Dear Data Subject, We wish to inform you that the GDPR provides for the protection of individuals with regard to the processing of Personal Data as a fundamental right. We are committed to safeguarding the privacy of our website visitors; in this policy, we explain how we will treat your personal information.
Last updated: 19 March 2022
Type of Data Processed
We may collect, store and use the following kinds of personal information:
- information about your computer and about your visits to and use of SIEM website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
- information that you provide when registering with our website;
- information that you provide when completing your profile on our website (including tentatively your name, profile picture, gender, date of birth, educational details and other information set in your profile fields);
- information that you provide for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);
- information that you provide when using the services on our website or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use);
- information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication); and
- any other personal information that you choose to send to us.
The voluntary sending, on your part, of e-mails to our e-mail addresses does not require further information or requests for consent.
On the contrary, specific summary information will be reported or displayed if needed in the pages of the site prepared for particular services on request (form). You must therefore explicitly consent to the use of the data reported in these forms in order to send any request.
Origin of Processed Personal Data
The Personal Data that We hold in connection with SIEM and related Services is collected directly from the Data Subject or uploaded by the relevant organisation.
The Data Controller is:
Erasmus Student Network
Rue Joseph II / Jozef II-straat 120
1000 Brussels, Belgium
Email: [email protected]
Purpose of Data Processing and legal basis
The processing of users’ Personal Data has its legal basis in their consent and is carried out for the following purposes:
- administer our website and business;
- personalise our website for you;
- enable your use of the services available on our website;
- send you email notifications that you have specifically requested;
- provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
- provide third parties with personal data needed to comply with the purpose of this website, this will be done only under previous and explicit approval by the user;
- deal with enquiries and complaints made by or about you relating to our website;
- keep our website secure and prevent fraud; and
- send service-related notifications that may be of importance to continue using the Services, and safety/security notifications related to the participation in programmes featured in our Service;
- verify compliance with the terms and conditions governing the use of our website.
Mandatory nature or not of the consent
The user’s consent is mandatory, and in particular to be able to have Main Institutional and/or Personal accounts, for what concerns the purposes under points 3, 4, 8 and 10 above. For the purposes under points 2, 7, and 9 the consent is optional but the lack thereof may worsen the provision of the Services. For the other purposes the consent is optional and will not compromise in any way the provision of the Service, should you desire not to provide your consent for one or more specific purposes, please inform us at the time your Personal Data is communicated to us, or at any time thereafter, by contacting us.
Except as provided hereinafter, we will not provide your personal information to third parties.
Within the limits pertinent to the Processing purposes indicated, users’ data may be communicated to partners, consulting companies, private companies, appointed by the Data Controllers as Data Processors or for legal obligations or to fulfil some users’ specific requests. In such cases we take all the necessary technical and organisational measures to protect the confidentiality and security of your Personal Data from unauthorised access or against loss, misuse or alteration by third parties. We may also disclose your personal information to any member of our organization and supporting organisms (insofar as reasonably necessary for the purposes set out in this policy.
Although not directly communicated to any specific recipient, account contact information may also be available to other users.
The possible Data Processors and persons in charge of the Processing will in such cases be punctually identified and at the users’ request be communicated in detail. For any question in this regard, please contact us.
Please note that in such cases users will be also subject to the relevant third-party privacy policies. For any processing carried out by third parties as Data Processors in relation to the Dashboard and related services, users may contact us or directly such third parties.
For all other cases of processing by third parties, please contact them directly in the manner indicated in their privacy policies.
Lastly, We may share your information in connection with potential merger, de-merger, acquisition, change of ownership, change of control, or in general extraordinary transactions. In such cases, the users will be notified via email and/or notice on our site of any change in ownership of the Personal Data.
International data transfers
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy. If and when we transfer Personal Data to affiliated entities or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world, we will still take all appropriate measures to ensure compliance with the GDPR.
Personal information that you publish on our website or submit for publication on our website may also be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
Period and place of Data retention
The data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage”, art. 5, GDPR) or according to the deadlines provided for by law, to comply with our legal obligations, to resolve disputes, and enforce our agreements. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
Rights of the Data Subjects
Pursuant to GDPR, users (and/or the Users who communicated the relevant Data) have the right to access the Personal Data provided to us (art. 15 GDPR) and to ask to receive copy of such Data in an intelligible format in order to transmit it to another data controller (art. 20 GDPR). They have the right to obtain their update, rectification or integration (art. 16 GDPR), and to obtain their erasure (art. 17 GDPR). Users also have the right to request the restriction of the Processing of their Personal Data (art. 18 GDPR) or to object, on legitimate grounds, to such Processing (art. 21 GDPR). We inform you, however, that the exercise of such rights may be subject to limitations or exclusions pursuant to the GDPR or other relevant regulations.
Where the users consider that the processing of Personal Data by us has been carried out in violation of the GDPR, without prejudice to any other administrative or judicial remedy, they the right to lodge a complaint with their national supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place where the alleged violation took place.
For any request or communication concerning any of the above-mentioned rights, please contact us. We will respond to any request as soon as possible and in any case within 30 days.
Lastly, the Data Subjects concerned (and/or the Users who communicated the relevant Data) may at any time communicate their intention to withdraw their consent. In such cases, We may continue to Process the relevant Personal Data only in presence of an alternative legal basis for such further Processing.
Modalities of data processing
The Personal Data provided to us will be processed in compliance with the GDPR and the obligations of confidentiality that govern the activity of the Data Controller. The data will be processed both with computer tools and on paper or any other suitable support, in compliance with the appropriate security measures under Article 5 par. 1 letter F of the GDPR.
Security of personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
Our Policy Regarding Minors
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to use our Services. If you are under such age, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from an individual under the age of 18, we will delete such Data as quickly as possible. If you believe that we might have received any Personal Data from or about an individual under the age of 18, please contact us.
Our website includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Our website uses APIs that shares only public information (e.g. name of the company) with third-party websites in order to integrate some services.
Changes to the Policy
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
We use both session and persistent cookies on our website.
Most browsers allow you to refuse to accept cookies; for example:
- in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
- in Firefox (version 47) you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
- in Chrome (version 52), you can block all cookies by accessing the "Customise and control" menu and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.
Blocking all cookies will have a negative impact on the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
In particular, We resort to Google Analytics to track and report website traffic, and we use login session cookies to allow you to login and access all functionalities of your Account. [MQ5]
We or Provider or ESN - the Erasmus Student Network; a non-profit international student organisation whose mission is to represent international students, thus providing opportunities for cultural understanding and self-development under the principle of Students Helping Students. ESN develops and operates the Social Inclusion and Engagement in Mobility (SIEM) project and offers the relative Services.
GDPR - the Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Personal Data - any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing - any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Services - any services provided or made available by the Provider via the SIEM platforms as well as relevant interconnected tools or relating thereto.