Privacy Policy

This Policy applies to all processing of personal data carried out in connection with registration for, payment for, admission to, and the general operation of the Event.

For the purposes of this Policy, the “controller” determining the purposes and means of the processing (Article 4(7) GDPR) is the Organiser, whose point of contact is contact@jsc-amsterdam.nl.

Through the registration form, the Organiser collects the Data Subject’s name, email address, number of attendees, student or non-student status, the name of the higher-education institution at which the Data Subject is enrolled (only where the Data Subject indicates that they are a student), confirmation that the Data Subject is 18 years of age or older, and information concerning how the Data Subject came to learn of the Event.

In connection with use of the Site, the Organiser may automatically collect technical information such as access logs, IP address, date and time of access, and information relating to the browser and device, by means of the Site’s hosting provider.

Payment information (including card number, expiry date and security code) is processed by the payment service provider referred to in Article 8; the Organiser does not collect or retain such information.

The Organiser collects personal data by means of the Data Subject’s own entry and submission of the registration form on the Site, or by means automatically generated through use of the Site.

The Organiser shall not collect personal data by unlawful means or without the Data Subject’s consent.

The Organiser uses the personal data collected for the purposes of: (1) receiving and managing registrations for the Event; (2) issuing and dispatching the QR-code entry ticket; (3) communicating in relation to the Event (including notices of any change, postponement or cancellation); (4) managing admission and headcount on the day; (5) accounting and responding to enquiries; (6) producing statistical information and improving the planning and operation of future events; and (7) complying with legal obligations.

The Organiser shall not process personal data beyond the extent necessary to achieve the purposes set out in the preceding paragraph. Where the Organiser changes the purposes of processing, it shall do so only to the extent that the changed purposes bear a reasonable connection to the original purposes, and shall, where necessary, notify the Data Subject or publish such change on the Site.

The Organiser may cause photographs, video and audio recordings (collectively, "Recordings") to be taken or made at the venue of the Event by persons designated by the Organiser or by third parties engaged by the Organiser ("Photographers"), for the purposes of documentation, publicity and press relations. Such Recordings may include the likeness, voice, clothing or other visually or aurally identifiable features of a Data Subject (the "Likeness"). A Likeness contained in Recordings may constitute personal data within the meaning of Article 4(1) GDPR and is accordingly subject to this Policy.

The Organiser may use the Recordings on the following media and for the following purposes: (1) social networking service ("SNS") accounts operated by the Organiser (including Instagram, X (formerly Twitter), Facebook, YouTube, TikTok and other platforms) — for the purposes of reporting on the Event, publicising future events, recruiting participants and other promotional activities of the Organiser; (2) the Site — for the purposes of publishing a record of the Event and introducing the activities of the Organiser; (3) printed materials produced by the Organiser (including flyers, posters and reports) — for the purposes of documenting and promoting the activities of the Organiser; and (4) provision of materials to media organisations — for the purposes of press coverage of the Event.

The Organiser may provide all or part of the Recordings to the sponsor companies, co-sponsors or supporters of the Event (the "Sponsors") pursuant to a sponsorship agreement or other arrangement between the Organiser and such Sponsors. Sponsors may use the Recordings so provided on SNS accounts, websites, advertising media and other channels of communication operated by them, for the purposes of their promotional activities, marketing activities or reporting on corporate social responsibility initiatives. The Organiser shall, in providing Recordings to Sponsors, require that due regard be given to the protection of the rights of Data Subjects as set out in this Policy.

The legal bases on which the Organiser processes the Likeness contained in Recordings are: (1) the legitimate interests of the Organiser in operating the Event effectively and communicating its activities to the public (Article 6(1)(f) GDPR); and (2) the consent of the Data Subject as set out in the following paragraph (Article 6(1)(a)). Where legitimate interests are relied upon, the Organiser shall first verify, by means of a balancing test, that the interests or fundamental rights and freedoms of the Data Subject do not override those legitimate interests.

By completing registration for the Event, the Data Subject shall be deemed to have consented to the taking, use and provision to third parties of Recordings as set out in the preceding paragraphs. Such consent may, however, be withdrawn at any time in accordance with Article 7(3) GDPR. The withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.

The Data Subject may exercise the following rights in respect of the use of Recordings containing their Likeness: (1) Cessation of use — the Data Subject may request the cessation of future use of Recordings containing their Likeness by contacting the address set out in Article 16; (2) Deletion — the Data Subject may request the deletion of Recordings containing their Likeness from media controlled by the Organiser; provided, however, that where posts have already been published on third-party SNS platforms, the Organiser shall use reasonable efforts to procure removal within the constraints of the terms of service and technical limitations of the relevant platform, and does not guarantee complete deletion; (3) Objection — the Data Subject may object to processing based on legitimate interests pursuant to Article 21 GDPR; upon receipt of such objection, the Organiser shall cease the processing unless it demonstrates compelling legitimate grounds for the processing that override the interests of the Data Subject.

The Organiser shall retain Recordings after the conclusion of the Event for the period necessary to achieve the purposes set out in Article 4 and paragraph 2 of this Article. However, where a Data Subject requests deletion pursuant to the preceding paragraph, the Organiser shall, save where retention is required by law, delete the Recordings containing the Likeness of that Data Subject, or render them in a form from which the Data Subject can no longer be identified, without undue delay.

Notices shall be displayed at the venue to inform attendees that Recordings are being made. A Data Subject who does not wish to be the subject of Recordings may notify a Photographer or a member of the Organiser's staff accordingly, and the Organiser shall, so far as reasonably practicable, take steps to ensure that the Data Subject is not included in Recordings.

The Organiser processes personal data on one or more of the following legal bases: (1) performance of a contract with the Data Subject (the provision of the ticket) (Article 6(1)(b) GDPR); (2) the consent of the Data Subject (Article 6(1)(a)); (3) compliance with a legal obligation (Article 6(1)(c)); and (4) the legitimate interests of the Organiser in operating the Event safely and smoothly (Article 6(1)(f)).

Personal data collected by the Organiser is recorded in, and stored on a continuing basis within, a database managed by the Organiser or by a cloud provider engaged by the Organiser. Such personal data is not automatically erased following the conclusion of the Event but shall continue to be stored in that database until one of the events described below occurs.

The Organiser retains personal data for: (1) the period necessary to achieve the purposes of processing; (2) the period for which retention of records is required under accounting, tax or other applicable law; and (3) the period necessary for the Organiser’s legitimate interests, including communications relating to the Organiser’s future events.

Notwithstanding the foregoing, where a Data Subject requests erasure pursuant to Article 12 and the Organiser is obliged to comply, the Organiser shall, save for information which it is required by law to retain, erase or irreversibly anonymise the relevant personal data without undue delay.

To the extent necessary to achieve the purposes of processing, the Organiser may entrust all or part of the handling of personal data to, or provide personal data to, a payment service provider (Stripe), an email delivery provider, and providers of hosting and database services (including Google LLC and Firebase). Such recipients shall process personal data as processors within the meaning of Article 28 GDPR, in accordance with the Organiser’s instructions.

Save where required by law or where necessary to protect the life, body or property of a Data Subject, the Organiser shall not provide personal data to any third party other than as set out in the preceding paragraph without the prior consent of the Data Subject. The Organiser shall not, under any circumstances, sell personal data.

In connection with processing by the recipients referred to in the preceding Article, personal data may be transferred to a country or territory outside the European Economic Area (EEA). The Organiser shall endeavour to ensure that any such transfer is subject to appropriate safeguards as provided in Chapter V of the GDPR, such as an adequacy decision or Standard Contractual Clauses.

The Organiser shall implement reasonable technical and organisational measures, including access controls and encryption of communications, in order to prevent the leakage, loss or damage of personal data and otherwise to ensure its security.

Where the Organiser entrusts all or part of the handling of personal data to a processor, it shall require that processor to implement security measures equivalent to those set out in this Policy.

The Organiser does not make decisions based solely on automated processing (including profiling) that produce legal effects concerning the Data Subject or that similarly significantly affect the Data Subject.

In accordance with the GDPR, the Data Subject has the right, in respect of their own personal data, to: (1) access (Article 15); (2) rectification (Article 16); (3) erasure (Article 17, the so-called “right to be forgotten”); (4) restriction of processing (Article 18); (5) object to processing (Article 21); (6) data portability (Article 20); and (7) withdraw consent in respect of processing based on consent (Article 7(3)).

Where a Data Subject wishes to exercise any of the foregoing rights, they shall submit a request to contact@jsc-amsterdam.nl. The Organiser shall, having verified the identity of the requester, respond without undue delay in accordance with applicable law. The withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.

The Data Subject has the right to lodge a complaint concerning the handling of personal data with the supervisory authority having jurisdiction over their location (in the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)).

The Event is intended for persons aged 18 or older. The Organiser requires confirmation, upon registration, that the registrant is 18 years of age or older, and does not knowingly collect the personal data of persons under 18.

The Site uses cookies and similar technologies only to the minimum extent necessary for the provision of the Site, such as remembering the display language. The Site does not engage in tracking for advertising purposes.

The Organiser may amend this Policy in response to changes in law or operational requirements. The amended Policy shall take effect from the time it is posted on the Site, and where material changes are made, the Organiser shall endeavour to notify Data Subjects by reasonable means.

Any enquiries concerning this Policy or the handling of personal data, and any request to exercise the rights set out in Article 12, should be addressed to contact@jsc-amsterdam.nl.