Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This typically includes the name, e-mail address or telephone number. In addition, purely technical data that can be assigned to a person is also considered personal data.
Roles and Responsibilities
We adopt appropriate data processing practices and security measures to protect against unauthorized access to your personal information stored on our website. Sensitive and private data exchange between the website and our members happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
Access to the database is supervised by the Data Protection Officer elected by the board. Members of the board are elected by the members of the association as prescribed in the statutes of the association available at https://alumnieuropae.org/about-us/legal/
When sharing confidential information within Alumni Europae ASBL, members of the association will only use the following secure channels: certified e-mail containing either written information or digital media, or physical meetings. Sensitive information may be shared using e-mail, but the content is password protected and the password sent by other channels (snail mail or telephone).
We use third party service providers to help us operate the Site or administer activities on our behalf, such as sending out newsletters or surveys. We share your information with these third parties for those limited purposes provided that you have given us your permission. Third parties accept, by working with Alumni Europae, not to share this information elsewhere.
Our website is operated for us by Paulbergman GmbH (https://www.alumnii.de) as an order data processor. All data collected within the scope of this website will be processed by Paulbergman GmbH. The authorization for data processing is based on Art. 6 para. 1 p. 1 lit. f General Data Protection Regulation (GDPR). The standard permits the processing of personal data within the framework of the "legitimate interest" of the responsible party, insofar as your fundamental rights, freedoms or interests are not overridden. Our legitimate interest is to outsource tasks to external service providers who can act more efficiently due to their specialty. You can object to this data processing at any time if there are reasons that exist in your particular situation and that speak against the data processing. To do so, simply send an e-mail to email@example.com.
If you have any questions about data protection, please contact firstname.lastname@example.org. There you will reach the person responsible for data protection, our Data Protection Officer.
We would like to point out that the provision of your personal data on this website is generally neither legally nor contractually required. You are not obliged to provide personal data on this website unless we refer to this in individual cases in this data protection declaration. Nevertheless, the provision of the functions of this website and the execution of an order requires the processing of your personal data.
If you visit our website as a visitor...
... then we collect data from you which you transmit in connection with the call of a website. This applies in particular to the date and time of website access, your IP address, source of access (the so-called referrer) and data on your operating system and browser. We also collect information about which subpages you visit.
IP addresses are assigned to every device (e.g. smartphone, tablet, PC) that is connected to the internet. Which IP address this is depends on which internet access your end device is currently connected to the internet via. It can be the IP address assigned to you by your Internet provider, for example if you are connected to the Internet at home via your W-LAN. It can also be an IP address assigned to you by your mobile phone provider or the IP address of a provider of a public or private W-LAN or other Internet access. In its most common form (IPv4), the IP address consists of four blocks of digits. In most cases, you as a private user will not use a constant IP address, as this is only temporarily assigned to you by your provider (so-called "dynamic IP address"). With a permanently assigned IP address (so-called "static IP address"), a clear assignment of user data is in principle easier. Except for the purpose of tracking unauthorized access to our website, we generally do not use this data in a personalized manner, but only evaluate on an anonymous basis how many accesses are made daily and the like.
Our website already supports the new IPv6 addresses. If you already have an IPv6 address, you should also know the following: The IPv6 address consists of eight blocks of four. The first four blocks, as with the entire IPv4 address, are typically assigned dynamically for private users. However, the last four blocks of an IPv6 address (so-called "interface identifiers") are determined by the terminal device you use to browse the website. Unless otherwise set in your operating system, the so-called MAC address is used for this purpose. The MAC address is a kind of serial number that is assigned once worldwide for each IP-capable device. We therefore do not store the last four blocks of your IPv6 address. In general, we recommend that you activate the so-called "Privacy Extensions" on your end device in order to better anonymize the last four blocks of your IPv6 address. Most popular operating systems have a "Privacy Extensions" function, but in some cases this is not preset at the factory."
The authorization to process data is based on Art. 6 para. 1 sentence 1 lit. f GDPR. The standard permits the processing of personal data within the framework of the "legitimate interest" of the controller, insofar as your fundamental rights, freedoms or interests are not overridden. Our legitimate interest is the continuous improvement of our offer, as well as for the analysis and defense against attacks and the exclusion of abuse. You can object to this data processing at any time if there are reasons that exist in your particular situation and that speak against the data processing. An e-mail to email@example.com is sufficient for this purpose.
All personal data in log files are automatically deleted after 30 days at the latest, unless there are facts that suggest the assumption of unauthorized access (such as an attempt at hacking or a so-called DDOS attack).
We use map extracts from the service provider OpenStreetMap Foundation to clearly display locations of e.g. events for you on the website or in the member area of the network (e.g. jobs, member map).
OpenStreetMap is an open source mapping tool. In order for the map to be displayed to you, your IP address is forwarded to OpenStreetMap. You can see how OpenStreetMap stores your data on the OpenStreetMap privacy page here https://wiki.osmfoundation.org/wiki/Privacy_Policy. The provider of OpenStreetMap is the OpenStreetMap Foundation: Openstreetmap Foundation (132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom).
All personal data will be automatically deleted after 24 months at the latest.
If you register for the newsletter or use the contact form...
... then, in addition to the above-mentioned data, we collect all the data that you enter in the corresponding forms. We store this data on the basis of your voluntarily given consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. When processing contact requests, the data we have collected will be deleted after the request you have made has been dealt with, or, if necessary, will continue to be stored on the basis of the initiation of a contractual relationship (and in this case legitimized by Art. 6 para. 1 p. 1 lit. b GDPR). You can delete your personal data in connection with a newsletter registration yourself by clicking on a link at the end of the newsletter.
Google reCAPTCHA is used to check and prevent interactions on our website by automated access, e.g. by so-called bots. This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".
This service enables Google to determine from which website a request is sent as well as from which IP address the so-called reCAPTCHA input box is used. In addition to the IP address, Google may also collect other information that is necessary for offering and guaranteeing this service.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website as well as in the defense against unwanted, automated access in the form of spam or similar activities. Google provides further information on the general handling of your user data at https://policies.google.com/privacy.
If you register as a member...
... then we collect all the data that we also collect for non-registered visitors to our website (see above). In addition, we collect data that is generated when you interact with our system. For example, we store contact data and pictures that you enter or upload in the system. We store messages you send to other members, comments you make on the platform, groups you join, your tags, as well as your participation in events. To ensure the relevance of our mailings on a regular basis, we record whether you have opened and clicked on email newsletters.
We collect all these data in order to fulfil our contractual obligations to you as a member of the association and to pursue our association's purposes. (networking among the members of the association), Art. 6 para. 1 p. 1 lit. b GDPR. To fulfill our obligations we need at least your name, graduation year, school attended, nationality, address and an email address. Without the provision of this data, membership in our network is not possible. We may also require further mandatory data for the authentication of members.
You can view the data stored about you in the settings area of your profile; this allows you to obtain information about the stored data. You also have the option of having your data deleted in the settings area. Based on our association purpose, we make your contact details available to other members of the association. In your profile settings, you can control exactly which data can be viewed by other members.
The Alumni Europae database administrators will verify the integrity of the collected data at least once a year. Although every effort is made to keep the database maintained and integral, Alumni Europae is not responsible for the integrity of the data supplied by members.
Compliance with children's online privacy protection act
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 16.
Although every effort is made to verify the identity of Alumni Europae members, Users are solely responsible for determining the identity and suitability of others with whom Users may interact through our Site. We do not endorse any person who uses or registers to our Site. We do not investigate or verify any member’s reputation, conduct, morality, criminal background, or any information members may submit to the Site. We encourage Users to take precautions when interacting with other members, particularly when meeting a stranger in person for the first time.
Members may organize in-person meetings and host events for other Alumni Europae members; however, these events are not sponsored or endorsed by Alumni Europae and members attend such meetings and events at their own risk.
Interaction with Other members
Users have sole responsibility when interacting with other members. Our Site provides a platform for members to learn about one another, arrange stays and travel, engage in activities and communicate with one another. Alumni Europae is not a party to, has no involvement or interest in, makes no representations or warranties as to, and has no responsibility or liability with respect to any communications, transactions, interactions, disputes or any relations whatsoever between Users and any other member, person or organization. Users are solely responsible for their interactions with other members of our Site. We reserve the right, but have no obligation, to monitor interactions between Users and other members of our Site.
Newsletters and emails
As part of the payment function, we record all financial transactions between you and us. For this purpose, your contact and payment data are stored by the data processor Stripe Inc. (https://www.stripe.com). This includes in particular that your data is transferred to the United States of America. The security of your data during this transfer is guaranteed by the fact that Stripe undertakes to comply with the Standard Contractual Clauses (SCC) (pursuant to Art. 45 Para. 2 lit. c) GDPR) of the European Commission. The data processing is necessary for the fulfilment of the contract, Art. 6 para. 1 p. 1 lit. b GDPR. Even after deleting your profile data, we store data on your payments in order to comply with our legal obligations (Art. 6 para. 1 p. 1 lit. c GDPR) and to enable seamless accounting. After expiry of all relevant periods, personal data relating to your payments will be deleted.
As a data subject of data processing
you have the following rights under the GDPR:
- You can obtain information about your personal data processed by us. In particular, this includes information on the purpose of processing, categories of personal data, categories of recipients and planned storage period. You can find an overview of this in your profile settings.
- You can request the correction or completion of the data we have stored. As a rule, you can also correct the data yourself in your profile settings.
- You can request the complete deletion of your personal data processed by us. The easiest way to do this is to use the corresponding function in your profile settings.
- You can request the restriction of the processing of your personal data within the framework of the provisions of the GDPR.
- You can request the surrender of your personal data in a machine-readable format and the transfer to another controller.
- You can revoke any consent we rely on in processing your data at any time. You can do this most easily in your profile settings.
- If we process your data on the basis of a legitimate interest, you have the right to object to this processing.
Should you have any questions or objections regarding data protection and to exercise the above rights, please contact firstname.lastname@example.org, we will be happy to answer your questions. You also have the right to lodge a complaint with the competent supervisory authority. A list of the supervisory authorities can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.