|
A |
Contact details of the institution. |
|
B |
Description of the categories of involved parties; participants, employees etc. |
|
C |
Processing purposes and reason. |
|
D |
Description of the categories of personal data. |
|
E |
Process documents like source documents and output. |
|
F |
Categories of recipients to whom this data is or will be provided (internal/external). |
|
G |
Details of processor(s). |
|
H |
Whether or not there is distribution of the data outside the EU. |
|
I |
Applicable storage- and delteion-terms of the data |
|
J |
General description of the technical and organizational security measures. |
A. Contact details of the institution |
|
Processing responsible: |
|
Mail address: |
|
Contact details: |
B. Category |
|
This privacy statement applies to: Members, participants, others |
C. Processing purposes and reason |
|
Processing purposes
|
|
Processing grounds
|
D. Categories of personal data |
|
SEPA Direct debit (IBAN) |
F1 |
Phone number |
F1 |
|
Personal details introduction week (allergies/dietary wishes, phone numbers, sleeping locations, names, student numbers, mail addresses, birth date, gender, language preference) |
F1, F3 |
Name |
F1, F3, F6, F8, F9, F11 |
Mail addresses |
F1, F3, F7, F11 |
Books information (name, mail address, ordered books) |
F1 |
Membership details (name, gender, student number, study, mail address, birthdate, IBAN, address, phone number) |
F1, F11 |
Personal details yearbook (name, photo, committees) |
F1 |
Website analysis (IP-adresses, user-agent strings, screen size, website performance, visited pages, referring website) |
F1, F4 |
SuSOS/SudoSOS information (name, mail addresses, bank transactions, saldo transactions) |
F1, F2 |
Address |
F1, F4, F8 |
Tutor details (name, mail addresses, availability, tutor subjects) |
F1 |
Tutor mail contents |
F1, F10 |
Parent days participation (names, mail addresses, phone numbers, parents) |
F1, F6 |
Photo archive |
F1, F2, F12, G3 |
Building access (names, campus card number) |
F1, G3 |
E. Process documents |
I. Storage period |
| Membership form | 2 years after ending membership |
| Financial information | 8 years after the transaction |
| Activity information | 2 years after ending membership, at most 5 years after activity |
| Parent days form | 3 weeks after parent days |
| Photos | Until the association is dissolved |
| Association documents (such as meeting documents, association magazine and yearbook) | Until the association is dissolved |
| Book order form | 3 years after the order has been delivered |
| First-year committee interest list | 1 year after the form was filled in |
| Website statistics |
Original data: 6 months after website visit Aggregated data: 1 year after website visit |
| Point-of-sales | Until the association is dissolved |
| Tutor form | 1 month after ending tutorship |
| Study trip form | 3 months after study trip |
F. Internal Processors
|
|
| F1 | Board |
| F2 |
Members |
| F3 |
CBC |
| F4 |
WC |
| F5 |
BAC |
| F6 |
ODC |
| F7 |
Intro |
| F8 |
Supremum |
| F9 |
Yearbook |
| F10 |
Tutors |
| F11 |
Activity organizers |
| F12 |
Graduates |
G. Details of Processors (external) |
H. EU/NON-EU |
||
|
|
Name, location, website |
Processing agreement |
Data location |
| G1 |
Drukkerij Snep B.V. Gerststraat 25 5561AT Riethoven |
European Economic Area |
|
| G2 |
Google Cloud EMEA Limited 70 Sir John Rogerson’s Quay Dublin 2 Ireland |
Date: November 5, 2021 |
European Economic Area and the UK |
| G3 |
Technische Universiteit Eindhoven Groene Loper 3 5612AE Eindhoven |
Date: April 10, 2019 |
European Economic Area or a country or territory that is the subject of an adequacy decision by the
Commission under Article 45(1) of the EU GDPR |
| G4 |
Perfectbook Marktveld 7 5261EA Vught |
|
The Netherlands |
| G5 |
Slack Technologies Limited 1 Park Place, Upper Hatch Street Dublin 2 Ireland |
Date: April 11, 2022 |
European Union, the EEA, Switzerland and the United Kingdom |
| G6 |
Trello Inc. Atlassian PTY Ltd.
Level 6
341 George St Sydney, NSW 2000 Australia |
Date: April 11, 2022 |
European Economic Area |
J. General description of the technical and organisational security measures |
|
To ensure the confidentiality and security of personal data, appropriate physical, technical and organisational measures have been taken. Non-digital data is stored in lockable rooms and will be securely discarded of when no longer needed. Digital data will be stored on encrypted disks or in lockable rooms.
Data in GEWIS systems can only be accessed by those who, based on their function, need it. Technical
measures have been taken to make sure changes in access levels will be logged. Additionally, users are
required to use
a secure password for all services. |