WHAT IS QUIVR?
“Quivr” allows students to receive data relevant especially for students, centralized in one Application. The Application includes your own schedule, an abstract of friends’ class schedules (if enabled), restaurant information, data concerning the library occupation, information about internships and job offers, news facts by VETO and so on. This Service is provided by Student Innovations VZW (“we”, “us”, “our”), both through a web and mobile Application.
More information about our organization:
- Name: Student Innovations VZW (non-profit organization)
- Registered office: Pellenbergstraat 185, 3010 Kessel-Lo, Belgium
- Website: http://studentinnovations.org
- KBO/BCE code: BE0561923869
- Email: firstname.lastname@example.org
Data Protection Officer:
- Name: Jonas Jespers
- Address: Meerputweg 3, 1861 Wolvertem
- Email: email@example.com
OUR VISION ON PRIVACY
- It is very important that you read our Terms and Conditions first.
- However, for analytical usage we process pseudonymised data on the ground of legitimate interest (article 6, para 1, f, GDPR ).
- The supply of personal data is a necessary requirement to enter into the contract. If you prefer not to provide this data, it is not possible to use our Service.
Our Service is directed to college students, who generally are older than 17 years old. Under no circumstances do we intend to collect any data from children under the age 13. If you notice or suspect that a User is younger than 13, please contact us immediately at firstname.lastname@example.org.
- App(lication): the mobile and/or web Application, providing the Service.
- Friend Option: setting that allows Users to share their personal schedules.
- GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”)
- Information: any data provided by the User to Student Innovations VZW.
- Service (also referred to as ‘Quivr’): the provision of information relevant to students, such as your own schedule, an abstract of friends’ class schedules (if enabled), restaurant information, data concerning the library occupation, information about internships and job offers, news facts by VETO and so on. This Service is provided by Student Innovations VZW, through a mobile and web Application.
- User: every person that uses the Service.
- Website: includes www.quivr.be, www.studentinnovations.org and all their subdomains.
All these defined words will be capitalised in the Terms and Conditions and must be understood in that way.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
We will collect and use your Information solely with the purpose of fulfilling our objective(s), unless we obtain your consent or if required by law. Our objectives are: the provision of information relevant to students, such as your own schedule, an abstract of friends’ class schedules (if enabled), restaurant information, data concerning the library occupation, information about internships and job offers, news facts by VETO and so on. Your Information is essential for a proper functioning of the App.
We collect three types of personal Information:
1. Information explicitly provided by the User
Any data ‘explicitly’ provided by the User, including but not limited to: first name, surname, email, language, residence, educational institution, faculty, favorite library, favorite restaurant and your own calendar entries.
2. Information automatically provided by the User
Any data ‘automatically’ provided by you (the User), including but not limited to: browser type, IP address, number of login sessions, access times, date of first entry, date of last entry, operating system; brand name and type of computer, smartphone or tablet; telecom provider, global settings and regional location (no GPS coordinates).
3. Information provided by the educational institutions
Any data concerning the User, provided by the educational Institution(s), required by Student Innovations VZW to perform our Service, like (but not limited to) your schedule.
Note that the operating system of your mobile phone or computer may, when using the App or browsing the Website, collect additional Information. Such collection is not related to Student Innovations VZW and the latter will hence not accept any responsibility thereof.
HOW DO WE USE THE INFORMATION WE COLLECT ABOUT YOU?
The aforementioned types of Information enable us to realise our statutory purpose, namely: making the life of students more efficient by creating digital applications, such as mobile applications and online solutions, making information more accessible and promoting the use of open data. Besides this your Information will be used for analytical purposes.
We will not use Information for other purposes than the ones stated above, save from those purposes that fall within the context of reasonable expectations. In particular, the Information is used to:
- Register your account;
- Establish optimal functioning of our Service;
- Conduct internal research;
- Display personalised information such as announcements and information about activities, internships and job offers;
- Personalise your experience.
HOW MAY WE SHARE YOUR INFORMATION?
Without your informed consent, we will not share your or any User’s Information with third parties. By sending or accepting friend requests under the Friend Option, you agree to share the (by you) indicated data (e.g. schedule hours) with other Users you add as friends.
However, we may need to disclose Information when we believe that the action is necessary to:
- Comply with law enforcement;
- Respond to claims that violate the rights of third parties; or
- Protect the rights, property or personal safety of Student Innovations VZW, its members and the public.
Analytical Information enables us to optimise your User experience. For this purpose we share your data with Google (Analytics) and Amplitude Inc. Google Analytics receives non-personally identifiable Information and Amplitude Inc. receives both non-personally and personally identifiable Information.
We concluded a data processing agreement with Amplitude to ensure that your data is well protected.
Finally, Information can be transferred in the context of a legal conveyance.
WHAT ARE YOUR RIGHTS?
According to articles 15 to 21 of the GDPR you have several rights that are listed below:
You can obtain from us information concerning:
- whether or not personal data regarding you are being processed;
- the purposes of this processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the source of the personal data, especially where the personal data are not collected from the data subject;
- the elaboration of the right to request from the controller the rectification or the erasure of personal data or the restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with the Data Protection Authority;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Besides, you can request us to:
- rectify inaccurate personal data concerning you;
- erase personal data concerning you;
- restrict processing where one of the following applies:
- you have contested the accuracy of your personal data;
- the processing of your data is unlawful;
- if we do not need you data for the purposes of the processing, but they are required by you for the establishment, exercise of defence of legal claims;
- where you object to processing pursuant to article 21(1) GDPR, pending the verification whether the legitimate grounds of the controller override those of you;
- object to the processing of personal data we do on the grounds of legitimate interest (which is the case of processing data for analytical purposes);
- object to the processing of your personal data for purposes of direct marketing.
Furthermore you can receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format in order to transmit those data to another Service provider. This right is also known as the right to data portability.
However, this right to data portability only applies to data you explicitly provide to us including but not limited to: first name, surname, email, language, residence, educational institution, faculty, favorite library, favorite restaurant and your own calendar entries; any data concerning you that is provided by an educational institution, like (but not limited to) your schedule, are not included in this right.
If you want to exercise one of your rights described above, please send an email with your request to email@example.com.
WHERE AND HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
Your personal Information as a User will be stored on servers in the European Union.
We inform you, however, that to provide with an optimal Service we use the Services of several processors (for example, but not limited to, a Service that logs our software errors) that are located in the US. For most of those Services we use a local database, that is located in the European Union. If you want more information about our processors and how they use our data please contact us under firstname.lastname@example.org.
In accordance with article 32 GDPR we take all appropriate technical and organisational measures to ensure the security of your data. Suchs as, but not limited to, the encryption of backups and hashing of tokens. If we discover a data breach that is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay.
Your data will be deleted automatically after one and a half years of inactivity. To avoid unwanted deletion of your account you will receive a notification one month prior to the erasure of your data.
Due to practical reasons it is possible that backups with your data will still be available after aforementioned erasure. These backups are however sufficiently encrypted and backups older than 2 months will be deleted automatically. A system is put in place that in case we need to restore our data, your data will not be restored to our production systems.
WHAT ABOUT THE COOKIES WE USE?