User Tools

Site Tools


ict:privacy:start

This is an old revision of the document!


Privacy Policy of Study Association Proto

This is a draft document and has no official status yet.

This is the privacy policy of Study Association Proto (hereafter just “S.A. Proto”). It describes in detail what information S.A. Proto collects and processes, who can access that information and what information it shares with other parties. This document aims to provide users of our website and other ICT services with an understanding of what the association knows about them, and provide easy reference to how that information can be edited/deleted.

This document is supposed to replace the chapter on “Personal information” in the Rules and Regulations of S.A. Proto as per the next General Member Meeting.

The privacy policy should be viewed as a dynamic document with transparent revision history. Everybody can see what changes have been made to it and when those changes have been made. The privacy policy is made and maintained by the board of S.A. Proto together with the members of the Have You Tried Turning It Off And On Again committee. Changes to the privacy policy can be made for several reasons, including but not limited to: addition of a new service for S.A. Proto, new external partners, suggestions from members and instructions from the General Member Meeting. The latter can make binding decisions as to the content of the privacy policy. Questions regarding the privacy policy can be sent to privacy@proto.utwente.nl. In general, members and owners of user accounts are not notified of changes to this document.

This document is written on a best effort basis and its aim is to provide a comprehensive view of the current situation. Please e-mail privacy@proto.utwente.nl if you believe this document contains mistakes or needs clarification.

General statements regarding your personal data

These general provisions describe how the association handles privacy and your personal information in general. This section should give you a short overview on how S.A. Proto handles your data in general. This section serves as a replacement to the chapter Personal information in the Rules and Regulations of S.A. Proto.

This section does not go into exact detail. If you wish to have a more specific insight in the information S.A. Proto has about you, please see the section Explanation of specifics.

Collection

In general, your personal data is collected by S.A. Proto in one of the following ways:

  • Provided by you, for example by submitting the data into the website
  • Generated by you in the course of using services offered by S.A. Proto, for example by purchasing something or choosing to become part of a committee
  • Provided by the university, as explained later in this document

If data is acquired in any way other than those above, it will be specifically mentioned in this document.

Insight

Almost all of the information S.A. Proto has accumulated about you can be reviewed by you on the website of S.A. Proto on your dashboard, your profile page or on the relevant part of the S.A. Proto website. It should be explicitly stated that it is always the intent of S.A. Proto to be transparent about the information the association has about you. If you wish to receive an overview of information S.A. Proto has about you that cannot be found on the website, please send an e-mail to privacy@proto.utwente.nl with your request. We aim to reply to your request within one week, but reserve the right to take up to four weeks for our reply.

In general, only the board of the association, the IT administrators and specific committees can see (part) of the data S.A. Proto has about you. The latter concerns committees that need access to some of your information in order to provide you or the association services. Examples of this are to predict what stock to buy for the OmNomCom, or to prepare activities.

Any personal data supplied to S.A. Proto is never shared with third parties, except in special cases involving the University of Twente. Those are outlined below.

Usage

How exactly S.A. Proto uses your data is explained further on in this document. In general, your data may be used to:

  • Facilitate services you request (including attending activities and purchasing consumables from the OmNomCom)
  • Facilitate services to support your study or Creative Technology in general
  • Provide information to the university in order to fix grants and other financial support
  • Generate statistics or knowledge that help committees, the board or the General Member Meeting to make well informed decisions
  • Facilitate a digital list of members, an almanac or related services
  • Calculate and collect contributions that you owe the association, including the membership fee
  • Provide other services that achieve the statuary goals or improve the good spirit of S.A. Proto

S.A. Proto may also send you:

  • Invitations for the General Member Meeting
  • Information important to your membership
  • Information in the name of external parties
  • Information to which you subscribed
  • Invitations to activities and other events
  • General information about what is happening in the association

S.A. Proto will primarily contact you via e-mail. Only in exceptional occasions will you be contacted by regular mail.

Objection

You can object to S.A. Proto sending you information, except for:

  • Invitations for the General Member Meeting
  • Information important to your membership

If you wish to object to S.A. Proto sending you information, you may do so via the website, or by contacting the association board.

For information on how to object to usage of other personal data, please refer to the second part of this document.

Third parties

If S.A. Proto wishes to outsource processing of personal information of members of S.A. Proto to a third party, an agreement needs to be established with this third party that guarantees that the information is processed secure, in the right way and for the right purposes.

Specific usage of your personal data

This section will provide you with a detailed view of the various kinds of information S.A. Proto processes, how this is acquired, where it can be reviewed and how it can be modified and/or deleted.

This section serves as an addition to what was previously described in the chapter Personal information in the Rules and Regulations of S.A. Proto.

Who has access to your data

Throughout this document several groups will frequently been named as having access to your data. These groups will be outlined below for quick reference. In addition sometimes names of committees of S.A. Proto will make an appearance. If this is the case a link will be included to that committee's page on the S.A. Proto website to easily allow you to see who are currently a member of that committee. If an external company or party has access to your data, a link will be included to (the closest thing to) a privacy policy on the website of that party.

Common groups

Common groups that will be repeated throughout this document are:

  • System Administrators – The people responsible for the most technical IT support in the association. This includes all members listed on the Have You Tried Turning It Off And On Again committee member list that have System Admin(istrator) or SysAdmin in their function.
  • Administrators – This group consists of three groups: the System Administrators, the board of S.A. Proto and all members listed on the Have You Tried Turning It Off And On Again committee member list that have Developer in their function.
  • OmNomCom – This group consists of people that have access to a specific part of the association administration related to the stock, management, purchases and other related aspects of the OmNomCom, the system that keeps a tally of all purchases made within the association and sees that they are being paid for. This group consists of three groups: the Administrators and all members listed on the OmNomCom and TIPCie member list.
  • Members – This group consists of all people that have a user account on the website and an active association membership tied to that user account.

Everyone in the System Administrators, Administrators and OmNomCom groups have signed an NDA or Non Disclosure Agreement .

Terms

  • The University of Twente (henceforth also called the UT) is the university which is home to the Creative Technology program, and the facilitating university to S.A. Proto.
  • A user's dashboard is the part of the S.A. Proto website where they can see, for the largest part, what information S.A. Proto has on them and add, edit and/or remove it.

Personally identifiable information (PII)

If you register an account with S.A. Proto, you are asked to provide:

  • Your name
  • Your e-mail address
  • Your date of birth
  • Your gender
  • Your nationality
  • Your phone number

Upon account creation, this information is stored on our servers and visible only to Administrators. Other users and/or members cannot see your information. You are also assigned an internal numerical user ID, which is used to link all your data to your account. This user ID contains no PII and is retained indefinitely.

The rationale behind requesting this data is that, for the vast majority of people, creating an account on the website is followed by either becoming a member, or to purchase tickets to an open event. Both of these require the given information, which is why it is already asked when creating an account.

This information is stored together with your account, and retained as long as your account is active. If you have no active S.A. Proto membership, you can deactivate your account (and delete most of your PII) via your dashboard. You cannot deactivate your account as long as you have a running membership. If you wish to terminate your account, please contact the association board.

Note: even for a deactivated account (only) your name and e-mail address is retained indefinitely. If you wish to prevent this, please change your e-mail address to something random before deactivating your account. You can do the same for your name. To change your name, please contact the association board.

Any additional PII you add to your account can be removed again via your dashboard, as long as you don't have an active membership.

Additional PII for members

If you are a member of S.A. Proto some of the PII mentioned earlier will become visible for other members of the association:

  • Your name
  • Your e-mail address

We believe that it is necessary for members to be able to contact each other in order to ensure a smoothly running association. This is why we do not allow you to hide your e-mail address for other members. Your e-mail address will never by visible to guests or users.

Becoming a member of S.A. Proto also requires you to add two extra pieces of information:

  • Your current living address
  • A SEPA withdrawal authorization

Both of these are added by you via your dashboard. As soon as you are a member, this information can only be changed, not deleted. In order to completely delete this information, you have to terminate your membership.

Your living address and your SEPA withdrawal authorization or only visible to Administrators. You can voluntarily choose to share your address and/or phone number with other members of the association, but not users, (and reverse this) via your dashboard.

The page where you can authorize S.A. Proto for a SEPA direct withdrawal processes your IBAN. To improve usability your IBAN is sent to openiban.org to see if your BIC can be automatically determined. No other PII is sent to openiban.org.

Additionally, you can also choose to supply:

  • Dietary or allergy information

This information is only visible to Administrators and to members of the committees that organize activities you attend. This information is retained until you manually change or delete it. Note that the latter can only see your dietary or allergy information:

  • If you are registered as a participant in the activity, up until two weeks after the activity has ended; AND
  • That activity has been marked (by an Administrator) to involve food or other allergy sensitive activities.

Finally, if you choose to become active by joining of a committee, your name will be added to the page of the committee you are joining (along with a join and leave date and a function description), and this will be visible to members. Your committee memberships are retained indefinitely, even you deactivate your account.

Purchases and payments

In the course of your S.A. Proto membership, you can make purchases at various points. These purchases can include food and consumables at the OmNomCom, participant's fee for activities and your membership fee. Any purchases you make are saved and retained indefinitely, even if you terminate your membership or deactivate your account. All purchases are visible and searchable by the OmNomCom. During some activities you can pay for your consumptions in cash. If you pay in cash, the purchase is logged but not linked to your user account.

Administrators are also able to see the aggregated purchase and payment information that is visible to you. This includes totals for each month, which withdrawals you were included in and the amount that was involved in these withdrawals.

Purchase history may be used to present you with your favorite purchases in the OmNomCom, and to generate (anonymized) statistics that can help the OmNomCom manage stock better and more efficiently. Your purchase history and derived data will never be sold to other parties.

You can pay for your purchases either via an automatic withdrawal or using our online payment provider. As a member, paying via automatic withdrawal is the default option. See also the notes in withdrawal authorizations earlier in this document. If you pay using automatic withdrawal, the details of your withdrawal authorization (including your name and bank account number) are shared with the bank of S.A. Proto in order to perform the automatic withdrawal.

Alternatively, you can pay using our online payment provider Mollie (see here for their terms and conditions, including privacy statement). We do not send data of individual purchases or PII to Mollie, only the total amount you wish to settle including a generic description. When you pay, Mollie receives some data on you depending on the payment method you choose. For example, if you pay using iDeal, Mollie receives the bank account number and bank you paid with. This information is also available to Proto and may be processed automatically.

Please note that not linking any payment data to your account (e.g. removing your withdrawal authorization or refusing to pay via Mollie) does not excuse you from settling your debts with S.A. Proto. If you have a privacy concern with any of the existing options, please contact the treasurer of S.A. Proto to see if it could be possible to pay in cash or via another method.

User generated content and other data

Over the course of being a user of the S.A. Proto website, or a member of the association, information may be created and/or generated by you or about you. We try to provide a comprehensive list below, but do not guarantee this list to be complete.

Profile photo

You can add, edit or remove a profile photo via your dashboard. This is completely voluntarily. As a rule of thumb, assume that your profile photo is visible wherever your name is. Your profile photo is retained till you delete or change it.

Achievements

You can receive achievements (virtual 'prizes' for achieving something) automatically or manually. These are visible to other members of the association in your profile. Please contact the association board if you don't want an achievement to be shown in your profile. Achievements are retained until they're deleted by an Administrator.

Activities

If you participate in, organize or help with an activity, your name may appear indefinitely on that activity's page. The only way to prevent this is by not going to activities.

Played ProTube videos

S.A. Proto keeps a history of which videos are added to the ProTube video system. If you are logged in with your user account to the website in the same session and/or browser you use to add a video to ProTube, this act may be associated with your account. If you wish to prevent this, please use ProTube only from a private browsing session where you are not logged in to the website. Played video history is retained indefinitely until manually deleted by a System Administrator. If you wish to anonymize part or all of the video history tied to your account, please contact any of the System Administrators directly.

Quotes

The website has a place where members can see and place quotes by other people and/or members. If there is a quote that you posted, or in which you are mentioned, and you wish to have this quote removed, please contact the association board. Quotes are retained until deleted by an Administrator.

RFID cards

You can link RFID cards to your account via the OmNomCom system to speed up check-out. If you do this, the card's UID is saved. This is in fact required if you want to buy something during drinks. You can edit or remove an RFID card at any time via your dashboard. RFID cards are retained until you remove them.

Student information and study details

You can find the privacy policy of the University of Twente here, unfortunately only in Dutch.

The ICT systems of Study Association S.A. Proto integrate with those of the University of Twente on several fronts.

University of Twente address book

S.A. Proto offers a University of Twente address book that allows users to search into the contact details of UT employees and students. The UT maintains the information in this address book and S.A. Proto merely relays the query of the user to this address book. The UT address book on the S.A. Proto website is only accessible to user accounts that have linked an active UT account to their S.A. Proto account. All the information in the UT address book is otherwise also available via their LDAP directory service, which can be accessed by anyone with access to the UT network.

The information from the UT address book is not used to automatically update any information related to your S.A. Proto user account or membership.

The LDAP directory service is, where not explicitly mentioned otherwise, also the source of data S.A. Proto uses to perform the other actions described in this section.

Linking a UT account

From your dashboard you can link or unlink a UT account from your S.A. Proto account. Having a UT account linked to your S.A. Proto account entitles you extra privileges on the website. As long as you have a UT account linked, S.A. Proto stores your student or employee number as part of your user data. S.A. Proto does not store your study/department, it requests it on the fly from the UT when you load your dashboard. If you unlink your UT account from your S.A. Proto account, S.A. Proto also removes the reference to your student or employee number from your user data.

Logging in with your UT credentials

If you log-in using your UT credentials (either to link your account or to login to the website) you are redirected to the single sign-on (SSO) environment of the UT. Your UT credentials are not read by, transmitted to or processed by us. If SSO authentication succeeds, you are redirected back to S.A. Proto. In this process, S.A. Proto is presented your student number, full name and student e-mail address. Your student number is stored as described elsewhere, your name and student e-mail address are discarded.

Your student or employee number

Although S.A. Proto stores your student or employee number if you choose to link your UT account to your S.A. Proto account, it does not make this number searchable for other users, also not via the UT address book. Only the Administrators can find you by this number or look this number up for you.

Determining membership fees and UT grands

S.A. Proto performs automated and periodical checks against UT records to decide whether a member is currently a Creative Technology student. This check is performed to establish whether this member needs to pay the regular or reduced membership fee. S.A. Proto does not keep a record that indicates directly whether a user is a Creative Technology student, although this can be inferred from the membership fee charged to that member. The UT cannot learn anything about non Creative Technology students from this check.

If you believe you were charged the wrong membership fee, you can contact the treasurer of S.A. Proto for rectification.

S.A. Proto is entitled a grand from the faculty of EEMCS at the University of Twente because of its status as the study association of Creative Technology. To qualify for this grand, S.A. Proto needs to show how many of its members are a student at the faculty of EEMCS. To do this, S.A. Proto sends a list with the names, e-mail addresses and student numbers (if applicable) of its members to the faculty of EEMCS, so the faculty of EEMCS can determine the correct height of the grand. S.A. Proto and the UT agree to treat this list confidential and to destroy the list after use. The UT is not allowed to retain any of the details on this list for its own use.

Verifying valid UT account

S.A. Proto periodically and automatically checks whether the UT accounts users have linked to their S.A. Proto account are still valid and active in the administration of the UT. If this automated check determines a UT account is deactivated by the UT, it will be removed from the S.A. Proto account. The user is not informed of this. If you believe the check to have incorrectly removed your UT account from your S.A. Proto account, you can always contact the website developers.

Study details

S.A. Proto does not have access to study progress, grades or other study related records. S.A. Proto can look up what study you follow using your name, e-mail address and/or student number, but does not store this information. Users can (voluntarily) indicate their current and/or past study programs along with start and end dates via their dashboard. When this information is present, it is shared with members of the association and can be used by S.A. Proto. The study details you enter via your dashboard are never shared outside of the association, except in anonymized form (for example, to indicate how many students of a certain study are a member of S.A. Proto). Study details you have entered are retained until you delete them.

Photos taken by S.A. Proto

At activities organized by or together with S.A. Proto, photographers or film crew may be present at the activity and they may take a picture and/or video of you that may later be published. If this makes you feel uncomfortable, please indicate this to the people taking the photos/video. They will do their best to take it into account.

In the case of photographers/film crew of S.A. Proto (most notably, the S.A. Protography committee), S.A. Proto reserves the right to take or publish any pictures taken. For activities that are likely to generate embarrassing photos (a cantus, for example), S.A. Proto will take precautions to prevent embarrassing photo from being put online without consent from the subject. For other activities though, S.A. Proto reserves the right to publish photos without asking consent. Either way, by joining an activity you are surrendering your portrait right for any photos taking during that activity. You may always request a photo to be taken off-line after publishing. To do that, please contact the association board.

In the case of external parties (press, for example), please ask that party or the association board for their policy regarding portrait rights.

Cookies, IP-addresses and other technical metadata

The S.A. Proto website makes use of various cookies to provide session and log-in persistence. These cookies are functional and do not allow us to collect privacy sensitive data.

When you visit any of the S.A. Proto websites technical metadata (which can including your IP-address, browser user-agent and URL you access) will be logged by the web server.

When you send e-mail via S.A. Proto (either towards an @proto.utwente.nl address or by using S.A. Proto's SMTP servers) a copy of that e-mail (including the body) will be temporarily stored on our servers while the e-mail is in transit. That copy will be deleted once delivered to the following e-mail server. Additionally, our mail servers log activity (this includes to and from addresses, as well as the subject of the e-mail – the body of an e-mail is never logged) to combat spam and troubleshoot problems.

Only System Administrators have access to this data.

Google Analytics

S.A. Proto uses Google Analytics for analytical purposes. Google may place cookies and collect data like what pages you visit on our website, how you traverse our website and link data to data Google already has about you (S.A. Proto does not share any of your data with Google, Google only analyzes your website usage). Check here for Google's Privacy Policy. Check here to find out how to opt out for Google Analytics on every website.

All Administrators may see information collected through Google Analytics.

ict/privacy/start.1505981724.txt.gz · Last modified: 2018/04/14 17:36 (external edit)