Last update: October 2022
Privacy is a highly important topic for the University of Amsterdam (UvA, we/us/our), and therefore the UvA handles your personal data with care. In this Privacy Statement we describe how personal data is processed in The Digital Learning Environment (DLE) and how the privacy of all users of the DLE is protected. It informs you of our privacy practices and security measures concerning the personal data we may collect from you when you use the DLE via website or Canvas apps.
The DLE consists of the Learning Management System (LMS) Canvas and a number of applications and tools linked to Canvas or standalone. Canvas is the central core system of the digital learning environment. The DLE is used by students, teachers and staff to follow and support digital learning activities at the UvA. The DLE facilitates and enriches UvA 's educational processes, allows you to co-operate and communicate with other users, and access and share (course) content. You can read more about your rights and obligations concerning your use of the DLE in our Terms of Use and ICT code of conduct.
In addition to this specific DLE Privacy statement, the UvA also has a general Privacy statement UvA Privacy Statement which explains the purposes and methods for processing personal data obtained through all the UvA website(s) (which also include(s) (canvas.uva.nl)
The most recent version of this Privacy Statement is dated: October 31st 2022 and replaces any previous version(s).
When you use our DLE - via the website or Canvas apps - we will process various personal data of you.
The UvA is responsible for processing your personal data within the meaning of the General Data Protection Regulation (‘GDPR’). The UvA is located at Spui 21, 1012 WX Amsterdam. Our postal address is PO Box 19268, 1000 WX Amsterdam.
Any questions about this privacy statement or about data that are processed in the UvA DLE you might have, can be emailed to icts-servicedesk@uva.nl
2.1. Your personal data is any data directly or indirectly attributable to you. The personal data we may collect from you when you register as an employee or student and use the DLE may include your name, e-mail address, login name and password, unique identification number (SIS-ID and the LMS user ID, which is only used in Canvas and not in any other system), IP address, browser details (type of browser and browser version, desktop or mobile app), logging information and any information included in your communication with the UvA or uploaded by you through the DLE (including but not limited to inquiries and input on the discussion forum and documents provided).
2.2 If you are a student: We may also process the following data: student number, details of the courses followed, uploaded files, feedback on submitted work and study results.
2.3 If you are a (guest) lecturer and teaching assistant: We may also process the following data: details of the courses given and feedback on submitted work.
2.4 A synopsis of personal data that is processed in the different DLE tooling can be found in this overview of DLE tooling.
2.5 We may also process personal data of you by using cookies. You can find more information on the cookies used in relation to the DLE in our Cookie Policy.
Other users of the DLE (students, teachers, support staff) that are enrolled in courses you are enrolled to have access to some of your personal data. This concerns data from your Canvas personal profile (https://canvas.uva.nl/profile):
Teachers of the courses you are enrolled in will also see your LoginId/SIS-ID.
You cannot change your display name or your primary email address
The UvA will only process your personal data in the context of the use of the DLE, more specifically for the following purposes:
4.1. We process your personal data on the basis of 'Public Task ' (article 6.1 (e) GDPR). This means that processing your data is necessary for the performance of a task of the University of Amsterdam carried out in the public interest (article 6.1 e GDPR), i.e. providing and managing (online) education.
5.1. Your personal data may be accessed by our employees or other persons engaged on our behalf on a need-to-know basis only, such as lecturers, study counsellors,policymakers and administrative personnel. You may make certain additional information available within the DLE and for certain participants, for example by participating in group discussions. The UvA may also instruct trusted third parties to perform services in respect of processing your personal data on our behalf. With such service providers we have concluded data processing agreements to ensure that your personal data is processed carefully, securely and in accordance with GDPR. Our processing agreements also stipulates that the service provider (processor) and its subcontractors (sub‐processors) may never process the personal data for their own purposes and may only act in accordance with instructions of the UvA.
5.2. One of our data processors, Instructure Global Ltd (the LMS Canvas hosting provider) is located in de United Kingdom (UK). The UK is a ‘so-called’ secure third country, for which the European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision. Because Instructure may access your personal data via its affiliate Instructure Inc, located in Utah, United States of America (US), we have concluded the latest version of the Standard Contractual Clauses of the European Commission validated by the European Commission in 2021, to safeguard the transfer of your personal data to Instructure. In addition, we did for Instructure Global Ltd and Instructure Inc a Data Transfer Impact Assessment (DTIA) to assess the risk to the level of protection for international transfers. For the delivery of the LMS, Instructure may involve its affiliates or third-parties as sub-data processors under the same conditions as under the data processing agreement that has been concluded between UvA and Instructure. For more information about the privacy policy of Instructure and Canvas, please go to www.instructure.com/policies/privacy
5.3. When you use our external plug-ins or social media buttons within the DLE environment, your personal data may be shared with the respective provider of such plug-in. You can find an overview of possible plug-in providers via https://canvas.uva.nl/profile/settings under “webservices”. Please note that the plug-in providers may process your personal data for their own purposes and may therefore qualify as data controllers. Neither UvA nor Instructure is responsible for the data processing activities carried out by these parties when acting as a data controller. We advise you to check out their respective privacy policies.
6.1. For each application that’s being added to the UvA UvA DLE, including any significant change of the current UvA DLE applications, the applicable privacy & security procedure has been executed. Within this procedure the privacy- and security risks and the needed measures are identified by different roles (like the privacy officer, security officer, representatives of the Works Council and the Students Council) and the technical and organizational measures to safeguard your personal data are implemented.
6.2. We have implemented technical and organizational measures to safeguard your personal data. These measures include, among others:
For more information about UvA’s privacy & security procedure (IB&P and DPIA):
UvA students go to: https://student.uva.nl/en/content/az/privacy/privacy.html
UvA Employees go to: https://medewerker.uva.nl/en/content-secured/az/privacy/privacy.html
We will process your personal data for as long as necessary for the purposes as stated in this Privacy Statement. The personal data shall not be kept for longer than is necessary for the purposes as stated in this Privacy Statement, in accordance with the applicable data protection laws, unless you have submitted a reasonable and valid request to delete your personal data.
Please contact us via the contact details below, if you have questions about how we use cookies, process your personal data, or if you would like to inspect, correct or remove your personal data.
You may contact us at:
University of Amsterdam
Privacy team: avg@uva.nl
Legal department (Secretariaat Juridische Zaken): jz-secretariaat-bestuursstaf@uva.nl
On the basis of the current GDPR, you have the right ‐ subject to certain conditions ‐ to access the personal data that we process, to correct your personal data if it contains factual inaccuracies, to have your personal data deleted, to limit the processing of your personal data, and to object to the processing of your personal data.
If you wish to exercise any of these privacy rights, you can contact the Privacy team via: avg@uva.nl
To be able to deal with your request, you will be asked to provide proof of identity via e.g. your UvA e-mail address.
De UvA gebruikt cookies voor het meten, optimaliseren en goed laten functioneren van de website. Ook worden er cookies geplaatst om inhoud van derden te kunnen tonen en voor marketingdoeleinden. Klik op ‘Accepteren’ om akkoord te gaan met het plaatsen van alle cookies. Of kies voor ‘Weigeren’ om alleen functionele en analytische cookies te accepteren. Je kunt je voorkeur op ieder moment wijzigen door op de link ‘Cookie instellingen’ te klikken die je onderaan iedere pagina vindt. Lees ook het UvA Privacy statement.