Privacy Policy

Last Updated: 23 January 2020

Your privacy and the privacy of the data subjects of any data we handle is important to the Centre for Innovation, Leiden University. The aim of this privacy policy is to explain what data we collect through our interactions with you, for what purposes, and the steps we take to protect it.

Who is the Centre for Innovation?

The Centre for Innovation (“Centre”; “we”; “our”) is a part of Leiden University (“University”) in the Netherlands. The Centre aims to prepare the university for the digital future by exploring the juncture of education, technology and society.

The Centre conducts projects within Leiden University and with outside partners. We host or organise events in collaboration with partners and on our own. All of these activities are covered by this privacy policy.

Core Values of the Centre

At the Centre we strive to put people first in innovation. Therefore, we aim to ensure that our data policy ensures the highest level of respect for data subjects and their data. We acknowledge that personal data is an integral part of a person’s identity and therefore treat all such data with the highest level of integrity and confidentiality. The Centre legally complies with the General Data Protection Regulation (GDPR) of the European Union (EU), but also aspires to uphold the principles of data responsibility.

Data Collection and Processing

In keeping with the principle of data minimisation, the Centre aims to collect as little personal data as possible and only that data which is necessary for us to carry out our work. The  information we collect is outlined in the policy below.

All data processed by the Centre is done so lawfully, fairly and in a transparent manner.  We aim to ensure that data subjects are aware of when and why data is collected about them, as well as the manner in which it will be processed and for how long. This information will be accessible to data subjects, either online through our Privacy Policy or through direct request to the Data Protection Officer of the Centre.

The Centre only collects the data which it finds absolutely necessary to complete the specified task. The tasks for which data is collected can be found in this policy or in the relevant project documentation. Should the Centre wish to use personal data for a task other than the one that was specified when the data was originally collected, it will only do so in a responsible and lawful manner.

Cookies – When visiting our website, cookie data is collected. These cookies enable an understanding of how users interact with and behave within each of these websites. Although cookie data is collected, the information is not actively processed or used by the Centre at this time.

Website interaction – The Centre makes use of Google Analytics on our website in order to obtain information about country level location, audience type, referral, device used acquisition and behaviours.

Mail subscription – The personal data collected for our mailing lists is collected via an online form, available on our website as well as physically at events. This data is used to send updates.

Learning Platforms – The Centre creates a number of products, such as online courses, that are hosted on third-party platforms. When signing up for these platforms please see the Privacy Policy of each platform for more information on how they handle your data. For information on how the Centre handles data received from these platforms see Receiving Third-Party Data.

Projects – Data may be collected on a project basis. Data collected for a specific project will be collected, processed and stored in compliance with the GDPR, this Privacy Policy, and any other specifications set out in the project documents.

Sharing – Any personal data collected and processed by the Centre will only be used for the purposes for which it was obtained and will not be shared or sold to any third parties. Furthermore, this data will not undergo further processing, unless consent has been obtained.

Receiving Third-Party Data – The Centre aims to reduce the amount of personal or sensitive data that is received from third parties. We do not accept personal or sensitive data unless necessary and, should we receive such data, we aim to delete it as soon as reasonably possible. We also aim to ensure that any data received by the Centre is collected and received lawfully and responsibly.

Data Storage

When storing data that the Centre has collected or received, we aim to ensure that the necessary technical and organisational measures are taken to guarantee the appropriate level of protection is maintained throughout the retention period and in the process of deletion. It must be noted that the Centre aims to only store personal data that it deems absolutely necessary to carry out its work.

Anonymisation –  The Centre does not store personal data unless necessary to complete a task. When receiving data from other platforms or parties, the Centre only accepts anonymised data and should we receive Personal data we anonymise it immediately and remove all unnecessary data.

Sharing – Any personal data held by the Centre will only be used for the purposes for which it was obtained and will not be shared or sold to any third parties. Furthermore, this data will not undergo further processing unless permission has been given. If necessary, further processing will be done in a responsible and lawful manner.

Retention – The standard retention period for any data stored by the Centre is 3 months after the end of the purpose for which the data was collected is completed or has ended. This period may differ according to the specifications in project documents or other legal requirements.

Requesting your data – To request a copy of your data, please send an email to the Data Protection Officer of the Centre. He/she will then provide you with a copy of your data that is controlled by the Centre, but will not be able to provide the data controlled by Leiden University. You may also request to have your personal data updated. If you would like to request or update your data stored by the University, please contact Leiden University’s Data Protection Officers.

Deletion – You may request your data controlled by the Centre be deleted at any point by contacting the Data Protection Officer of the Centre. Your data will then be deleted within a reasonable timeframe.

Changes to Privacy Policy

The Centre may update this Privacy Policy from time to time. The date of the most recent revision will appear at the top of the policy. If you do not agree with any changes that have been made, please do not submit personal data to the Centre and send a request for all your personal data to be deleted.

Third Party Services


Google Analytics

GSuite for Education







Data Protection Officer

Centre for Innovation

Joanna van der Merwe


Phone: +31 (0) 70 800 9341 / +31 6 18969388

Leiden University

Ricardo Catalan and Astrid Gravenbeek