Data Policy

Dear Data Subject, we wish to inform you that the GDPR protects individuals concerning the processing of personal data as a fundamental right. We are committed to safeguarding the privacy of our website visitors; in this policy, we explain how we will treat your personal information.

According to  Article 13 of the GDPR, we will process your Personal Data according to the present Privacy Policy, which describes how ESN CZ and the related Services collect, store, use, communicate, and manage such data.

By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy. Please notify us without delay should you notice any instances in which any violation of the present Privacy Policy occurs.

Last updated: 18 February 2025

Type of Data Processed

We may collect, store, and use the following kinds of personal information:

- information about your computer and your visits to and use of the SIEM website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths);

- information that you provide when registering with our website;

- information that you provide when completing your profile on our website (including tentatively your name, profile picture, gender, date of birth, educational details, and other information set in your profile fields);

- information that you provide for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);

- information that you provide when using the services on our website or that is generated in the course of the use of those services (including the timing, frequency, and pattern of service use);

- information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication); and

- any other personal information that you choose to send to us.

If the Personal Data communicated to us does not belong to the same natural person who communicates it, the latter will be required to explicitly confirm that they have obtained the relevant consent from the Data Subject. In such cases, with the vision of this Privacy Policy and with the above-mentioned confirmation, you also undertake to hold us harmless in case of false or reticent statements, in particular in case you have not obtained consent to the processing from the relevant Data Subjects.

The voluntary sending, on your part, of e-mails to our e-mail addresses does not require further information or requests for consent.

On the contrary, specific summary information will be reported or displayed if needed in the pages of the site prepared for particular services on request (form). You must therefore explicitly consent to the use of the data reported in these forms in order to send any request.

Origin of Processed Personal Data

The Personal Data that We hold in connection with SIEM and related Services is collected directly from the Data Subject or uploaded by the relevant organisation.

Data Controller

The Data Controller is:

Erasmus Student Network Česká republika z.s.

Senovážné náměstí 977/24
110 00 Praha 1- Nové město
Email: info@esncz.org

Purpose of Data Processing and Legal Basis

The processing of users’ Personal Data has its legal basis in their consent and is carried out for the following purposes:

1) administer our website and business;

2) personalise our website for you;

3) enable your use of the services available on our website;

4) send you email notifications that you have specifically requested;

5) provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);

6) provide third parties with personal data needed to comply with the purpose of this website, this will be done only under previous and explicit approval by the user;

7) deal with inquiries and complaints made by or about you relating to our website;

8) keep our website secure prevent fraud; 

9) send service-related notifications that may be of importance to continue using the Services and safety/security notifications related to the participation in programmes featured in our Service;

10) verify compliance with the terms and conditions governing the use of our website.

Mandatory nature or not of the consent

The user’s consent is mandatory, and in particular to be able to have Main Institutional and/or Personal accounts, for what concerns the purposes under points 3, 4, 8, and 10 above. For the purposes under points 2, 7, and 9 the consent is optional but the lack therefore may worsen the provision of the Services. For the other purposes the consent is optional and will not compromise in any way the provision of the Service, should you desire not to provide your consent for one or more specific purposes, please inform us at the time your Personal Data is communicated to us, or at any time thereafter, by contacting us.

Data recipients

Except as provided hereinafter, we will not provide your personal information to third parties.

Within the limits pertinent to the Processing purposes indicated, users’ data may be communicated to partners, consulting companies, and private companies, appointed by the Data Controllers as Data Processors or for legal obligations or to fulfill some users’ specific requests. In such cases, we take all the necessary technical and organisational measures to protect the confidentiality and security of your Personal Data from unauthorised access or against loss, misuse, or alteration by third parties. We may also disclose your personal information to any member of our organisation and supporting organisms (insofar as reasonably necessary for the purposes set out in this policy.

Although not directly communicated to any specific recipient, account contact information may also be available to other users.

Our Services may also depend on third-party tracking tools from our service providers, examples of which include email service providers as well as push-notification service providers. Such third parties may use cookies, APIs, and SDKs in our services to enable them to collect and analyse user information on our behalf. In this context, third parties may have access to information such as your device identifier, MAC address, IMEI, locale (specific location where a given language is spoken), geo-location information, and IP address to provide their services under their respective privacy policies.

The possible Data Processors and persons in charge of the Processing will in such cases be punctually identified and at the users’ request be communicated in detail. For any questions in this regard, please contact us.

Please note that in such cases users will be also subject to the relevant third-party privacy policies. For any processing carried out by third parties as Data Processors concerning the Dashboard and related services, users may contact us or directly such third parties.

For all other cases of processing by third parties, please contact them directly in the manner indicated in their privacy policies.

Lastly, We may share your information in connection with potential mergers, de-mergers, acquisitions, changes of ownership, changes of control, or in general extraordinary transactions. In such cases, the users will be notified via email and/or notice on our site of any change in ownership of the Personal Data.

International data transfers

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate to enable us to use the information in accordance with this policy. If and when we transfer Personal Data to affiliated entities or other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world, we will still take all appropriate measures to ensure compliance with the GDPR.

When third parties are involved in the Processing according to this Privacy Policy, Personal Data may be stored on servers outside the European Union. Please remember that in such cases any Processing is also subject to the relevant third parties’ privacy policies. In such cases, information that we collect may also be transferred to countries that do not have data protection laws equivalent to those in force in the European Economic Area. By using SIEM you expressly agree to such transfers.

Personal information that you publish on our website or submit for publication on our website may also be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.

Period and Place of Data Retention

The data collected will be stored for a period not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage”, art. 5, GDPR) or according to the deadlines provided for by law, to comply with our legal obligations, to resolve disputes, and enforce our agreements. The verification of the obsolescence of the data stored concerning the purposes for which they were collected is carried out periodically, once 3 three years.

Rights of the Data Subjects

According to GDPR, users (and/or the Users who communicated the relevant Data) have the right to access the Personal Data provided to us (art. 15 GDPR) and to ask to receive a copy of such Data in an intelligible format to transmit it to another data controller (art. 20 GDPR). They have the right to obtain their update, rectification, or integration (art. 16 GDPR), and to obtain their erasure (art. 17 GDPR). Users also have the right to request the restriction of the Processing of their Personal Data (art. 18 GDPR) or to object, on legitimate grounds, to such Processing (art. 21 GDPR). We inform you, however, that the exercise of such rights may be subject to limitations or exclusions according to the GDPR or other relevant regulations.

Where the users consider that the processing of Personal Data by us has been carried out in violation of the GDPR, without prejudice to any other administrative or judicial remedy, they have the right to complain with their national supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place where the alleged violation took place.

For any request or communication concerning any of the above-mentioned rights, please contact us. We will respond to any request as soon as possible and in any case within 60 days.

Users may also object to Personal Data being subject to automated decision-making, including profiling practices. We inform you, however, that We do not carry out any processing that may fall within the aforementioned case. Should this situation change in the future, we will promptly update this Privacy Policy.

Lastly, the Data Subjects concerned (and/or the Users who communicated the relevant Data) may at any time communicate their intention to withdraw their consent. In such cases, We may continue to Process the relevant Personal Data only in the presence of an alternative legal basis for such further Processing.

Modalities of data processing

The Personal Data provided to us will be processed in compliance with the GDPR and the obligations of confidentiality that govern the activity of the Data Controller. The data will be processed both with computer tools and on paper or any other suitable support, in compliance with the appropriate security measures under Article 5 par. 1 letter F of the GDPR.

Security of personal information

We will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall-protected) servers.

You acknowledge that the transmission of information over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet.

You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).

Our Policy Regarding Minors

We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to use our Services. If you are under such age, please do not send any information about yourself to us, including your name, address, telephone number, or email address. If we learn that we have collected Personal Data from an individual under the age of 18, we will delete such Data as quickly as possible. If you believe that we might have received any Personal Data from or about an individual under the age of 18, please contact us.

Third-party websites

Our website includes hyperlinks to, and details of, third-party websites.

We have no control over and are not responsible for, the privacy policies and practices of third parties.

Our website uses APIs that share only public information (e.g. name of the company) with third-party websites to integrate some services.

Changes to the Policy

We may update this privacy policy to reflect changes to our Processing and/or Data Protection practices. If we make any material changes, we will notify the users through a notice on our sites before the change becomes effective. In any case, please visit this Privacy Policy periodically.