Privacy policy

Version 2.3, 29-01-2020

This document contains the privacy conditions of Study Association Thalia. The conditions are applicable on all members, benefactors, honorary members of Thalia and people who have started the registration process. Where there are differences in the applicability of the conditions on the mentioned groups this will be stated.

1. Categories of personal data

All data are stored at least for the length of the membership, unless stated otherwise. At the end of the membership the address information will be deleted, the name, email address and history with Thalia will be collected in the alumni database. The account on the Thalia-website will be operational even after the end of the membership or benefactorship to allow easy renewals. The deletion of data will happen on a yearly basis (on March 1st), so on average the data will be saved for six months, at most a year after the end of the membership. Data is not deleted immediately since the data is needed in case the membership gets extended. A person can request immediate deletion of their data by sending an email to info@thalia.nu.

Applicable to members, benefactors and honorary members:

Full name
Thalia uses the name of members, benefactors and honorary members for its administration and for personalising its communication. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Address
Thalia uses the address of the members, benefactors and honorary members for its administration and for sending the association magazine. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Email address
Thalia uses the email addresses of members, benefactors and honorary members to communicate about policy and financial matters and for sending the weekly newsletter as well as member specific communication (about an event for example). The email addresses are also used to enable functionality provided by the website (such as to reset passwords). Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Phone number
Thalia uses the phone number of members, benefactors and honorary members to communicate with members about activities of Thalia. Think about calling a participant who is too late for an activity or communicating a last-minute change.The processing of phone numbers by Thalia is optional. Processing of these data happens based on consent, which is given implicitly when the phone number is entered during registration or on the user profile on the website.

NB: For some events, processing of the phone number is needed because of the nature of the event. Processing will happen per activity and will be explained where applicable.

Date of birth
Thalia uses the date of birth of members, benefactors and honorary members to determine whether they are of age. Besides this the date of birth is processed to display the birthday in the calendar if the member, benefactor or honorary member explicitly chose to allow this in their profile. Processing of these data happens on the basis of it being a legitimate interest of Thalia.

Bank account number
Thalia uses the bank account number of members, benefactors and honorary members when they pay via bank transfer or when they declare costs with Thalia. These data are saved for as long is required by law for the financial administration of Thalia. Processing of these data happens on the basis of it being necessary to fulfill the membership agreement.

Emergency contact
There is a possibility to add an emergency contact to the user profile on the website, so this person can be contacted if it’s needed. Adding an emergency contact is optional.

Data collected on the website
Certain actions on the website may cause data to be collected (such as ordering a pizza on the website or registering to attend an event). Processing of these data happens on the basis of it being a legitimate interest of Thalia. We additionally may collect data (logs) on anything happening on the site and app to ensure the correct functioning of the services provided, the username of a authenticated user is sent along with the logs. See the section below on Functional Software, Inc. for information on where this data is sent. Thalia tries to only collect data when errors occur. The logs are used to fix bugs in the website and app. Processing of these data happens on the basis of it being a legitimate interest of Thalia.

Applicable to members:

Student number
Thalia uses the student number of members to check if they are still studying and to receive grants and subsidies. Processing of these data happens on the basis of it being a legitimate interest of Thalia. Student numbers are only shared with the Radboud University or organisations which operate on behalf of the Radboud University.

Applicable to everyone:

Photos
Thalia uses photo’s which are made during her events for the promotion of events and the association. These photo’s can show persons. Processing of these data happens on the basis of it being a legitimate interest of Thalia.

When someone wishes not to be photographed, he or she can indicate this to the photographer. It’s also possible to ask for deletion of the photo after it has been taken.

Applicable to upcoming members:

Registrations which have been completed or rejected will be removed after 31 days.

A registration that is still in the process of collecting references, reviewing by the board, or waiting for payment is not removed automatically. A person can request immediate deletion of their data by sending an email to info@thalia.nu.

Other processing of personal data

For activities of Thalia, additional personal data may be needed. Think about data like allergy information or dietary preferences when there is an event with food, or shirt size when clothing is given to participants of an event. These data will be processed and explained per event.

2. Rights of members, benefactors and honorary members concerning processing of personal data

The relevant rights of members, benefactors and honorary members concerning the processing of personal data is as follows:

  • Right of access. The person concerned to view their data.
  • Right to rectification. The person concerned may correct or supplement their data.
  • Right to erasure. The person concerned may let their data be deleted.
  • Right to data portability. The person concerned may let their data be transferred to another party.
  • Right to restriction of processing. The person concerned may restrict the processing of their personal data.
  • Right to object. The person concerned may object to the processing of their data.

More information on the applicability of these rights can be found on the website of Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/en).

Contact details for processing of personal data

Within Thalia, the secretary is the contact person for all matters concerning the processing of personal data. Requests and notifications of leaked data can be sent by email to secretary@thalia.nu or by post to Studievereniging Thalia, Toernooiveld 212, 6525EC Nijmegen.

3. Processing of personal data by third parties

Thalia can share personal data with the following parties:

  • Radboud University Nijmegen
    Thalia shares names and student numbers with the university (and organizations working on behalf of the Radboud University) to request grants and subsidies and to check the administration.
  • Banks and other financial parties
    For making payments, data is shared with banks and other financial parties. Data will only be shared as far as they are necessary to make or receive payments.
  • Google
    When a member joins a committee or society, a GSuite account will be created for that user to allow them to share files with their committee for example. The website will automatically create GSuite accounts for these members, and shares the name and email address of the member with Google to facilitate this. If a member stops being a member of committees and societies, their GSuite account will automatically be deleted after one month.
  • Functional Software, Inc. Thalia uses Sentry, a platform by Functional Software, Inc., for error monitoring. This means that when server errors occur on the website or crashes in the app some data is sent to the Sentry platform. For authenticated users, the username is sent along with an error log. We always try to filter out any personal information from the error logs.

Thalia will not share personal data with partners, unless a member, benefactor or an honorary member registers for a partner event for which sharing personal data is required.

Email addresses will not be shared with partners. There is an opt-in mailing list to receive messages from partners, but the partners don’t have access to the email addresses in the list.

4. Updating the privacy conditions

Thalia reserves the right to change the privacy conditions. The new conditions will be shared as soon as possible with members, benefactors and honorary members. When changes require consent to be given anew, this will be done accordingly.