Taalgericht respects the privacy of students, employees, and other individuals with whom we interact, particularly concerning the automated processing of personal data. This statement outlines how we handle personal data and what rights you have regarding the retention of your data.

This privacy statement replaces the previous text from 1-12-2020 as of 8-2023 and is now the only applicable version until a new version replaces it, if applicable.
Taalgericht informs students and employees about this privacy statement before they sign the learning agreement or employment contract. This privacy statement can be found on the Taalgericht website.

Who is responsible?
Taalgericht, as the ‘controller’, is responsible for the processing and protection of the personal data we manage. For questions, requests, or objections, you can contact the director, Mr. M. Kandakji, at Taalgericht, Wisselweg 33, 1314 CB Almere, info@taalgericht.com, tel. 06-86301712.

What are personal data?
Taalgericht collects personal data, which are data that can be traced back to an individual. In other words, personal data allows you to identify and learn more about a person. Therefore, privacy rules apply to them. Examples of personal data include: name, address, location, identification number, online address.
Taalgericht only collects what is necessary.

What data do we retain?
Taalgericht processes the following categories of personal data: name, gender, address details, email address(es), phone number(s), citizen service number (BSN), gender, date of birth, age, place of birth, test results, education(s), and level of education.

Why do we retain this data?
Taalgericht only collects personal data as necessary for the purpose. The personal data are processed for:

• better service provision,
• good student administration,
• compliance with legal obligations.
  
  

What rights do you have regarding your data?
You have the right to access, correct (rectify), or delete your personal data or restrict its processing.
You have the right to object.
You have the right to data portability, meaning that the data will be transferred to you or someone you designate (for example, if you switch to another educational institution) upon your request.
You can contact Taalgericht for this purpose.
When making your request or objection, please include a copy of your identity document. Sign this copy so that we can verify that it is indeed you requesting your personal data. Also, include your address.
You will receive a response within one month. If your request is complex or if we receive many requests simultaneously, we may extend the processing period by two months. We will inform you before the first month expires.

Who has access to the personal data?
Only employees designated by the controller to enter and consult the data have direct access to the data, and only for the assigned tasks.

When and with whom do we share personal data?
We handle personal data carefully, and those who have no involvement should not see the data.
Employees of contracted organizations may only receive certain personal data as necessary for their role (such as teaching or administering tests), in accordance with the purpose and the learning agreement.
We provide contact details of students to an independent research agency that measures satisfaction. This research agency is certified and compliant with privacy laws.

What if the law requires it?
In exceptional cases, we may need to provide information to authorities. We do not do this without reason. This can only happen if there is a legal obligation or if someone is suspected of breaking the law. The responsible authorities must explicitly and motivatedly request it. Only if we are truly obliged to transfer personal data, they will no longer be protected by this privacy statement.

How long do we retain the data?
We do not retain personal data longer than necessary for the purpose and according to the terms determined by law. Personal data of students are kept during the course and thereafter until the mandatory audit has taken place, usually in the subsequent year. After the retention period ends, we destroy the data.
Data protection
We do not collect ‘special personal data’ (such as ethnic origin, political opinions, beliefs, health, etc.) and do not use automated decision-making or profiling. Therefore, we believe there is no such high privacy risk that a ‘data protection impact assessment’ (DPIA) is required to identify special risks.
If the Dutch Data Protection Authority (AP) determines that the processing of personal data violates the General Data Protection Regulation (GDPR), we will fully cooperate and follow the advice of the AP.
Information about the legal rules for the protection of personal data can be found on the website of the Dutch Data Protection Authority: https://autoriteitpersoonsgegevens.nl.