Privacy Policy 1

Privacy Policy

ELSA attaches great importance to the protection of personal data. Therefore, this Privacy Policy aims to cover every data processing made by ELSA in the context of the Synergy and ELR Blogs. This Privacy Policy is designed to inform you about how we collect, use, and share your personal data, your rights and choices regarding the information you provide to us – especially in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as General Data Protection Regulation (“GDPR”), that entered into force on 25th May, 2018.

Contents:

1. Basic definitions.

2. What personal data do we collect and process?

3. How do we collect your data?

4. What is the purpose of processing and what is the legal basis?

5. How long do we process your personal data for?

6. Who has access to your personal data?

7. What are your rights regarding your personal data?

8. Changes to this privacy policy.

9. How to contact us?

1. BASIC DEFINITIONS

Personal data – any information relating to you, that allows your identification i.e.: name, surname, e-mail address, etc.;

You – an adult individual with full legal capacity, a legal entity or organisational unit having no legal personality but having a capacity to perform legal acts;

Controller, Us – ELSA (“The European Law Students’ Association”) - non-political independent, not-for-profit association organised on a local, national and international level, e-mail: elsa@elsa.org, phone number: +32 2 646 2626, address: Blvd Général Jacques 239, Brussels B-1050, Belgium.

Synergy - an online platform covering articles from the ELSA Network and external co-operations of ELSA International, published as a part of either the Synergy Blog or the ELR Blog.

2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?

If you’re just browsing our Site, we don’t collect any Personal data about you.

If you are submitting an article, we collect the following data:

1) name and surname;

2) e-mail;

3) photo;

4) ELSA affiliation - if applicable;

5) ELSA position - if applicable;

6) professional position - if applicable.

3. HOW DO WE COLLECT YOUR DATA?

You directly provide Us with the data when submitting an article for the Synergy or ELR Blogs.

4. WHAT IS THE PURPOSE OF PROCESSING AND WHAT IS THE LEGAL BASIS?

Currently, the only data based on which the Controller can link you as an author with your identity as a natural person, is your name, surname, e-mail address and photo. We process such data for the purpose of publishing your article on Site, and such processing is necessary for the performance of a contract between you and us (art. 6.1(b) of the GDPR).

Please also be aware that in case you contact us or create a claim, we will collect and store your Personal Data such as name, surname, e-mail address, phone number, etc. in accordance with our legitimate interest (based on the art. 6.1.(f) of the GDPR).

We may also process your Personal Data if it is necessary for us to comply with our legal obligation (based on the art. 6.1.(c) of the GDPR).

5. HOW LONG DO WE PROCESS YOUR PERSONAL DATA FOR?

We store personal data not longer than the time necessary to achieve the purposes, for which they are processed.

If we process your personal data to determine or assert any claims or to defend against above mentioned Your claims (the legal ground for this action is our legitimate interest), we store the personal data until the laps of the limitation period for those claims, which arise from the generally applicable provisions of law.

If we process your personal data to comply with our legal obligation, we store the personal data for a period of performing such obligation.

6. WHO HAS ACCESS TO YOUR PERSONAL DATA?

Squarespace: Synergy is hosted on the servers of the external provider. Therefore, your Personal Data related to the article (Personal Data indicated in point 2) can be accessed by the provider of hosting services - Squarespace.

Spacesquare's privacy policy can be found here: https://www.squarespace.com/privacy

7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

You have the following rights:

1. Right of access. At any time, you can obtain from us confirmation as to whether or not your personal data are being processed, access to the personal data and the following information:

● the purposes of the processing;

● the categories of personal data concerned;

● who are the recipients;

● where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

● where the personal data are not collected from the data subject, any available information as to their source;

● the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Right to rectification. If you feel that the information relating to you is incorrect or incomplete, you have the right to request the rectification of the data.

3. Right to withdraw the consent. you can withdraw your consent at any time, without affecting the legality of the processing, which was performed prior to this withdrawal.

4. Right to erasure (‘right to be forgotten’). The GDPR gives you the right to obtain from us the erasure of all your personal data. We are obligated to make your request, only if one of the following grounds applies:

● your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

● you withdrew consent on which the processing is based and where there is no other legal ground for the processing;

● you object to the processing and there are no overriding legitimate grounds for the processing;

● you object to the processing for direct marketing purposes;

● the personal data have been unlawfully processed;

● the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;

● the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

5. Right to restriction of the processing. You can also obtain the restriction of processing, where one of the following applies:

● you contest the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data;

● the processing is unlawful but you oppose the erasure of your personal data and you request the restriction of their use instead;

● we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

● you have objected to processing – only until the dispute is resolved.

6. Right to data portability. You have the right to receive your personal data in a structured, commonly used and computer-readable format and have the right to transmit those data to another controller, when:

● the processing is based on your consent or on a contract; and

● the processing is carried out by automated means.

7. Right to object. According to GDPR you have right to object:

● to processing of personal data, when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Controller – on grounds relating to your particular situation;

● to processing of personal data, when it is necessary for the purposes of the legitimate interests pursued by

Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child, including profiling – on grounds relating to your particular situation;

● at any time – to processing of personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing;

● to processing of personal data for scientific or historical research purposes or statistical purposes – on grounds relating to your particular situation.

If, in spite of Your objection, we consider that there are important, legally valid grounds for processing personal data, which override Your interests, rights and freedoms, we can continue processing Your personal data.

If you disagree with the abovementioned Controller’s situation assessment, you have the right to lodge a complaint with a supervisory authority (for more information, see point 8 below).

8. Right to lodge a complaint with a supervisory authority. Should you wish to report a complaint or if you feel that the Controller has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner's Office.

Website: https://dataprotectionauthority.be/citizen/actions/contact

8. CHANGES TO THIS PRIVACY POLICY

The Controller keeps this privacy policy under regular review. This privacy policy was last updated on the 11th of June 2024.

9. HOW TO CONTACT US?

If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: secgen@elsa.org

Call us: +32 2 646 2626

Or write to us at Blvd Général Jacques 239, Brussels B-1050, Belgium