Privacy Policy

At the school, student and personal data are processed and managed for the purpose of education. As the data controller, the school considers the protection and security of personal data and privacy to be a great responsibility. This privacy statement informs you about the measures the school applies to protect and secure personal data. It is also intended to inform you of the rights you have as a parent or legal representative with regard to the processing of data.


Scope and Purpose

This regulation applies to all personal data processed by the school, including data about students, parents or legal representatives, staff, interns, and volunteers of the Groningse Schoolvereniging in Groningen. The purpose of this regulation is:

  • To provide and organize education, including student guidance

  • To protect the privacy of the individuals concerned

  • To ensure careful handling of personal data for which the school is responsible.

Information We Collect

We only collect personal information such as name and email address if you voluntarily provide it, for example, by filling out a contact form or enrolling your child(ren). We use this information solely to respond to your requests or to send you information you have requested.

We also collect anonymous information about your visit to our website, such as your IP address, browser information, the time and date of your visit, and the pages you visited. This information is used to improve our website and track statistics about the number of visitors and their behavior on our site.


Key Terms

  • Personal Data: All data about the individual that is known to us (an identified or identifiable natural person), including name, date of birth, gender, address, phone number, email address, report cards, performance records, complaints, reports (including medical data), correspondence, images, usernames, and passwords related to educational applications.

  • Processing of Personal Data: Any action or set of actions concerning personal data, including collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, disclosing through transmission, distribution, or any other form of making available, combining, associating, and also the blocking, erasure, or destruction of data.

  • Data Subject: The student, parent, or legal representative to whom the personal data relates.

  • Data Controller: The Groningse Schoolvereniging determines the purposes and means of processing personal data, such as in the student tracking system.

  • Processor: The person or organization who processes personal data on behalf of the school (as data controller).


Types of Personal Data

Upon registration of your child at the school, personal data is collected, such as name, address, citizen service number, date of birth, place of birth, nationality, religion/church affiliation, and contact details of the general practitioner. The school also collects information about the parents or legal representatives, such as name, occupation, and education level. Specific consent is always requested for the latter. The school adheres to legal retention periods and does not store data longer than necessary.


How We Use Information

We use your personal information solely for the purposes for which you provided it to us. We will never share, sell, or rent your personal information to third parties unless required by law.

We may use anonymous information to improve our website and track statistics about the number of visitors and their behavior on our website. This information is not shared with third parties.


Cookies

Our website uses cookies to remember your preferences and to track statistics about the number of visitors and their behavior on our website. You can change your browser settings to reject cookies or to alert you when cookies are placed. However, rejecting cookies may affect the functionality of our website.


Security

We take the security of your personal information very seriously and take measures to protect it from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We use secure servers and encrypted communication to protect your personal information.


Securing and Protecting Personal Data

The school has implemented organizational and technical measures to protect personal data. These measures include:

  • Applying an internal privacy and information security policy

  • Raising awareness among staff regarding risks of loss, destruction, or unauthorized access to personal data

  • Account management and authorization to grant access only to necessary information for staff performing their roles and functions within the school

  • Securing and encrypting personal data

  • Active firewall/IPS for monitoring the school network

  • Using software to combat spam, viruses, and malware

  • Secure transmission of personal data through encrypted email

  • Monitoring retention periods to ensure data is not stored longer than necessary

  • Periodically analyzing and improving school policy regarding the protection of personal data and privacy.


Rights of Data Subjects

The GDPR grants data subjects certain rights. The school recognizes these rights and acts in accordance with them.

  • Right of Access: Any data subject whose personal data the school has collected has the right to access the data being managed. If necessary, the school may verify identity for confirmation.

  • Right to Rectify or Modify Data: The data subject has the right to request correction, completion, or blocking of personal data.

  • Right to Share Data: The data subject has the right to share personal data with other individuals and/or organizations at their discretion.

  • Right to Erasure: If the data subject believes that the school is processing personal data without a legal basis or without consent, they can request the school to erase
    the personal data.


When the school receives a request, the data subject will be informed in writing within a month about the progress or rejection of the request. In case of complex requests, the school may need more time to process the request. The period may be extended by 4 weeks. Once the request is granted, the school will execute it as soon as possible.


Links to Other Websites

Our website contains links to other websites that are not under our control. We are not responsible for the privacy policies of these websites. We recommend that you carefully read the privacy policy of any website you visit.


Changes to Our Privacy Statement

We reserve the right to modify this privacy statement at any time. We recommend checking this page regularly for updates.


Complaints

We prefer to address complaints with the relevant teacher, director, or designated data protection officer. If the submitted complaint does not lead to the desired outcome, it is possible to file a privacy-related complaint with the Dutch Data Protection Authority.


Data Protection Officer (DPO)

On behalf of the school, a data protection officer is registered with the Dutch Data Protection Authority. If desired, you can be put in contact with the data protection officer. For address details, please contact the school's administration.


Contact

If you have any questions about our privacy policy, please contact us via the contact form on our website. We will do our best to respond to your questions as quickly as possible.