We, the Stichting Business Days Twente, handles and processes all data handed to us based on the following privacy statement, which is in line with the GDPR privacy regulations.
For questions on what we do with your data, please contact us on one of the following addresses:
Address: Bastille, Room 301, Drienerlolaan 5, 7522 NB, Enschede, NL
Phone no.: +31(0)534893898
Personal data that we process
Stichting Business Days Twente collects and processes the personal data necessary to make use of our services, or data that has otherwise been given to us by you.
Below is a list of the various kinds of personal data we process, and a motivation on why and how we aim to use your data:
To make sure the activities we organise will run smoothly for both the student participant and the company/institute participant, we export account credentials from our website throughout the event. This enables us to make coherent and complete call lists, helping us getting hold of participants easily and allocating each activity correctly. The data export files are saved on our Sharepoint server, which is encrypted and can only be accessed by the event organising board. All personal data will be removed from this server after the event has concluded.
Names will be used in the process of drafting and executing agreements between us and all participants, on the condition that the participant has given us their explicit permission. Names of participants will be printed on the participants’ badges, which are to be used during the event to improve the communication between the student and company/institute participant.
Besides that, we can use your name to make a name badge during the Career Fair. For the use of your name, you give permission by making use of this name-badge during the event. The name badge can used during the event to improve the communication between the student and company/institute participant. When companies scan your name badge, they will receive your name 1 week after the event. During 1 week after the event, you can see your scans and cancel your permission to share your data at any time. In that case, the company will not receive any of your data at the end of the week.
After signing the Data Processing Agreement (DPA), the company organising the activities will receive the names of all student participants who have registered for their specific activity. This helps the companies in putting a student’s name to the resumes they’ve chosen during the selection process.
Company representatives’ names will be gathered and processed for drafting the agreements with the companies, e.g. the participation and/or sponsorship contracts.
Your phone details will be used to smoothen the organisation process of the activities, and to give you the best experience during the event. Examples of this might be: calling you to request your final confirmation if you haven’t responded to the (multiple) confirmation e-mails; if a spot on an activity you missed out on or was put on the reserve list for has opened up, we may reach out to you via phone to notify that you can participate after all. We’d also use your phone number to reach you should you not be present at an activity that you were supposed to attend, to make sure why you couldn’t attend and whether you’ll still be able to make it. Unfortunately, you cannot create an account on the website if you do not give us permission to process your phone details, as your phone details are essential in the process of linking students to companies and vice versa. As the companies are expecting your attendance, being certain that we’re able to contact you if necessary is key for us to meet the agreements we’ve made with the companies. You could retract your permission should you wish to no longer share your phone details with us, but we will have to exclude you from all activities related to the Business Days Twente.
Company representatives’ personal phone details may, if shared, be used only to contact the company representative if necessary.
E-mail contact details
The e-mail address provided on the website registration form will be used to contact you about the activities you have registered for. Examples of possible correspondence include cancellations and/or schedule changes of activities. We’ll also be sending a confirmation e-mail for every activity you will be participating in, including additional reminders if you won’t have replied to the initial confirmation mail, as well as a final reminder with relevant details the day before the actual activity. Unsubscribing for these mailings will result in you no longer receiving necessary information regarding all activities, possibly resulting in not being able to participate in your chosen events.
Besides that, we can process your e-mail address in the QR-code on your name badge during the Career Fair. For generating this QR-code, you give permission by making use of this name-badge during the event. The name badge can used during the event to improve the communication between the student and company/institute participant. When companies scan your name badge, they will receive your e-mail 1 week after the event. During 1 week after the event, you can see your scans and cancel your permission to share your data at any time. In that case, the company will not receive any of your data at the end of the week.
As we’re also evaluating each edition of the event, we’ll also send you an inquiry after the event, to get your opinion on each activity (such as the Career Fair, Workshop Week and Amibition Week activities) you have participated in.
Student or staff ID no.
Your student and/or staff ID number will ease the registration process at the Career Fair, meaning you’ll receive your pass key quickly. Registering your student/staff number means we’ll be able to match your name to your account quicker at the Fair’s entrance.
Your study is relevant for us to appoint students to the right activities, and to gather information for following editions of the Business Days Twente. Some activities of this year’s edition may not be relevant enough to students of a particular faculty: we aim to let you know in advance. With the information on studies present at the event, we can also help tailor a new edition better to next year’s participants.
During the Ambition Weeks, the companies choose who they will allow access to their activities. They make their choices based on the resumes of the applying students. If you wish to take part in a company-organised activity, you should upload your resume, as well as give us permission to distribute your resume to the company of your chosen activities. The resume can be uploaded on your profile page on the website. Keep in mind, your resume is yours to make and not subject to any requirements from our end. Once you’ve uploaded your resume, you will be asked to grant the companies organising the activities of your choice permission to check your resumes. The companies will sign a DPA, containing the agreement to only view your resume for their selection procedure as well as the restriction not to save your data beyond the procedure.
The reason why we ask for your nationality (Dutch or non-Dutch), is so that we can decide whether to communicate with you in Dutch or English. These data will not be shared with the participating companies, and will only be used for internal use.
Next to that, we keep track of the statistics of the Business Days Twente. This way, we can better balance the companies looking for Dutch or international students. Why we need and process your data
The Stichting Business Days Twente obtains and processes your data for the following reasons:
- Completing your payment (companies only!)
- Contacting you by phone or e-mail in order to execute our services for you;
- Contacting you to inform you of any relevant services and goods;
- Enabling you to register for the event by creating a profile;
How long do we keep your personal data for?
The Stichting Business Days Twente does not keep personal data for a longer period of time than absolutely necessary for the goals for which the data was originally obtained.
We save the account data you enter when creating your profile to ease the way you can register for the activities of your choice for this edition and a possible future edition of the Business Days Twente. If your account has not been logged in for the last two years, it will be deleted together with all data linked to the specific account.
You have to upload your resume if you want to participate in any of the Ambition Weeks’ activities. We will remove all resumes from the server and the website one week after the final activity of the Ambition Weeks, which means that companies who had access will no longer be able to view your personal data or your resume. This includes the data and resumes of participants not selected for one of the events, due to the possibility of students cancelling their activity after the registration deadline has closed. Activity grouping may change until the day before the activity is scheduled; in order to be able to invite you even though you were initially not part of an activity, we need to keep your data until all activities have finished. It is possible to remove your resume from your account, but keep in mind that it might refrain you from joining activities once you’ve done so. Companies also remain the right to refuse you from joining if you have removed your resume, even if you would have been selected before.
Sharing personal data with third parties
Stichting Business Days Twente will never sell your personal data to third parties, and will only share data with relevant parties after: - You've given your explicit permission to do so; -It's essential for a service to be provided and/or completed according to a previously made agreement between us, you and a company; -It’s essential for a service to be provided and/or completed according to a lawful obligation;
When you apply for participation in any Ambition Week activity held during the Business Days Twente, the organising company will receive your name and resume data directly from our website. We will not share your data not via e-mail or any other way. The participating companies will only receive data of participating students after signing the DPA to ensure the data is handled in a secure and confidential way. The ultimate responsibility regarding the safeguarding of your data remains with Stichting Business Days Twente at all times.
Our website is being hosted by El Niño, an external webhosting company. A non-disclosure agreement has been signed by them and us to protect your data.
Which data will be processed?
We do not aim to gather any data of people below the age of sixteen through our website and/or services, unless explicit permission has been granted by their parent(s) or ward(s). However, we are currently unable to verify someone’s age. We therefore recommend that parents are involved in their children’s internet activity related to our event, to prevent the possibility that children’s data may be acquired without their parents’ consent. If you have reason to believe that we have acquired data about a minor without that explicit consent, please contact us via e-mail at ict@Business Days.nl. We’ll make sure that that data will be deleted.
Use of automated decision-making and profiling
The Stichting Business Days Twente does not make use of automated decision-making and profiling processes to make decisions that may have significant consequences for any party involved. This specifically entails choices being made by an automated programme or system without the active intervention of a human being (e.g. a Stichting Business Days Twente employee).
It is possible to delete cookies from your browser at any time if wanted, as is setting your browser to not store any cookies from our site.
For more information on cookies, visit: https://www.makeuseof.com/tag/whats-a-cookie-and-what-does-it-have-to-do-with-my-privacy-makeuseof-explains/
Accessing, correcting or deleting your personal data and withdrawal of consent
You have the right to access, correct or delete your personal data via the personal settings page of your Business Days account. You also have the right to withdraw your consent to or file a complaint against the way we process your data, as well as the right to transfer your own data. This means you can request that we send your data file to yourself or another organisation of your own choosing. If you wish to use your rights of complaint or data transfer, or if you have other questions and/or remarks regarding our data processing methods, please send your request to ict@Business Days.nl.
To make sure the data you requested is your own, we will ask of you to send a copy of your ID with your request. To protect your privacy, you are allowed to black out your ID photo, Machine Readable Zone (the number lines on the bottom of your passport), your document number and national identification number. The Stichting Business Days Twente aims to reply to your request as soon as possible, to a maximum of four weeks after the initial request was posted.
The Stichting Business Days Twente would also like to point out that, if deemed necessary, you can also file an official complaint with the Dutch national privacy watchdog, the Autoriteit Persoonsgegevens. To do this, use the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons. Keep in mind that this contact form page is in Dutch.
How do we secure personal data?
Protecting your personal data is important to us. Therefore, we take extensive precautions to prevent abuse, loss, unauthorised access, unwanted publication, and unwanted change of your data. Should the impression arise that your personal data is being protected insufficiently, or that your personal data may be used without your consent, please e-mail our IT Officer via firstname.lastname@example.org. To protect your personal data, Foundation Business Days Twente have taken the following precautions:
- We use security software, e.g. a virus scanner and a firewall; - TLS (formerly known as SSL): Your data is being processed via a secure internet connection. This is shown by the lock and ‘https’ portion of the hyperlink, both present in the address visible in your browser’s address bar when visiting our website. - DKIM, SPF and DMARC: These three internet security tools are used to prevent you from receiving spam, phishing mails, or e-mails containing viruses from our official e-mail addresses. -DNSSEC is an additional DNS security measure, adding a digital signature to the website domain name after it’s been changed to the linked IP address. You’ll be able to check this signature on its authenticity. This signature prevents you from being redirected to false and/or malicious websites.