Except where otherwise noted, this Policy applies to all services and websites offered by NIMS and its affiliates, including all branches (collectively “NIMS,” “we,” or “us”). In this Policy we refer to these services and websites collectively as the “Service”.
While NIMS is subject to different data protection and privacy laws in different jurisdictions, our Global Data Protection Policy is based on the principles of the General Data Protection Regulation (2016/679/EU) (the GDPR).
“personal data” means any information relating to an identified or identifiable natural person, including that data described in the “What personal data we collect about you” section below.
By accepting the terms of this Policy, you agree that you understand and accept the collection, usage, storage and disclosure of your personal data as set out in this Policy. You may withdraw this consent at any time by emailing us using the contact details in the “How to contact us” section below.
This Policy describes:
- who we are
- what personal data we collect about you
- how we obtain your personal data
- the lawful bases for processing your personal data
- how we use your personal data
- who we share your personal data with
- which countries we transfer your personal data to
- how long we keep your personal data
- how we protect your personal data
- your rights regarding your personal data
- how to contact us
2. Who we are
NIMS is an international student organization with focus on expanding horizons beyond academia by building a long-lasting network of globally interconnected students and highly engaging companies to exchange ideas, competencies, & support talents. NIMS operates departments across four countries, namely Austria, Denmark, Italy and Norway. More precisely, NIMS is represented at Vienna University of Economics and Business, Copenhagen Business School, Bocconi University (Milan) and Norwegian School of Economics (Bergen). Any information provided to us may be used, shared or processed by any department throughout the NIMS network. In order to contact NIMS, please follow the “How to contact us” section below.
3. What personal data we collect about you
We may collect personal data from you in the normal course of our business. This includes our interactions with you through our mailing list, your use of our website, when you contact or request information from us, when you apply for a position with one of our branches or with our global leadership team.
The personal data we may process, includes:
- basic information that you provide to us by registering for an account or filling in forms on our website, for example your full name, date of birth, nationality and the university you attend;
- contact information, such as your physical or postal address, email address and phone number(s);
- technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically, including our mailing list;
- identification and background information provided by you or collected as part of our services rendered to you, such as geographic area or preferences, which is linked to information that identifies a specific individual;
- personal data provided to us by you or generated by us in the course or providing services to you, which may include special categories of data;
- information you provide to us in the course of recruitment, for example when you apply for a volunteer position at one of our branches or for an executive position with our global leadership team, including any reference letters, transcripts or curriculum vitae, or anything of a similar nature;
- information you provide to us for the purposes of attending consultations, meetings and events, including access and dietary requirements; and
- any other information you submit to us via our website or via email.
We only collect personal data that is necessary for us to perform our Service. Accordingly, if you choose not to provide your personal data, this may prevent us from providing our Service to you.
We do not knowingly collect or solicit personal data from anyone under the age of 16. In the event that we learn that we have collected personal data from a child under age of 16, we will delete that personal data as quickly as possible. If you believe that we might have any personal data from or about a child under 16, please contact us using the details in the “How to contact us” section below.
4. How we obtain your personal data
When you use our Service, we may collect and process personal data from you in two ways: directly from your input and automatically from your use.
Directly from your input
We collect and process personal data that you directly input by:
- gathering information about you when you provide it to us, or interact with us directly, for example when you engage with our volunteers, you register on one of our digital platforms or another one of our applications or you apply for a position with us
- collecting or receiving information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources
- collecting information from you as part of our service processes and about you and others as necessary in the course of providing those services
Automatically from your use
We also collect certain personal data that tells us how you use the Service, including:
- internet protocol address used to connect your computer to the internet
- computer, device and connection information, such as browser type and version, operating system, mobile platform, unique device identifier and other technical identifiers
- uniform resource locator (URL) click stream data, including date and time stamp, referring and exit URLs, search terms you used and pages you visited or searched for on our website
- for location-aware services, the physical location of your device in order to provide you with more relevant content for where you are in the world
5. The lawful bases for processing your personal data
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you e.g. to deliver services that you have requested) and “legitimate interests”.
“Legitimate interests” includes our legitimate interests or the legitimate interests of third parties, provided that such processing will not outweigh your rights and freedoms. Examples of legitimate interests bases for processing your personal data include processing your personal data to:
- protect you, us, or others from threats (such as security threats or fraud)
- comply with laws that apply to us
- enable us to administer our business, such as for quality control, consolidated reporting, and customer service
- manage corporate transactions, such as mergers or acquisitions
- help us understand and improve our business or customer relationships generally
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us using the details in the “How to contact us” section below.
6. How we use your personal data
We may use the personal data that we collect from you for a number of different purposes, including:
- to provide information for and to improve our website, including monitoring its use
- to provide and improve our services to you and to our partners, including handling the personal data of others on behalf of our partners
- to provide information requested by you, including promotional information such as newsletters, updates, publications and details of events, where you have consented to receiving this information by explicitly accepting the terms of this Policy
- to manage and administer our relationship with you and our other clients
- for the purposes of recruitment
We may use and disclose personal data that does not reveal your identity or permit direct association with any specific individual, such as browser and device information, anonymous usage data and aggregated information, for any purpose, except where we are restricted by law. When we combine non-personal data with personal data, the combined data will be treated as personal data for as long as it remains combined.
We will only use, disclose, or otherwise process your personal data when there is a genuine reason to do so for a permitted purpose.
A number of facilities on our website invite you to provide us with personal data, such as the application facility in the ‘Recruitment’ section of our website and our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal data and we only use that personal data for those purposes.
Marketing and other emails
From time to time, we may send you newsletters or other information relating to our Service. If you wish not to receive such communications, you may contact us using the details in the “How to contact us” section below. Our electronic communications also include an “unsubscribe” link which will enable you to opt out of receiving further marketing and promotion materials.
Meetings and events
We will collect and process personal data about you in relation to your attendance at meetings, conferences and other events that we organise. We will only process and use special categories of personal data about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. In order to do this, we may share your personal data with other service providers or business partners involved in organising or hosting the relevant event.
The Service may contain features or links to web sites and services provided by third parties. Any personal data you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of those third-party sites or services to which links or access are provided through the Service. We encourage you to learn about those third parties’ privacy and security policies before providing them with personal data.
7. Who we share your personal data with
Other than as described in this Policy, we do not rent, sell or otherwise make your information or personal data available to others, except with your prior permission.
While it is unlikely, we may be required to disclose personal data or other information by law or in our good-faith belief that such action is necessary to comply with applicable laws, in response to a valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to:
- take precautions against liability
- comply with legal or regulatory requirements
- protect ourselves or others from fraudulent, abusive, or unlawful uses or activity
- investigate and defend ourselves against any third-party claims or allegations
- protect the security or integrity of the Service and any facilities or equipment used to make the Service available
- protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others
We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
8. Which countries we transfer your personal data to
In order to provide the Service, your personal data may be transferred to and stored in servers and facilities located outside of the country in which you provide it, which may have different personal data protection rules than in your country. When we transfer your personal data, we take steps to ensure that your information remains protected as required by this Policy and applicable law, including through the use of binding written contracts.
9. How long we keep your personal data
We will retain your personal data for as long as needed to:
- provide our Service
- comply with our legal obligations
- resolve disputes
- enforce our agreements
The storage period of personal data is based on the requirements of the applicable data protection laws. The purpose of collecting and using personal data are legal and regulatory requirements to retain the information for a minimum time period, limitation periods for taking legal action, good practice and NIMS’ business purposes. This ensures the longevity of the Network while control over personal data remains intact. If there is a desire that the personal data be deleted, the “right to be forgotten” applies and the individual desiring the deletion can contact NIMS by using the contact details in the “How to contact us” section below.
10. How we protect your personal data
Your personal data is managed in line with international best practice. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
The protection of your privacy and personal data is of the utmost concern to us. However, no method of transmission over the Internet, or method of electronic storage, is completely fail safe and secure. We cannot ensure or warrant the security of any personal data you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such personal data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your personal data has been compromised, please contact us using the details in the “How to contact us” section below.
11. Your rights regarding your personal data
The GDPR and other applicable data protection laws provide you with certain rights in relation to your personal data, as follows:
- Delete personal data: you can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide the Service to you)
- Change or correct personal data: you can ask us to amend or correct any personal data, especially if it’s inaccurate
- Object to, or limit or restrict, use of personal data: you can ask us to stop using all or some of your personal data or to limit our use of it. You can also stop transfers of your personal data to a third party
- Right to access and/or take your personal data: you can ask us for a copy of your personal data and also a copy of all personal data that you have provided to us in machine readable form. You can also ask us for details of how we process your personal data
- File a complaint: you can file a complaint in relation to NIMS processing of your personal data with a local supervisory authority in the EU, and also to the Australian Information Commissioner.
- If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice.
- Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the Service.
12. How to contact us
Please contact us with any questions or comments about this Policy, your personal data, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org. We must ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your personal data by emailing us at the address above.