Leiden University holds some of your personal data to make your work at the university possible. The university considers it important to process your data with care. What data are collected and what we do with the data is set out below.
Who collects the data?
The data are collected and processed by Leiden University. You can find the visiting addresses and front desk phone numbers here.
Why are data about you collected and what is done with the data? For interviews, on appointment and during your employment a number of personal details about you are collected, from your name, address and bank account number, to appointment decisions and P&D interviews. This information is used, for instance, to pay your salary and to provide you with access to the relevant buildings and IT systems; it is also used to record assessments and agreements. All data serve to provide the fullest possible support for both the university as an employer and for you as an employee. In the interests of transparency, we also post separate information on our website, about your ancillary activities for example.
What are the legal rules?
In order to use your data, the university needs one or more legal grounds.
For staff members, the processing of personal data arises from their appointment at Leiden University and usually falls under the grounds of “necessary for the execution of an agreement”. The “necessary to comply with legal obligations” grounds may apply, e.g. for sharing your data with the Dutch Tax Authority (Belastingdienst). The use of data necessary for the running of the University, such as, for example, the need for access control by means of the employee LU-card, is based on the grounds of “legitimate interests of the body processing the information”.
The security of the university is a legitimate interest. To ensure protection, access control is in effect through the staff LU-card in certain buildings. There are also security cameras in some areas that can record any instances of theft.
With whom will your personal data be shared?
If you are going to work at Leiden University, relevant personal data are sent to a number of organisations. The main ones are:
- the Dutch Tax Authority (Belastingdienst)
- the National Civil Pension Fund (Stichting Pensioenfonds ABP, “ABP”)
- the UWV
- (in case of illness) VGM (Safety, Health and Environment) services
- (if a non-EU staff member): the Immigration and Naturalisation Service (Immigratie- en Naturalisatiedienst, “IND”)
How and for how long are your personal data used and saved?
The University stores these data securely in protected systems. Clear agreements are made with suppliers of services and those who store your information, which are established in a data processing agreement.
How long your personal data are saved is determined by the type of data. Appointment decisions must be retained for up to 10 years from the date of resignation. One possible exception is that data can be retained longer if it is necessary for historical, statistical or scientific purposes.
Other data are immediately deleted. It is no longer relevant which books you once borrowed from the library (provided you returned them, that is) and to which buildings you had access with your staff card.
What if you want access to your personal data?
You can contact your HR adviser to find out about the possibilities for access your personal data as a member of staff.
Once your employment has ended, you can submit a request to the Data Protection Officer via
Do you have any complaints?
If you have any complaints about how the university processes your personal data and the Data Protection Officer cannot resolve the issue, you can lodge a complaint with the Dutch Data Protection Authority (“Autoriteit Persoonsgegevens”); their website is
May 2018