For best experience please turn on javascript and use a modern browser!
Bekijk de site in het Nederlands

Privacy Statement

This Privacy Statement sets out how the University of Amsterdam (hereinafter: ‘UvA’, ‘we’ or ‘us’/'our') processes your personal data which you provide to us or which we obtain through our website(s).

We have drawn up a separate privacy statement for UvA alumni. The Alumni Privacy Statement  explains how and why the University of Amsterdam processes personal data for the purpose of contacting alumni.

This Privacy Statement was last amended 16 August 2021. We may amend this Privacy Statement from time to time.

1. About the UvA

The UvA is the party responsible for processing your personal data (the 'controller') within the meaning of the General Data Protection Regulation (‘GDPR’).

The UvA is located at Spui 21, 1012 WX Amsterdam. Our postal address is PO Box 19268, 1000 WX Amsterdam. Any questions you might have can be emailed to 

The UvA has appointed a data protection officer (‘DPO’). The DPO’s email address is

2. What personal data do we process?

This Privacy Statement provides information on the processing of personal data of prospective students, students, parents of students (or of prospective students), survey or study participants if the data is not being obtained from the data subjects themselves, and visitors to our websites. ‘Prospective student’ is taken to mean anyone signing up for one of our orientation activities (such as an open day, workshop or study choice route) and anyone who has already enrolled on a study programme but has not yet started. Consider in this regard contact details, data on enrolment and attendance and website use. We also use cookies (after seeking your consent, if required). Further information on this can be found in our cookie statement.

Amongst other things, we process the following personal data from students (or prospective students):

  • name and address;
  • telephone number, email address;
  • date of birth, sex;
  • bank and payment details (of students/prospective students or their parents, as appropriate);
  • study choice, academic progress and other study-related data;
  • any personal experiences in the event of the student (or prospective student) consulting a study advisor;
  • log-in credentials (such as UvAnetID and IP address).

Amongst other things, we process the following personal data from visitors to our websites:

  • website visit and use;
  • IP address;
  • duration and time of visit to the website;
  • use of social media.

Within the compass of surveys or scientific research we may, in addition to the above, process additional personal data for each survey or study. The nature and scope of the personal data can vary in these cases; further information on this will accompany the survey or study concerned.

3. For what purposes do we process personal data?

We process personal data for the purposes of our service provision, within the framework of education and research, and in order to comply with statutory obligations.

Personal data supplied by students (or prospective students) is processed for the following purposes:

  • registration for the purposes of education;
  • to provide education (including online education) and organise examinations (including online examinations);
  • administrative purposes, to enable courses to be attended and the payments for these to be collected;
  • to process requests for information about study programmes or publications;
  • to provide study choice support;
  • to monitor study progress;
  • to provide study counselling;
  • information purposes;
  • to provide (more detailed) updates on current developments, conferences, seminars, etc.;
  • to email newsletters, invitations to participate in (student) surveys, information on your student account, your study status and other   (necessary) information from the UvA;
  • to insure students;
  • to prevent and investigate suspected plagiarism and fraud and to take measures (including legal measures) if a violations are confirmed;
  • the continuous improvement of the quality and accessibility of teaching by, among other things, conducting (statistical) research and carrying out and processing surveys and their results; and
  • the recommendation for a membership, prize or nominations,

The personal data supplied by visitors to our websites is processed for the following purposes:

  • to compile user statistics;
  • to promote security and improvement of our websites; and
  • to improve our services.

Within the compass of surveys or academic research, personal data is processed for the purposes of the survey or study concerned. Further information on the way in which personal data is processed will accompany the survey or study concerned.

4. Grounds for processing personal data

In order to be allowed to process your personal data, there must be a legitimate basis for doing so as set out in the GDPR. In the case of the UvA this legitimate basis will be – depending on the type of personal data concerned – performance of an agreement, a legal obligation, a legitimate interest or consent. If you do not provide certain personal data, you may not be allowed to attend any course of education, conduct research or benefit from all website functionality.


We need to process personal data for the purposes of fulfilling certain contractual obligations. Examples include processing personal data in connection with agreements between the UvA and a contract student, or in connection with an authorisation to collect tuition fees. 

Legal obligations

We need to process (and, in particular, save or hand over) certain personal data pursuant to such legislation as the Higher Education and Research Act, General Administrative Law Act, Higher Education and Research Funding Regulation and tax law.

Legitimate interest

We have an interest in being in a position to carry out certain surveys or research, to safeguard the quality of education and to provide information. On the grounds of these interests, we will process your personal data unless your privacy interests outweigh our interests. For that reason, we sometimes carry out surveys in the public domain with personal data being processed, carry out student satisfaction surveys and keep a record of your use of the website.


If none of the aforementioned bases for processing apply, then we will request your consent to process certain personal data. An example of a situation for which we could ask for your consent is issuing your personal data to an insurer and to a university abroad, within the compass of an exchange project. You are free to withdraw your consent at any time. 

5. To whom does the UvA issue personal data?

The starting point is that your personal data are only used by the UvA. In a number of cases, we do share your personal data with other parties.

These other parties can be divided into the following categories.

Government agencies

Sometimes we are required by law or a court forces us to share personal information with other government agencies. Examples include the Tax Authorities, the Education Executive Agency (DUO), the criminal investigation department or a supervisor. The UvA is careful in providing personal data and only provides those personal data to which it is legally obliged.

Other educational and research institutions

The UvA can share your personal data with other educational and research institutions when this is necessary for providing education or doing scientific research. For example, think of a study programme that is carried out in collaboration with another institution (a joint degree), an exchange programme and collaborations in the context of scientific research. The UvA formalises the processing and security of personal data through agreements with these parties.

Third parties

Finally, the UvA shares personal data with third parties to support the performance of its duties. You can think of a software supplier, an administration office or other service providers who need personal data to deliver their services. Furthermore, think of third parties involved in appointments, nominations and awarding prizes. The UvA formalises the processing and security of personal data through agreements with these parties.

6. Processing personal data outside of the EU

The UvA will endeavour to process your data solely within the European Union (‘EU’) by saving your data on a server located in the EU wherever possible. Sometimes this will not be possible, e.g. if we supply data to a university outside of the EU after obtaining your consent. 

When we enlist the services of data processing firms, we stipulate that they must save personal data on servers located in the EU. To the extent that this is not possible, we take the requisite measures to provide a suitable level of protection to ensure that your personal data is secure.

7. Your rights with regard to personal data

You are entitled, under certain circumstances, to access any personal data processed by us or to have it corrected or deleted or restrict its processing. Sometimes you can also lodge an objection or request a transfer of your personal data. To submit a request to us in this respect, please contact us by sending an email to If in doubt about your identity, we are entitled to ask you to provide proof of your identity first.

Access and correction

If you wish to know whether we are processing your personal data or would like to amend your personal data, please get in touch with us. 


Under certain circumstances, the GDPR allows you to have personal data erased. We will assess whether it is possible to implement such a request: in some cases we will have to retain your personal data, e.g. to comply with a statutory obligation, to facilitate education or (as a one-off action) to see to it that you will no longer receive messages from us.


You are entitled to contact us with a request to restrict the processing of your data if you think that your personal data is incorrect, the processing of it is unlawful, you require it for legal action or you have objected to it being processed.


if we process your personal data on the basis of a legitimate interest, then you can object to further use of your personal data on the grounds of your specific reasons.

Objection to receiving messages

If you no longer wish to receive email messages or any other electronic messages from us, then you can deregister for these by clicking on the unsubscribe button in an email message received from us. You can also deregister by contacting us. 

8. How do we secure your personal data?

We have taken appropriate technical and organisational measures to prevent loss or unlawful processing of personal data. For example, your personal data can only be viewed by staff authorised to view it on the grounds of their role.

9. How long do we keep your personal data?

We will not keep your personal data for longer than is necessary for the purposes for which we use it. We are required by law to keep some data for a certain period of time.

For example, it could be that after you have completed a course of study we have to keep certain personal data for administrative purposes or due to a legal obligation. Wherever possible, we will pseudonymise or anonymise your personal data to the fullest extent possible. 

10. Questions and complaints

If you have any questions on the way in which we process your personal data, please let us know by sending an email to We will be happy to help.

If you believe that your personal data is being processed in breach of the GDPR, you can submit a complaint to the DPO by sending an email to The DPO is the link between the UvA and the external regulatory body (the Dutch Data Protection Authority). The DPO acts independently and can consult with or seek advice from the Dutch Data Protection Authority regarding your complaint.

If you disagree with the outcome of the DPO’s handling of your complaint, you can submit a complaint to the Dutch Data Protection Authority directly. The Dutch Data Protection Authority will handle the complaint or request and make a decision on it.