Privacy guidelines for collecting and storing personal data

Members of staff who are collecting personal data through online forms are responsible for ensuring that this is carried out in accordance with European privacy regulations.

Please keep the following guidelines in mind:

  • Always make it clear why you are collecting that information and what it will be used for. Never use the personal data you collect for any other purpose.
  • Always include the contact details of the person subscribers can contact in order to consult, edit or delete their data (for example in the form of a disclaimer at the bottom; see below).
  • Make sure you can edit or delete subscribers’ data easily in the data system you are using. Follow up on subscribers’ requests consistently.
  • Only collect data that is strictly necessary for your purposes.
  • We do not normally pass data on to third parties (outside UAntwerp). If you do need to do this, you should mention this clearly on the form. Subscribers must ‘opt in’ and give permission for you to pass their data on to third parties. Include the contact details of any third parties so that subscribers can contact them to exercise their rights to consultation, correction and removal of data.
  • Make it clear on the form which fields are mandatory. Mark these fields with an asterisk (*).
  • Registration forms should never ask for information on subscribers’ racial or ethnic origins, political preferences, religious or spiritual beliefs, trade union membership, medical condition or sexual orientation.
  • Always use an opt-in tick box for subscribing to external mailing lists (newsletters, invitations, etc.).
    It is up to subscribers themselves to tick the box and indicate that they would like to receive newsletters or further info in the future. The box must not be pre-ticked (this is the ‘opt out’ system). Find out more about privacy guidelines for newsletters and mailing lists.
  • Personal data should only be stored on the university’s secure platforms. Contact the Data Protection Officer if you suspect a data leak.
  • Subscribers’ personal data should not be stored for any longer than is strictly necessary for the purposes of the data collection. After an event, for example, you should only store the details of people who opted in to receiving email newsletters or invitations. You should also delete all documents containing personal data from your computer, the N drive, the website, Pintra, and so on.
  • Once the registration deadline has passed, remove the registration page and form from the website. (The entire page! Don’t just set an end date for the form)


At the bottom of each form on the website there is a brief privacy statement. Please give the necessary information (between brackets) to E-Campus to complete this privacy statement:

  • Privacy statement text:

    [Name + address or email ] is collecting this personal data for.../to... [enter reason for data collection].

    Under no circumstances will your contact details be passed on to third parties. [delete this if the data will be passed on to third parties + mention this on the form with an opt-in and contact details for the third party]
    This data will be stored for.../until... [say how long the data will be stored for, e.g. ‘until the event has ended’, ‘for as long as we continue to send out our newsletter’]
    If you would like to view, limit, change or remove your personal data, please send an email to the address above.

    More information about our privacy policy: