This document contains the privacy conditions of Study Association Thalia. The conditions are applicable on all members, benefactors, honorary members of Thalia and people who have started the registration process. Where there are differences in the applicability of the conditions on the mentioned groups this will be stated.
All data are stored at least for the length of the membership, unless stated otherwise. The account on the Thalia-website will be operational even after the end of the membership or benefactorship to allow easy renewals. The address information, phone number, profile picture, emergency contact, date of birth and student number are deleted 90 days after the end of a person's last membership. These data are not deleted immediately after the end of the membership to allow for easy renewals. The user's username, email address, and membership history are kept indefinitely for the sake of keeping in contact with alumni, and to keep the association's history. A person can request immediate deletion of their data by sending an email to info@thalia.nu.
Full name
Thalia uses the name of members, benefactors and honorary members for its administration and for
personalising its communication.
Processing of these data happens on the basis of it being necessary to fulfill the membership
agreement.
Address
Thalia uses the address of the members, benefactors and honorary members for its administration and
for sending the association magazine.
Processing of these data happens on the basis of it being necessary to fulfill the membership
agreement.
Email address
Thalia uses the email addresses of members, benefactors and honorary members to communicate about
policy and financial matters and
for sending the weekly newsletter as well as member specific communication (about an event for
example). The email addresses are also used to enable functionality provided by the
website (such as to reset passwords). Processing of these data happens on the basis of it being
necessary to fulfill the membership agreement.
Phone number
Thalia uses the phone number of members, benefactors and honorary members to communicate with members
about activities of Thalia.
Think about calling a participant who is too late for an activity or communicating a last-minute
change. The processing of phone numbers by Thalia is optional.
Processing of these data happens based on consent, which is given implicitly when the phone number
is entered during registration or on the user profile on the website.
NB: For some events, processing of the phone number is needed because of the nature of the event. Processing will happen per activity and will be explained where applicable.
Date of birth
Thalia uses the date of birth of members, benefactors and honorary members to determine
whether they are of age. Besides this the date of birth is processed to display the birthday
in the calendar if the member, benefactor or honorary member explicitly chose to allow this
in their profile.
Processing of these data happens on the basis of it being a legitimate interest of Thalia.
Profile
Some data that is part of the member profile is shown to other members, including for example the profile picture and profile text. Logged-in users can always view exactly what is shown via the Show public profile button in the user dropdown menu. Additionally, if a member is in a committee or board with publicly visible member list, some of their information (including displayed name and profile picture) will be visible to anyone including people outside of Thalia, and can also be indexed by search engines.
Bank account number
Thalia uses the bank account number of members, benefactors and honorary members when they pay via
bank transfer or when they declare costs with Thalia.
These data are saved for as long as required by law for the financial administration of Thalia.
Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.
Emergency contact
There is a possibility to add an emergency contact to the user profile on the website,
so this person can be contacted if it’s needed. Adding an emergency contact is optional.
Data collected on the website
Certain actions on the website may cause data to be collected (such as ordering food on the
website or registering to attend an event). Processing of these data happens on the basis of
it being a legitimate interest of Thalia.
We additionally may collect data (logs) on anything happening on the site and app to ensure
the correct functioning of the services provided, the username of a authenticated user is
sent along with the logs.
See the section below on Functional Software, Inc. for information on
where this data is sent. Thalia tries to only collect data when errors occur. The logs are
used to fix bugs in the website and app.
Processing of these data happens on the basis of it being a legitimate interest of Thalia.
Sales
When making a purchase at (an event of) Thalia, this can be recorded. This happens on the
basis of it being a legal requirement of Thalia to keep their financial administration up-to-date.
Student number
Thalia uses the student number of members to check if they are still studying and to receive
grants and subsidies. Student numbers are only shared with the Radboud University or
organisations which operate on behalf of the Radboud University.
Processing of these data happens on the basis of it being a legitimate interest of Thalia.
Photos
Thalia uses photo’s which are made during her events for the promotion of events and the
association. These photo's can be made available on the website of Thalia for members, or
they can be posted on social media accounts of Thalia. If such image is posted on a social
media platform other than the website of Thalia, permission will be asked to all
recognisable persons in the picture if this is feasible.
It is possible to ask for the removal of a certain photo from the website or social media
when someone on that photo desires so, by sending a mail to
info@thalia.nu.
Processing of this data happens on the basis of it being a legitimate interest of Thalia.
When someone wishes not to be photographed, they can indicate this to the photographer.
A request of deletion of a certain photo can also be made after it has been taken, by
sending a mail to info@thalia.nu.
Registrations which have been completed or rejected will be removed after 31 days.
A registration that is still in the process of collecting references, reviewing by the board, or waiting for payment is not removed automatically. A person can request immediate deletion of their data by sending an email to info@thalia.nu.
Photos uploaded to Thalia's website are scanned on faces. This is done on our own servers, using open source models. No third parties will receive these photos for this purpose and the photos are not used to train models. Face recognition is only used to allow members to easily search for photos they appear on, and not for any other purpose. Members are not allowed to use face recognition to search for photos of other members. Measures are implemented to prevent this as much as possible.
In order to use face recognition, members need to upload a photo of their own face, a so-called reference face. This photo is stored on our servers and is used to compare faces in photos uploaded to the website. This reference face is only used for face recognition and is not used for any other purpose. It will never be made public. Members can delete their reference face at any time. After deletion, however, the reference face will not be immediately deleted. This allows us to monitor if people actually searched for photos of others.
For activities of Thalia, additional personal data may be needed. Examples include allergy information or dietary preferences when there is an event with food, or shirt size when clothing is given to participants of an event. These data will be processed and explained per event.
The relevant rights of members, benefactors and honorary members concerning the processing of personal data are as follows:
More information on the applicability of these rights can be found on the website of Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/en).
Within Thalia, the secretary is the contact person for all matters concerning the processing of personal data. Requests and notifications of leaked data can be sent by email to info@thalia.nu or by post to Studievereniging Thalia, Toernooiveld 212, 6525EC Nijmegen.
Thalia can share personal data with the following parties:
Thalia will not share personal data with partners, unless a member, benefactor or an honorary member registers for a partner event for which sharing personal data is required.
Email addresses will not be shared with partners. There is an opt-in mailing list to receive messages from partners, but the partners don’t have access to the email addresses in the list.
Thalia reserves the right to change the privacy conditions. The new conditions will be shared as soon as possible with members, benefactors and honorary members. When changes require consent to be given anew, this will be done accordingly.