This is an old revision of the document!
This document will provide you with a detailed view of the various kinds of information S.A. Proto processes, how this is acquired, where it can be reviewed and how it can be modified and/or deleted.
The intention of this overview is to be complete and exhaustive, and the Have You Tried Turning It Off And On Again committee has the duty to keep this document factual and actual. If, despite these efforts, you find that his document is incomplete or incorrect, or if you have other questions related to this document, please send an e-mail to email@example.com.
Common groups that will be repeated throughout this document are:
Everyone in the System Administrators, Administrators and OmNomCom groups have signed an NDA or Non Disclosure Agreement .
S.A. Proto exclusively stores data on Dutch soil and with Dutch companies, except where specifically mentioned otherwise.
Most of the file storage, part of the e-mail and some secondary data is stored on a physical server on the University of Twente campus. This server is located in a locked room that is only accessible to System Administrators and technical staff of the University of Twente. This server is in possession of S.A. Proto.
If you register an account with S.A. Proto, you are asked to provide:
Upon account creation, this information is stored on our servers and visible only to Administrators. Other users and/or members cannot see your information. You are also assigned an internal numerical user ID, which is used to link all your data to your account. This user ID contains no PII and is retained indefinitely.
This information is stored together with your account and retained as long as your account is active. If you have no active S.A. Proto membership, you can deactivate your account (and delete most of your PII) via your dashboard. You cannot deactivate your account as long as you have a running membership. If you wish to terminate your account, please contact the association board.
Note: even for a deactivated account (only) your name is retained indefinitely for historical purposes.
Any additional PII you add to your account can be removed again via your dashboard, as long as you don't have an active membership.
If you are a member of S.A. Proto some of the PII mentioned earlier will become visible for other members of the association:
We believe that it is necessary for members to be able to contact each other in order to ensure a smoothly running association. Therefore we do not allow you to hide your e-mail address for other members. Your e-mail address will never by visible to guests or users.
Becoming a member of S.A. Proto also requires you to add a few extra pieces of information:
All of these are added by you via your dashboard. As soon as you are a member, this information can only be changed, not deleted. In order to completely delete this information, you must terminate your membership. Note that your date of birth can only be changed by contacting the association board.
Your living address and your SEPA withdrawal authorization are only visible to Administrators. You can voluntarily choose to share your address, birth date and/or phone number with other members of the association, but not users, (and reverse this) via your dashboard. These data will be visible to Administrators.
Your age may be shown to other members. If it is your birthday, you will be displayed on the homepage of the site. We think this improves the feel of a community, but the user can opt-out for this via their dashboard.
The page where you can authorize S.A. Proto for a SEPA direct withdrawal processes your IBAN. To improve usability your IBAN is sent to openiban.org to see if your BIC can be automatically determined. No other PII is sent to openiban.org. In order to prove that you allowed S.A. Proto to collect the debt you have at S.A. Proto (by buying from the OmNomCom or participating in activities for example) your signature is saved.
Additionally, you can also choose to supply:
Dietary or allergy information is only visible to Administrators and to members of the committees that organize activities you attend. This information is retained until you manually change or delete it. Note that the latter can only see your dietary or allergy information:
The mailinglist subscriptions are saved to see which mail you want to receive such that you only have to receive mail you are interested in. RFID code can added by the user to simplify OmNomCom purchases and can be deleted at all times.
Finally, if you choose to become active by joining of a committee, your name will be added to the page of the committee you are joining (along with a join and leave date and a function description), and this will be visible to members. Your committee memberships are retained indefinitely, even you deactivate your account.
Data S.A. Proto automatically stores the following data about you:
The start and the end date of your membership are stored for historical and statistical purposes and also to prove that a member had contribution fee obligation in the past.
Every member receives a unique user id for anonymization in case of statistical operations and for the layout of the database.
When becoming a member, the type of member one is can be one (or more) of the following: Regular member, honorary member, life-long member and donator. This is because there is a difference in contribution fee to receive between these types.
In the course of your S.A. Proto membership, you can make purchases at various points. These purchases can include food and consumables at the OmNomCom, participant's fee for activities and your membership fee. Any purchases you make are saved and retained indefinitely, even if you terminate your membership or deactivate your account. All purchases are visible and searchable by the OmNomCom. During some activities you can pay for your consumptions in cash. If you pay in cash, the purchase is logged but not linked to your user account.
Administrators are also able to see the aggregated purchase and payment information that is visible to you. This includes totals for each month, which withdrawals you were included in and the amount that was involved in these withdrawals.
Purchase history may be used to present you with your favorite purchases in the OmNomCom, and to generate (anonymized) statistics that can help the OmNomCom manage stock better and more efficiently. Your purchase history and derived data will never be sold to other parties. You can choose whether you want your purchase data anonymized after 7 years via your dashboard.
You can pay for your purchases either via an automatic withdrawal or using our online payment provider. As a member, paying via automatic withdrawal is the default option. See also the notes in withdrawal authorizations earlier in this document. If you pay using automatic withdrawal, the details of your withdrawal authorization (including your name and bank account number) are shared with the bank of S.A. Proto in order to perform the automatic withdrawal.
Alternatively, you can pay using our online payment provider Mollie (see here for their terms and conditions, including privacy statement). We do not send data of individual purchases to Mollie, only the total amount you wish to settle including a generic description. When you pay, Mollie receives some data on you depending on the payment method you choose. For example, if you pay using iDeal, Mollie receives the bank account number and bank you paid with. This information is also available to S.A. Proto and may be processed automatically. S.A. Proto does not send any PII to Mollie.
Please note that not linking any payment data to your account (e.g. removing your withdrawal authorization or refusing to pay via Mollie) does not excuse you from settling your debts with S.A. Proto. If you have a privacy concern with any of the existing options, please contact the treasurer of S.A. Proto to see if it could be possible to pay in cash or via another method.
Over the course of being a user of the S.A. Proto website, or a member of the association, information may be created and/or generated by you or about you. We try to provide a comprehensive list below, but do not guarantee this list to be complete.
You can add, edit or remove a profile photo via your dashboard. This is completely voluntarily. As a rule of thumb, assume that your profile photo is visible wherever your name is. Your profile photo is retained till you delete or change it. Your photo can also be visible during drinks when you are under 18.
You can receive achievements (virtual 'prizes' for achieving something) automatically or manually. These are visible to other members of the association in your profile. Please contact the association board if you don't want an achievement to be shown in your profile. Achievements are retained until they're deleted by an Administrator.
If you participate in, organize or help with an activity, your name may appear indefinitely on that activity's page. The only way to prevent this is by not going to activities.
S.A. Proto keeps a history of which videos are added to the ProTube video system. If you are logged in with your user account to the website in the same session and/or browser you use to add a video to ProTube, this act may be associated with your account. If you wish to prevent this, please indicate this via the ProTube dashboard. Played video history is retained indefinitely for historical purposes. If you wish to clear your personal history (i.e. make Proto forget you put certain songs in ProTube) you can do so via the ProTube dashboard. This will not delete the songs from history, just the association with your user account.
The website has a place where members can see and place quotes by other people and/or members. If there is a quote that you posted, or in which you are mentioned, and you wish to have this quote removed, please contact the association board. Quotes are retained until deleted by an Administrator.
You can link RFID cards to your account via the OmNomCom system to speed up check-out. If you do this, the card's UID is saved. This is in fact required if you want to buy something during drinks. You can edit or remove an RFID card at any time via your dashboard. RFID cards are retained until you remove them.
The ICT systems of Study Association S.A. Proto integrate with those of the University of Twente on several fronts.
S.A. Proto offers a University of Twente address book that allows users to search into the contact details of UT employees and students. The UT maintains the information in this address book and S.A. Proto merely relays the query of the user to this address book. The UT address book on the S.A. Proto website is only accessible to user accounts that have linked an active UT account to their S.A. Proto account. All the information in the UT address book is otherwise also available via their LDAP directory service, which can be accessed by anyone with access to the UT network.
The information from the UT address book is not used to automatically update any information related to your S.A. Proto user account or membership.
The LDAP directory service is, where not explicitly mentioned otherwise, also the source of data S.A. Proto uses to perform the other actions described in this section.
From your dashboard you can link or unlink a UT account from your S.A. Proto account. Having a UT account linked to your S.A. Proto account entitles you extra privileges on the website. As long as you have a UT account linked, S.A. Proto stores your student or employee number as part of your user data. If you unlink your UT account from your S.A. Proto account, S.A. Proto also removes the reference to your student or employee number from your user data.
If you link your UT account S.A. Proto will also request your current study/studies or department from the university. S.A. Proto will store this information as long as you have your student number linked, and will periodically update this information. Your study or department can be shown to other members.
If you log-in using your UT credentials (either to link your account or to login to the website) you are redirected to the single sign-on (SSO) environment of the UT. Your UT credentials are not read by, transmitted to or processed by us. If SSO authentication succeeds, you are redirected back to S.A. Proto. In this process, S.A. Proto is presented your student number, full name and student e-mail address.
Although S.A. Proto stores your student or employee number if you choose to link your UT account to your S.A. Proto account, it does not make this number searchable for other users, also not via the UT address book. Only the Administrators can find you by this number or look up this number for you.
S.A. Proto performs automated and periodical checks against UT records to decide whether a member is currently a Creative Technology or Interaction Technology student. This check is performed to establish whether this member needs to pay the regular or reduced membership fee. S.A. Proto does not keep a record that indicates directly whether a user is a Creative Technology student, although this can be inferred from the membership fee charged to that member. The UT cannot learn anything about non Creative Technology or non Interaction Technology students from this check.
If you believe you were charged the wrong membership fee, you can contact the treasurer of S.A. Proto for rectification.
S.A. Proto is entitled a grant from the faculty of EEMCS at the University of Twente because of its status as the study association of Creative Technology and Interaction Technology. To qualify for this grant, S.A. Proto needs to show how many of its members are a student at the faculty of EEMCS. To do this, S.A. Proto sends a list with the names, e-mail addresses and student numbers (if applicable) of its members to the faculty of EEMCS, so the faculty of EEMCS can determine the correct height of the grant. S.A. Proto and the UT agree to treat this list confidential and to destroy the list after use. The UT is not allowed to retain any of the details on this list for its own use.
S.A. Proto periodically and automatically checks whether the UT accounts users have linked to their S.A. Proto account are still valid and active in the administration of the UT. If this automated check determines a UT account is deactivated by the UT, it will be removed from the S.A. Proto account. The user is not informed of this. If you believe the check to have incorrectly removed your UT account from your S.A. Proto account, you can always contact the website developers.
S.A. Proto receives a subsidy from the faculty every year. This subsidy is based on the amount of members and to check this, we send a list with names and student numbers of all Creative Technology students to the faculty.
At activities organized by or together with S.A. Proto, photographers or film crew may be present at the activity and they may take a picture and/or video of you that may later be published. If this makes you feel uncomfortable, please indicate this to the people taking the photos/video. They will do their best to take it into account.
In the case of external parties (press, for example), please ask that party or the association board for their policy regarding portrait rights.
When you send e-mail via S.A. Proto (either towards an @proto.utwente.nl address or by using S.A. Proto's SMTP servers) a copy of that e-mail (including the body) will be temporarily stored on our servers while the e-mail is in transit. That copy will be deleted once delivered to the following e-mail server. Additionally, our mail servers log activity (this includes to and from addresses, as well as the subject of the e-mail – the body of an e-mail is never logged) to combat spam and troubleshoot problems.
If you or your committee makes use of network drives provided by S.A. Proto, outside the intended users only System Administrators have access to data on that drive.
All data on the network drives are stored on the campus of the University of Twente on machines controlled by S.A. Proto.
The S.A. Proto website makes use of various cookies to provide session and log-in persistence. These cookies are functional and do not allow us to collect privacy sensitive data.
When you visit any of the S.A. Proto websites technical metadata (which can including your IP-address, browser user-agent and URL you access) will be logged by the web server.
Only System Administrators have access to this data.
S.A. Proto uses Matomo for web analytics. Using Matomo, S.A. Proto collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. The purpose in collecting non-personally identifying information is to better understand how visitors of all sites operated by S.A. Proto use these websites. From time to time, S.A. Proto may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website to external parties to, for example, give sponsors information about visibility.
You can opt-out for web analytics on the websites operated by S.A. Proto as described in this section here.
All Administrators may see information collected through Matomo.org
All Administrators may see information collected through Sentry
As of now, there is only one other system where your data might be stored, which is Alex.ia. Your data will only be stored if you join the drafting committee. The following information might be stored: