Privacy Policy

Last Updated: May 2026

Welcome to the Busatto Lab website. We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the guidelines set by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens - AP).

This Privacy Policy explains how we collect, use, and protect your data when you visit our website or contact us.

1. Who We Are (Data Controller)

The Busatto Lab is the data controller responsible for your personal data.

  • Location: Biological Nanoparticles Laboratory, Groningen Research Institute of Pharmacy, University of Groningen, Groningen, The Netherlands
  • Contact Email: s.busatto@rug.nl

2. What Personal Data We Collect and Why

We adhere to the principle of data minimization and only collect what is strictly necessary.

  • Contact & Job Application Forms: If you contact us or apply for a position, we collect the information you voluntarily provide, such as your name, email address, message content, and any attached documents (like your CV or cover letter). We use this solely to respond to your inquiry or evaluate your application.
  • Website Hosting & Security Logs: Our website is hosted securely via Netlify. When you visit our site, Netlify may temporarily log your IP address to detect and prevent security threats (such as DDoS attacks) and ensure the website functions correctly.
  • Cookies & Tracking: We take a “Privacy First” approach. We do not use tracking cookies, Google Analytics, or third-party marketing scripts. Embedded media (such as YouTube videos) are served in “privacy-enhanced mode” to ensure no tracking cookies are placed on your device.

Under the GDPR, we must have a legal basis to process your data:

  • Consent: When you submit a form to us, you give explicit consent for us to process that specific data to handle your request.
  • Legitimate Interest: The temporary processing of IP addresses by our hosting provider is based on our legitimate interest in keeping our website secure and operational.

4. Data Retention (How Long We Keep Your Data)

We do not store your personal data longer than is strictly necessary.

  • General Inquiries: Emails and messages are kept only as long as required to resolve your question.
  • Job Applications: In strict compliance with Dutch AP guidelines, if you apply for a position and are not selected, your application data (including your CV) will be deleted within 4 weeks after the position is filled. If we wish to keep your details on file for future opportunities, we will explicitly ask for your consent to retain your data for a maximum of 1 year.

5. Sharing Your Data

We do not sell, rent, or trade your personal data to third parties. Your data is only shared with trusted service providers necessary to operate this site:

  • Netlify: Acts as our secure website host and data processor.
  • University of Groningen Systems: Used to receive and manage form submissions securely via institutional email.

6. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (“Right to be forgotten”).
  • Withdraw consent at any time (e.g., asking us to delete a submitted CV).

To exercise these rights, please contact us at s.busatto@rug.nl. We will respond to your request within one month.

If you believe we are mishandling your data, you have the right to file a formal complaint with the Dutch national supervisory authority, the Autoriteit Persoonsgegevens (AP).