ITM – Privacy Policy – Users online alumni platform
ITM offers an online alumni platform for ITM alumni, students and staff, including staff from partner institutions (hereafter, the “Platform”) to its users which have subscribed on the Platform and as such have a user account (hereafter, the “Users”). ITM is the Controller of the personal data for the processing through the Platform. The Platform is available at the following url address https://itmalumni.org.
ITM uses a solution called “Hivebrite”; the purpose of the platform is:
- To develop the interactive tool per excellence for scientific knowledge/information sharing and networking between ITM alumni, current students and teaching/research staff (including staff from partner institutions) worldwide;
- To contribute to the further career development of community members by exchanging knowledge and sector-related information in an interactive and dynamic way: publication of job vacancies, calls, internships, research projects and others;
- To trigger interdisciplinary collaborations and develop mentorship opportunities;
- To maintain a lifelong relationship with ITM as Alma Mater and facilitate an active involvement in the ITM Alumni Network;
- To assure a more efficient follow-up and measurement of the impact of education at ITM through the availability of data on e.g. further career development of alumni.
- To facilitate disciplinary and interdisciplinary exchanges and collaborations amongst ITM alumni, students and staff - both from ITM and partner institutions worldwide - by inviting members to join the platform in a private setting and collaborate (private thematic groups, such as the EcoHealth group). In case the staff member from a partner institution invited to join a private group, did not study at ITM, this person will neither have access to the personal data of the other community members, neither to the information published on the general platform, i.e. beyond the private group in question.
As data controller, ITM is particularly aware and sensitive with regard to the respect of its Users privacy and personal data protection. ITM commits to ensure the compliance of the processing it carries out as data controller in accordance with the EU Regulation EU 2016/679 regarding data protection dated April 27, 2016 (GDPR).
In order to do so, ITM has put in place an appropriate privacy policy which guarantees an optimal level of protection of its Users’ data.
This privacy policy is intended for the Users of the Platform of ITM.
If you do not wish to give your consent, you will not be able to access our Platform.
You may withdraw your consent at any time, by contacting us using the contact details provided below.
1. PERSONAL DATA WE COLLECT
1.1 When subscribing on the Platform
When subscribing on the Platform, the following User personal data is required to activate your account:
- First name;
- Family name;
- Email;
- Cluster;
- Most recent or current ITM course;
- Graduation year;
- Place of residence.
1.2 During the use of the Platform
When developing its profile and using the Platform, the User is informed that its following personal data is collected:
- Personal identification data: first name, last name, gender, ID/profile photograph, date of birth, language spoken, nationality, email, phone, address;
- Electronic identification data (IP addresses, cookies);
- Education;
- Professional experience and CV (including professional qualifications and certificates);
- Your Location;
- More generally, any information submitted or posted by the User.
Further details that you provide about yourself are at your own discretion. Please do not post personal or private data to your profile that you are not willing to share publicly.
For each type of contact details (e-mail, telephone, address), the User can define in the settings of his profile whether her/his personal data are visible to All Users, to Favourite Users or to the Administrators only.
Users can decide their specific notification settings.
The User may validly publish, at its own initiative, any content on the Platform which shall be kept by ITM:
- Participating events
- Planned trips
- Job positions and Career opportunities
- Projects
- And more…
We may collect other personal data submitted by you, for instance in the context of filling out forms or responding to surveys.
The User consents that, following the publication of the content, its information will become public on the Platform and that as such, same information will be published, modified, translated, reproduced in any form and accessible, saved and reproduced by other Users and ITM Administrators.
In most cases, Users post contents without previous moderation from ITM or Hivebrite. ITM does not alter the content or information of the User, except under exceptional
circumstances. ITM reserves its right to freely delete or amend the content or information of the User, without prejudice to the Users.
In the case of delivery of content on the Platform which contravenes with the present privacy policy, applicable law or the rights of third parties, any person can inform ITM of the existence of such Content at the following address: [email protected].
Inappropriate content posted on the Platform by a User can be reported by another User via the ‘report button’. Administrators receive an ‘alert’ e-mail in order to act in a timely manner.
The User is informed that ITM does not collect any particularly sensitive data within the meaning of applicable legislation and regulations.
1.3 Cookie data
ITM informs the User that Hivebrite, as well as its subcontractors, uses a tracking technology on its terminal such as cookies whenever the User navigates on the Platform.
A cookie is a message that, subject to the User settings, is sent to its terminal when the User navigates on a website. The aim is to collect data regarding the internet navigation of the User to send tailor-made services to its terminal (computer, mobile phone or tablet).
The cookies that are sent to the User’s terminal are detailed under Article 2 of the present privacy policy.
The purpose of the process of the data collected through the cookies and the settings of such processing is detailed under article 9 of the present privacy policy.
2. THE PURPOSE OF THE DATA PROCESSING
ITM and its subcontractors collect, process and host personal data that are freely transferred by the User when accessing the services proposed by the Platform.
Collected Data |
Purpose of the processing |
When subscribing on the Platform:
|
|
When using the Platform:
|
|
Cookies, trackers:
|
|
As the platform develops in the future, we will from time to time add new features which may require the collection of additional data. In such event, this privacy policy will be updated and User’s will be required to reconsent.
The User is informed that Hivebrite carries out statistical analyses, as well as measurements of audience, visits, and effective uses of the Hivebrite Solution, but only after anonymising the Users’ Personal Data. In addition, these statistical analyses, as well measurements of audience, visits, and effective uses of the Hivebrite Solution, are only destined to Hivebrite, and to the exclusion of all third parties, and for the sole purpose of optimizing and improving the functionalities of the Hivebrite Solution.
3. USER’S CONSENT TO THE COLLECTION OF DATA
ITM informs the User that no personal data within the meaning of applicable legislation and regulations shall be collected without the prior explicit consent of the User.
ITM will never transfer, in any way whatsoever, the Personal Data of the Users to a third party without first having informed the User.
The User expresses its consent upon its subscription on the Platform, and after having been able to consult the present privacy policy.
ITM, Hivebrite and its subcontractors commit to a lawful and fair collection of the User’s data, in full transparency and in compliance with the rights conferred to the User pursuant to applicable legislation and regulations.
4. LENGHT OF DATA RETENTION
ITM informs the User that the data is retained only during the length of the User’s subscription on the Platform.
Following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform shall be deleted within a period of 30 to 90 days following the deletion request.
In accordance with application legislation, cookie data will be automatically deleted thirteen (13) months following their placing on the User’s terminal.
Finally, the data regarding the identification of the Users in case of exercise of their rights pursuant to Article 6 of the present privacy policy shall be retained for (i) one (1) year in case of exercise of their access or rectification rights and (ii) three (3) years in case of exercise of their opposition right.
5. OBLIGATIONS OF ITM
As data controller and in accordance with applicable legislation and regulations, ITM commits to:
- Only collect the Users’ data for the strict purpose as described under article 2 of the present privacy policy;
- Keep a processing register;
- Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
- Limit the access to the Users’ data to the persons duly authorized to this effect;
- Increase awareness and train staff members regarding the processing of personal data;
- Guarantee to the Users their rights regarding the access, portability, erasure, rectification and opposition in relation to the collection and processing of their data;
- Notify the competent supervisory authority of any security breach presenting a serious risk regarding the rights and liberties of the Users within 72 hours of the occurrence of such a breach;
- Only subcontract the processing of the Users’ data to Hivebrite which, as subcontractor, has put all necessary technical and organizational measures in order to guarantee the security, confidentiality, integrity, availability and resilience of the processing systems and services.
- For any additional information on Hivebrite, you can consult the webpage available at the following address: www.hivebrite.com
6. EXERCISE OF THE USERS’ RIGHTS
The User is duly informed that it disposes at any time, meaning prior to, during or following the processing of data, to a right to access, copy, rectify, oppose, port, limit and delete its data.
The User can exercise its rights by sending an email to the following address (Nationalestraat 155, 2000 Antwerp) or by mail at the following address (informatieveil[email protected]) provided that the User justifies its identity.
In addition, in the event the User considers that its personal data is not processed in a lawful manner, the User can file a complaint before the Belgian data protection authority at:
Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35
1000 BRUSSELS
Tel. +32-(0)2-274 4800
E-mail: [email protected]/
Website: www.gegevensbeschermingsautoriteit.be/
7. HOSTING OF THE USERS’ PERSONAL DATA
Hivebrite guarantees to have put in place the appropriate technical and organisational measures in order to guarantee the security of the processing, as well as the respects of the rights of the persons involved and the requirements of the Data Protection Legislation.
The code of the Hivebrite Solution and the processed data are hosted on the Amazon servers (European Union) and Microsoft Azure Cloud (European Union), as these both present sufficient guarantees in terms of technical and organizational measures that are required pursuant to the Data Protection Legislation and are both present within the European Union.
The personal data processed by Hivebrite is hosted by the following service providers:
Sub-processor |
Purpose of the hosting |
Microsoft Azure Cloud
Privacy policy: https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
|
Hosting of all data and content produced / provided by the User
|
AmazonAWS
Privacy policy: https://aws.amazon.com/compliance/gdpr-center/
|
Hosting of images, profile pictures and backups |
Sendgrid |
Sending of emails from the Hivebrite Solution |
Google Analytics |
Display of traffic on the Hivebrite Solution |
Airbrake |
Production and storage of error logs enabling the developers of Hivebrite to correct the code |
8. DATA BREACH
In case of breach of its systems, or theft, deletion, loss, alteration, disclosure, unauthorized access, or any other malicious act, ITM commits, in the event the said breach presents a serious risk regarding the rights and freedoms of the Users, to notify the Users, within a period of seventy two (72) hours as of the occurrence of the breach, of (i) the nature of the breach, (ii) the probable consequences of the malicious act, (iii) the appropriate measures proposed to remedy the malicious act.
The malicious act presenting a serious risk regarding the rights and freedoms of the Users shall be notified to the Belgian data protection authority.
The User is duly informed that ITM shall not be liable in case of breach of IT security which can cause damages to computer equipment, as well as in case of breach or malicious act by a third party targeting the system or the Platform.
9. COOKIE MANAGEMENT CONFIGURATION AND OTHER DATA
The User’s consent is requested through a banner at the bottom of the Platform homepage.
In case of consent, the User’s internet navigator shall automatically transmit to Hivebrite the data collected and detailed under Article 1.2.
The User is informed that the cookies and trackers will be automatically deleted following a period of thirteen (13) months.
The User may at all times configure its navigator in order to prevent the creation of cookie files.
However, certain functionalities of the services proposed by the Platform may not function properly without cookies. In addition, even if most navigators are configured by default and accept the creation of cookie files, the User has the possibility to choose to accept the creation of all cookies other than the functional cookies or to systematically decline them or to choose the cookies it accepts.
10. PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA
The data of the Users are accessible only to the persons duly authorized to do so by ITM for administrative or maintenance purposes of the Platform to the exclusion of any commercial use, and if applicable, in order to enforce the rights exercised by the Users regarding their data (in particular the right to access, rectify, oppose, port and to be forgotten).
ITM informs the User that it uses the following subcontractor:
- The company KIT UNITED for its HIVEBRITE solution, a French société par actions simplifiée with a capital of 284.280,00 Euros, registered with the Paris Companies register under the number 75339171300017, having its registered office at 8, rue de la Grande Chaumière, 75008 – Paris.
Especially in light of any future developments of the applicable legislation and regulations, ITM reserves its right to proceed with any modification of its privacy policy and commits to duly inform you if any such modification occurs.
In the event that European or national law forces the controller to disclose personal data of its Platform Users, ITM will inform Users of such legal requests, unless such notification is forbidden due to reasons of substantial public interest.
Date of privacy policy: December 2019.
Date last update: February 2024