Privacy Policy

Privacy Policy Study Association T.W.I.S.T.
Version 14/09/2020

Study Association T.W.I.S.T. processes personal information of its members. The association takes great care of good security and meticulous processing of the personal data of its members. We are required by law to handle this data correctly and want to be transparent towards our members on how we do this exactly. This document therefore describes which personal information the association processes, in which way, and who has access to this data. 

T.W.I.S.T. collects personal data of its members and friends, from here on referred to as members. The association collects or processes no information for other purposes than the purposes listed in this Privacy Policy, unless a member has agreed to this beforehand. Possible adjustments to the Privacy Policy will be presented to a General Assembly of the association. 

If you have any questions after reading this document, please contact the board via bestuur@studieverenigingtwist.nl.

Which information do we collect?  
Study Association T.W.I.S.T. collects different information from their members. The most important category is the personal data that members provide to the association upon registration. The following personal data are being kept by Study Association T.W.I.S.T.:

First and last nameTo differentiate between members.
Date of birthTo determine if a member is younger than 19 years old, which is of importance in enforcing the law.
Phone numberTo contact the member in case of emergency, for clarification and/or questions if other methods fail.
Email addressTo contact the member and to send newsletters, invitations for General Assemblies and other information.
AddressTo send out documents, like the association magazine, and for the direct debit of the membership fee.
Bank account numberFor the direct debit of the membership fee and to make future transactions easier.
Start of membershipTo distinguish between the different years of members (and different years of study, together with the field of study the member filled out).
Study programmeTo distinguish bachelor and master students, as well as members with a non-linguistic background.
Language of preferenceTo address the member in the correct language in personal communication.

This personal information is provided to the study association upon membership registration. The board and the committees retain the right to ask members for additional information upon registration for a specific activity, provided that this information is relevant for the activity (like food preferences). This data will be handled slightly differently than the personal data that is listed above, as will be specified further on.

Website
On the website, the clicking behaviour of our website visitors is also collected, as well as information about the device used and information about the stay of the website visitor on the website. The data is anonymised by our website host WordPress and cannot be traced back to the identity of the website visitor. The collected data is presented in statistics to assess the effectiveness of the information provided and the navigation structure of the website. The purpose of this is to optimise the layout of the website, so that Study Association T.W.I.S.T. can enhance the provision of information to its members via the website. 

Pictures
T.W.I.S.T. takes pictures during activities of the present members. These photos are meant as an impression of the ambiance of the activity and can be accessed on the website by members of the association only. The association retains the right to use a selection of these pictures for promotional purposes, e.g. on social media or the website. If a member has an objection to a specific picture, they can file this objection with the Commissioner Internal Relations (assessor@studieverenigingtwist.nl). Members who do not wish to appear in any pictures, published or not, can report this to the commissioner as well. 

Reunists
Since 2018-2019, T.W.I.S.T. also has a reunist list. This is a list of ex-members who are interested in joining reunions organised by T.W.I.S.T. and/or attend our linguistic career events as alumni. The option to become a reunist, becomes available upon deregistration. Those who are interested can fill out a dedicated registration form for becoming a reunist. They thereby give the board permission to store the following information.

First and last nameTo differentiate between reunists.
Email addressTo contact the reunist for reunions and career events.
Duration of membershipTo see when and for how long the reunists were members.
OccupationTo enable us to invite reunists with diverse occupations for career events.
Completed study programme(s)To know their linguistic background, which is relevant for career events.
Language of preferenceTo address the reunist in the correct language in personal communication.

When the reunist sends the secretary the personal data, they will add this to the reunist list, which is a wholly separate document from the member administration. 

The personal data for reunists is handled in the same way as that of members, see below for more detail.  

How do we store your personal information?
The personal data is stored in the administration of the board, also called the member administration. The member administration is stored in the cloud with the online storage service OneDrive. The OneDrive is only accessible to the current board members. This way, only the board has access to the personal data.

Gmail
Study Association T.W.I.S.T. uses Gmail to send emails to its members. Email addresses of members are automatically stored on this platform to facilitate the sending of emails for the board. The mail accounts of all board members are encrypted with a two-step identification. The passwords of all email accounts are changed at least once every six months. To use the unique domain name @studieverenigingtwist.nl, incoming and outgoing emails are forwarded to the platform Hostinger. 

Mailchimp
Study Association T.W.I.S.T. also uses Mailchimp, an email marketing service that can be used within Gmail. There are three reasons why T.W.I.S.T. uses Mailchimp. First, it allows the sender to build emails in a template, which makes the emails appear more professional. Second, it allows us to personalise mass emails. This feature is indispensable for the annual member check, where individual personal data has to be checked. The last important reason to use Mailchimp is to decrease the number of emails that end up in a member’s spam box. Mailchimp will ordinarily only be used for bulk emails such as the monthly newsletter. 

In order to use Mailchimp’s services, it requires access to the personal data of T.W.I.S.T.’s contacts in Gmail. These personal data include members’ names and email addresses. Mailchimp does not have direct access to T.W.I.S.T.’s member administration. For the annual member check, however, the personal data are extracted from a file that is fed into Mailchimp. After the member check is complete, the mailing list specifically created for it is deleted. According to Mailchimp’s own privacy policy, such personal information will be deleted or anonymised provided Mailchimp has no ongoing legitimate business need to process it. The actual content of emails is only read by Mailchimp staff when their algorithms have found indications of possible violations of their terms of use. T.W.I.S.T. has the “social profiles” and “data analytics projects” features turned off, and the GDPR setting on in order to keep the shared information at a minimum. 

Mailchimp meets the requirements of the GDPR in order to permit us to continue to lawfully transfer EU personal data to Mailchimp and permit Mailchimp to continue to lawfully receive and process that data. Mailchimp may share certain personal information with third parties. When it does, it takes steps to protect information by requiring the third parties to enter into a contract with Mailchimp that requires them to use the personal information transferred to them in a manner that is consistent with the Mailchimp privacy policy and applicable privacy laws. 

The security measures that Mailchimp takes to protect its data can be found here

The full privacy policy of Mailchimp itself can be found here.

WordPress
The website of Study Association T.W.I.S.T. is a WordPress website. To enable members to access the part of the website exclusive to members, a WordPress profile is provided to members. Profiles are created by the Commissioner Internal Relations after member registration. To create a profile, the email address of the member is entered in the WordPress database. The member receives an invitation via email to change his password and username, which activates the profile. Profiles are only provided to members and deactivated by the Commissioner Internal Relations within a year of deregistration. Subsequently, the member is no longer able to visit the member-only part of the website. 

ING
Study Association T.W.I.S.T. has a business account at ING bank. When you fill in a direct debit form (SEPA) with T.W.I.S.T., the association will send out a file to the bank once a year to collect your membership fee. This file will contain your name, address (street, house number and postcode), bank account number, BIC-code of your bank and the country of your bank. If the direct debit is unsuccessful, the treasurer is authorised to resend the data to the bank.

Google Forms
Additional information required for activities can be acquired by the board or committee in charge of the activity by means of a Google Form. This online form is also the registration method for this activity. The necessary data is stored in the Google Form and, if the need arises, transferred to the OneDrive of the relevant committee or board. 

Photos
Photos of activities are stored in a OneDrive folder, created by the Commissioner Internal Relations. This OneDrive is only accessible to members and can be accessed through the website. You need a profile to visit the part of the website where this information is stored. 

In some cases, Study Association T.W.I.S.T. stores information in one or more private files. If this is the case, these files are encrypted with a password. Papers containing personal data are always stored in a locked cabinet. 

Who has access to (part of) your personal information?
Board – The member administration, in which the personal data of all members is stored, is only accessible for board members. The board has access to this data in order to keep an overview of the member population, to carry out direct debits, to provide information, to approach members for clarification and to verify membership. The anonymised click behaviour on the website can only be seen by the Commissioner Internal Relations and the vice-Commissioner Internal Relations. When the GA elects an F.T. board, the F.T. board will gain access to all the information the current board has access to.

Committees – Committees may request the names and email addresses from the board. There is at least one board member in each committee, who can process this data for the committee. The committee needs this information to contact members about upcoming activities and to possibly divide members into groups for the activity. If the committee needs other information than names and email addresses, the board is not authorised to share this. This way, the board restricts access to sensitive personal data as much as possible. In order to obtain this information, the committee must request the necessary information of the members upon their registration for the activity. Upon registration, a person gives permission for the processing of the data by the committee. The only exception to this rule is the RedacCie committee. There are members who wish to receive the monthly magazine at home, and the board member active in the RedacCie committee is authorised to share the home addresses of these members with the committee. 

TWubs – A TWub does not have access to personal information of the members. 

Advisory bodies – The auditing committee, consisting of two former treasurers of the association, will check the financial budgeting of the board. This check is set to guarantee members that the budget of the association is correct. The advisory body may see account numbers and personal names of members in the financial records of the association, which the association is legally obliged to store. The auditing committee is not authorised to process, spread, or store this personal data: its main task is to inspect the budget and give advice to the current treasurer. The other advisory body, the Advisory Board, is not authorised to access personal data of members.

Members – Photos of our activities are accessible to all our members via the website. To view these photos as a member, you have to be logged in on our website. The names of committee-members are published on our website so members can contact the committee if necessary. The name of a committee-member can be anonymised at their request or be omitted from the website. Facebook is a main channel of communication for the association to keep members updated on upcoming activities, interesting events and scholarly opportunities. Members are encouraged to join the private T.W.I.S.T. Facebook group. By becoming a member of this group, they are able to see the names of other T.W.I.S.T. members and other members are able to see theirs. 

How long do we save your personal information?
Personal information will be kept for 2 years after your deregistration. Click here for more information about the deregistration procedure. The board is authorised to save the list of members of the previous academic year. This is to prevent any mistakes made in the new list of members and to be able to contact recently deregistered members if necessary. An exception to this rule is the personal information of former board members, which will be kept for 5 years after deregistration. The current board can contact former board members for information, clarification or advice if they need to do so. A picture and the names of previous board members can be viewed on the website. They can be removed or anonymised if requested.  

The mail archive will be stored for 5 years, so the current board can view the communication by previous boards. It is necessary to keep the archive for longer than 2 years to preserve activities and agreements from before that time so they can be repeated and renewed. This means that the email address of former members may be kept for a longer period than 2 years. Other personal information will be saved for a maximum of 2 years after deregistration and will be deleted after 2 years have passed.

Fiscal personal information will be kept for 7 years in accordance with the law.

Information needed for a specific activity, such as food preferences, will be deleted or anonymised by the organiser after the activity has taken place.

Photos of activities will be saved for 5 years on the website. These photos are only accessible by members. Older photos will be kept on an external hard drive, which is only accessible by the current board.

What are your rights?
1. Right of Access and Rectification
Members have the right to view the data that Study Association T.W.I.S.T. has collected about them and to request rectification when something is wrong in the administration or when their situation has changed. Rectification can be requested by filling out a form, which can be found on the website, with the correct and up-to- date information and sending it to secretaris@studieverenigingtwist.nl. You can request an overview of your data from the board via the same email address.

2. Right of Objection and Complaints
It is possible to object to the collection of personal data. If the purpose of keeping the information is deemed more important than the grounds of objection by the board, the association can choose to continue processing the personal data. An objection or complaint is addressed to the board, but may also be filed with the Advisory Board if the member in question wishes to stay anonymous. 

3. Right to be forgotten
Every member has the right to be forgotten. The original source of the data will continue to exist, but information that identifies an individual will be deleted. This way, there will no longer be a link between the individual and certain information. In this case the membership will be terminated immediately. 

Providing T.W.I.S.T. with personal data
When a person does not agree to provide T.W.I.S.T. with the necessary information for the member administration, this person cannot obtain a membership. Study Association T.W.I.S.T. retains the right to refuse the registration of an aspiring member when the requisite personal data is not provided or when there has been no agreement with the privacy policy or terms and conditions.

Reporting obligation of a data leak
Study Association T.W.I.S.T. is under an obligation to inform all its members in case of a data leak. The purpose of this regulation is to ensure that personal data are handled with more care and that they are sufficiently secured. A data leak is defined as loss or unlawful processing of personal data as described above. In the case of a data leak, T.W.I.S.T. is obligated to notify all members.