The University of Louvain has always been committed to protecting the personal data of students.
Before they can apply for admission, enrol or re-enrol, students must declare they are aware that during the admissions and enrolment processes and throughout their course we collect data necessary to properly managing their records.
This policy informs them of how we collect and process their personal data, which are treated in accordance with relevant legislation and Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free circulation of such data (the General Data Protection Regulation or GDPR).
These data are processed by UCLouvain on the basis of the legal obligations incumbent on it and its public interest mission.
Who is responsible for processing your data?
The University of Louvain, based at Place de l'Université 1, 1348 Louvain-la-Neuve.
The university has appointed a data protection officer who can be contacted at: firstname.lastname@example.org.
What data do we collect?
During our various contacts with students, we may ask them to provide us with personal information.
These data include first name, surname, address, telephone number, identity card or passport number, email addresses, bank identification data, financial means, financial aid and transactions, professional activity, sex, date of birth, place of birth, marital status, identity photograph, nationality, immigration status, household composition, previous education and training, and matriculation number.
For what purposes do we use this data?
We process these data for the following:
- student administration
This includes creating a student record, allocating and managing intranet access and email addresses, organising educational activities (internships and exchanges), exams and tests, recording marks and deliberation results, calculating, billing and collecting fees, monitoring student courses, issuing degrees, certificates and attestations, managing admission applications, assisting students (granting financial aid, establishing grant levels, KAP, meal and syllabus allowances and language grants and payment spreads), managing course materials, degree follow-up and alumni network, organising specific events, creating files allowing us to inform them about university courses and various activities, fighting fraud, and managing entrance exams, litigation and student housing.
- managing campus life and well-being
This includes granting and managing culture cards and sport cards, managing university community or third-party organisation of on-campus social or cultural activities, managing university restaurants and campus buildings and offices
- health care services
This includes diagnosis, paramedical treatment, and assessment of current and future care.
- insurance management
This includes managing insurance for health, fire, accidents and other risks, work accidents and increased risks (processing covers various branches of insurance and data that relates to persons at increased risk, in order to avoid excessive risk and fraud).
- statistical needs
This includes any act relating to collecting and processing personal data necessary for the performance of statistical surveys or obtaining a statistical result.
- research and scientific activities
This refers to activities related to requests for grants or funding for a research project from a public or private funder or activities related to organising colloquiums, conferences, and debates.
How long do we keep data?
Personal data shall be kept for a period of time in accordance with the legal provisions or in accordance with the purposes for which they were collected.
Who is likely to have access to the data we collect?
Data access within the university
Administrative department employees have access to personal data only to the extent necessary to perform their jobs. Access to this data is based on individual and limited access authorisations. Persons with access are subject to a confidentiality obligation.
The following may have access to some of these data:
- Our subcontractors
They provide services on our behalf, such as managing phone calls, sending postal mail, making badges, printing documents, etc. Subcontractor access to data is on the basis of signed contracts mentioning the obligations incumbent on them with regard to protecting data security and confidentiality.
- Police, judicial and administrative authorities
Public authorities may have access to personal data where there is a legal obligation in this respect or to ensure the integrity of the property and persons within the University of Louvain.
- Académie de Recherche et Enseignement Supérieur (ARES), Conseil des Recteurs francophones (CRef)
These and other third parties (administrations, publishers, educational institutions, potential employers, etc.) may have access insofar as the university is legally obliged to provide it or to the extent that this transmission is considered useful to the expeditious provision of education or to the student’s professional career, in which case the academic authorities must have authorised it.
How is your data protected?
As the data processor, we implement appropriate technical and organisational measures in accordance with applicable legal provisions to protect personal data against tampering and accidental or unlawful loss, use, disclosure or unauthorised access. In particular, we:
- appoint a data protection officer;
- establish a unit dedicated to information system security;
- inform employees with access to personal data of confidentiality requirements;
- secure access to our premises and IT platforms;
- implement a general IT security policy;
- secure data access, sharing and data transfer;
- adhere to high data protection standards when selecting our subcontractors and partners.
What are the rights of students?
- Right of access to their personal data
This is the right to obtain confirmation that personal data concerning them are or are not processed and, when they are, the right to obtain access to such data.
- Right of rectification
This is the right to rectification of inaccurate personal data as soon as possible, and to have them completed if they are incomplete.
- Right to restrict processing
Subject to conditions provided for by applicable regulations, students have the right to restrict processing of their personal data.
- Right to object
Subject to the conditions provided for by applicable regulations, students may, for reasons relating to their particular situation, object to the processing of their personal data, when it is based on the public interest or the legitimate interest pursued by the university.
- Right to erasure
Subject to the conditions provided for by applicable regulations, students may request the deletion of their personal data.
- Right to portability
Subject to the limiting conditions provided for by applicable regulations, students may request to exercise their right to the portability of their data, i.e. the right to receive their personal data in a structured, commonly used format and the right to transmit this data to another processing manager.
How to exercise these rights?
In order to exercise these rights or for any questions relating to the protection of your personal data, contact email@example.com with as much specificity as possible as to the purpose of your request.