We understand that you may not want to share information about yourself and your training with everyone. That is why we are careful with this information. We adhere to the General Data Protection Regulation (GDPR). We do, however, need some details about you to be able to help you effectively. In this statement, we explain what data we need from you and what we use it for.
About the Academie voor Coaching en Counselling (ACC)
We process personal data for our services: providing training. We also must comply with legal obligations in the processing of your personal data. We do not trade data.
The processing of your personal data must be done in accordance with one of the legal grounds of the GDPR. In our case, the following legal grounds apply: a legal obligation, an agreement, a legitimate interest and your permission.
- Legal obligation: we must process (store or provide) certain personal data in the context of fiscal legislation.
- Agreement: in order to execute certain agreements, we are required to process personal data. This concerns, for example, the processing of personal data in connection with authorisation or an invoice for the collection of tuition fees, or the processing of personal data in connection with the execution of an agreement between you and ACC.
- Legitimate interest: a balance of interests is involved here. It is important to the ACC to guarantee the quality of education and to provide correct information. You have a privacy interest. We may process your personal data based on our interests (including, for example, tracking your use of the website or conducting surveys), unless your privacy interest carries more weight.
- Permission: for all other information, that is, if the processing of personal data is not covered by one of these legal grounds, we will request your permission to process certain personal data. You can always revoke this permission by sending an email to email@example.com.
Not authorising permission
You can refuse to provide certain personal data. In that case, however, you may not be able to follow a training programme, you may not have access to all the functionalities of our website, or we may not be able to be of sufficient service to you.
Who is registered
- People who have registered for a training/refresher course at the ACC (even if the registration process on our website was interrupted).
- People who sign up for our newsletter.
- Other people who purchase our products or services.
The purpose of data storage
- Registration for training programmes.
- Financial administration, including the tracking of payments.
- Administrative purposes, including keeping track of certificates and other study results.
- Knowing who our clients are and providing them with the best possible service.
- Communication purposes, providing information on current developments, study progress and possible changes.
- Sending newsletters and other requested information.
Stored data may include:
- Name, address, email address and telephone number.
- Date of birth and sex.
- Details of the training programme you have registered for.
- Client number and invoice number.
- Bank and payment details and possibly payment reminders and agreements.
- Personal data relevant to your training, such as attendance, study results and any incidents or reported personal situations/arrangements.
- Your feedback about the training programme and other information you provide.
We do not store personal data for longer than is necessary for the purposes for which we use your personal data. Some data is required by law to be kept for a certain period of time, or for our records. We store the following in particular:
- Tax-related documents: for as long as the fiscal retention obligation requires.
- Diploma register: for an unlimited period to be able to guarantee the possibility of reprinting the diploma (in case of loss by student), unless we receive the explicit request to remove the data from our files. After that, reprinting the diploma will no longer be possible. This concerns the following data: full name (as given to us by the student), date of birth, place of birth, training/course for which the diploma was achieved.
- Newsletter and other digital correspondence: up to the moment of cancellation by the recipient.
- Theses/portfolios, including annexes: are only provided by the student as hard copies and are returned to the student immediately after assessment. If the document has also been provided in digital form, it will be deleted immediately after assessment.
Sharing data with third parties
We are primarily responsible for the processing of your data. Sometimes we also enlist other parties to process (part of) your personal data on our behalf. This helps us to provide you with a better service and to carry out our work well. This includes our teachers, accountants, IT suppliers and satisfaction survey researchers.
If we have personal data processed by a third party, whereby we remain the controller, a written processing agreement is made with them. This includes agreements about, among other things, the purpose, duration and extent of the processing, retention periods and security measures relating to the personal data.
In some cases, we have a legal obligation to provide personal data, for example, to the tax authorities or the police.
In our communication with our teaching staff, we do not withhold any information regarding the study programme, study results, payment data and any disputes or legal matters.
In our communication with students, we do not provide any information about other students without the prior written consent of the student whose information it concerns.
The processing of data inside and outside the EU
Classroom training in Europe
We store the data of our students following classroom training in Europe only within the European Union (‘EU’) by storing the data on a server in the EU.
Online training programmes
The teacher of our online courses is based in Canada. The personal data of online students may, therefore, also be stored on a server in Canada. Canada and our teacher’s organisation are covered by the European Commission’s so-called ‘adequacy decision’, meaning that the rules for Canadian organisations with regard to the protection of personal data are sufficient according to GDPR standards. In other words: your data is also sufficiently protected in this case.
We do not process any personal data of students following our programmes in Suriname. All registrations and other correspondence with students will be carried out directly by our teacher in Suriname, under the applicable local privacy legislation. Our teacher there is the controller for those personal data. on our website, we refer explicitly to our teacher in Suriname for all information and registrations concerning Suriname, and we do not process any information or data from (potential) students in Suriname. If we do receive any requests containing personal data that are clearly intended for a training course in Suriname, we will refer the person in question to our teacher there and remove any personal data from our system.
Accessing, modifying or removing data
Under certain circumstances, you have the right to access your personal data, or have it modified, removed, or restricted. You can also object to the processing of your data or to the correspondences sent to you by us. We may ask you to identify yourself first before we process your request.
- Access and modification: To do this, you can contact us at firstname.lastname@example.org or email@example.com.
- Removal: The removal of personal data is possible under certain circumstances according to the GDPR. If possible, we will fulfil this request. In some cases, however, it is not possible to remove personal data, for example, when we are legally obliged to store data, or when the removal of the data would hinder your ongoing training. We will therefore assess whether we can meet the request on a case by case basis.
- Restriction: If you consider the processing of your personal data to be unlawful, need it for a legal claim or object to the processing thereof, you can contact us at firstname.lastname@example.org with the request to restrict the processing of your personal data.
- Objection: If we process your personal data on the basis of legitimate interest, you can object to further use on the grounds of reasons specific to you.
- Objection to correspondence: You can unsubscribe from our newsletter or other (electronic) correspondence via the special unsubscribe link in our emails, or you can contact us at email@example.com.
Visiting the website / Cookies
We process, among other things, the following personal data of visitors to our websites:
- IP address;
- Social media use;
- Website visiting and clicking behaviour;
- Time and duration of the visit to our website.
If you believe that we are processing your personal data in violation of the GDPR, you can submit a complaint to us at firstname.lastname@example.org. We will handle your complaint with diligence and, if necessary, seek advice from the Dutch Data Protection Authority (AP). If you do not agree with how we handle your complaint, you can file a complaint directly with the AP. They will handle your complaint or request and make a decision.
Changes to the Privacy Statement
Any changes to our Privacy Statement will be communicated on the website and via the ACC newsletter.