Privacy statement

We use various cookies on our website. Cookies are small pieces of information that are stored on your computer during a visit to a website. Some cookies are necessary for the proper functioning of a website, whereas other cookies collect personal information. Cookies from ste.nl are safe for your PC, laptop, phone or tablet.

Functional cookies
We use cookies to ensure a pleasant user-experience and a fast operation of our website.

Analytical cookies
These cookies provide us with an insight into the use of our website. To this end, we use cookies for Google Analytics and Google Tag Manager. The use of analytical cookies does not affect the privacy of visitors. The website can be tested based on the data that has been obtained. This, for example, enables us to detect errors and inconveniences, test improvements and optimise user experience.

Deleting or disabling cookies
The functional cookies of ste.nl are automatically removed when you close your browser. Other cookies remain longer but can be removed or disabled via the browser settings. Note, however, that doing so may impair the functionality of the website.

Article 1. General provisions and definitions

1.1 Unless explicitly stated otherwise below, the terms used in these rules have the meaning attributed to them in the Data Processing Agreement (Algemene vordering Gegevensbescherming AVG)

1.2 Personal data
Any item of information relating to an identified or identifiable natural person.

1.3 Processing of personal data
Any operation or any set of operations concerning personal data, including at the minimum, the collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, erasure or destruction of data. 

1.4 Data Processor
The natural person, legal entity, administrative body or any other entity which, alone or in conjunction with others, determines the purpose of and the means for processing personal data. 

1.5 Processor
The person or body which processes personal data for the responsible party, without coming under the direct authority of that party.

1.6 User of personal data
Any person authorised to process personal data, whether as an employee or in any other capacity.

1.7 Data subject
The person to whom the personal data relate

1.8  Customer
Any natural person or legal entity that has awarded STE Eindhoven / STE Languages a contract for services.

1.9 Third party
Any party other than the data subject, the responsible party, the processor, or any person under the direct authority of the responsible party or the processor, who is authorised to process personal data. 

1.10 Consent of the data subject
Any freely given, specific and informed expression of will, whereby data subjects agree to the processing of personal data relating to them. 

Article 2. Scope

2.1 These rules apply to all instances of personal data processing at STE Eindhoven and STE Languages; located at the Aalsterweg 3, 5615 CA, Eindhoven.

Article 3. Purpose of personal data processing

3.1 STE Eindhoven / STE Languages processes data for the following purposes:

  • To communicate with course participants in connection with the Inburgering (civic integration) course agreed upon;
  • To exchange data with the DIENST UITVOERING ONDERWIJS (DUO) concerning exams and diplomas for the purposes of the
  • Integration Seal of Approval (Keurmerk Inburgeren);
  • To exchange data with the organisation conducting the satisfaction survey for purposes of the Integration Seal of Approval;
  • To report and render account to the customer;
  • To comply with statutory obligations (for example tax laws and social security legislation).

3.2 Personal data will not be processed in any manner that cannot be reconciled to the purposes for which they were obtained.

Article 4. Processed data

4.1 Only the following data will be processed:

  • General personal data such as address, phone number, e-mail address, gender, company name, date of birth
  • Data concerning the data subject’s nationality, country of birth and identification details (BSN number for DUO students);
  • Data concerning benefits, education, work and language skills;

Article 5. Personal data processing

5.1 The data processor can be held liable for the proper functioning of the method by which the personal data are processed and for compliance with the provisions set out in these rules. The actions of the responsible party in connection with the personal data processing and the provision of data are determined by these rules.

5.2 The data processor will take appropriate measures to ensure that the data recorded are correct and complete. The responsible party will also arrange for appropriate technical and organisational facilities to secure the personal data against loss or impairment and against unauthorised access, modification or provision.

5.3 Personal data will be processed, if processing is necessary for purposes of the performance of an agreement to which the responsible party is a party, or in order to fulfil a statutory obligation to which the responsible party is subject

5.4 The processing of data pertaining to ethnicity and health requires particular attention. Data pertaining to ethnicity and health are processed with the explicit consent of the data subject.

Article 6. Access to the personal data

6.1 Employees only have access to the personal data insofar as is necessary for the purposes of carrying out their duties and as set out in their job descriptions.

6.2 Any person who has access to the personal data is bound by an obligation of confidentiality in respect of the data of which he or she has become aware, based on that access.

6.3 Third parties whose services have been engaged by STE Eindhoven / STE Languages to carry out work have access to the processed personal data insofar as is necessary for the purposes of carrying out their duties and are bound, pursuant to a contractual agreement, to the obligation of confidentiality.

Article 7. Protection of the personal data

7.1 Personal data will be treated with care. For this purpose, the data will be protected.

7.2 The data processor will draw up rules for the protection of the personal data. This information can be found in the security policy.

Article 8. Provision of personal data

8.1 Personal data may only be provided to third parties with the data subject’s consent, unless that provision is necessary for purposes of a statutory requirement.

8.2 Should a student (data subject) be enrolled for a training course by their employer, his or her personal details and achieved results will be made available to their employer.

Article 9. Access to recorded data

9.1 The data subject is entitled to access and receive a copy of the data concerning his or her person. The data subject can change their personal data on the Portal at www.ste.nl and request an overview of the personal data held.

9.2 Requests as pertaining to Article 9 will be granted within four weeks after the request has been received.

9.3 The right to access the data is only afforded to the data subject or a party authorised by the data subject. The data subject or the party authorised by the data subject must be able to present a valid identification document.

9.4 The data processor may refuse to comply with a request as pertaining to Article 9, insofar as such is necessary for purposes of protecting the rights and liberties of others or of preventing, detecting or prosecuting criminal offences.

9.5 Fees may be charged for supplying and sending copies of the data. The amount of such fees is laid down in the Dutch Fees for the Rights of Data Subjects (Personal Data Protection Act) Decree (Besluit kostenvergoeding rechten betrokkene WBP), which is attached as Appendix 1.

Article 10. Adding to, correcting or deleting recorded data

10.1 On request, the recorded data will be expanded to include a statement issued by the data subject relating to the recorded data.

10.2 In the event that any data are factually incorrect, incomplete or irrelevant for the purpose of processing or contrary to a statutory requirement regarding processing, the data subject should submit a written request to the data processor, asking that the data be rectified, supplemented, deleted or blocked. The data processor will not decide on such requests before having heard the officer who collected the data or the person succeeding or deputising for that officer.

10.3 The data processor will notify the requesting data subject in writing and within four days after having received the request, whether the request will be granted, and if so, to what extent. Any refusal will include the reasons for that refusal.

10.4 Data will not be deleted insofar as they must be retained pursuant to a statutory requirement.

10.5 The data processor will ensure that a decision to supplement, correct or delete data is carried out at the earliest possible date.

10.6 If data are deleted, a statement will be included in the remaining data to the effect that data have been deleted at the data subject’s request.

Article 11. Right of objection

11.1 If data are processed in connection with the aim of bringing about or maintaining a direct relationship between the responsible party or a third party and the data subject for acquisition for commercial or charitable purposes, the data subject must have given his or her explicit consent for his or her data to be processed in this manner. The data subject may at all times register an objection with the responsible party, free of charge.

11.2 If an objection is registered, the responsible party will take measures to terminate this form of processing without delay.

Article 12. Retention periods

12.1 Personal data will not be retained in a form that enables identification of the data subject for longer than is necessary for purposes of realising the objectives for which they were collected or subsequently processed.

12.2 Unless stated otherwise, the retention period will end two years after the most recent communication with the data subject.

12.3 After the agreement entered into with the customer ends, all information and data that can be traced back to the natural person, will be deleted two years after the services provided to the customer have ended. Any data needed in connection with the statutory retention obligation will remain on file for seven years. Those data cannot be traced back directly to any particular person.

Article 13. Complaints

13.1 If the data subject is of the opinion that any violation of the provisions set out in these rules has occurred or if he or she has any other cause for complaint, he or she must contact the responsible party.

13.2 The responsible party will deal with the complaint in accordance with the prevailing complaints procedure.

Appendix 1: Dutch Fees for the Rights of Data Subjects (Data Processing Agreement) Decree

(Algemene verordening Gegevensbescherming AVG)

The data subject may submit a request to the data processor at the reintegration agency to enquire whether any personal data has been processed, and if so, which data. The fee payable to cover the costs of such a request is €0.23 per page, with a maximum of €4.50 per request. If the data are provided in another form apart from hard copy, the responsible party may charge a reasonable fee. However, the maximum fee that may be charged is €4.50.

Deviation from this rule is possible by charging a fee of up to €22.50 if the copy of the data comprises more than one hundred pages, or if the notification is very difficult to obtain and the nature of the processing means that it would take a disproportionately large amount of time, for example if parts of data are still stored in an old information system or if the data are only available using back-up procedures; in short, the effort required must be disproportionately great.

The responsible party may charge a reasonable fee to cover the costs of handling an objection as described in Article 10 of the Privacy Rules. However, the maximum fee that may be charged is €4.50.