Disclaimer
Erasmus Student Network (ESN) is an independent, non-partisan, non-political, and non-profit, international association which operates under Belgian law. ESN is supported as a Civil Society stakeholder by both the Council of Europe, through the European Youth Foundation and European Union, through the Civil Society Cooperation Grant, co-funded by the European Union. Disclaimer for the Co-funding of the European Union: Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Education and Culture Executive Agency (EACEA). Neither the European Union nor EACEA can be held responsible for them.
Dear Data Subject, We wish to inform you that the GDPR provides for the protection of individuals with regard to the processing of Personal Data as a fundamental right. We are committed to safeguarding the privacy of our website visitors; in this policy, we explain how we will treat your personal information.
Pursuant to Article 13 of the GDPR, therefore, We will process your Personal Data according to the present Privacy Policy, which describes how such data is collected, stored, used, communicated and managed by ESN and the related Services.
By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy. Please notify us without delay should you notice any instances in which any violation of the present Privacy Policy occurs.
Last updated: 17 May 2023
We may collect, store and use the following kinds of personal information:
If the Personal Data communicated to us does not belong to the same natural person who communicates it, the latter will be required to explicitly confirm that they have obtained the relevant consent from the Data Subject. In such cases, with the vision of this Privacy Policy and with the above-mentioned confirmation, you also undertake to hold us harmless in case of false or reticent statements, in particular in case you have not actually obtained the consent to the processing from the relevant Data Subjects.
The voluntary sending, on your part, of e-mails to our e-mail addresses does not require further information or requests for consent.
On the contrary, specific summary information will be reported or displayed if needed in the pages of the site prepared for particular services on request (form). You must therefore explicitly consent to the use of the data reported in these forms in order to send any request.
The Personal Data that We hold in connection with SIEM and related Services is collected directly from the Data Subject or uploaded by the relevant organisation.
The Data Controller is:
Erasmus Student Network
Rue Joseph II / Jozef II-straat 120
1000 Brussels, Belgium
Email: [email protected]
The processing of users' Personal Data has its legal basis in their consent and is carried out for the following purposes:
The user's consent is mandatory, and in particular to be able to have Main Institutional and/or Personal accounts, for what concerns the purposes under points 3, 4, 8 and 10 above. For the purposes under points 2, 7, and 9 the consent is optional but the lack thereof may worsen the provision of the Services. For the other purposes the consent is optional and will not compromise in any way the provision of the Service, should you desire not to provide your consent for one or more specific purposes, please inform us at the time your Personal Data is communicated to us, or at any time thereafter, by contacting us.
Except as provided hereinafter, we will not provide your personal information to third parties.
Within the limits pertinent to the Processing purposes indicated, users' data may be communicated to partners, consulting companies, private companies, appointed by the Data Controllers as Data Processors or for legal obligations or to fulfil some users' specific requests. In such cases we take all the necessary technical and organisational measures to protect the confidentiality and security of your Personal Data from unauthorised access or against loss, misuse or alteration by third parties. We may also disclose your personal information to any member of our organization and supporting organisms (insofar as reasonably necessary for the purposes set out in this policy.
Although not directly communicated to any specific recipient, account contact information may also be available to other users.
Our Services may also depend on third-party tracking tools from our service providers, examples of which include email service provider as well as push-notification service provider. Such third parties may use cookies, APIs, and SDKs in our services to enable them to collect and analyse user information on our behalf. In this context, third parties may have access to information such as your device identifier, MAC address, IMEI, locale (specific location where a given language is spoken), geo-location information, and IP address for the purpose of providing their services under their respective privacy policies.
The possible Data Processors and persons in charge of the Processing will in such cases be punctually identified and at the users' request be communicated in detail. For any question in this regard, please contact us.
Please note that in such cases users will be also subject to the relevant third-party privacy policies. For any processing carried out by third parties as Data Processors in relation to the Dashboard and related services, users may contact us or directly such third parties.
For all other cases of processing by third parties, please contact them directly in the manner indicated in their privacy policies.
Lastly, We may share your information in connection with potential merger, de-merger, acquisition, change of ownership, change of control, or in general extraordinary transactions. In such cases, the users will be notified via email and/or notice on our site of any change in ownership of the Personal Data.
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy. If and when we transfer Personal Data to affiliated entities or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world, we will still take all appropriate measures to ensure compliance with the GDPR.
When third parties are involved in the Processing pursuant to this Privacy Policy, Personal Data may be stored on servers outside the European Union. Please remember that in such cases any Processing is also subject to the relevant third parties' privacy policies. In such cases, information that we collect may also be transferred to countries that do not have data protection laws equivalent to those in force in the European Economic Area. By using SIEM you expressly agree to such transfers.
Personal information that you publish on our website or submit for publication on our website may also be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
The data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage”, art. 5, GDPR) or according to the deadlines provided for by law, to comply with our legal obligations, to resolve disputes, and enforce our agreements. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
Pursuant to GDPR, users (and/or the Users who communicated the relevant Data) have the right to access the Personal Data provided to us (art. 15 GDPR) and to ask to receive copy of such Data in an intelligible format in order to transmit it to another data controller (art. 20 GDPR). They have the right to obtain their update, rectification or integration (art. 16 GDPR), and to obtain their erasure (art. 17 GDPR). Users also have the right to request the restriction of the Processing of their Personal Data (art. 18 GDPR) or to object, on legitimate grounds, to such Processing (art. 21 GDPR). We inform you, however, that the exercise of such rights may be subject to limitations or exclusions pursuant to the GDPR or other relevant regulations.
Where the users consider that the processing of Personal Data by us has been carried out in violation of the GDPR, without prejudice to any other administrative or judicial remedy, they the right to lodge a complaint with their national supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place where the alleged violation took place.
For any request or communication concerning any of the above-mentioned rights, please contact us. We will respond to any request as soon as possible and in any case within 30 days.
Users may also object to Personal Data being subject to automated decision-making, including profiling practices. We inform you, however, that We do not carry out any processing that may fall within the aforementioned case. Should this situation change in the future, we will promptly update this Privacy Policy.
Lastly, the Data Subjects concerned (and/or the Users who communicated the relevant Data) may at any time communicate their intention to withdraw their consent. In such cases, We may continue to Process the relevant Personal Data only in presence of an alternative legal basis for such further Processing.
The Personal Data provided to us will be processed in compliance with the GDPR and the obligations of confidentiality that govern the activity of the Data Controller. The data will be processed both with computer tools and on paper or any other suitable support, in compliance with the appropriate security measures under Article 5 par. 1 letter F of the GDPR.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to use our Services. If you are under such age, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from an individual under the age of 18, we will delete such Data as quickly as possible. If you believe that we might have received any Personal Data from or about an individual under the age of 18, please contact us.
Our website includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Our website uses APIs that shares only public information (e.g. name of the company) with third-party websites in order to integrate some services.
We may update this privacy policy to reflect changes to our Processing and/or Data Protection practices. If we make any material changes, we will notify the users by means of a notice on our sites prior to the change becoming effective. In any case, please visit this Privacy Policy periodically.
Our website uses cookies.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
We use both session and persistent cookies on our website.
Most browsers allow you to refuse to accept cookies; for example:
- in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
- in Firefox (version 47) you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
- in Chrome (version 52), you can block all cookies by accessing the "Customise and control" menu and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.
Blocking all cookies will have a negative impact on the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
In particular, We resort to Google Analytics to track and report website traffic, and we use login session cookies to allow you to login and access all functionalities of your Account.
We or Provider or ESN - the Erasmus Student Network; a non-profit international student organisation whose mission is to represent international students, thus providing opportunities for cultural understanding and self-development under the principle of Students Helping Students. ESN develops and operates the Social Inclusion and Engagement in Mobility (SIEM) project and offers the relative Services.
GDPR - the Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Personal Data - any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing - any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Services - any services provided or made available by the Provider via the SIEM platforms as well as relevant interconnected tools or relating thereto.