Privacybeleid
ELSA Utrecht Data Protection Standard Policy
​
(Last Updated: 26.09.2024)
Beschikbaar in Nederlands op aanvraag bij secgen.utrecht@nl.elsa.org
​
The protection of your personal data is of the utmost importance and priority for ELSA Utrecht, particularly due to our identity as a law students’ association. By choosing ELSA Utrecht, you agree to the collection, use and disclosure of your personal data in accordance with this data protection standard policy.
This policy is necessary as it explains how ELSA Utrecht, handles and uses the personal information we collect about our members for processes relating to our operations and activities. We believe that by complying this policy to the GDPR is a necessary step in order to protect the rights and obligations of ELSA Utrecht and its member’s in terms of data management.
The controller for your personal information is Juliette Neijenhuis. The person responsible for data protection within our association is the Secretary-General of ELSA Utrecht who can be contacted through email at secgen.utrecht@nl.elsa.org.
​
When changes are made to this policy, we will publish the updated version on our website and notify you via email.
I. Collection of Your Personal Data
When applying for an ELSA Utrecht membership via our Membership Form, we may collect a variety of information, including your name, date of birth, student email address, nationality, gender, student number, study programme, year of study, phone number, address, zip code, city, IBAN number and account holder. ELSA will use such information to provide relevant information or service, or for anti-fraud purposes.
When signing up for ELSA Utrecht’s academic activities and excursions, the collection of personal data will be adjusted to the needs and requirements of the activities and excursions itself.
II. Use of Your Personal Data
Our main legal basis for processing your personal data is your consent, which you gave at the point you become a member of the association. When processing your personal information, we take into account the legal basis in which that we believe it is in our legitimate interests to do so, in order for the association to run effectively and efficiently, and as we only collect and use minimal information for the limited purposes listed here we do not consider that your own interests override ours. If we use your personal information outside of the purposes listed here, we will seek your consent to do so in advance.
We keep your personal data for a period of one year in line with your membership subscription. However, if you do not want to be part of our association anymore before the one year period expires, you can opt out or withdraw anytime by resigning your membership through contacting the Secretary-General. Henceforth, your personal information will be erased from our membership storage permanently.
The personal information we collect allows us to keep you posted on ELSA’s upcoming events, services and announcements. For example, we may use your email to send important notices or information, such as communications about our events and changes to our policies.
We may use your personal information, including name, age, gender, phone number, date of birth, study programme, student number and year of study to verify one’s identity and assist with identification of members. In addition, we use personal information to maintain effective communications with you. Moreover, it acts as a guarantee for loss prevention, formal record and anti-fraud purposes.
Further, we may use your personal information, such as address, city and zip codes to identify and determine whether you are eligible to register as a member and be a part of our local group (Utrecht) and not another local group/city.
ELSA Utrecht does NOT sell or share the collected data with any third-parties. However, if there is a situation that demands so, we will surely ask for our member’s consent first.
III. Security of Your Personal Data
ELSA works with a highly secure system and back-up drive which guarantee the protection of datas. When large volumes of data pass over this system, we can guarantee that our system contains adequate controls for the separation and management of data. When your data is stored by ELSA, we use a system with limited access using security measures. Your data is stored in encrypted form in our storage.
Only the Secretary-General will have the main access to the storage and the personal data collected. Other ELSA board members will only have access to personal data that is relevant to fulfill their roles and for the performance of their duties. Thus, we limit the access to the storage and have an additional back-up system to ensure the security and safety of member’s personal data.
ELSA has strict policies and procedures to minimise the risks to personal data, which includes the use of personal data within external communication and systems outside the control and monitoring of ELSA.
ELSA policies and procedures extend to all other methods for containing personal data, which includes printed documents and all paper or electronic files.
IV. Data Subject Rights
The data subject in this case is the individual member of ELSA Groningen. As a member of ELSA Groningen, you may benefit upon rights which derive from the GDPR.
Right of information (Art. 15 GDPR)
You have the right to access and know the personal information or data that we hold and store about you.
Right of correction (Art. 16 GDPR) or termination (Art. 17 GDPR)
You have the right to correct or terminate any inaccurate personal information or data that you provided to us.
Right of limitation of the processing (Art. 18 GDPR)
You have the right to limit and to an extent restrict our processing of personal data that you provided to us.
Right of rejection of the processing (Art. 21 GDPR)
You have the right to object/reject our processing or communications of personal data that you provided to us.
Right of withdrawal of permission (Art.7 III GDPR)
You have the right of withdrawal of permission.
Right of data transfer (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to the data controller (Secretary-General of ELSA Groningen) without hindrance.
Right to complain about how their data was processed (Art. 77 GDPR)
You have the right to complain about how your data was processed by ELSA to the relevant authority.
If you have questions or concerns about how your personal information is used, please contact us using the details provided above.