Privacy policy

Version 2.7, 2023-12-14

This document contains the privacy conditions of Study Association Thalia. The conditions are applicable on all members, benefactors, honorary members of Thalia and people who have started the registration process. Where there are differences in the applicability of the conditions on the mentioned groups this will be stated.

1. Categories of personal data

All data are stored at least for the length of the membership, unless stated otherwise. The account on the Thalia-website will be operational even after the end of the membership or benefactorship to allow easy renewals. The address information, phone number, profile picture, emergency contact, date of birth and student number are deleted 90 days after the end of a person's last membership. These data are not deleted immediately after the end of the membership to allow for easy renewals. The user's username, email address, and membership history are kept indefinitely for the sake of keeping in contact with alumni, and to keep the association's history. A person can request immediate deletion of their data by sending an email to info@thalia.nu.

Applicable to members, benefactors and honorary members:

Full name
Thalia uses the name of members, benefactors and honorary members for its administration and for personalising its communication. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Address
Thalia uses the address of the members, benefactors and honorary members for its administration and for sending the association magazine. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Email address
Thalia uses the email addresses of members, benefactors and honorary members to communicate about policy and financial matters and for sending the weekly newsletter as well as member specific communication (about an event for example). The email addresses are also used to enable functionality provided by the website (such as to reset passwords). Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Phone number
Thalia uses the phone number of members, benefactors and honorary members to communicate with members about activities of Thalia. Think about calling a participant who is too late for an activity or communicating a last-minute change. The processing of phone numbers by Thalia is optional. Processing of these data happens based on consent, which is given implicitly when the phone number is entered during registration or on the user profile on the website.

NB: For some events, processing of the phone number is needed because of the nature of the event. Processing will happen per activity and will be explained where applicable.

Date of birth
Thalia uses the date of birth of members, benefactors and honorary members to determine whether they are of age. Besides this the date of birth is processed to display the birthday in the calendar if the member, benefactor or honorary member explicitly chose to allow this in their profile. Processing of these data happens on the basis of it being a legitimate interest of Thalia.

Profile
Some data that is part of the member profile is shown to other members, including for example the profile picture and profile text. Logged-in users can always view exactly what is shown via the Show public profile button in the user dropdown menu. Additionally, if a member is in a committee or board with publicly visible member list, some of their information (including displayed name and profile picture) will be visible to anyone including people outside of Thalia, and can also be indexed by search engines.

Bank account number
Thalia uses the bank account number of members, benefactors and honorary members when they pay via bank transfer or when they declare costs with Thalia. These data are saved for as long as required by law for the financial administration of Thalia. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Emergency contact
There is a possibility to add an emergency contact to the user profile on the website, so this person can be contacted if it’s needed. Adding an emergency contact is optional.

Data collected on the website
Certain actions on the website may cause data to be collected (such as ordering food on the website or registering to attend an event). Processing of these data happens on the basis of it being a legitimate interest of Thalia.
We additionally may collect data (logs) on anything happening on the site and app to ensure the correct functioning of the services provided, the username of a authenticated user is sent along with the logs. See the section below on Functional Software, Inc. for information on where this data is sent. Thalia tries to only collect data when errors occur. The logs are used to fix bugs in the website and app. Processing of these data happens on the basis of it being a legitimate interest of Thalia.

Sales
When making a purchase at (an event of) Thalia, this can be recorded. This happens on the basis of it being a legal requirement of Thalia to keep their financial administration up-to-date.

Applicable to members:

Student number
Thalia uses the student number of members to check if they are still studying and to receive grants and subsidies. Student numbers are only shared with the Radboud University or organisations which operate on behalf of the Radboud University. Processing of these data happens on the basis of it being a legitimate interest of Thalia.

Applicable to everyone:

Photos
Thalia uses photo’s which are made during her events for the promotion of events and the association. These photo's can be made available on the website of Thalia for members, or they can be posted on social media accounts of Thalia. If such image is posted on a social media platform other than the website of Thalia, permission will be asked to all recognisable persons in the picture if this is feasible. It is possible to ask for the removal of a certain photo from the website or social media when someone on that photo desires so, by sending a mail to info@thalia.nu. Processing of this data happens on the basis of it being a legitimate interest of Thalia. When someone wishes not to be photographed, they can indicate this to the photographer. A request of deletion of a certain photo can also be made after it has been taken, by sending a mail to info@thalia.nu.

Applicable to upcoming members:

Registrations which have been completed or rejected will be removed after 31 days.

A registration that is still in the process of collecting references, reviewing by the board, or waiting for payment is not removed automatically. A person can request immediate deletion of their data by sending an email to info@thalia.nu.

Face recognition

Photos uploaded to Thalia's website are scanned on faces. This is done on our own servers, using open source models. No third parties will receive these photos for this purpose and the photos are not used to train models. Face recognition is only used to allow members to easily search for photos they appear on, and not for any other purpose. Members are not allowed to use face recognition to search for photos of other members. Measures are implemented to prevent this as much as possible.

In order to use face recognition, members need to upload a photo of their own face, a so-called reference face. This photo is stored on our servers and is used to compare faces in photos uploaded to the website. This reference face is only used for face recognition and is not used for any other purpose. It will never be made public. Members can delete their reference face at any time. After deletion, however, the reference face will not be immediately deleted. This allows us to monitor if people actually searched for photos of others.

Other processing of personal data

For activities of Thalia, additional personal data may be needed. Examples include allergy information or dietary preferences when there is an event with food, or shirt size when clothing is given to participants of an event. These data will be processed and explained per event.

2. Rights of members, benefactors and honorary members concerning processing of personal data

The relevant rights of members, benefactors and honorary members concerning the processing of personal data are as follows:

  • Right of access. The person concerned may request to view their data.
  • Right to rectification. The person concerned may correct or supplement their data.
  • Right to erasure. The person concerned may request that their data be deleted.
  • Right to data portability. The person concerned may let their data be transferred to another party.
  • Right to restriction of processing. The person concerned may restrict the processing of their personal data.
  • Right to object. The person concerned may object to the processing of their data.

More information on the applicability of these rights can be found on the website of Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/en).

Contact details for processing of personal data

Within Thalia, the secretary is the contact person for all matters concerning the processing of personal data. Requests and notifications of leaked data can be sent by email to info@thalia.nu or by post to Studievereniging Thalia, Toernooiveld 212, 6525EC Nijmegen.

3. Processing of personal data by third parties

Thalia can share personal data with the following parties:

  • Radboud University Nijmegen
    Thalia shares names and student numbers with the university (and organizations working on behalf of the Radboud University) to request grants and subsidies and to check the administration.
  • Banks and other financial parties
    For making payments, data is shared with banks and other financial parties. Data will only be shared as far as they are necessary to make or receive payments.
  • Amazon Web Services EMEA SARL ('AWS Europe')
    Thalia's servers are hosted on Amazon Web Services. Therefore, all (personal) data Thalia keeps, is processed by Amazon.
  • Google Ireland Limited
    When a member joins a committee or society, a Google Workspace account will be created for that user to allow them to share files with their committee for example. The website will automatically create Google Workspace accounts for these members, and shares the name and email address of the member with Google to facilitate this. If a member stops being a member of committees and societies, their Google Workspace account will automatically be deleted after one month.
    Additionally, Thalia can post videos, captured during events, on its YouTube channel for promotional purposes.
  • Functional Software, Inc. Thalia uses Sentry, a platform by Functional Software, Inc., for error monitoring. This means that when server errors occur on the website or crashes in the app some data is sent to the Sentry platform. For authenticated users, the username is sent along with an error log. We always try to filter out any other personal information from the error logs.
  • Facebook, Inc. For promotional purposes, Thalia can share photos or videos of members, that are taken during activities, on the Instagram account or Facebook page of Thalia.
  • Snap, Inc. For promotional purposes, Thalia can share photos or videos of members, that are taken during activities, on the Snapchat account of Thalia.
  • Discord, Inc. Users that choose to join the Thalia Discord and connect their Discord account with their Thalia account, will share their Thalia profile with Discord.

Thalia will not share personal data with partners, unless a member, benefactor or an honorary member registers for a partner event for which sharing personal data is required.

Email addresses will not be shared with partners. There is an opt-in mailing list to receive messages from partners, but the partners don’t have access to the email addresses in the list.

4. Updating the privacy conditions

Thalia reserves the right to change the privacy conditions. The new conditions will be shared as soon as possible with members, benefactors and honorary members. When changes require consent to be given anew, this will be done accordingly.