration, including benefit entitlements and all the information included in the CV you send us.
- Survey Information – If you participate in a survey or complete forms provided by us, you may provide certain personal information as part of your response unless you respond anonymously.
Information we collect automatically
We collect certain data automatically when you use the CFI Online Services. This data typically includes:
Information from outside sources
- Service providers – We may also receive information about you through our service providers, including companies that assist with analytics, data processing and management, hosting, and technical services, and other services that we use to provide the CFI Online Services. Below we explain in detail how we use this data and who our third-party providers are.
How we use your data
We use the personal data we collect from you, automatically or from outside sources, for different purposes based on different legal bases for processing.
- To provide you with the CFI Online Services
We use your name, email address and organisation (optional) when you subscribe to our newsletter to send you our newsletter and other important communications. We process this data on the basis of your consent. You can unsubscribe from our newsletter at any time you want.
- To maintain, protect and improve the CFI Online Services
We may process personal data with the purpose of maintaining, protecting, and improving the CFI Online Services. In addition, we may process this data out of our legitimate interest, to improve the CFI Online Services and to provide our users with the best experience; and based on a legal obligation. The main purposes for this processing are:
- We may test features that are being developed and analyse the data we have to review and improve our services, develop new features, and troubleshoot problems.
- Detecting and preventing fraud, spam, abuse, security incidents and other suspicious activities.
- Improving the safety and security of our services.
- Preventing or taking action against activities that may or may not violate our Terms of Service, or applicable law.
- Complying with our legal obligations;
- Protecting the rights and property of the CFI and Leiden University;
- Providing technical support.
- To communicate with you
For example, by emailing you to respond to your questions, get more information in case you report any problem of the website, or keep you up to date on CFI Online Services. If you do not want to hear from us, you can opt out of our communications at any time.
- Other purposes
In addition, we may use your data for other purposes, provided that we disclose the purpose and use to you in a timely manner and that you consent to the proposed use of your personal data. Which of your data we process based on your consent, depends on the purpose of your consent.
Sharing your data
This section describes how the information collected or generated as a result of your use of the CFI Online Services may be shared by you or by us.
- Service Providers – We use and share your information, including personal data with some of our service providers in order to ensure that the CFI Online Services are properly performed. For example, we work with service providers of cloud storage (that help us to store data), postal and email delivery (that help us stay in touch with you), hosting providers (for hosting our website),analytics providers (that help us understand and enhance our Services), programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our team. Some of service providers may be located outside the European Economic Area (“EEA”), to provide services to us or to our users on our behalf. These service providers have access to information about you only to provide their services on our behalf and are contractually obligated to take appropriate organisational and technical security measures to protect personal data from unauthorised disclosure and to only process personal data in accordance with our instructions and to the extent that this necessary to provide their services to us. These service providers are usually only allowed to process your data on our behalf under special conditions.
- Compliance with Laws – We may provide your information to courts, law enforcement agencies and government authorities (i) to comply with our legal obligations, (ii) to comply with legal process and in response to claims against CFI or Leiden University, (iii) in response to verified request in connection with a criminal investigation or any suspected or suspected illegal activity or any other activity that places us, you or any of our other users legally liable, (iv) for performing or applying our Terms of Service and other agreements with users or ( v) to protect the rights, property or personal safety of CFI and Leiden University, its employees and outsiders.
You can request our authorised partners and service providers (data processors) here.
We take appropriate technical, administrative and physical precautions designed to prevent unauthorised access, use or disclosure of the personal data collected or stored by us and ensures an appropriate level of security for risks to the rights and freedoms of natural persons who may be involved in our processing activities. We regularly check our systems for possible vulnerabilities and attacks. However, it is not possible to guarantee the security of information transmitted over the Internet. You use the CFI Online Services and provide us with information at your own discretion and risk.
International data transfers
The CFI Online Services are not intended for use by children. Persons under the age of 16 in the EEA or 13 years of age in the United States and the rest of the world should not use the CFI Online Services or provide personal information to us. We never knowingly collect personal information from anyone under the age of 16 or 13, as the case may be, nor do we authorise them to use the CFI Online Services. If we learn that we have collected personal information from a person under the age of 16 or 13, as the case may be, we will delete that information as soon as possible. If you think we may have collected such personal data, please let us know immediately at firstname.lastname@example.org.
Exercising your privacy rights
You can exercise the rights described in this article by contacting us at email@example.com. Please note that if you have reasonable doubts about your identity, we may ask you to verify your identity before taking any further action on your request.
- Access and transferability of data
- You have the right to find out whether or not your personal data is being processed by us and, if that is indeed the case, to inspect that personal data. You may also have the right to request copies of your personal data held by us.
- Change or correct data
- You have the right to ask us to correct, change, update or rectify your data.
- Retain and delete data
- We usually keep data for as long as is strictly necessary to provide you with the CFI Online Services.
- You have the right to ask us to erase all or part of the personal data we hold about you.
- We may also need to keep certain personal data after you describe from our newsletter if this is reasonably necessary to comply with our legal obligations (for example, under applicable tax or commercial law or to prevent fraud or abuse and improve security). After that, we will delete the data immediately, unless we have to keep the data until the expiry of the statutory limitation period to be able to provide evidence in civil claims or due to legal storage obligations (for example for accounting reasons).
- Objection to processing
- You have the right to object at any time to the processing of your personal data for reasons related to your specific situation (in particular when the data processing is not necessary to comply with a contractual or other legal requirement or when we transfer the data use based on our legitimate interest).
- Restricting Processing
- Under certain circumstances, you may have the right to limit the way we use your personal data.
- Revoke consent
- If you grant us permission to process your personal data, you can withdraw your consent at any time by sending us a notice stating the specific consent you are withdrawing.
- File complaints
- You have the right to complain to a competent data protection authority about our data processing activities. We are under the supervision of the Dutch Data Protection Office.
Last modified: February 15, 2022.