Last update: October 2022
Privacy is a highly important topic for the University of Amsterdam (UvA, we/us/our), and therefore the UvA handles your personal data with care. In this Privacy Statement we describe how personal data is processed in The Digital Learning Environment (DLE) and how the privacy of all users of the DLE is protected. It informs you of our privacy practices and security measures concerning the personal data we may collect from you when you use the DLE via website or Canvas apps.
In addition to this specific DLE Privacy statement, the UvA also has a general Privacy statement UvA Privacy Statement which explains the purposes and methods for processing personal data obtained through all the UvA website(s) (which also include(s) (canvas.uva.nl)
The most recent version of this Privacy Statement is dated: October 31st 2022 and replaces any previous version(s).
When you use our DLE - via the website or Canvas apps - we will process various personal data of you.
The UvA is responsible for processing your personal data within the meaning of the General Data Protection Regulation (‘GDPR’). The UvA is located at Spui 21, 1012 WX Amsterdam. Our postal address is PO Box 19268, 1000 WX Amsterdam.
Any questions about this privacy statement or about data that are processed in the UvA DLE you might have, can be emailed to firstname.lastname@example.org
2.1. Your personal data is any data directly or indirectly attributable to you. The personal data we may collect from you when you register as an employee or student and use the DLE may include your name, e-mail address, login name and password, unique identification number (SIS-ID and the LMS user ID, which is only used in Canvas and not in any other system), IP address, browser details (type of browser and browser version, desktop or mobile app), logging information and any information included in your communication with the UvA or uploaded by you through the DLE (including but not limited to inquiries and input on the discussion forum and documents provided).
2.2 If you are a student: We may also process the following data: student number, details of the courses followed, uploaded files, feedback on submitted work and study results.
2.3 If you are a (guest) lecturer and teaching assistant: We may also process the following data: details of the courses given and feedback on submitted work.
2.4 A synopsis of personal data that is processed in the different DLE tooling can be found in this overview of DLE tooling.
Other users of the DLE (students, teachers, support staff) that are enrolled in courses you are enrolled to have access to some of your personal data. This concerns data from your Canvas personal profile (https://canvas.uva.nl/profile):
Teachers of the courses you are enrolled in will also see your LoginId/SIS-ID.
You cannot change your display name or your primary email address
The UvA will only process your personal data in the context of the use of the DLE, more specifically for the following purposes:
4.1. We process your personal data on the basis of 'Public Task ' (article 6.1 (e) GDPR). This means that processing your data is necessary for the performance of a task of the University of Amsterdam carried out in the public interest (article 6.1 e GDPR), i.e. providing and managing (online) education.
5.1. Your personal data may be accessed by our employees or other persons engaged on our behalf on a need-to-know basis only, such as lecturers, study counsellors,policymakers and administrative personnel. You may make certain additional information available within the DLE and for certain participants, for example by participating in group discussions. The UvA may also instruct trusted third parties to perform services in respect of processing your personal data on our behalf. With such service providers we have concluded data processing agreements to ensure that your personal data is processed carefully, securely and in accordance with GDPR. Our processing agreements also stipulates that the service provider (processor) and its subcontractors (sub‐processors) may never process the personal data for their own purposes and may only act in accordance with instructions of the UvA.
5.3. When you use our external plug-ins or social media buttons within the DLE environment, your personal data may be shared with the respective provider of such plug-in. You can find an overview of possible plug-in providers via https://canvas.uva.nl/profile/settings under “webservices”. Please note that the plug-in providers may process your personal data for their own purposes and may therefore qualify as data controllers. Neither UvA nor Instructure is responsible for the data processing activities carried out by these parties when acting as a data controller. We advise you to check out their respective privacy policies.
6.1. For each application that’s being added to the UvA UvA DLE, including any significant change of the current UvA DLE applications, the applicable privacy & security procedure has been executed. Within this procedure the privacy- and security risks and the needed measures are identified by different roles (like the privacy officer, security officer, representatives of the Works Council and the Students Council) and the technical and organizational measures to safeguard your personal data are implemented.
6.2. We have implemented technical and organizational measures to safeguard your personal data. These measures include, among others:
For more information about UvA’s privacy & security procedure (IB&P and DPIA):
UvA students go to: https://student.uva.nl/en/content/az/privacy/privacy.html
UvA Employees go to: https://medewerker.uva.nl/en/content-secured/az/privacy/privacy.html
We will process your personal data for as long as necessary for the purposes as stated in this Privacy Statement. The personal data shall not be kept for longer than is necessary for the purposes as stated in this Privacy Statement, in accordance with the applicable data protection laws, unless you have submitted a reasonable and valid request to delete your personal data.
On the basis of the current GDPR, you have the right ‐ subject to certain conditions ‐ to access the personal data that we process, to correct your personal data if it contains factual inaccuracies, to have your personal data deleted, to limit the processing of your personal data, and to object to the processing of your personal data.
If you wish to exercise any of these privacy rights, you can contact the Privacy team via: email@example.com
To be able to deal with your request, you will be asked to provide proof of identity via e.g. your UvA e-mail address.