On this page, you will find the privacy statement of Building Organisation Student
Society (B.O.S.S.), the study association for Management in the Built Environment
students at the TU Delft. It will explain how your personal data is processed by
BOSS.
B.O.S.S., the study association for Management in the Built Environment,
established at Julianalaan 134 in Delft, is responsible for the processing of personal
data as stated in this privacy statement. The study association can be reached in the
following ways:
● by mail, to the attention of B.O.S.S., Julianalaan 134, 2628 BL, Delft
● by e-mail, secretary@bosstudelft.nl
● website: bosstudelft.nl
1 Personal data processed by B.O.S.S.
B.O.S.S. only processes your personal data because you are using our services
and/or because you have provided us with the data. By becoming a member of the
study association you accept the privacy statement.
Below, you will find an overview of the personal data we process:
● First and last name, initials
● Date of birth
● Address
● E-mail address
● Phone number (cell phone and/or land line)
● Gender
● NetID
● LDAP-username (if applicable)
● Committee experience (if applicable)
● First year of studies
● Student number
● IP-address
● Functional cookies
● Bank account number
● Pictures
● Other personal data that you provide us with, by, for example, visiting our website, in
correspondence or by telephone
B.O.S.S. reserves the right to ask for additional personal data if this is necessary to
participate in events hosted by the study association. This will be made know to you
upon registration for the event, the data will only be used for the event itself and will
be removed after the end of the event.
1.1 Click behaviour
B.O.S.S. keeps track of the click data of website visitors on its own website. The
authorised persons of B.O.S.S. can view click behavior and see the number of clicks
per page. This information is anonymous and cannot be traced to the identity of the
website visitor. The collected data is plotted in statistics that can be used to assess
the effectiveness of the information provided. The purpose of this is to optimise the
design of the website, so that B.O.S.S. can optimise its services.
1.2 Photos
During the activities of B.O.S.S., photos are taken for the B.O.S.S. photo archive.
These photos are stored on a secured disk at TU Delft, where only the board of
B.O.S.S. has access to. Some photos are shared on the B.O.S.S. website and on
social media. Photos that are considered harmful by the board will not be shared.
Photos of events that are not considered harmful by the board can also be used for
promotion in, for example communication with third parties or the Almanac. If there is
an unwanted photo on the website of B.O.S.S. or on any social media channels
managed by B.O.S.S., an email can be sent to secretary@bosstudelft.nl and the
photo will be deleted.
2 Purposes of data processing
B.O.S.S.will process your personal data for the following purposes:
● To send you correspondence, both digital and by mail
● To facilitate payments
● To give you access to the association’s digital environment
● To analyse website traffic
● To contact you about (changes in) the association’s services
● To give you access to events hosted by the association
● To give you the opportunity to participate in events that require selection
● To give you access to personal data (first and last name, initials, date of birth, phone
number and provided photo) of fellow B.O.S.S. members in the B.O.S.S. almanac.
Personal data is also processed if this is required by law.
3 Our legal basis for processing personal data
B.O.S.S. processes personal data on the ground of your membership at the
association.
4 Retention period of personal data
Personal data processed by B.O.S.S. is stored until written notice of termination of
the membership. Personal data of former members is processed to keep them up to
date about the current affairs of the association. Permissions used for B.O.S.S.’s
beneficiary status are retained for up to 14 months after the last direct debit, as
required by SEPA regulations, and then removed as quickly as possible. B.O.S.S. is
also obliged to retain declarations for 7 years.
5 Sharing of data with third parties
B.O.S.S. only shares personal data with third parties if required according to the
agreement between the association and its members or if required by law. If this is
the case, a data processing agreement with third parties that will handle personal
data is established, to guarantee the same level of security and confidentiality for
your personal data. When new data processing agreements are established,
B.O.S.S. will notify its members accordingly. The same holds for personal data that
will be shared with parties outside of the European Union.
6 Cookies, or comparable techniques, that we use
B.O.S.S. uses functional cookies. A cookie is a small text file that is saved in the
browser of the device that you are using when first accessing our website. B.O.S.S.
only uses cookies to ensure the website functionality. The cookies ensure that the
website is working properly and that, for example, your preferences will be stored.
7 Accessing, editing or removing personal data
You have the right to access your personal data, as well as the right to edit and
remove your data. Besides, you also have the right to withdraw your consent to the
processing of your personal data or to object to the processing of your personal data
by B.O.S.S. Finally, you have the right to data portability. This means that you have
the right have your personal data send to another organisation of your naming, at
your request.
You can file a request of access to, to edit, to remove, to data portability, of
withdrawal of consent of processing, or to object to the processing of your personal
data at secretary@bosstudelft.nl. To ensure that the request is of your origin, we ask
you to include a copy of your proof of identification with the request. To protect your
privacy, we ask you to blur your photograph, the MRZ (Machine Readable Zone, the
numbers at the bottom), the document number and your Social Security Number. We
will respond to your request as soon as possible, but at most four weeks after you
have filed the request.
8 Security measures
To counteract the misuse of, the loss of, unauthorised access to, unwanted
disclosure of, or unauthorised change of your personal data a protocol is in place
which states how personal data should be processed. Besides this protocol, a nondisclosure
agreement is in place. Personal data is stored in a database stored on a
server in the TU Delft datacenter. The databased is maintained by B.O.S.S. Personal
data that requires physical storage by law are in a vault or in an archive which only
board members of the association and staff members of the TU Delft have access to.
If you have the impression that your personal data is not stored securely or if you
suspect misuse, we kindly request you to contact us via secretary@bosstudelft.nl.
9 Processors at B.O.S.S.
The board of the association as well as the persons responsible for system
maintenance have access to personal data.
When participating in an event hosted by one of the committees of B.O.S.S., it may
be necessary to share personal data with one of these committees to grant you
access to said event.
The board, the persons responsible for system maintenance and committee
members of B.O.S.S. will handle this personal data securely.
Privacy statement B.O.S.S., version 2, April 8 2019, Delft
