european students’ union

Privacy Policy

Privacy Principles

ESU takes your privacy seriously. The following principles underpin our approach to respecting your privacy:

  • We value the trust that you place in us by giving us your personal information. We will always use your personal information in a way that is fair and worthy of that trust.
  • We will provide clear information about how we use your personal information. We shall always be transparent with you about what information we collect, what we do with it, with whom we share it and who you should contact if you have any concerns.
  • We will take all reasonable steps to protect your information from misuse and keep it secure.
  • We will comply with all applicable data protection laws and regulations and we will co-operate with data protection authorities. In the absence of data protection legislation, we will act in accordance with generally accepted principles governing data protection.

Privacy Notice

This notice explains how we collect and use information that we may hold about you as an individual.

This notice covers the following:

What is personal information?

Personal information is any information that tells us something about you or could uniquely identify you. This could include information such as your name, contact details or date of birth.

How do we collect personal information?

We collect personal information about you from various sources including:

  • Information that you give us directly;
  • Information collected automatically when you use ESU Sites;
  • Information we collect from other sources

What information do we collect?

We may collect the following categories of information about you:

Information that you give us directly

We may collect information from you directly when you provide us with personal information, e.g. when you sign up to receive information, attend an event, use applications, buy a product or service from us, fill out a survey, or make a comment or enquiry. The types of information we may collect from you directly include your:

  • Personal contact details such as name, title, address, telephone number and personal email addresses
  • Date of birth or age
  • Gender
  • User generated content, posts and other content you submit to ESU sites
  • Any other personal information that you voluntarily provide to us

Information collected automatically when you use ESU Sites;

We (and third party service providers acting on our behalf) use cookies and other tools (such as web analytic tools and pixel tags) to automatically collect information about you when you use ESU Sites, subject to the terms of this Privacy Notice and applicable data laws and regulations. The types of information collected automatically may include:

  • Information about the type of browser you use
  • Details of the web pages you have viewed
  • Your IP address
  • The hyperlinks you have clicked
  • Your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites (such as when you use the “Like” functionality on Facebook or the +1 functionality on Google+)

Information we collect from other sources

We may receive personal information about you from other legitimate sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. The types of personal information that we may collect from such sources include your:

  • Personal contact details such as name, title,  address, telephone number and personal email addresses
  • Date of birth
  • Gender

How do we use your information?

We may use your information for the following purposes:

  • To administer the relationship you have with ESU, and to provide you with information about ESU activities and for other related purposes
  • If applicable, to administer financial relationships with you as either a customer or a supplier and provide you with information that you require to continue that relationship.
  • To administer peer to peer network forums for sharing best practice amongst both staff and elected representatives from members and non-members.
  • To administer your attendance at an ESU event to ensure that your requirements are accommodated so that you can fully participate in the event.

You can opt out of receiving communications from us at any time. Any  communications that we send to you will provide the information and means necessary to opt out by unsubscribing or sending an email to secretariat@esu-online.org.

In order to protect information from accidental or malicious destruction, when we delete information from our services we may not immediately delete residual copies from our servers or remove information from our backup systems.

We keep this privacy notice up to date, so if there are any changes to the way in which your personal information is used this privacy notice will be updated and we will notify you of the changes.

What is the legal basis that permits us to use your information?

Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so as set out in the data protection legislation. The legal basis that permits us to use your information depends on the basis that we are using that information for.  We rely on the following legal bases to use your information:

  • Where we need information to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

In more limited circumstances we may also rely on the following legal bases:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest or for official purposes.

Some information is classified as “special” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal information. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal information and criminal conviction information in the following circumstances:

  • In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent.
  • We will use information about your physical and mental health or disability status to comply with our legal obligations, including to ensure your health, safety and wellbeing at an event is attended to.

How do we share your information?

We share your personal information in the following ways:

  • With other entities in our group.
  • Where we use third party services providers who process personal information on our behalf in order to provide services to us. This includes IT systems providers and IT contractors.
  • We will share your personal information with regulators where we are required to do so to comply with our regulatory obligations.
  • We will share your personal information with third parties where we are required to do so by law.

Where we share your personal information with third parties we ensure that we have appropriate measures in place to safeguard your personal information and to ensure that it is solely used for legitimate purposes in line with this privacy notice.

How do we keep your information secure?

We take all reasonable precautions to keep your personal information secure and require any third parties that handle or process your personal information for us to do the same. Access to your personal information is restricted to prevent unauthorised access, modification or misuse and is only permitted among our employees and elected representatives on a need-to-know basis.

When do we transfer your information overseas?

When data is transferred to countries outside of Belgium and the European Union those countries may not offer an equivalent level of protection for personal information to the laws in the EU. Where this is the case we will ensure that appropriate safeguards are put in place to protect your personal information.

For how long do we keep your information?

As a general rule we keep your personal information only for as long as we need it.  What this really means is that we will retain your information for the duration of the time that we need to use it.  For example, if you are attending an event, the information required is only required until the event has finished. Within 1 year of the event finishing, the information that is not required will be deleted.

However, where we have statutory obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer.

Your rights in relation to your information

You have a number of rights in relation to your personal information, these include the right to:

  • be informed about how we use your personal information;
  • obtain access to your personal information that we hold;
  • request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate;
  • request that we erase your personal information in the following circumstances:
    • if we are continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
    • if we are relying on consent as the legal basis for processing and you withdraw consent;
    • if we are relying on legitimate interest as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing;
    • if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation);
    • if it is necessary to delete the personal data to comply with a legal obligation;
  • ask us to restrict our data processing activities where you consider that:
    • personal information is inaccurate;
    • our processing of your personal information is unlawful;
    • where we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a legal claim;
    • where you have raised an objection to our use of your personal information;
  • request a copy of certain personal information that you have provided to us in a commonly used electronic format. This right relates to personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information;
  • object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal information;
  • not be subject to automated decisions which produce legal effects or which could have a similarly significant effect on you.

If you would like to exercise any of your rights or find out more, please contact secretariat@esu-online.org

Complaints or Contacting Us

Contact details

Our contact details are as follows:

Address:    Rue de l’Industrie 10, Bruxelles, B-1040

Telephone:   +32 (2) 893 25 47

We have appointed a person with responsibility for data protection matters who has responsibility for advising us on our data protection obligations. You can contact this person officer using the following details: secretariat@esu-online.org

Complaints

If you have any complaints about the way we use your personal information please contact secretariat@esu-online.org who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority in your country (the Information Commissioner in Belgium).

Newsletter sign-up

We make sure you dont miss any news