Latest revision: 30/05/2018
What personal data do we process?
By purchasing products from X you give your consent to X to process the following data:
- First name and surname, to be used for communication and identification purposes.
- Email address and telephone number, for communicating whenever lessons are cancelled.
- Details showing what client category someone belongs to (student, member of staff, etc.): for automatic access control and price management. Different fees apply to each client category and clients only have access to the facilities that they have paid for.
- A passport photo, for identification purposes.
- Visitor information, for evaluating and improving our range.
We also store the Net-IDs and CampusCard numbers of clients with a direct relationship with TU Delft for automatic access control purposes.
If you are entitled to a refund, we will ask you to inform us of your current address. This is a legal requirement for our administrative purposes. If you do not provide this information, we will not be able to give you a refund.
Access and security
Your processed data may only be accessed by employees who work with this data on account of their position. To prevent anyone gaining unnecessary access to your data, an evaluation is made with respect to every position to see who requires access for what purposes.
Data that is processed is intended solely for X purposes and is not made available to third parties. Data files are not linked to those of third parties.
X uses an internal, closed network to process your data. If data is stored externally, this is done only in a secure data centre where your information may only be accessed by the X staff.
Your processed data is secured in such a way that makes it impossible for third parties to access. The same applies to the back-up files of your data.
Your data will be stored for one year after your most recent activity, such as the lapsing of your membership or a purchase at the till. We apply a period of one year because it is not uncommon for students to end their studies within a year or to go abroad for a year. The period of one year is therefore applied in order to prevent your data from being retained for an unnecessarily long time. Your data will be safely deleted after the year has passed. Clients wishing to make use of our range after this period will have to re-register.
Right to inspection, rectification, and erasure
You may request us to inspect, rectify or delete your data at any time. If you request deletion when a valid product is still in place (membership or course), then your right to such a product will also lapse. If your product is no longer in place, then the deletion of your data will have no further consequences.