Processing and storage of USC customer data
When becoming a member of the USC, customers grant the USC permission to process certain information, namely:
- their name, email address and telephone number;
- data used to determine the customer category (student, member of staff, etc.);
- a code based on a fingerprint scan,
- a photograph,
- visit data.
The USC processes this data for the purposes of member administration, communications, granting access and verification. A different rate applies for each customer category and customers only have access to sports, courses etc. for which they have paid. Access and verification at the USC is automated.
When becoming a member, all customers can request to read a brochure explaining how the automated access system works, including the use of the fingerprint scanning system.
The data processed by the USC is only used for USC purposes and is not shared with third parties. USC data files are not linked to third-party data files. The USC does reserve the right to make the data available for higher education research and training purposes. In such cases, the data is anonymised and it will not be possible to trace such anonymised data back to individuals. Should a customer not wish to make their data available for anonymised higher education research and training purposes, they can indicate their preference in the My USC website.
The processed data is secured in such a way that it cannot be accessed by third parties. The same applies to the backups that are made of the files.
The USC processes the data using an internal network.
The processed data can be accessed by USC staff who work with the data in their professional capacity (receptionists, instructors, administrative staff and managers).
USC staff can only access the processed data after entering login codes.
This data is stored for one year following the expiry of a membership, after which time it is deleted. Customers wishing to participate in sports, courses etc. at the USC after this period are required to re-register. Should a member wish for their data not to be deleted one year after their membership has expired, they can indicate their preference in the My USC website.
Customers can request that the USC delete their data at any time. If this request is submitted during the course of a valid membership, this membership will be cancelled. In the case that the membership has already expired, the deletion of the data is without further consequence.
In the My USC website, customers have the option of indicating what the USC is permitted to do, and what it is not permitted to do, in several specific situations.
The USC has reported its approach to processing data to the Dutch Data Protection Authority.