The Brussels School of Governance (BSoG) is an alliance between the Institute for European Studies (Vrije Universiteit Brussel - VUB) and Vesalius College. Like other academic institutions, the two entities of the Brussels School of Governance process personal data. The BSoG is committed to protecting personal data and handling it with the utmost care in order to safeguard the privacy of those concerned. In this privacy statement you can read more about our guidelines for handling personal data, about questions and services you may request from us, and about our point of contact for further information regarding privacy and data protection at the BSoG.
Which personal data is processed and why
Personal data the BSoG processes
The two entities of the Brussels School of Governance are responsible for processing large amounts of personal data: not just from students, but also from alumni, third party experts and visitors, as well as data that is required to perform academic research. We process this data either to fulfil the legal requirements necessary to provide education and perform research, or in order to improve our services as a higher education institution.
The purposes for which it is processed
- Providing education
In order to provide our educational services, the BSoG is in charge of extensive record keeping on student affairs. (This includes, for example, informing and recruiting prospective students, tailoring our communication and information feeds towards interested prospective students based on their preferences in order to improve their choice of studies and our services, managing internal and external information flows; registering study results; issuing certificates, diplomas, qualifications and degrees; concluding contracts with students; formulating policy on education matters; developing and writing policy and management reports in the context of accreditation demands; being able to provide advice, guidance, and counselling; settling disputes, providing training and education in medical studies; ensuring procedural justice in the election of members for participatory bodies etc.)
- Performing academic research
The researchers affiliated with the BSoG gather, analyse, and manage large quantities of data, necessary for the advancement of the scientific disciplines represented at the BSoG. Many of the activities carried out by researchers involve processing personal data.
- Strategy, business administration, policy and management
Keeping records on the financial affairs of (parts of) the two entities of the BSoG, managing IT, purchase and payment systems, litigating on behalf of these two entities; managing contacts and contracts with suppliers, clients, consumers, suppliers, business partners; ensuring the wellbeing of students, and visitors, being able to improve policy, organizational analysis, management, and dispute resolution etc.
- Valorisation, outreach, marketing and communication
Recruitment of prospective students, including the proactive follow-up of leads via text messages (i.e., SMS, and WhatsApp); performing market research; concluding and fulfilling contracts with other educational institutions (e.g. high schools); improving public and customer relations; improving marketing and branding of the BSoG; managing and improving our website, libraries, library systems, archival services etc.
All these various types of data will be treated with the utmost care; none will be freely accessible. Employees of the BSoG’s two entities and persons acting on behalf of these entities who work with such data will only be authorised to do so to the extent necessary for the performance of their duties. Additionally, the BSoG is continuously committed to maintaining the proper technical and organisational safeguards with regard to information security and data protection.
Categories of personal data processed by the BSoG
Because the BSoG performs activities in all the areas listed, a lot of personal data is gathered and stored. In light of these activities, it is possible that the BSoG processes the following categories of personal data:
- Name
- Address
- Place of birth
- Date of birth
- Bank account number
- Telephone / mobile phone number
- Sex / Gender
- Email address
- Information regarding user interaction (e.g. IP address, cookies, clicking behaviour, information from contact forms etc.)
- Images (photos and videos)
- Information regarding choice of study programme, study progress and study results
- Data gathered in the context of academic research
In principle, the personal data processed by the BSoG’s two entities has been disclosed to them directly. However, it may also be the case that the BSoG receives personal data from third parties. We often collaborate with universities, research centers and (international) organisations located abroad, both inside and outside the EU. Within the scope of such collaborative projects, it is possible for personal data to be disclosed to these third parties: naturally, this will always happen in compliance with all relevant privacy and data protection laws and regulations and the BSoG will always strive for the shortest possible retention period of relevant data.
Provision of data to third parties
The BSoG’s two entities will not exchange personal data with third parties for financial gain. Personal data will only be transferred to a third party when there is a legal basis to do so (e.g. this is required by law, it is necessary for the fulfilment of a contract with the data subject, it is necessary for the legitimate interests of the BSoG or a third party, or when the data subject has given his or her explicit, informed consent).
The BSoG can also instruct third parties to perform services for it, in which case the BSoG will draw up an agreement in which it lays down the duties for the service provider with regard to the processing of personal data (a so-called "data processor agreement”). In this contract it is then stipulated that the third party will handle any disclosed personal data confidentially, carefully, and in compliance with privacy legislation.
Subjects’ rights with regard to their personal data
On May 25th 2018, the "General Data Protection Regulation" has taken effect. The GDPR is a European regulation which grants individuals rights with respect to the way their personal data is handled and protected. Individuals may, for example - depending on the legal basis for the processing of their personal data and dependent on the fulfilment of certain conditions - exercise a right to:
- Inquire as to what personal data is processed and, when the data is provided to the BSoG by a third party, inquire into the source of this information;
- Request the correction of data insofar as it is incorrect;
- Object to the processing of his or her data;
- Know of the existence of possible automated decision-making processes, and, when these are used to create profiles, inquire into the logic underlying these processes, the purposes they serve, and their consequences;
- ‘Be forgotten’ by an institution that has processed their personal data.
The competent national authority concerning privacy and data protection is the Commission for the Protection of Privacy (or CBPL: “Commissie voor de bescherming van de persoonlijke levenssfeer”). This is the authority that monitors privacy law compliance and where any individual can file a complaint regarding privacy and the processing of personal data.
Further questions regarding the different rights and obligations in the field of privacy can be directed to privacy_bsog@vub.be.