Privacy statement

ICO, the Interuniversity Center for Educational Sciences, located at Heidelberglaan 1, Utrecht, is responsible for the processing of personal data as shown in this privacy statement.

Contact details:

Executive Secretary of ICO, Caroline Vonk
Heidelberglaan 1, 3584CS Utrecht
+31 (6) 284 62 933

Caroline Vonk, Executive Secretary ICO, is the Data Protection Officer of ICO. She can be contacted via

Personal data we process

ICO processes your personal data because you use our services and/or because you provide us with this data. ICO only keeps information that is necessary for carrying out our tasks. Here you can find a list of personal data we process:

  • First and last name
  • Sex
  • Date of birth
  • Address data (preferably of your university/institute)
  • Phone number (preferably of your university/institute)
  • E-mail address (preferably at your university/institute)
  • Bank account number (of your university/institute)
  • Dietary wishes and food allergies
  • Other personal data that you actively provide us with, for example through the ICO Project Plan, the ICO Education and Supervision Plan, or the ICO Monitor

How we use personal data

ICO processes your personal data for the following purposes:

  • To send our newsletter and information by email about ICO, ICO Courses and Events, and other matters related to the educational sciences
  • To call or e-mail you if necessary to carry out our services
  • To inform you about (changes in) our services and courses/events
  • To inform ICO teachers and course- or theme group coordinators of course participation, and the contact information of participants
  • The membership list (first and last name, and university) on the ICO Website
  • To deliver postal items (for example course certificates) to you at your address
  • Handling your payment
  • Monitoring your progress, and to give support if necessary

Automated decision-making

ICO never takes decisions on matters that can have (significant) consequences for people, based on automated processing. These are decisions taken by computer programs or systems, without involving a person (for example, an employee of Maastricht University / Utrecht University – ICO).

ICO is based at Utrecht University, and stores it’s data on the secured servers of this university. The data is only accessible by ICO’s Executive Secretary.

ICO uses the following online computer programs or systems:

  • Formdesk (via Utrecht University) with forms for registration as ICO member, or as participant in ICO Courses or ICO Events
  • SurfDrive (via Utrecht University) for the distribution of (course) information to course participants or committee members
  • Canvas Instructure for the distribution of course information to participants in the ICO education
  • Google sites for the website

ICO uses the following computer programs or systems on the Utrecht University servers:

  • MS Access database with the ICO membership and course administration
  • Other software, like MS Word and Excel, Outlook, and Adobe

How long do we store personal data

ICO does not store your personal data for longer than is strictly necessary to achieve the purposes for which your data is collected. We use the following retention periods for the following of personal data:

  • For personal data of ICO members, including the ICO Alumni (former members who have indicated themselves to remain in contact with ICO as “ICO Alumnus”): as long as the membership runs, or in case of the termination of the membership for a maximum of 6 years afterwards.

After you have indicated to terminate your membership with ICO, most of the personal data can be removed from the database at all times. Certain information will have to remain available for a maximum of 6 years for reporting purposes (see below)

  • Non-ICO members participating in courses and events: up to 6 years after participation in the ICO Course of ICO Event, unless requested to be removed from the systems before that time.
  • Information given in the ICO (Alumni) Monitor will be deleted within 12 months. After that the data is stored anonymously for a maximum of 6 years.
  • Information about dietary wishes and food allergies is deleted within 12 months after the event has taken place, and will not be re-used for new events.

Once every six years, a research review or re-recognition of the research school takes place. For this purpose  ICO must draw up a self-evaluation report. The maximum storage period of 6 years is related to this reporting cycle.

Sharing personal data with third parties

ICO provides personal data to third parties only if this is necessary for the execution of our agreement with you, or to comply with a legal obligation.

Cookies, or similar techniques, that we use

ICO does not use cookies or similar techniques.

View, modify or delete data

You have the right to view, correct or delete your personal data. In addition, you have the right to withdraw your consent to the data processing or to object to the processing of your personal data by ICO, and you have the right to data portability. This means that you can submit a request to us to send the personal information we have in your file to you, or to another organization mentioned by you. You can send a request for access, correction, deletion, data transfer of your personal data or request for cancellation of your consent or objection to the processing of your personal data to To ensure that the request for access has been made by you, we may ask you to send us a copy of your ID. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and Burger Service number (BSN) black in this copy. This is to protect your privacy. We will respond to your request as quickly as possible, but at least within four weeks.

For ICO Members (including the ICO Alumni) the request for deletion of your data from our database will lead to the termination of your membership.

ICO also wishes to point out that you have the opportunity to file a complaint with the national supervisory authority in the Netherlands, the Dutch Data Protection Authority. This can be done via the following link:

How we protect personal data

ICO takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. If you have the impression that your data is not properly secured or there are indications of abuse, please contact