Ghent University privacy statement
This privacy notice applies to the processing of personal data by Ghent University.
Who is the data controller?
Ghent University, legally represented by its Rector, will in most cases act as the (final) responsible party for the processing of personal data at Ghent University. However, in certain cases, Ghent University can also act as a joint controller or as a processor. If this is the case, it will be specified on, for example, the website of the project or service, in the information letter, in the registration form, etc.
For questions, comments or suggestions about the various rights and obligations in the field of privacy or if you believe that your personal data is being processed unjustly and/or incorrectly by Ghent University, please contact the Data Protection Officer of Ghent University.
Contact
Hanne Elsen
University Services - Governance, Legal Affairs and Compliance, Sint-Pietersnieuwstraat 25, 9000 Ghent
+32 9 264 95 17
What personal data is processed?
In the links below you will find more information per category about which personal data Ghent University collects and processes.
|
It is possible that Ghent University processes the following categories of personal data (not exhaustive): - Personal identification data: name, address, place of residence, bank account number, telephone number, date of birth, gender, e-mail address, etc. - Interaction data: cookies, IP address, surfing and clicking behaviour, etc. - Visual material: videos, photos... - Information about the study programme and training: study choice, study progress, study results, etc. Data collected in the context of scientific research |
Why does Ghent University process personal data?
Ghent University ensures that the processing of personal data is limited to the intended purpose. This also applies if, in certain circumstances, personal data that has already been collected is further used to support Ghent University's core tasks (research, education and public service).
Ghent University processes personal data mainly to achieve the following purposes: educational matters, research matters, personnel matters and business operations.
|
Educational matters In order to be able to carry out its education mission and to provide high-quality education to all Ghent University students, Ghent University processes personal data of (prospective) students who wish to follow a course or training at Ghent University and therefore (re)enrol and register (online). |
Research matters Research is an important pillar of Ghent University. The results of scientific research have an impact on society at large, give new impulses to education and lay the foundation for a progressive knowledge society. In the context of scientific research, researchers affiliated with Ghent University can collect, process, analyse and manage personal data. Depending on the nature of the research, this may also concern sensitive or special categories of data (e.g. medical data, ethnicity/race, data relating to personal or sexual life, etc.). |
|
Staff matters Personal data is processed at Ghent University for the organisation of personnel matters such as job application, recruitment and selection, payroll administration and career guidance of Ghent University employees. |
Business operations At Ghent University, various processing of personal data is carried out in the context of business operations, such as keeping the financial administration, managing contacts and contracts with service providers, ensuring the safety and health of students, staff and visitors, managing access to the buildings of and around Ghent University, being able to implement and improve policy, of organizational analyses, management reports and audits, providing careful dispute resolution and complaint handling, etc. |
Who has access to personal data?
The personal data processed by Ghent University are not freely accessible. Only certain employees of Ghent University have access to your personal data on a strict need-to-know basis. The consultation is therefore only possible if this is necessary for the performance of their duties and only for the purposes stated in this privacy notice. In addition, the Generic Code of Conduct commits all persons who process personal data or confidential information in the context of activities that fall within the scope of Ghent University to very clear and strict principles. For example, the Code of Conduct states that the level of detail of the personal data may not exceed and the retention period may not exceed what is necessary to achieve the intended purpose, both for manual and ICT applications.
Ghent University ensures that personal data are not passed on to third parties, unless the data subject has explicitly consented to the transfer, there is a legal basis or obligation, the processing is necessary in the legitimate interests of Ghent University or a third party, or if this is necessary to be able to execute an agreement with the data subject.
When Ghent University gives an assignment to an external partner or collaborates with external partners and personal data may be processed, it will be contractually guaranteed, among other things, that this external party will also handle the personal data that may have been provided in a lawful, confidential and careful manner.
Retention periods
Personal data will not be used by Ghent University for longer than necessary for the purpose of the processing and will not be kept longer than necessary. Specific retention periods per processing are kept internally in the register of processing activities.
How is personal data secured?
IT security is a necessary condition for the protection of personal data. Ghent University therefore takes appropriate technical and organisational measures to guarantee the confidentiality, integrity and availability of personal data.
This is reflected in Ghent University's modular information security policy. This policy is based on the internationally recognized standard for information security ISO/IEC 27001 and includes policies, guidelines and procedures. The policy is supplemented and updated on a regular basis. In addition, based on risk analyses, checks and audits are carried out on selected applications or processing.
In the event of an unforeseen incident involving your personal data, Ghent University will always inform you in accordance with the legal provisions.
What rights does a data subject have in the context of the processing of his or her personal data?
Ghent University considers it important that you retain control over the processing of your personal data. Below you will find more information about the various rights you have with regard to the processing of your personal data.
|
Right of access You have the right to inspect all personal data that we process about you. You can also request a copy of this data. This right is not absolute; the rights and freedoms of others must be taken into account when assessing the right of access. |
Right to rectification If the personal data we hold of you is inaccurate or incomplete, you have the right to have this information corrected or, in view of the purposes of the processing, completed. |
|
Right to restriction of processing In a limited number of cases, you have the right to restrict the processing of your personal data. This means that the personal data may only be stored by us and may only be processed for limited purposes. |
Right to data portability As a data subject, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format or to have it transferred to another controller.
This right to data portability can only be exercised if three conditions are met simultaneously: - the processing takes place on the basis of consent or an agreement; - it is an automated processing (not paper documents); - the data subject has provided the personal data himself. |
|
Right to object If you are of the opinion that your personal data should no longer be processed due to your particular situation, you can object to such processing. The right to object can only be exercised if the processing is based on 1) the legitimate interest of Ghent University or a third party or 2) the performance of a task necessary in the public interest or public authority. |
Right to ask to be 'forgotten' if a number of conditions are met You have the right to request that your personal data be deleted if these personal data are no longer necessary for the purposes for which we collected them, if there are no legitimate grounds for storing your data or, if Ghent University is processing your data unlawfully. Where any of these circumstances apply, we will delete your personal data immediately, unless legal obligations or administrative or court orders prohibit us from deleting your personal data. |
|
Right to withdraw his/her consent at any time If the processing of your personal data is based on prior consent, you can withdraw this consent at any time. |
The right not to be subject to automated decision-making You have the right not to be subject to fully automated decisions. These are decisions that, without human intervention, can significantly affect the data subject or have legal consequences. |
Depending on the processing and the legal basis of that processing, certain conditions or restrictions may be linked to the exercise of the above rights.
How can you, as a data subject, exercise these rights?
To exercise the above mentioned rights, or information about them, you can contact the relevant functional domain or the data protection officer (DPO) of Ghent University by e-mail via privacy@ugent.be. We will also provide you with more information about any modalities linked to your request. We may also ask you for proof of identity so that your personal data is not shared with anyone who has no right to receive it.
If you cannot reach a solution together with us, you also have the right to file a complaint with the Flemish Supervisory Commission or the Data Protection Authority.
Responsibilities of data subjects
In addition to the rights that data subjects can exercise under the General Data Protection Regulation (GDPR), students, lecturers, staff and other data subjects also have some responsibilities in the context of the protection of personal data. These obligations contribute to the careful handling of personal data within Ghent University.
The University requests all data subjects to be aware of the responsibilities set out below, to jointly ensure compliance with the Privacy Statement.
|
Accuracy of provided data Data subjects are obliged to provide correct, up-to-date and complete personal data when requested by the university, for example in the context of enrolment, employment relationships or use of university facilities. Data subjects are also responsible for reporting relevant changes to their personal data (including name, address, contact details and payment information) to the University in a timely manner and on their own initiative. |
|
Security of personal access data Data subjects are responsible for adequately securing their personal accounts, login credentials, and systems that provide access to personal data; by, among other things, periodically changing their passwords. Unlawful use or loss of means of access must be reported without delay. |
|
Obligation to report (suspected) incidents involving personal data If a data subject becomes aware of a (possible) incident involving personal data, he or she is obliged to report this immediately to the Data Protection Officer (DPO) of Ghent University via privacy@ugent.be. |
Protocols and authorisations
Here you can consult an overview of the protocols and authorisations that Ghent University has. These protocols authorize Ghent University to process, request and exchange data with specific other parties. For access to personal data and the exchange of personal data between various competent authorities, Ghent University needs a general/individual authorisation or a protocol (between authorities). You can find out how the protection of your data is legally regulated in the authorisations and protocols.
Changes to the Privacy Notice
This privacy notice may be amended in order to continue to comply with the applicable regulations.
This privacy notice was last modified on: 12/11/2025.