Last updated on February 13th, 2023
S.A. Fugax cares about ensuring that your data is used responsibly and that your privacy is respected. This privacy statement provides details on the various ways the information we collect from you will be used and who will have access to it. We aim to collect data from you that is only strictly necessary to make sure that S.A. Fugax runs optimally for all our members.
S.A. Fugax adheres to the Algemene Verordening Gegevensbescherming (AVG), also known as General Data Protection Regulation (GDPR), which details the necessary legislations and regulations on the use of private data. In line with the GDPR, the following measures are taken:
- Your data is protected by the use of secure cloud storage that is GDPR compliant. The organisation of access to your data is limited to those who need to process your data within S.A. Fugax;
- Personal data is only provided to certain third parties with your explicit knowledge and permission through this privacy statement;
- Personal data is only processed for the purposes that are detailed in this privacy statement. For any other use, we ask explicit permission from you.
Types of Personal Data Stored
The primary way of collecting your personal data is through the sign up form that you need to fill in to become a member of S.A. Fugax The purpose(s) of the data requested from you is as follows:
|Name||Communication, Administration, Statistics|
|Date of Birth||Administration, Statistics|
|Email, Phone Number||Communication|
|Student Number||For UM|
|Emergency Contact Phone/Address||For emergencies|
|Financial Information (IBAN)||Administration, Direct Debit Payments|
Some of the purposes are stated only vaguely, here is an explanation of what they mean.
Administration: Keeping a record of all members. This lets us notify Maastricht University who our members are. It is also necessary for us to use your personal data to check for payments to us. In case of event participation, your details such as your name will become relevant. Additionally, we require your details to run the direct debit payment system.
Communication: We will use your personal data to reach out to you with what we consider to be relevant information from our association. This might be done in a blanket fashion or be catered to you as an individual.
Statistics: We keep an overview of the distribution of various dimensions of our members to know the composition of our association. This way we can adapt better to catering for our members and identify if certain groups are missing from our association. If these statistics are shared with members or with third parties, they will only be done in an aggregated manner that does not allow for individuals to be identified.
Any additional personal information requested by the association must be related to an event that is taking place and be directed to participants, or be related to activity that the member is partaking in. In both cases the personal data can only be requested when it is clear what the purpose for it is and is only used for that purpose. For example, requesting additional information on what games or the locations a person can provide and their preference on what games to play. This can only be done in the context of an event at which this information is relevant. The information cannot be shared to any third parties.
Storage of Personal Data and Retention Period
Data is all stored in digital form when possible in Conscribo. Only board members have access to the entire data bank. Data is stored up to 7 years since S.A. Fugax is legally obliged to be able to hold on to the data for a minimum of this period. After 7 years the board in charge at the time is responsible for deleting the data that no longer needs to be stored by law. Hard copies of personal data such as the physical sign up forms are stored with the secretary in function. In case the secretary is not available, the president or treasurer will store these documents. The same retention rules apply for the hard copy data.
Access to Personal Data within S.A. Fugax
Your personal data is accessible to the board members. Access to other members is only possible if they are a part of a committee and are aiding with organisation of activities. In this case access is provided to them to limited parts of the drive that are relevant to their activities. Access is allowed to these parties for the following reasons:
Access for the board:
The board is allowed access to the drive because they are responsible for organising the association. The access is not further divided into roles within the board because duties are not strictly divided into roles within the board. Every board has its own dynamic, roles and manner of functioning. While certain roles like treasurer focus on the data relevant to finances, other board members may also require access to it for planning events, resolving disputes and so forth.
Access for Committees:
Committees are given access to the committee folders that contain information on previous and current activities relevant to the committee. This may include personal data of members who participated in the committee’s activities. The data shared within these committee folders is dependent purely on the purpose of each committee.
Access to Personal Data for Third Parties
Only one third parties is given fixed access to a limited amount of personal data by S.A. Fugax. This is Maastricht University. For any other third parties involved (unless discussed later in this privacy statement), S.A. Fugax must ask the permission of relevant members before sharing their information with a third party. The information to the previously mentioned group is shared in the following context and for the following purposes:
Maastricht University: S.A. Fugax is a student association under Maastricht University. We communicate directly with Maastricht University. S.A. Fugax shares aggregated information about the number of members, gender distribution, approximate age distribution, volume of participation in activities and nationality information with Maastricht University. Additionally, the names and id numbers of all members are shared with Maastricht University.
Digital Spaces that have access to your information:
S.A. Fugax Website: The S.A. Fugax website may use pictures of S.A. Fugax activities with the possibility of members being included in these pictures. The pictures can only be used from participants who have agreed to give their permission for use of their pictures on our social media. Members can always request pictures to be taken down in which case the S.A. Fugax board is obliged to take down the picture(s). The website is hosted by Strato using WordPress.
S.A. Fugax Social Media: S.A. Fugax uses Instagram and Whatsapp to advertise and communicate with its members. The only publicly shared data on these media may be the use of pictures of S.A. Fugax activities (with the possibility of members being included in the pictures). Members can always request pictures to be taken down in which case the S.A. Fugax board is obliged to take down the picture(s). Information shared on private channels within these media are subject to the privacy regulations of each media itself.
Invoice Software: S.A. Fugax will be using the invoice system e-boekhouden to collect payments from its members. The invoice system will have access to the names and bank details of every member that consents to being charged by direct debit.
Any other exchange of information with a third party that is not mentioned here requires informing the relevant members and asking for their agreement before the exchange is made. Only exceptions are when S.A. Fugax is legally required to provide information on member(s) in which case S.A. Fugax will oblige.
S.A. Fugax ensures that your data is securely stored and processed through the following measures and precautions:
- Access limited to person(s) that need to process the data
- Access is only possible through logging in (use of username and password)
- Access is revised at least yearly or bi-yearly when committees and the board are reorganized
- Members with access are reminded of the importance of privacy and safekeeping of data
- Data is only stored on Conscribo and not stored in other spaces. Conscribo allows for working on the data within the environment of the drive
Member’s Rights Regarding Personal Data
Members reserve the right to have their personal data removed from the organization at all times. To have your personal data removed, please contact the board through the board email (firstname.lastname@example.org). In case of removal, a confirmation of identity will be required. You will also not be reimbursed your sign up fee for joining the association. Your membership will however be terminated as a result since we no longer have the means to administrate your participation in the association.
In cases where you would like to prefer to withhold certain personal information, you may choose to do so. The logistical consequences of withholding information will be communicated to you by the board and may include inconveniences such as payment before events or may even lead to the inability of participation in an activity (amongst other possibilities). The consequences depend solely on whether withholding the information hampers our ability to allow you to participate effectively.
Issues, Complaints and Questions
In case you have problems or complaints about anything privacy related at S.I. Fugax, you can reach the board through our email address email@example.com . We strive to work together with our members in ensuring that their privacy is protected but we also understand that there may be differences in opinions or problems that arise. Please reach out to us so we can take your concerns into account and try to resolve them in a meaningful manner. If it cannot be resolved, you always have the right to reach out to Maastricht University (firstname.lastname@example.org) who are responsible for setting out the guidelines for student associations such as S.A. Fugax. You also have the right to submit a complaint to the Authority on Personal Data (Autoriteit Persoonsgegevens).