This document contains the privacy conditions of Study Association Thalia. The conditions are applicable on all members, benefactors, honorary members of Thalia and people who have started the registration process. Where there are differences in the applicability of the conditions on the mentioned groups this will be stated.
All data are stored at least for the length of the membership, unless stated otherwise. At the end of the membership the address information will be deleted, the name, email address and history with Thalia will be collected in the alumni database. The account on the Thalia-website will be operational even after the end of the membership or benefactorship to allow easy renewals. The deletion of data will happen on a yearly basis (on March 1st), so on average the data will be saved for six months, at most a year after the end of the membership. Data is not deleted immediately since the data is needed in case the membership gets extended. A person can request immediate deletion of their data by sending an email to info@thalia.nu.
Full name
Thalia uses the name of members, benefactors and honorary members for its administration and for personalising its communication. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.
Address
Thalia uses the address of the members, benefactors and honorary members for its administration and for sending the association magazine. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.
Email address
Thalia uses the email addresses of members, benefactors and honorary members to communicate about policy and financial matters and for sending the weekly newsletter as well as member specific communication (about an event for example). The email addresses are also used to enable functionality provided by the website (such as to reset passwords). Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.
Phone number
Thalia uses the phone number of members, benefactors and honorary members to communicate with members about activities of Thalia. Think about calling a participant who is too late for an activity or communicating a last-minute change. The processing of phone numbers by Thalia is optional. Processing of these data happens based on consent, which is given implicitly when the phone number is entered during registration or on the user profile on the website.
NB: For some events, processing of the phone number is needed because of the nature of the event. Processing will happen per activity and will be explained where applicable.
Date of birth
Thalia uses the date of birth of members, benefactors and honorary members to determine whether they are of age. Besides this the date of birth is processed to display the birthday in the calendar if the member, benefactor or honorary member explicitly chose to allow this in their profile. Processing of these data happens on the basis of it being a legitimate interest of Thalia.
Bank account number
Thalia uses the bank account number of members, benefactors and honorary members when they pay via bank transfer or when they declare costs with Thalia. These data are saved for as long is required by law for the financial administration of Thalia. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.
Emergency contact
There is a possibility to add an emergency contact to the user profile on the website, so this person can be contacted if it’s needed. Adding an emergency contact is optional.
Data collected on the website
Certain actions on the website may cause data to be collected (such as ordering a pizza on the website or registering to attend an event). Processing of these data happens on the basis of it being a legitimate interest of Thalia.
We additionally may collect data (logs) on anything happening on the site and app to ensure the correct functioning of the services provided, the username of a authenticated user is sent along with the logs. See the section below on Functional Software, Inc. for information on where this data is sent. Thalia tries to only collect data when errors occur. The logs are used to fix bugs in the website and app. Processing of these data happens on the basis of it being a legitimate interest of Thalia.
Sales
When making a purchase at (an event of) Thalia, this can be recorded. This happens on the basis of it being a legal requirement of Thalia to keep their financial administration up-to-date.
Student number
Thalia uses the student number of members to check if they are still studying and to receive grants and subsidies. Processing of these data happens on the basis of it being a legitimate interest of Thalia. Student numbers are only shared with the Radboud University or organisations which operate on behalf of the Radboud University.
Photos
Thalia uses photo’s which are made during her events for the promotion of events and the association. These photo's can be made available on the website of Thalia for members or they can be posted on social media accounts of Thalia. If such image is posted on a social media platform other than the website of Thalia, permission will be asked to all recognisable persons in the picture if this is feasible. It is possible to ask for the removal of a certain photo from social media when someone on that photo desires so, by sending a mail to info@thalia.nu. Processing of this data happens on the basis of it being a legitimate interest of Thalia. When someone wishes not to be photographed, they can indicate this to the photographer. A request of deletion of a certain photo can also be made after it has been taken, by sending a mail to info@thalia.nu.
Registrations which have been completed or rejected will be removed after 31 days.
A registration that is still in the process of collecting references, reviewing by the board, or waiting for payment is not removed automatically. A person can request immediate deletion of their data by sending an email to info@thalia.nu.
Photos uploaded to Thalia's website are scanned on faces. This is done on our own servers, using open source models. No third parties will receive these photos for this purpose and the photos are not used to train models. Face recognition is only used to allow members to easily search for photos they appear on, and not for any other purpose. Members are not allowed to use face recognition to search for photos of other members. Measures are implemented to prevent this as much as possible.
In order to use face recognition, members need to upload a photo of their own face, a so-called reference face. This photo is stored on our servers and is used to compare faces in photos uploaded to the website. This reference face is only used for face recognition and is not used for any other purpose. It will never be made public. Members can delete their reference face at any time. After deletion, however, the reference face will not be immediately deleted. This allows us to monitor if people actually searched for photos of others.
For activities of Thalia, additional personal data may be needed. Think about data like allergy information or dietary preferences when there is an event with food, or shirt size when clothing is given to participants of an event. These data will be processed and explained per event.
The relevant rights of members, benefactors and honorary members concerning the processing of personal data is as follows:
More information on the applicability of these rights can be found on the website of Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/en).
Within Thalia, the secretary is the contact person for all matters concerning the processing of personal data. Requests and notifications of leaked data can be sent by email to info@thalia.nu or by post to Studievereniging Thalia, Toernooiveld 212, 6525EC Nijmegen.
Thalia can share personal data with the following parties:
Thalia will not share personal data with partners, unless a member, benefactor or an honorary member registers for a partner event for which sharing personal data is required.
Email addresses will not be shared with partners. There is an opt-in mailing list to receive messages from partners, but the partners don’t have access to the email addresses in the list.
Thalia reserves the right to change the privacy conditions. The new conditions will be shared as soon as possible with members, benefactors and honorary members. When changes require consent to be given anew, this will be done accordingly.