Privacy Statement Columbia Summer Program

Privacy Statement Columbia Summer Program

Privacy Statement Columbia Summer Program

General information

The General Data Protection Regulation (GDPR) is the applicable European privacy regulation. It applies strict security and privacy regulation to any organization that handles personal data.

The Columbia Summer Program in American Law, hereafter also referred to as ‘CSP’, is a Summer School program that is made possible by the Stichting (Foundation) Leyden-Amsterdam Columbia Summer Program in American Law, hereafter referred to as ‘Foundation’.

The Foundation has three founding partners: Columbia University, University of Amsterdam and Leiden University. The Foundation is based in Leiden, The Netherlands.

The Columbia Summer Program is organized by the CSP Program Office which is part of the Leiden University Law School organization.

The Leiden University Privacy Notice applies to the Foundation and to Columbia Summer Program office. It can be found on the Leiden University website.

For general questions about data protection and privacy please contact the CSP Program office at For urgent matters and complaints please contact the Data Protection Officer (see below).

Data Protection Officer

Leiden University employs a Data Protection Officer (DPO) who supervises the university's use of personal data. The DPO can be reached via If you have an urgent question about privacy, you can ask that question by e-mail. The DPO is also the contact person for questions about privacy, both for you as a data subject and for the Dutch Data Protection Authority.

We would like to point out that you have the possibility to file a complaint with the Dutch national supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) which can be reached at this website:

Privacy and data security

The CSP takes the protection of your data very seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification. The CSP collects, processes and handles personal data of for the purpose of organizing the Columbia Summer Program in American Law. The personal data the CSP captures is a requirement in the application process as it is used to assess eligibility to the program.

Personal consent notice

Please take special notice of the following concerning organizations outside GDPR jurisdiction.

The United States of America is not a party to the GDPR and there is currently no exemption based on an ‘adequacy decision’ . Therefore sharing personal data between CSP and any U.S. based organization, including Columbia University, requires personal consent.

The CSP content, the lectures and classes, are offered by Columbia University, it concerns American Law and is taught by American teaching staff. We consider that by extension it is reasonable to include selected U.S. providers (companies) for services related to the organization and execution of the Columbia Summer Program. For instance in communication, webhosting, event management or application processing.

When applying to the Columbia Summer Program you are aware of these considerations and consent that for the purpose of the Columbia Summer Program in American Law, your personal data may be collected, stored or processed by an organization that is based in the United States of America. Please address any concerns about the personal consent before applying to the program by contacting the CSP program office at

Use of cookies

Our website use cookies. When you give permission, e.g. via a cookie bar at the top or bottom of the website, or when you click through to a second page of the website and thus provide permission, cookies are placed. A cookie is a small file that is sent along with web pages and stored by your browser on the hard drive of your computer. With these cookies we try to improve our future services and your experience when visiting our sites.

Below you can read more about the cookies that are placed by web pages on the domains of the CSP ( or in the application form environment where you have access for administrative or course-related documentation about your participation in an activity of the CSP. Functional cookies (cookies that are necessary for the website to function) and analytical cookies that have little or no influence on your privacy are always placed when you visit our website.

To manage (remove) cookies

You can change your preference for the acceptance of cookies on our websites at any time via by clearing the cookies and cache in your device’s browser. For instance in Google Chrome copy this link in your search bar:


For other browsers such as Safari, Firefox, Edge or in IOS or Android instructions can readily be found online.

Social media

The website of the CSP may include buttons to share- or link to web pages via social networks such as Facebook, Instagram and LinkedIn. These buttons use pieces of code that come from these social media platforms. When web pages are shared with these buttons, cookies are placed. For more information about what these social media platforms do with your (personal) data that they process via cookies, we refer to their own privacy statements.

Personal data we process

Your data will only be used for the purpose of the services that are necessary for the organization execution of the activity for which you have registered and the administration around it. The CSP processes your personal data because you use our services and/or because you provide this information to us yourself. Below you will find an overview of the personal data that we may process:

  • Last name, prefix, initials, first name, title
  • Gender (in specific context such as housing preferences)
  • Specialization and/or areas of interestpreferences (areas of law)
  • Profession and/or function
  • Address details private address (if you register as a private person): Street, house number, possibly addition, postal code, city, country, bank account number, payment method
  • Address details company where you work: Organization name, visiting address, billing address (deviating billing information, possibly invoice characteristic, bank account number, payment method (*)), email address of yourself and general email address company, website
  • Telephone number
  • Mobile phone number
  • E-mail address private and/or company
  • Contact preferences (your consent to receive our course alerts based on your interest preferences

(*) The processing of any payments related to the CSP is facilitated by the Foundation. The Foundation may choose to outsource this activity to Leiden University or University of Amsterdam.

Recording and processing of customer data

For the use of your data, the CSP needs a legally valid reason, also known as a legal basis. All services necessary to give you access to the CSP and to allow you to use the facilities are based on the principles "consent" and "legitimate interest". Only the personal data that you have provided directly or of which it is clear that they have been provided to us can be stored and used in our services. To inspect, change or delete the data known to us, you can contact the program office:

For what purpose and on what basis we process personal data

  • Handling your registration relevant course information, payment and/or invoice;
  • To be able to call or e-mail you if this is necessary to be able to carry out our services;
  • To be able to send you course material;
  • Overview of events followed by you as a participant;
  • Sending our newsletter if you have signed up to inform yourself of new course offerings relevant to your areas of interest preferences;
  • To continuously improve our service.

How long we store personal data

The CSP does not store your personal data longer than is necessary to achieve the purposes for which your data is collected. In this case, it means that CSP will send you necessary messages regarding your participation in the program for which you have registered. For purposes of community building, alumni events and relationship management personal data may be stored and used for a longer period until such time that:

  • permission to store the personal data is withdrawn by the person, or;
  • legal obligations require the data to be removed, or;
  • an administrative decision is made by CSP to remove the data.

Sharing personal data with third parties

The CSP does not sell your information to third parties and will only provide it if this is necessary for the execution of our agreement with you or to comply with a legal obligation. With organizations that process your data on our behalf, we aim to ensure the same level of security and confidentiality of your data.

Viewing, modifying or deleting data

You have the right to view, correct or delete your personal data unless this prevents the aforementioned interest (accreditation body, audit), then we will, in consultation with you, limit the registration of your data in our system to the minimum. In addition, you have the right to withdraw your consent to the data processing or to object to the processing of your personal data by the CSP and you have the right to data portability. This means that you can submit a request to us to send the personal data that we hold about you in a to you or another organization mentioned by you. You can send a request for access, correction, deletion, data transfer of your personal data or request for withdrawal of your consent or objection to the processing of your personal data to We will respond to your request as soon as possible, within four weeks.

For general questions about data protection and privacy please contact the CSP Program office at For urgent matters and complaints please contact the Data Protection Officer.

Version: 24012022