ELSA GRONINGEN DATA PROTECTION STANDARD POLICY
(Last Updated: 29 August 2020)
The protection of your personal data is of the utmost importance and priority for ELSA Groningen, particularly due to our identity as a law students’ association. By choosing ELSA Groningen, you agree to the collection, use and disclosure of your personal data in accordancewith this data protection standard policy.
This policy is necessary as it explains how ELSA Groningen handles and uses the personaldata for processes relating to our operations and activities. We believe that by complying thispolicy to the GDPR is a necessary step in order to protect the rights and obligations of ELSAGroningen and its member’s in terms of data management.
The controller for your personal information is Risyad Ammar Natadiningrat. The person responsible for data protection within our association is the Secretary-General of ELSA Groningen who can be contacted through email at firstname.lastname@example.org or +31 6 39 86 31 32.
When changes are made to this policy, we will publish the updated version on our website and notify you via email.
I. Collection of Your Personal Data
When applying for an ELSA Groningen membership via our Membership Form, we may collect a variety of information, including your name, date of birth, student email address, nationality, gender, student number, study programme, year of study, phone number, address, zip code, city, IBAN number and account holder. ELSA will use such information to provide relevant information or service, or for anti-fraud purposes.
When signing up for ELSA Groningen’s academic activities and excursions, the collection of personal data will be adjusted to the needs and requirements of the activities and excursions itself.
II. Use of Your Personal Data
Our main legal basis for processing your personal data is your consent, which you gave at the start of your membership. Subsequently, when processing your personal data, we take into account the legal basis in which that we believe it is in our legitimate interests to do so, in order for the association to run effectively and efficiently, and as we only collect and use minimal information for the limited purposes listed here we do not consider that your own
interests override ours. If we use your personal data outside of the purposes listed here, we will seek your consent to do so in advance.
We keep your personal data for in line with your membership subscription. However, if you do not want to be part of our association anymore, you can cancel your membership subscription before the 1st of September every year by contacting the Secretary-General. Henceforth, your personal information will be erased from our membership storage permanently.
The personal data we collect allows us to keep you posted on ELSA’s upcoming events, services and announcements. For example, we may use your email to send important notices or information, such as communications about our events and changes to our policies.
We may use your personal data, including name, age, gender, phone number, date of birth, study programme, student number and year of study to verify one’s identity and assist with identification of members. In addition, we use personal information to maintain effective communications with you. Moreover, it acts as a guarantee for loss prevention, formal record and anti-fraud purposes.
Further, we may use your personal data, such as address, city and zip codes to identify and determine whether you are eligible to register as a member and be a part of our local group (ELSA Groningen) and not another local group/city.
ELSA Groningen does NOT sell or share the collected data with any third parties.
III. Security of Your Personal Data
ELSA works with a highly secure system which guarantee the protection of data. When large volumes of data pass over this system, we can guarantee that our system contains adequate controls for the separation and management of data. When your data is stored by ELSA, we use a system with limited access using security measures and encryption.
Only the Secretary-General will have the main access to the database and the personal data collected. Thus, we limit the access to the storage and have an additional back-up drive system to ensure the security and safety of member’s personal data.
ELSA has strict policies and procedures to minimise the risks to personal data, which includes the use of personal data within external communication and systems outside the control and monitoring of ELSA as well within the internal management.
ELSA policies and procedures extend to all other methods for containing personal data, which includes printed documents, all paper and electronic files.
IV. Data Subject Rights
The data subject in this case is the individual member of ELSA Groningen. As a member of ELSA Groningen, you may benefit upon rights which derive from the GDPR.
Right of information (Art. 15 GDPR): You have the right to access and know the personal data that we hold and store about you.
Right of correction (Art. 16 GDPR) or termination (Art. 17 GDPR): You have the right to correct or terminate any inaccurate personal data that you provided to us.
Right of limitation of the processing (Art. 18 GDPR): You have the right to limit and to an extent restrict our processing of personal data that you provided to us.
Right of rejection of the processing (Art. 21 GDPR): You have the right to object/reject our processing or communications of personal data that you provided to us.
Right of withdrawal of permission (Art.7 III GDPR): You have the right of withdrawal of permission.
Right of data transfer (Art. 20 GDPR): You have the right to receive your personal data that you have provided to the data controller (Secretary-General of ELSA Groningen) without hindrance.
Right to complain about how their data was processed (Art. 77 GDPR): You have the right to complain about how your data was processed by ELSA to the relevant authority.
If you have questions or concerns about how your personal information is used, please contact
us using the details provided above.