Privacy Statement

Menu
- Intro 果冻传媒

Privacy Statement

How does Eindhoven University of Technology鈥痯rocess personal data in relation to the Introduction Week activities

1. Introduction鈥�&苍产蝉辫;

This privacy statement provides information about the processing of personal data of students participating in the Introduction Week at Eindhoven University of Technology.

We have tried to provide you with all the information in a clear and readable way. If after reading the privacy statement you have any questions about the way we process your personal data, please let us know via privacy@tue.nl. We are happy to help you.

This privacy statement is applicable as of August 10, 2022. The latest changes to this privacy statement were made on May, 2024.

2.鈥疻ho is responsible for your personal data?鈥�鈥€�&苍产蝉辫;

The 果冻传媒 Executive Board is the controller in the sense of the General Data Protection Regulation (GDPR) for the processing operations in this privacy statement. This means that the 果冻传媒 Executive Board (hereafter referred to as "果冻传媒", "we" or "us") is responsible for the careful and proper processing of your personal data.

3.鈥疻hat personal data do we process?鈥€�鈥�&苍产蝉辫;

In relation to the Introduction Week activities we process among other the following personal data:

Name
Gender
Nationality
E-mail address
Password
Account ID
Date of birth plus inferred age
Student number
Study program
Bank details
Purchasing data
Profile picture
Dietary restrictions
Municipal appointments

4. For what purposes do we process your personal data?鈥�鈥�&苍产蝉辫;

The personal data is processed in relation to the Introduction Week activities largely through Tactile App and for the following purposes:鈥�&苍产蝉辫;

Processing purpose	Personal data used
Registration & account login Determine which students are of legal drinking age	Name E-mail address Password Gender Date of birth Nationality* Student number Study program Profile picture Dietary restrictions* Account ID (linked to all the above)
Payment & refunds	Name Bank details
Group creation with diverse participants	Account ID, specifically using data such as age, nationality* and gender
Schedule creation	Account ID Municipal appointments
Wristband linking & payments Enable easy payment for tickets, food and drinks as well as easy age verification for bartenders	Account ID
Communicate updates, changes and other information related to the introduction week to the participants	Account ID Name Email address
Feedback request & financial evaluation	Name Email address
Data logging & analytics	Account ID Purchasing data***

*You are not obliged to provide data related to your dietary restrictions in the registration form.

**We process your nationality in order to form groups in a diverse manner. Your nationality will not be processed for any other purpose.

***Your individual purchasing data will only be visible to you by default. Only in case of complaint or dispute, authorized employees at ESA will access your individual purchasing data. The Introduction Week鈥檚 team will have access to the total amount stated on your account, for verification and refunds.

5. Basis for processing

The processing must be based on one of the legal grounds of the GDPR. The basis depends on the specific personal data and the purpose for which they are processed. In the case of鈥炒解€痑nd the Introduction Week activities, those legal basis are outlined below:

Processing activity	Lawful basis
1. Registration & account log in	Necessity for performance of a contract 鈥� Art. 6(1)(b) GDPR By registering to the Introduction Week, you enter into a contract with 果冻传媒.
2. Payment & refunds	Necessity for performance of a contract 鈥� Art. 6(1)(b) GDPR By registering to the Introduction Week, you enter into a contract with 果冻传媒.
3. Group creation	Legitimate interest 鈥� Art. 6(1)(f) GDPR
4. Schedule creation	Legitimate interest 鈥� Art. 6(1)(f) GDPR
5. Wristband linking & payments	Legitimate interest 鈥� Art. 6(1)(f) GDPR
6. Communication	Legitimate interest 鈥� Art. 6(1)(f) GDPR
7. Feedback request & financial evaluation	Legitimate interest 鈥� Art. 6(1)(f) GDPR
8. Data logging & analytics	Legitimate interest 鈥� Art. 6(1)(f) GDPR

果冻传媒 has a legitimate interest in providing a quality experience for the introduction week as part of its contract with the participants. This includes creating groups, creating schedules, providing wristbands and follow-up payments, informing students about events and matters relating to the Introduction Week, gaining feedback to improve the upcoming introduction weeks and analyzing data logging.

6. Who has access to your personal data?

6.1 Access to your personal data within the 果冻传媒

All relevant employees who are involved with the Introduction Week activities will have access to your personal data, but only as far as is required to fulfil their respective tasks. These employees are:

The Central Introduction Commission (CIC)
Project leader, student assistant registration and Finance 果冻传媒 and Student Affairs (ESA)

Apart from those mentioned above, only authorized persons in relevant sections of the 果冻传媒 like Student associations (SAs) and Intro parents, but only as far as is required to fulfil their respective tasks.

6.2 Access to your personal data by third parties

The following third parties have access to or will obtain your personal data, where this is relevant for the facilities and services of these parties towards 果冻传媒.

Tactile (for processing related to registration and payments)
DigitalOcean (Subprocessor of Tactile)
Pay.nl (Subprocessor of Tactile)
Mailgun (Subprocessor of Tactile)
Rex (for scheduling municipal appointments for international students)

We will not share the data we process in relation to Introduction Week activities with other third parties, unless this is a legal obligation.

6.3 Use of your personal data by Processors

If a third party processes your personal data on our instructions, then this party is a Processor. Our Processors are: Tactile and Rex. With such Processors we make agreements concerning the processing of your personal data. Such an agreement will in any case stipulate that certain obligations concerning protection of personal data are respected, thus ensuring that data are processed with due regard for the wishes and standards of 果冻传媒.

7. Will my data be processed outside the European Economic Area ('EEA')?

果冻传媒 endeavors to process your data only within the European Economic Area ("EEA") by storing your data on a server in the EEA wherever possible. For the Introduction Week activities, no data is processed outside the EEA.

8. How long will your personal data be kept?

果冻传媒 stores your personal data in accordance with the GDPR. Data will not be retained for longer than is necessary to achieve the purposes for which the data 颅was collected. Some data we are required by law to retain for a certain period of time.

For most of the Introduction Week activities, your data will be erased in any case after three (3) months. However, we are legally obliged to keep the data which we process with relation to payments through Pay.nl for seven (7) years.

9. How is your personal data secured?

果冻传媒 has implemented appropriate technical and organizational measures to protect the personal data against unintended or unlawful destruction of the data, unintended damage, loss, alteration or unauthorized disclosure or access, and against all other forms of unlawful processing (including, but not limited to, unnecessary collection of data) or further processing. These appropriate technical and organizational measures include the implementation of Single Sign-On for Tactile, the application used for the Introduction Week, privacy training provided to employees who handle your personal data and guidelines related to your privacy rights implemented by 果冻传媒.

10. How can you exercise your privacy rights?鈥�&苍产蝉辫;

You have a number of rights with respect to your personal data:

Right of access. This is the right to obtain confirmation from us as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and some additional information.
Right to erasure.
Right to rectification and supplementation. This is the right to have personal data that we process amended.
Right to data portability. The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
Right to restrict processing. This right allows you to limit the way that we use your data.
Right regarding automated decision making and profiling. This is the right to a human eye in decisions.
Right to object to data processing.
Right to clear information about what we do with your personal data.

Would you like to exercise any of these rights? If so, please contact privacy@tue.nl. We may, however, request additional information to verify your identity when invoking these rights.

If you have given permission for the processing of your personal data you can withdraw this permission at any time. Withdrawing your permission does not have retroactive effect. This means that until the moment of revocation, the permission is lawfully given.

11. Whom can you contact?

In case of questions and/or exercise of privacy rights

If you have any questions about how we process your personal data, or if you wish to exercise your privacy rights, please contact the 果冻传媒 privacy team at privacy@tue.nl. We will be happy to help you.

In case of complaints

You can submit a complaint about our data processing to the Data Protection Officer (FG) at dataprotectionofficer@tue.nl. The Data Protection Officer is the link between the 果冻传媒 and the Personal Data Authority. The Dutch Data Protection Authority is the supervisory authority in the Netherlands. The Data Protection Officer acts independently of the university and can consult and/or obtain advice from the Dutch Data Protection Authority.

If you do not agree with the complaint handling by the FG, you can file a complaint directly with the Dutch Data Protection Authority. The Dutch Data Protection Authority will handle the complaint or request and make a decision on it.