Privacy Statement of International Faculty Association ACE
This Privacy Statement explains which data International Faculty Association ACE (I.F.A. ACE) collects from its members and how this data is processed, treated, stored, and deleted. Informing members and having them agree to this process
is mandatory under the General Data Protection Regulation (GDPR), which is a European Law per May 25, 2018.
If you wish to become a member of I.F.A. ACE, this Privacy Statement must be agreed upon by actively ticking off the box referring to it on the Membership. Signup form on the website (ifaace.nl).
The consent a member gives to the processing and storage of their personal data by I.FA. ACE, elaborated upon in this Privacy Statement must be free, specific, informed, unambiguous, active, and verifiable.
I.F.A. ACE complies to these requirements because of the following facts:
- Free: No representative of the association coerces individuals to agree with the Privacy Statement. It is a free choice.
- Specific: Agreeing to the Privacy Statement is a specific step in the membership signup process. The step of ticking off the box is not combined with other agreements.
- Informed: The Privacy Statement is available for everyone to read by clicking a link on the signup form and on a specific section of the website, just like the Terms and Conditions.
- Unambiguous: This Privacy Statement is written as specific and transparent as deemed possible at the moment of writing.
- Active: The box to agree with this Privacy Statement is not ticked off automatically, it has to be done manually by the person who signs up for a membership.
- Verifiable: For each person who signs up as a member of I.F.A. ACE, a carbon copy email of the answers they have filled in is sent to the general email address of the association (firstname.lastname@example.org). In this email it will be shown that members have agreed to the Privacy Statement.
2. Type of Data Processed and Stored
I.F.A. ACE only processes and stores that data, which is strictly necessary for the association the be able to operate properly and thus fulfil its core tasks. A list of the types of data the association requests from people who sign up and the purposes for this data can be found below.
Personal data of members can only come from members themselves, and is stored up to the point that they end their membership of I.F.A. ACE. Personal data is only shared with I.F.A. ACE’s contracted associates, e.g. the printer of EmbrACE Magazine (in this case only the names and addresses for sending them to members).
Additionally, I.F.A. ACE makes photographs of members at the events it organises. I.F.A. ACE publishes thes e photographs via its media, which includes the I.F.A. ACE website, Facebook page and Embrace Magazine. I.F.A. ACE is not required to delete photographs of members when they end their membership, but if a member wants his or her photograph(s) removed, he or she can contact the Marketing Manager of the association.
Former members have a separate section in the database, which contains solely a name, the start date of their study, the study they did, and an email address in case contact needs to be made.
3. Data Right of Members
The rights of members are mentioned under art. 59 of the GDPR, and are also mentioned in this section of the Privacy Statement.
Members of I.F.A. ACE have the following rights:
- The right to rectification;
- The right to have their data erased;
- The right to limit the amount of data that the data-processing side may process;
- The right to lodge an objection to direct marketing;
- The right to prevention of automated individual decision-making, including profiling;
- The right to transmissibility of data, i.e. data portability.
Each request from a person concerning the above-mentioned rights must be taken care of within a month of receiving the request. No fees may be charged for these services.
4. Data Leaks
In case data is leaked from the association, the Dutch Autoriteit Persoongegevens (AP) will be notified within 72 hours of the leak. Members may request to read the full data leak procedure by making an appointment with the Secretary of the Board by sending an email to email@example.com
I.F.A. ACE offers services, mainly in the form of events. The personal data requested from members when signing up for events is limited to the strictly necessary information needed for the association to operate. The association’s online infrastructure in which this data is processed and stored is secure. The member database is stored both offline and in a secure Dropbox account. The email server used for written communication and to archive events signups, Protagonist, is paid and protected software. In addition, Study Store, the shop via which people can sign up to become a member of the association while buying their study books, observes the GDPR as well.