BLASE (NPO) 

Aalstersestreenweg 399B, 9400 Ninove | BE 0745.682.748 |  

+32 495 88 59 56 | info@blaseleuven.com  

 

 

Privacy Policy (GDPR) 

 

I. Privacy Principles 

Business Leadership Association for Students Exchange (BLASE) takes your privacy seriously. Personal data is collected, stored and processed according to the General Data Protection Regulation, fairly and transparently. 

The following principles underpin our approach to respecting your privacy: 

  • Trust: We value the trust that you place in us by giving us your personal information. We will always use your personal information in a way that is legal, fair and secure.  

  • Transparency: We will provide clear information about how we use your personal information. We shall always be transparent with you about what information we collect, what we do with it, with whom we share it and who you should contact if you have any concerns. 

  • Data retention: We keep your data only as long as it is necessary. 

  • Security: We will take all reasonable steps to protect your information from misuse and keep it secure. 

  • Compliance: We will comply with all applicable data protection laws and regulations and we will cooperate with data protection authorities. 

This notice explains how we collect and use data that we may hold about you as an individual. 

 

II. How do we collect personal information? 

We collect personal information about you from various sources, including: 

  • Information that you give us directly: When you sign up to receive information, attend an event, use applications, fill out a survey, or make an inquiry. 

  • Information collected automatically: When you use the BLASE Leuven website, using cookies and other tools (such as web analytic tools and pixel tags). 

  • Information we may receive from third parties: Such as when receiving answers to surveys for events. 

 

III. What information do we collect? 

We may collect the following categories of information about you: 

 

Information that you give us directly 

We may collect information from you directly when you provide us with personal information, e.g. when you sign up to receive information, attend an event, use applications, fill out a survey, or make an inquiry. The types of information we may collect from you directly include your: 

  • Personal contact details such as name, title, address, telephone number and personal email addresses; 

  • Date of birth or age; 

  • Gender; 

  • Any other personal information that you voluntarily provide to us. 

 

Information collected automatically when you use the BLASE Leuven website; 

We use cookies and other tools (such as web analytic tools and pixel tags) to automatically collect information about you when you use the BLASE Leuven website, subject to the terms of this Privacy Notice and applicable data laws and regulations. The types of information collected automatically may include: 

  • Information about the type of browser you use; 

  • Details of the web pages on our websites which you have viewed; 

  • Your IP address; 

  • The hyperlinks you have clicked; 

  • Your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites (such as when you use the “Like” functionality on Facebook). 

 

Information we collect from third parties 

We may receive personal information about you from other legitimate sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. The types of personal information that we may collect from such sources include your: 

  • Personal contact details such as name, title,  address, telephone number and personal email addresses; 

  • Date of birth; 

  • Gender; 

  • Academic and professional background from educational institutions and employers (for networking purposes). 

 

IV. How do we use your information? 

We may use your information for the following purposes: 

  • Administering relationships: To administer the relationship you have with BLASE Leuven, and to provide you with information about BLASE Leuven activities and for other related purposes. 

  • Financial relationship: If applicable, to administer financial relationships with you and provide you with information that you require to continue that relationship. 

  • Network forums: To administer peer-to-peer network forums for sharing best practice amongst both staff and elected representatives from members and non-members. 

  • Event administration: To administer your attendance at a BLASE Leuven event to ensure that your requirements are accommodated so that you can fully participate in the event in an accessible way. 

  • Statistical purposes: To use your responses for statistical purposes in policy making or in advocacy. 

 

You can opt out of receiving communications from us at any time. Any  communications that we send to you will provide the information and means necessary to opt out by unsubscribing or sending an email to info@blaseleuven.com

In order to protect information from accidental or malicious destruction, when we delete information from our services we may not immediately delete residual copies from our servers or remove information from our backup systems. However, once a request has been made, all information is deleted, including from residual copies or backups.  

We keep this privacy notice up to date, so if there are any changes to the way in we handle your data, we will notify you promptly. 

 

V. What is the legal basis that permits us to use your information? 

Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so as set out in the General Data Protection Regulation. The legal basis that permits us to use your information depends on the basis that we are using that information for.  We rely on the following legal bases to use your information you consent us to process: 

  • Consent: With your explicit consent, which you can withdraw at any time. 

  • Contractual necessity: Where we need information to perform the contract we have entered into with you. 

  • Legal obligations: Where we need to comply with a legal obligation. 

  • Legitimate interests: Where it is necessary for our legitimate interests (to collect data for statistical purposes in policy making or in advocacy) and your interests and fundamental rights do not override those interests. 

 

Some information is classified as “special” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal information. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal information in the following circumstances: 

  • In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent. 

  • We will use information about your physical and mental health or disability status to comply with our legal obligations, including to ensure your health, safety and wellbeing at an event. 

 

VI. How do we share your information? 

We share your personal information in the following ways: 

  • When we use third party services providers who process personal information on our behalf in order to provide services to us. This includes IT systems providers and IT contractors; 

  • We will share your personal information with regulators where we are required to do so to comply with our regulatory obligations; 

  • We will share your personal information with third parties where we are required to do so by law; 

  • With partner organizations and sponsors for the purposes of organizing events, providing benefits, and enhancing your experience as a member; 

  • With partner organizations that sponsor or support events, for the purpose of offering career and networking opportunities to participants. This is done only with the explicit consent of the involved participants; 

  • With academic institutions and employers for verification purposes and to facilitate professional opportunities. 

 

When we share your personal information with third parties we ensure that we have appropriate measures in place to safeguard your personal information and to ensure that it is solely used for legitimate purposes in line with this privacy notice and according to GDPR. 

 

VII. How do we keep your information secure? 

We take all reasonable precautions to keep your personal information secure and require any third parties that handle or process your personal information for us to do the same. Access to your personal information is restricted to prevent unauthorised access, modification or misuse and is only permitted among our employees and elected representatives on a need-to-know basis. We use encryptions, secure services, and other technological measures to safeguard your data. 

 

VIII. When do we transfer your information overseas? 

When data is transferred to countries outside of Belgium and the European Union,  those countries may not offer an equivalent level of protection for personal information to the laws in the EU. Where this is the case we will ensure that appropriate safeguards are put in place to protect your personal information. 

 

IX. For how long do we keep your information? 

As a general rule we retain your information for the duration of the time that we need to use it.  For example, if you are attending an event, the information required is only required until the event has finished.  Within  one year of the event finishing, the information that is not necessary for other reasons (for example the name of the participants for reporting to external funding authorities such as the European Commission) will be deleted. 

However, where we have legal or contractual obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer. 

 

X. Your rights in relation to your information 

You have a number of rights in relation to your personal information, these include the right to: 

  • Right to be informed: About how we use your personal information. 

  • Right of access: To your personal information that we hold. 

  • Right to rectification: To correct your personal information if it is incorrect, incomplete, or inaccurate. 

  • Right to erasure: To request that we erase your personal information. 

  • Right to restrict processing: To ask us to restrict our data processing activities. 

  • Right to data portability: To request a copy of your personal information in a commonly used electronic format. 

  • Right to object: To our processing of your personal information where we rely on legitimate interests or exercise of a public interest task. 

  • Right not to subject to automated decisions: Which produce legal effects or similarly significant effects on you. 

  • Right to withdraw consent: You have the right to withdraw your consent for sharing your CV with partners at any time. You can do this by contacting our Data Protection Officer at info@blaseleuven.com

If you would like to exercise any of your rights or find out more, please contact info@blaseleuven.com

 

 

XI. Cookies and Tracking Technologies 

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. 

 

Types of cookies we use: 

  • Session cookies: These cookies are temporary and expire once you close your browser. 

  • Persistent cookies: These remain on your device for a set period or until your delete them. 

  • Third-party cookies: these are placed by third parties to collect certain information and conduct various research into behaviour, demographics, etc. 

 

Purposes of using cookies: 

  • Essential cookies: These are necessary for the website to function and cannot be switched off in our systems. 

  • Performance cookies: These help us understand how visitors interact with our website by collecting and reporting information anonymously. 

  • Functional cookies: These allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. 

  • Targeting cookies: These are used to deliver content that is more relevant to you and your interests. 

 

Managing cookies: 

You can manage cookies through your browser settings. Most web browsers allow you to control cookies through their settings preferences. However, if you choose to disable cookies, some features of our website may not function properly. 

 

XII. Links to Others Websites 

Our website may contain links to other websites. Please note that we are not responsible for the privacy practices of these websites. We encourage our users to be aware when they leave our site and to read the privacy policies of any website that collects personal data. 

 

XIII. Changes to This privacy Policy 

We may update this privacy policy from time to time. When we make changes, we will notify you by revising the data at the top of this policy, and in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you an email notification). We encourage you to review the privacy policy whenever you access our services to stay informed about our information practices and the ways you can help protect your privacy. 

 

XIV. Data  Protection Impact Assessments (DPIAs) 

When we process data that is likely to result in high risk to individuals’ rights and freedoms, we conduct Data Protection Impact Assessment (DPIAs). These assessments helps us identify and mitigate risks associated with data processing activities. DPIAs are conducted in compliance with GDPR requirements and involve evaluating the necessity and proportionality of processing activities, as well as implementing measures to mitigate any identified risks. 

 

XV. Data Protection Officer (DPO) 

If applicable, we have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. The DPO is responsible for: 

  • Informing and advising the organization and its members about their obligations to comply with GDPR and other data protection laws. 

  • Monitoring compliance with GDPR and other protection laws, including managing data protection activities, raising awareness of data protection issues, training members, and conducting internal audits. 

  • Acting as the first point of contact for supervisory authorities and for individuals whose data is processed (members, visitors, etc.). 

 

Contact information for the DPO: 

  • Name: Dylan Van Engeland 

 

XVI. Automated Decision-Making and Profiling 

We do not use automated decision-making or profiling that produces legal effects or similarly significant effect on you. Should this change, we will update this policy and provide you with information about your rights concerning such processing. 

 

XVII. Partner access to student CVs 

As part of certain events organized by the Business Leadership Association for Students Exchange (BLASE), partners may gain access to the CVs of registered students. This is done under the following conditions and for specific purposes: 

 

Purpose and Consent 

Partners are granted access to student CVs for the purpose of offering professional and networking opportunities, such as internships, employment, or other relevant career opportunities. Consent for sharing this data is explicitly obtained from students during the event registration process.  

 

Types of Information 

The information that may be provided to partners includes: 

  • Name 

  • Contact details (email, phone number) 

  • Academic background 

  • Professional experience 

  • Skills and competencies 

  • Other relevant information as mentioned in the student’s CV 

 

Conditions for Partners 

Partners who wish to access student CVs must: 

  • Sign a written agreement committing to use the data solely for the aforementioned purpose. 

  • Agree to a fee to BLASE for access to the data. The amount of this fee is determined per event. 

Security and Confidentiality 

BLASE ensures that partners adhere to strict confidentiality and security standards to protect personal data. Partners must comply with all relevant GDPR regulations, and BLASE may conduct regular audits to ensure compliance. 

 

Data Retention and Deletion 

Partners may retain the received data only for the duration strictly necessary for the purpose for which the data was provided. After this period, the data must be deleted or returned to BLASE, depending on the terms of the agreement.  

 

Information and Complaints 

Students are fully informed about what data is shared, with whom, and for what purpose. If there are complaints about the use of their data by partners, students can contact the Data Protection Officer of BLASE at info@blaseleuven.com

 

XVIII. Complaints / Contact us 

Our contact details are as follows: 

Address: Aalstersesteenweg 399 B, 9400 Ninove 

Telephone: +32 495 88 59 56 

We have appointed a person with responsibility for data protection matters. You can contact our GDPR officer using following details: info@blaseleuven.com

 

Complaints 

If you have any complaints about the way we use your personal information, please contact dylan.vanengeland@blaseleuven.com who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority in your country (the Information Commissioner in Belgium).