Privacy Statement STC-Group
According to the GDPR this Privacy Statement informs to what extend STC BV and affiliated companies of the STC Group, such as STC International, STC NESTRA STC- KNRM and STC Events (hereafter: STC) protects and processes personal data and gives insight to your rights.
STC is committed to protect your entrusted personal data and to ensure that your data is safe and secured with us. We process personal data only in accordance with the provisions of the General Data Protection Regulation.(EU 2016/679)
According to the GDPR, STC is to be regarded as the designated institution responsible for processing (special) personal data for (prospective) course participants, course participants, employees and other business relations associated with STC.
The Data Protection Officer of STC has been notified to the Dutch Data Protection Authority (Dutch DPA). This way STC ensures that processing of personal data by STC Group is in accordance with the privacy regulation.
Processing of personal data
Personal data, including sensitive personal data, may be requested by STC and processed for the following purposes. Following data may be, among others, the following:
- Name and address, date and place of birth, photo, IBAN
- Diplomas and certificates, previous educations,
- Course data, study data and study progress
- Other statutory personal
- Personal data or special personal data that will be necessary for issuing certificates which are required by the
- Other statutory personal data based on specific Dutch legislation, among are
- the Dutch Education and Vocational Education Act (WEB)
- Tax Act (Belastingwet BES),
- Compulsory Identification Act (wet op identificatieplicht)
Purposes of processing personal data
STC Group processes personal data for the following purposes:
In relation to Participants, students and other relations:
- Registration of prospective participants / participants and the registration of participants or students at STC for courses and
- Processing of study results, study progress and other relevant
- Handling of requested (course) information or publications;
- Processing and carrying out assignments from our clients, including hospitality activities of STC Events;
- Provision of information including contemporary developments of STC, including meetings Public relation activities and marketing;
- Acquisition of business
Regarding our (prospective) employees we process data for the following purposes:
- Recruitment and selection of employees;
- commissions of employees at STC Group and affiliated organizations to the STC Group;
- for improvement of functioning of employees. Of the STC Group as a
On general level:
- Handling of inquiries and complaints;
- security and improvement of our websites;
- monitoring the reputation of STC Group and affiliated organizations to the STC Group.
Personal data are solely used for the purposes mentioned. For other purposes, explicit permission is requested and will be requested.
Rights of stakeholders (data subject)
According to the GDPR, you as the owner of personal data (data subject) one have specific rights. These rights are:
- Right of access: A request may be submitted to receive a statement of the personal data processed and managed by STC;
- right to rectification: In case STC misuses personal data, it may be asked for correction, subject to legal and technological limitations restrictions;
- right to erasure (right to be forgotten): The data of the data subject are to be deleted from the STC files within technological and legal limitations to this as stated in, for example, the Archives Act;
- right to data portability: A request can be made by the data subject to transfer personal data to a personally indicated
Requests for this may be addressed to the Data Protection Officer of the STC organization by submitting an email to firstname.lastname@example.org.
Provision of personal data to third parties
For the processing of personal data, STC BV can make use of a third-party service provider that act as processor exclusively on behalf of and for the benefit of STC BV. Those third party service providers act on basis of a special processing agreement construed for that purpose. No personal data will be provided to other parties outside these, unless required to do so by specific legislation. Together with potential third processing parties, STC ensures the appropriate organizational and the technical security of personal data. By this manner, STC ensures that this information is only accessible to persons who are authorized to do so by virtue of their function or task. The data itself is solely used for the purposes for which this was obtained and on a legal basis. STC ensures that the storage, management and processing of personal data takes place within the European Union.
Procedure to report data leaks
If there is an indication that personal data of (prospective) course participants, – course participants, employees, other business relations or STC employees are accessible to unauthorized persons or if there is even a suspicion about this, we kindly ask you to report this directly via the general number of the relevant STC location or at the service desk of that location. This ensures of following the internal procedure for analyzing, resolving and possibly reporting to the Dutch DPA of the data incident.
Camera surveillance at buildings
STC protects the safety and property of all its participants, employees and visitors through, among other things, camera surveillance in the buildings. The images from these cameras are automatically destroyed after 72 hours.
Online media monitoring and webcare
STC uses Obi4Wan B.V. its services for online media monitoring and webcare. Our purposes are to provide information to parties making requests through social media and monitor the reputation of STC. Required services are conducted with a third party, online search engine that searches public data from sources like Facebook, Twitter and other social media like blogs, news sites and forums. This is conducted under the name of our organisation and associated entities such as ‘STC Group’ or ‘STC mbo college’. Obi4Wan is responsible for the data protection as a processor of personal data.
WhatsApp, Twitter DM and Facebook Messenger
Through WhatsApp, Twitter DM and Facebook Messenger requests for information to STC may conducted. These channels are not used for sending messages simultaneously. Therefore there is no “spamming” from STC-side. STC stores conversations and associated personal data with the purpose of reacting as adequate as possible in requests. STC can store conversations for a maximum of 6 months for use for training, coaching and evaluation purposes.
Newsletters and e-mailings
Unsubscribe newsletters and e-mailings
You have the possibility to unsubscribe from newsletters and e-mailings at any time. Click on the ‘unsubscribe’ link at the bottom of the e-mail.
Cookies are being used on our websites. Cookies are small text files stored on your computer, tablet or phone when you visit a specific web page. If and insofar as STC Group processes personal data (such as an IP address), STC Group complies with GDPR and Netherlands legislation.
Functional cookies provide more user-friendly websites and can be placed without permission. By placing functional cookies, STC Group ensures that you are recognized on a subsequent visit to our website, track web statistics and resolve any errors. These types of cookies make your (next) visit to our websites easier and more efficient. Functional cookies are stored for a maximum of 1 year.
Analytical cookies are used to improve our websites based on the behavior of visitors. With the information obtained we can see, among other things, which parts of the websites are viewed (less) well. This way STC ensures that these parts can be found easily or better. Some analytical cookies may be placed without permission. Explicit permission is required for other analytical cookies. Analytical cookies are stored for a maximum of 26 months.
STC Group uses Google Analytics to keep track of how users access and use our websites and therefor has a processor agreement with Google for this purpose. This ensures that we can adapt and improve our websites. Your data will be shared in an anonymous form to analyze with Google Analytics.
When sharing your data, part of your IP address will be withheld by us for your privacy. This means that your data can not be traced back to you and also not used by third parties. The ‘Data sharing with Google Analytics’ feature is also turned off.
It is possible to delete manually or automatically cookies via your internet browser. It is also possible to set your internet browser in such a way that you receive a message. when a cookie is placed. Another possibility is to indicate that certain cookies may not be placed. For this option, view the help function of your browser.
For any inquiries about privacy on our online communication channels please address these to email@example.com.
for PR purposes, STC uses photos and videos on its websites and other social media channels. STC carefully handles the interests of those involved. Our aim is never to use visual material which persons are recognizable unless explicitly asked permission from the data subjects. Even with our utmost carefulness, it might be possible that images have been uploaded without permission. In those cases, please contact us via firstname.lastname@example.org.
The personal details of students and employees are stored in accordance with statutory guidelines or by STC for storage periods.
STC reserves the right to make changes to this Privacy Statement. More information about privacy, working with personal data and information security is found on the website of the Dutch Data Protection Authority (Dutch DPA)
Questions, feedback or complaints
STC appreciates questions and feedback regarding this privacy statement. In case there is the opinion that this privacy statement does not comply or that there is a complaint about the use of personal data, a request can be made to use the legal rights as data subject. These may communicated directly to the functional data protection officer via the address: email@example.com.
In addition, there is always the possibility to submit a complaint to the Dutch Data Protection Authority via the website of the AP.