What personal data does DataHub process?
Read the DataHub privacy statement
Contents of this page
What is the Maastricht Data Repository?
At DataHub, we provide data management services for studies in Maastricht UMC+ and Maastricht University. Our role is that of a data broker who enables the reuse of data by researchers in the university, the hospital and beyond. The Maastricht Data Repository provides a number of our services.
Where does your personal data come from?
Your user profile is filled with information provided by your Home Organisation. This information is being transferred to the Maastricht Data Repository via SURF Research Access Management (SRAM).
Which attributes are being processed?
| Attribute | Description |
|---|---|
| First Name | Your first name. |
| Surname | Your surname. |
| Username | A combination of your given name and your surname. |
| Email address | Your email address at your home organisation. |
| Home Organisation Identifier | Your unique identifier at your home organisation, usually your username. |
| SRAM Identifier | Your unique identifier at SRAM. |
| IP address | Your technical address on the internet, uniquely associated with your connection. |
What is the purpose of the processing of your personal data?
| Attribute | Purpose |
|---|---|
| First Name | Used for display purposes. |
| Surname | Used for display purposes. |
| Username | Used to uniquely identify you within the Maastricht Data Repository. |
| E-mail address | Used to be able to contact or notify or notify you. |
| Home Organisation Identifier | Used to map your account to your home organisation account. |
| SRAM Identifier | Used to ensure uniqueness of your account across all SRAM accounts. |
| IP address | Used to log your actions on the Maastricht Data Repository. |
What is the legal ground for processing your personal data?
During your first use of the Maastricht Data Repository you will be explicitly asked for your consent for transferring your personal data from your Home Organisation via SRAM to the Maastricht Data Repository. During this process you are being asked to review this privacy statement. Since DataHub works with attributes we receive from SRAM, we encourage you to also read the SRAM privacy policy.
To whom do we transfer your data?
We only pass on the data you provided us to third parties when this is necessary for providing you with the respective service. These third parties are SURFnet BV and the academic hospital Maastricht (MUMC).
How long do we store your data?
The Maastricht Data Repository will keep your information as long as SRAM stores your user profile, and as long as you have access to the Maastricht Data Repository via SRAM. If SRAM does not see activity on their platform for a user profile within the last 12 months, SRAM will send you an email whether you want us to delete the user profile. If you do not reply within 3 months nor do you sign in to SRAM or the Maastricht Data Repository within those 3 months, the SRAM will delete the user profile. This in turn will also delete the user profile from the Maastricht Data Repository.
Log data will be stored for 6 months. Log data includes:
- Date/time of request to the server
- Remote IP address of the client doing the request
- The operation that is being performed
What rights do you have in relation to your data?
DataHub processes your personal data in your user profile, and you can therefore decide what is being done with them. You can exercise the following rights concerning your data:
- Right to access. You may request to see your data that we are processing.
- Right to rectification. You may ask us to amend your data, to complete them, or to remove them if they are incorrect or not (no longer) relevant. If DataHub still has a legitimate reason to keep your data, we may not be able to comply with a request for deletion.
- Right to object. You may ask us to restrict the processing of your data.
- Right to be forgotten. You may withdraw your consent to the processing of your personal data.
Please note a request cannot include an erasure of data in log files. Since our service plays a role in access to possible (highly) sensitive data, for information security reasons DataHub will keep a minimal set of data in log files for 6 months to allow for investigation/follow-up in case of (suspicion of) irregular data access and activity.
DataHub will cooperate to ensure that you can exercise your rights regarding your central profile. You can email datahub@maastrichtuniversity.nl and state your wishes. However, information that the Maastricht Data Repository receives from your Home Organisation, cannot be changed via DataHub. Please refer to the instructions at your Home Organisation instead.
If you believe that DataHub is not handling your personal data correctly, then you may file a complaint with the Maastricht University Data Protection Officer. If we are unable to resolve the issue, then you can submit a complaint to the Dutch Data Protection Authority.
Changes to this privacy statement
DataHub may amend this privacy statement. We therefore recommend that you review this privacy statement regularly. We will inform you about important changes.
Contact details
DataHub Maastricht
Postbus 616
6200 MD Maastricht
The Netherlands
Email: datahub@maastrichtuniversity.nl
DataHub Maastricht is part of Maastricht University.
Contact details Maastricht University Data Protection Officer
Maastricht University
attn. Data Protection Officer
Postbus 616
6200 MD Maastricht
The Netherlands
Email: privacy@maastrichtuniversity.nl
Send email to datahub@maastrichtuniversity.nl
Send email to Data Protection Officer
