Privacy Policy

General

  1. This privacy policy (“Privacy Policy”) governs the processing of your personal data as part of your use of our website (the “Website”) and the services associated with it (collectively referred to as the “Services”). This processing is carried out by Studentenraad KU Leuven as the data controller, with registered office at ‘s-Meiersstraat 5, 3000 Leuven (“we”, “us”), registered in the Crossroads Bank for Enterprises under number 534.592.536, in accordance with the applicable legislation on the protection of personal data.

  2. By using our Website and/or our Services, you acknowledge that you have carefully read this Privacy Policy and that you agree to it without reservation. We reserve the right to modify the Privacy Policy regularly at our own discretion. Any such change will be communicated via the Website.

  3. By ticking the checkbox stating: “I declare that I have fully read and understood the Privacy Policy and that I agree to it without reservation. I consent to the processing of my personal data as set out in this Privacy Policy”, you confirm that you have indeed read and agree to this Privacy Policy. You acknowledge that you understand the purposes for which your personal data are processed. You also agree that your continued use will be considered as continued consent. You may withdraw your consent at any time by emailing info@stura.be.

  4. Please note that we may use so-called “cookies” or similar technologies as part of the Website and/or the Services. Cookies are small text files placed on a device’s hard drive that contain certain information, sometimes including personal data. For more information regarding our use of cookies, please refer to our Cookie Policy.

  5. If you have any questions about this Privacy Policy after reviewing it, you may always contact us via info@stura.be.

  6. If and when your registration on the Website or use of the Website or Services can be considered (a) a violation of the terms or intellectual property rights or any other rights of a third party, (b) a threat to the security or integrity of the Services, (c) a danger to the Website or Services or systems of us or our subcontractors due to viruses, Trojan horses, spyware, malware, or any other form of malicious code, or (d) in any way illegal or unlawful, discriminatory or offensive, we may process your data in the interest of ourselves, our partners or third parties.

  7. This Privacy Policy was last updated on April 27, 2026.

What data do we process?

When you use our Website and/or Services, we process your personal data. We may request, store, collect and process the following personal data:

  • Identification data: name, first name, domicile and/or residence address, phone number, email, student number, national register number, bank account number and registered office;
  • Personal characteristics: gender, date of birth, place of birth and nationality;
  • Function within or relationship to FO or other Leuven student associations;
  • Image and audiovisual material recorded during activities of Studentenraad KU Leuven.


Why do we process personal data?

Your personal data are processed by Studentenraad KU Leuven in accordance with the purpose for which they were provided. Processing is limited to the data necessary for those purposes. Your personal data are processed for the following purposes:

  • To allow you to participate in activities of Studentenraad KU Leuven (legitimate interest);
  • To provide you with meeting documents, reports and invitations (legitimate interest);
  • To process your requests for our services such as subsidies or lending services (legitimate interest);
  • To comply with all employer obligations regarding staff (legal obligation);
  • To maintain a sound and safe volunteer policy (legitimate interest);
  • To ensure the representation of students at KU Leuven (legitimate interest).


Who processes your data?

The data are processed by the following parties:

  • Members of the board of the association;
  • Volunteers of the association;
  • Staff members and student workers at Studentenraad KU Leuven.

Who we share data with

  1. We do not transfer your personal data in an identifiable manner to third parties unless this is necessary to provide the Services, without your explicit consent.
  2. We may rely on external processors to provide the Website and/or Services. We ensure that third-party processors may only process your personal data on our behalf and based on our written instructions. We guarantee that all external processors are carefully selected so that we can rely on the security and integrity of your personal data.
  3. We may share anonymised and/or aggregated data with other organisations that may use such data to improve products and services and to tailor marketing, presentation and sales of products and services.
  4. We do not provide your personal data to third parties unless this is legally required and/or permitted, such as in the context of police or judicial investigations.

Where we process data

  1. We and our external processors will only process your identifiable personal data within the EEA.
  2. We may transfer your anonymised and/or aggregated data to organisations outside the EEA. If such a transfer takes place, we will ensure appropriate safeguards to guarantee the security and integrity of your personal data, and that all rights relating to personal data are guaranteed under applicable mandatory law.
  3. If a transfer of your personal data and/or anonymised and/or aggregated data takes place, the following legal protection mechanism will be implemented.

How we process data

  1. We will make every effort to process only the personal data necessary to achieve the purposes set out in this Privacy Policy. We will process your personal data in a lawful, fair and transparent manner and will strive to keep them accurate and up to date.
  2. Your personal data will only be processed for as long as necessary to achieve the purposes set out in this Privacy Policy or until you withdraw your consent. Please note that withdrawing consent may mean that you can no longer use the Website and/or Services in whole or in part. If you have registered on our Website, we will delete your personal data when you delete your profile, unless legal or regulatory obligations or judicial or administrative orders prevent us from doing so.
  3. We will take appropriate technical and organisational measures to keep your personal data secure against unauthorised access or theft and against accidental loss, manipulation or destruction. Access by our staff or that of our external processors is limited to a need-to-know basis and subject to strict confidentiality obligations. However, you understand that security measures are best-efforts obligations and can never be fully guaranteed.

Retention period

Studentenraad KU Leuven does not retain personal data longer than necessary for the purpose for which they were provided or as required by law.

Your Rights

  1. You have the right to request access to all personal data that we process about you. However, requests for access which are manifestly made with the intention of causing inconvenience or damage to us will not be entertained.
  2. You have the right to request that any personal data about you that is incorrect or inaccurate be corrected free of charge. If you have registered on our Website, you can correct many of these details yourself via your profile. If such a request is made, you must also include with it evidence that the personal data for which correction is requested is incorrect.
  3. You have the right to withdraw your previously given consent to the processing of your personal data. You can withdraw your consent at any time by sending an e-mail to info@stura.be, or by deleting your profile (if applicable).
  4. You have the right to request that personal data relating to you be deleted if it is no longer necessary in view of the purposes set out in this Privacy Policy or if you withdraw your consent to its processing. However, you should note that a deletion request will be assessed by us in the light of legal or regulatory obligations or administrative or judicial orders which may prevent us from deleting the personal data in question.
  5. In lieu of deletion, you may also request that we restrict the processing of your personal data if (a) you dispute the accuracy of that data, (b) the processing is unlawful or (c) the data is no longer necessary for the stated purposes, but you need it to defend yourself in legal proceedings.
  6. You have the right to oppose the processing of personal data if you can demonstrate that there are serious and legitimate reasons relating to special circumstances that justify such an opposition. However, if the intended processing is classified as direct marketing, you have the right to object to such processing free of charge and without justification.
  7. If your personal data is processed on the basis of consent or on the basis of a contract and the processing is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and, if technically possible, you have the right to transfer this data directly to another service provider. The technical feasibility of this is exclusively assessed by us.
  8. If you wish to make a request to exercise one or more of the above rights, please send an e-mail to info@stura.be. This request must clearly state which right you wish to exercise and why. It must also be dated and signed, and be accompanied by a digitally scanned copy of your valid identity card proving your identity. We will immediately inform you of the receipt of such a request. If the request proves to be justified, we will comply with it as soon as reasonably possible and no later than thirty (30) days after receipt of the request.
  9. If you have a complaint about the processing of your personal data by us, you can always contact us at the e-mail address info@stura.be. If you are not satisfied with our response, you are free to file a complaint with the competent data protection authority, the Belgian Privacy Commission. For more information, please visit http://www.privacycommission.be.