Processing and storage of USC customer data
When becoming a member of USC, customers grant USC permission to process certain information, namely:
- their name, email address and telephone number;
- data used to determine the customer category (student, member of staff, etc.);
- a code based on a fingerprint scan,
- a photograph,
- visit data.
USC processes this data for the purposes of member administration, communications, granting access and verification. A different rate applies for each customer category and customers only have access to sports, courses etc. for which they have paid. Access and verification at USC is automated.
When becoming a member, all customers can request to read a brochure explaining how the automated access system works, including the use of the fingerprint scanning system.
The data processed by USC is only used for USC purposes and is not shared with third parties. USC data files are not linked to third-party data files. USC does reserve the right to make the data available for higher education research and training purposes. In such cases, the data is anonymised and it will not be possible to trace such anonymised data back to individuals. Should a customer not wish to make their data available for anonymised higher education research and training purposes, they can indicate their preference in the My USC website.
The processed data is secured in such a way that it cannot be accessed by third parties. The same applies to the backups that are made of the files.
USC processes the data using an internal network.
The processed data can be accessed by USC staff who work with the data in their professional capacity (receptionists, instructors, administrative staff and managers).
USC staff can only access the processed data after entering login codes.
This data is stored for one year following the expiry of a membership, after which time it is deleted. Customers wishing to participate in sports, courses etc. at USC after this period are required to re-register. Should a member wish for their data not to be deleted one year after their membership has expired, they can indicate their preference in the My USC website.
Customers can request that USC delete their data at any time. If this request is submitted during the course of a valid membership, this membership will be cancelled. In the case that the membership has already expired, the deletion of the data is without further consequence.
In the My USC website, customers have the option of indicating what USC is permitted to do, and what it is not permitted to do, in several specific situations.
USC has reported its approach to processing data to the Dutch Data Protection Authority.