Privacy policy

We attach great importance to your privacy. That is why we handle personal data with care and act within the limits of the General Data Protection Regulation (GDPR). For the use of the platform of the research team Social Enterprise and Institutions for Collective Action we process personal data and use cookies for our website. We therefore think it is important to inform you through this privacy statement about the way in which we process your personal data, so that you know what to expect when using the website. In this privacy statement, we inform you about the purposes for which personal data is processed, how you can exercise your privacy rights and provide other information that may be of interest to you. You can read more about our use of cookies in the cookie statement.

Who is responsible for your personal data?

Erasmus University Rotterdam (EUR), Rotterdam School of Management (RSM) is responsible for the processing of your personal data with respect to the platform, within the meaning of the GDPR.

Contact details:
Erasmus University Rotterdam (EUR), Rotterdam School of Management (RSM)
Social Enterprise & Institutions for Collective Action Research Group (hereinafter: the Responsible)
Burgermeester Oudlaan 50, 3062 PA, Rotterdam
collective-action@rsm.nl

Why are your personal data processed?

The Responsible processes personal data in a relationship management system in order to optimally collaborate, inform interested parties about our activities, and to be able to contact you and respond to questions you have asked.

The website of the Social Enterprise and Institutions for Collective Action Research Group uses Functional and Analytical cookies for website optimization and statistics. See the cookie statement for more information.

From whom do we process personal data, which personal data is processed, and for what purposes?

People who have expressed their interest to be informed about the activities and/or results of the Social Enterprise & Institutions for Collective Action research group. The personal data gathered include:

  • First name
  • Family name
  • Email address

It’s also possible to share additional data with us, which will then be processed too. These data may include phone number, title, and work-related data (organization name, department, job title, expertise).

Purposes for which the data is processed:

  • to contact you and to enable us to react to your questions;
  • to inform you about our activities, results and requests;
  • to handle your requests for information;
  • to enable the sending of digital news letters and emails;
  • for the execution of the agreement made with you;
  • to comply with legal obligations, such as the obligation to keep records.

On what basis do we process your personal data?

We process your personal data pursuant to your consent. Consent must be freely given, informed and specific to the purpose of processing. In addition, you must consent to the processing through an active action (unambiguous). This may include checking a check box, submitting a web form or verbal acceptance. Consent can be revoked at any time. Processing prior to withdrawal of consent remains lawful.

Do we also share your personal data with third parties?

On behalf of the Responsible, third parties may provide certain parts of the service under an agreement. We make arrangements with these parties to ensure confidential and careful handling of personal data. These arrangements are contractually recorded in (processor) agreements. If parties are located outside the European Economic Area (EEA), additional and appropriate safeguards are taken.

Your personal data is not rented or sold. The Responsible discloses personal data to enforcing authorities or fraud-fighting organizations when necessary to comply with a legal obligation.

Where is your personal data stored?

Your personal data obtained through the relation management system is collected on Erasmus University servers. Your personal data, such as preference data, is stored until you change this data or request to remove this data.

How do we protect your personal data?

We take security measures to prevent theft, loss or otherwise unlawful use of your personal data.

Your data obtained through the platform is secured by minimizing access rights, encryption, supervision of use, and application of additional measures as far as the current state of the art allows.

How long do we keep your personal data?

The Responsible keeps your personal data no longer than strictly necessary to achieve the purposes for which the data was collected.

If you choose to exercise one of your rights (see “What are your rights?” below), this may affect the retention period of your personal data.

What are your rights?

As a data subject, you have several rights under the General Data Protection Regulation (GDPR).

Response time

If you exercise one of your rights, you will be asked to identify yourself. Your request or exercise of rights will be handled within 30 days by the Responsible. We may extend our decision-making period by another two months if necessary to handle your request.

Right to withdraw consent

If processing by the Responsible is based on consent, you have the right to withdraw your consent for the processing of your data at any time. The processing of your data prior to the withdrawal of consent remains lawful.

Right to access

You have the right to know whether your personal data is being processed. If your data is being processed, you have the right to access this data.

Right to rectification and completion

You have the right to correct or rectify incorrect personal data processed by the Responsible that concerns you. You also have the right to have incomplete data about you completed, depending on the purposes of the processing.

Right to restriction of processing

You have the right to restrict the processing of your personal data if one of the following applies:

  • You contest the accuracy of the data, in which case we will suspend the processing of your data until we have verified its accuracy;
  • The processing is unlawful and you prefer that we erase your personal data;
  • You have, in accordance with your right to object, objected to the processing of your personal data and are waiting for the outcome of your objection.

Right to object

If the Responsible has a legitimate interest in processing your personal data (see “On what grounds do we process your personal data?”) you have the right to object to the processing of your data due to your specific situation. We will stop processing your personal data unless we can demonstrate a compelling legitimate interest that overrides your interests, rights and freedoms, or unless we need the data to establish, exercise or defend a legal claim.

If you exercise your right to object, the Responsible will weigh your interests against the interests of the Responsible or the interests of relevant third parties, after which a decision will be made on the continued processing of your personal data.

Right to data portability

You have the right to receive the personal data you have provided to the Responsible, in a structured, commonly used and machine-readable format, and have the right to transmit that data to another controller without hindrance from the Responsible to whom the personal data was provided, if the processing is based on consent or a contract and the processing is carried out by automated means.

Right to erasure

You have the right to request the erasure of your personal data processed by the Responsbile if one of the following applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You withdraw your consent on which the processing is based and there is no other legal ground for the processing;
  • You object to the processing and there are no overriding legitimate grounds for the processing;
  • The personal data has been unlawfully processed;
  • The personal data has to be erased for compliance with a legal obligation. The right to erasure does not apply if the processing is necessary for the establishment, exercise or defense of legal claims.

Right to file a complaint

You always have the right to file a complaint with the Data Protection Authority. However, if you have any issues, questions, or comments about the processing of your data by the responsible party, please contact us at privacy@eur.nl first. We take your privacy very seriously and will be happy to speak with you.

Click here to exercise one of your rights.

Third party privacy policy through linking

On the platform of the Responsible and elsewhere, links are included to external websites that do not belong to the EUR. After following these links, the EUR is not responsible for the way in which these parties deal with personal data.

Do you have any additional questions?

If you have any specific questions or comments about this privacy statement as a result of this information, please feel free to contact us. You can send an email to privacy@eur.nl.

Have we not handled your complaint regarding the processing of your personal data to your satisfaction?

If we have not handled your complaint regarding the processing of your personal data to your satisfaction, you are free to file a complaint with the Authority for Personal Data through the complaint form available on the authority’s website: https://autoriteitpersoonsgegevens.nl/nl.

Management of versions

This privacy policy was drawn up on January 5, 2022 and last modified on January 5, 2023