The ESTIEM Privacy Policy

Hi, we are ESTIEM, and this is how we treat your data. Take some minutes to read through this document, no legalese, we swear.

Some basic definitions to start

Even though we are trying to make this Privacy Policy as simple as possible, there are some terms or concepts that are useful to know. Those concepts are defined in the 4th article of the General Data Protection Regulation (GDPR); GDPR is a law enforced in the European Union that is designed to increase the control that a user have of his own data, limiting the freedom that companies and other entities had until now over your personal information. Here are some of the definitions you may find useful.

Personal data

Any information that can lead to identifying a person directly or indirectly is considered personal data. This includes any pieces of information that together can identify an individual even if they don’t lead to this person on their own.

Data Processor

The Data Processor is any entity that can take actions – process – the data on behalf of the Data Controller. The Data Controller is an entity that defines the purposes and means of data processing. Processing can mean to store, adapt, alter, retrieve, and more, in relation to any kind of data.


If somebody uses automatic means to analise your data in order to predict a behavior, interest, performance, or any other attribute, this person is profiling you. It’s the way online shops use to suggest you items you may want to buy.


Cookies are baked or cooked f tiny files that are stored in your device, and they can be installed or read by websites. Those files may contain informations essential to a website functioning or they can be used to collect informations about you. Not a inherently evil device on their own, they can be used to invade your privacy or to make you browse the pages you love.

What data we collect and why

Personal and contact information

Name, gender, e-mail, and phone number; to be able to contact you and organise your presence in the network.

ESTIEM-related information

Local group, role, and events attended; to keep ESTIEM running fair and organised.

Financial information

Bank account number and sums; only in case of transactions, to comply with law obligations.

Audio/Video files

Pictures, videos, and recordings at events; for promotion of commercial & non-commercial nature, and to keep good memories safe

Who can access the data you share with us?

The Leaders

Our leaders have access to all of the files related to their entities. Some entities have a strict collaboration within themselves or even they need to work together to function, in those cases they may share data within themselves but in no case the data is to be shared publicly; there must be a reason to share with other entities and it has to be specified when the data is collected.

The Board

The Board of ESTIEM serve as center of coordination for the whole network, every entity within the organization is under the responsability of a Board member. It is then safe to assume that the Board have access to almost every document related to its entities and, for organisational purposes, it may be asked to review other documents to provide feedback, insights, and guidance.


No entity could work without a team of dedicated people, those volunteers can access the documents relative to the entities they work with, as they tend to be the processors of the entity's data. Contrary to leaders and Board, our volunteers do not have privileged access to any data; personal data can be shared with volunteers where their efforts are required to fulfil an action requested by the data owner if specified through the media we'll use to gather the data.

IT Committee

The IT Committee is responsible for maintaining and improving the IT infrastructure of ESTIEM, they have access to the database of the organisation as it is required for them to perform their duties.


Our whole portal and part of the login system is hosted on Microsoft services, they have technically access to our database but reading it would be considered a violation of the contract. ESTIEMers login details are shared with Microsoft to allow an easy password recover; those are: name, email, local group, roles, and mobile number.

Analysis Committee

The Analysis Committee utilises anonymized data to evaluate the activity of the network and enables all entities to take decisions based on concrete data. Because of that they need to access the database as well, from which they extract the data which is then anonymized and shared with the network.

Means through which you can share personal data

The most notable way of collecting data is the ESTIEM portal, contained in the the domain “”; everything going through the IT infrastructure and stored in the database is accessible by the Vice-President of Administration, the IT Committee, and Analysis Committee. Other than that, some less obvious way through which you can share personal data with us are listed below.


Our Discord server, which can be accessed through this link, is an informal place to spend time together while working or during free time. It can also be a way of sharing reports and collect Q&A about them. Anything shared here is to be considered publicly available, as the access to the server is not restricted, Q&A may be saved and stored for knowledge management purposes.


Here the international level of ESTIEM discuss and shares ideas. Everything you post here or any comment you add is to be considered as shared with the whole ESTIEM network as the access is limited to members of organisations associated with ESTIEM. If any post is created to share data with other organisation it will be specified in the post itself.

Google Forms

For application, surveys, and other kinds of input gathering, we use Google Forms. Those are created and stored in Google Shared Drives, where access is controlled and restricted to only those that are required to process the data. At the end of the Form you will find a checkbox stating who will have access to the answers, and it needs to be accepted in order to send the data to us.

Your choices

Choose not to provide us with personal data

Once you have an account created by your Local Responsible you can decide not to provide ESTIEM with any additional data by just not sharing them. But remember, to participate in most events you will have to share some for both your safety (food allergies) and for organisational purposes.

Choose to turn off cookies in your browser

We are not collecting any cookie at the moment - hooray! But you can disable cookies completely from your browser, for good measure. To do so you can go to and you will know how to do that for the browser you're using at the moment.

Your rights

Access our data about you

You can ask us to see every personal data we have that can be tied to you as an individual, anonymised data won't be included in that as we won't be able to trace it back to you. We will have a month to address this request and we may be unable to fulfill it if doing so will affect the rights or freedom of others.

Make us correct wrong data

You have the power to modify almost any data we have about you, but if something out of your reach is outdated, inclomplete, or just wrong: tell us, we will fix it for you.

Make us delete your data

This is also known as "the right to be forgotten". You can have us delete everything we have about you, unfortunately this will mean deleting your account as well - as it holds your name, surname, and email - so you won't be able to be part of the network anymore.

Other rights

There are two other rights which are not applicable, the right to object on us using your data for profiling and making automated decisions about you and the right to port your data to another service. For the first one, we don't do any profiling, nor we ever will; regarding the second, we keep so little data that it's way faster if you hand over your name, surname, and address yourself to any other provider.

Lodge a complaint

Give us a chance to address your concerns about how we treat your data, and if we fail to do so, you can file a complaint to the Dutch Data Protection Authority at this address: but we're sure there will be no reason, ever.

Our belief

Some of the lines that guided our thoughts

"Grey areas in GDPR ain't made for you to avoid being compliant, but to make you able to run your business while being respectful of people's privacy"

"We don't get compliant because of the law, but because of ethics"

ESTIEM cares about your privacy

We believe that every effort done towards ensuring someone’s privacy is a show of respect. We fully agree with the principles of GDPR as much as we want them respected when our data is on the line, we want to hear a reason for keeping data, we want it to be confidential, and kept just for the time needed.

For that reason we purged the database of any data collected in the past that is no more in line with what is strictly needed, and we are implementing privacy by design in all the new processes of ESTIEM, while we keep making the old ones fully transparent and compliant.

ESTIEM makes no profits out of your data, nor disclose any of it without your consent.
We also believe that information about your privacy and how we handle your data must be easely accessible, clear, and honest; this is why we wanted to craft the policy this way, for you.