ITM – Privacy Policy – Users online alumni platform
ITM offers an online alumni platform for ITM alumni, students and staff, including staff from partner institutions (hereafter, the “Platform”) to its users which have subscribed on the Platform and as such have a user account (hereafter, the “Users”). ITM is the Controller of the personal data for the processing through the Platform. The Platform is available at the following url address https://itmalumni.org.
ITM uses a solution called “Hivebrite”; the purpose of the platform is:
As data controller, ITM is particularly aware and sensitive with regard to the respect of its Users privacy and personal data protection. ITM commits to ensure the compliance of the processing it carries out as data controller in accordance with the EU Regulation EU 2016/679 regarding data protection dated April 27, 2016 (GDPR).
In order to do so, ITM has put in place an appropriate privacy policy which guarantees an optimal level of protection of its Users’ data.
This privacy policy is intended for the Users of the Platform of ITM.
If you do not wish to give your consent, you will not be able to access our Platform.
You may withdraw your consent at any time, by contacting us using the contact details provided below.
1. PERSONAL DATA WE COLLECT
1.1 When subscribing on the Platform
When subscribing on the Platform, the following User personal data is required to activate your account:
1.2 During the use of the Platform
When developing its profile and using the Platform, the User is informed that its following personal data is collected:
Further details that you provide about yourself are at your own discretion. Please do not post personal or private data to your profile that you are not willing to share publicly.
For each type of contact details (e-mail, telephone, address), the User can define in the settings of his profile whether her/his personal data are visible to All Users, to Favourite Users or to the Administrators only.
Users can decide their specific notification settings.
The User may validly publish, at its own initiative, any content on the Platform which shall be kept by ITM:
We may collect other personal data submitted by you, for instance in the context of filling out forms or responding to surveys.
The User consents that, following the publication of the content, its information will become public on the Platform and that as such, same information will be published, modified, translated, reproduced in any form and accessible, saved and reproduced by other Users and ITM Administrators.
In most cases, Users post contents without previous moderation from ITM or Hivebrite. ITM does not alter the content or information of the User, except under exceptional
circumstances. ITM reserves its right to freely delete or amend the content or information of the User, without prejudice to the Users.
In the case of delivery of content on the Platform which contravenes with the present privacy policy, applicable law or the rights of third parties, any person can inform ITM of the existence of such Content at the following address: [email protected].
Inappropriate content posted on the Platform by a User can be reported by another User via the ‘report button’. Administrators receive an ‘alert’ e-mail in order to act in a timely manner.
The User is informed that ITM does not collect any particularly sensitive data within the meaning of applicable legislation and regulations.
1.3 Cookie data
ITM informs the User that Hivebrite, as well as its subcontractors, uses a tracking technology on its terminal such as cookies whenever the User navigates on the Platform.
A cookie is a message that, subject to the User settings, is sent to its terminal when the User navigates on a website. The aim is to collect data regarding the internet navigation of the User to send tailor-made services to its terminal (computer, mobile phone or tablet).
The cookies that are sent to the User’s terminal are detailed under Article 2 of the present privacy policy.
The purpose of the process of the data collected through the cookies and the settings of such processing is detailed under article 9 of the present privacy policy.
2. THE PURPOSE OF THE DATA PROCESSING
ITM and its subcontractors collect, process and host personal data that are freely transferred by the User when accessing the services proposed by the Platform.
Collected Data |
Purpose of the processing |
When subscribing on the Platform:
|
|
When using the Platform:
|
|
Cookies, trackers:
|
|
As the platform develops in the future, we will from time to time add new features which may require the collection of additional data. In such event, this privacy policy will be updated and User’s will be required to reconsent.
The User is informed that Hivebrite carries out statistical analyses, as well as measurements of audience, visits, and effective uses of the Hivebrite Solution, but only after anonymising the Users’ Personal Data. In addition, these statistical analyses, as well measurements of audience, visits, and effective uses of the Hivebrite Solution, are only destined to Hivebrite, and to the exclusion of all third parties, and for the sole purpose of optimizing and improving the functionalities of the Hivebrite Solution.
3. USER’S CONSENT TO THE COLLECTION OF DATA
ITM informs the User that no personal data within the meaning of applicable legislation and regulations shall be collected without the prior explicit consent of the User.
ITM will never transfer, in any way whatsoever, the Personal Data of the Users to a third party without first having informed the User.
The User expresses its consent upon its subscription on the Platform, and after having been able to consult the present privacy policy.
ITM, Hivebrite and its subcontractors commit to a lawful and fair collection of the User’s data, in full transparency and in compliance with the rights conferred to the User pursuant to applicable legislation and regulations.
4. LENGHT OF DATA RETENTION
ITM informs the User that the data is retained only during the length of the User’s subscription on the Platform.
Following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform shall be deleted within a period of 30 to 90 days following the deletion request.
In accordance with application legislation, cookie data will be automatically deleted thirteen (13) months following their placing on the User’s terminal.
Finally, the data regarding the identification of the Users in case of exercise of their rights pursuant to Article 6 of the present privacy policy shall be retained for (i) one (1) year in case of exercise of their access or rectification rights and (ii) three (3) years in case of exercise of their opposition right.
5. OBLIGATIONS OF ITM
As data controller and in accordance with applicable legislation and regulations, ITM commits to:
6. EXERCISE OF THE USERS’ RIGHTS
The User is duly informed that it disposes at any time, meaning prior to, during or following the processing of data, to a right to access, copy, rectify, oppose, port, limit and delete its data.
The User can exercise its rights by sending an email to the following address (Nationalestraat 155, 2000 Antwerp) or by mail at the following address (informatieveil[email protected]) provided that the User justifies its identity.
In addition, in the event the User considers that its personal data is not processed in a lawful manner, the User can file a complaint before the Belgian data protection authority at:
Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35
1000 BRUSSELS
Tel. +32-(0)2-274 4800
E-mail: [email protected]/
Website: www.gegevensbeschermingsautoriteit.be/
7. HOSTING OF THE USERS’ PERSONAL DATA
Hivebrite guarantees to have put in place the appropriate technical and organisational measures in order to guarantee the security of the processing, as well as the respects of the rights of the persons involved and the requirements of the Data Protection Legislation.
The code of the Hivebrite Solution and the processed data are hosted on the Amazon servers (European Union) and Microsoft Azure Cloud (European Union), as these both present sufficient guarantees in terms of technical and organizational measures that are required pursuant to the Data Protection Legislation and are both present within the European Union.
The personal data processed by Hivebrite is hosted by the following service providers:
Sub-processor |
Purpose of the hosting |
Microsoft Azure Cloud
Privacy policy: https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
|
Hosting of all data and content produced / provided by the User
|
AmazonAWS
Privacy policy: https://aws.amazon.com/compliance/gdpr-center/
|
Hosting of images, profile pictures and backups |
Sendgrid |
Sending of emails from the Hivebrite Solution |
Google Analytics |
Display of traffic on the Hivebrite Solution |
Airbrake |
Production and storage of error logs enabling the developers of Hivebrite to correct the code |
8. DATA BREACH
In case of breach of its systems, or theft, deletion, loss, alteration, disclosure, unauthorized access, or any other malicious act, ITM commits, in the event the said breach presents a serious risk regarding the rights and freedoms of the Users, to notify the Users, within a period of seventy two (72) hours as of the occurrence of the breach, of (i) the nature of the breach, (ii) the probable consequences of the malicious act, (iii) the appropriate measures proposed to remedy the malicious act.
The malicious act presenting a serious risk regarding the rights and freedoms of the Users shall be notified to the Belgian data protection authority.
The User is duly informed that ITM shall not be liable in case of breach of IT security which can cause damages to computer equipment, as well as in case of breach or malicious act by a third party targeting the system or the Platform.
9. COOKIE MANAGEMENT CONFIGURATION AND OTHER DATA
The User’s consent is requested through a banner at the bottom of the Platform homepage.
In case of consent, the User’s internet navigator shall automatically transmit to Hivebrite the data collected and detailed under Article 1.2.
The User is informed that the cookies and trackers will be automatically deleted following a period of thirteen (13) months.
The User may at all times configure its navigator in order to prevent the creation of cookie files.
However, certain functionalities of the services proposed by the Platform may not function properly without cookies. In addition, even if most navigators are configured by default and accept the creation of cookie files, the User has the possibility to choose to accept the creation of all cookies other than the functional cookies or to systematically decline them or to choose the cookies it accepts.
10. PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA
The data of the Users are accessible only to the persons duly authorized to do so by ITM for administrative or maintenance purposes of the Platform to the exclusion of any commercial use, and if applicable, in order to enforce the rights exercised by the Users regarding their data (in particular the right to access, rectify, oppose, port and to be forgotten).
ITM informs the User that it uses the following subcontractor:
Especially in light of any future developments of the applicable legislation and regulations, ITM reserves its right to proceed with any modification of its privacy policy and commits to duly inform you if any such modification occurs.
In the event that European or national law forces the controller to disclose personal data of its Platform Users, ITM will inform Users of such legal requests, unless such notification is forbidden due to reasons of substantial public interest.
Date of privacy policy: December 2019.
Date last update: February 2024