Privacy Policy

Privacy Policy

(last updated: 9/11/2023)

The privacy of our conference’s participants and website visitors is of high importance to us. We have, therefore, decided to split our policy into four clear and easily readable chapters:

Privacy Policy, for more information on how we value your privacy in general.

Cookie Policy, for more information on how our website makes use of cookies.

Protocol Reporting Data Breaches, for more information on how we handle the (unlikely) event of a data breach.

Processing Register, for a structured overview of and more information on what categories of data we process, who is responsible for the collection, how long we retain the data, et cetera.

Privacy Policy (last updated: 9/11/2023)

 The I.M.U.N.A. Foundation respects the privacy of its website visitors, in particular their rights regarding the automatic processing of personal data. We have therefore formulated and implemented a policy on complete transparency with our customers regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way.

If you require any additional information about the protection of personal data, please visit the website of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): https://autoriteitpersoonsgegevens.nl/nl.

Until you accept the use of cookies and other tracking devices, we will not place any non-anonymised analytical cookies and/or tracking cookies on your electronic device.

With the continued visit of this website, you accept these terms of use and you accept the use of cookies and other tracking systems unless we have provided another method of accepting cookies on our website.  

The currently available version of this privacy policy is the only version that applies while visiting our website until a new version replaces the current version.

Article 1 – Definitions

  1. Website (hereinafter: “Website”) www.imuna.nl.
  2. Party responsible for processing personal data (hereinafter: “the controller”): Stichting I.M.U.N.A., established at Bergerhout 1, 1815 DA Alkmaar, The Netherlands, Chamber of Commerce number: 41241492.

Article 2 – Access to the website

Access to and use of the website are strictly personal. You will refrain from using the data and information of this website for your own commercial, political or advertising purposes, as well as for any commercial offers, in particular unsolicited electronic offers.  

Article 3 – Website content  

All brands, images, texts, comments, illustrations (animated) images, video images, sounds and all the technical applications that can be used to operate this website and more generally all the components used on this website, are protected by the laws on intellectual property. Any reproduction, repetition, use or modification, by any means whatsoever, of all or just part of it, including technical applications, without the prior written permission of the controller, is strictly prohibited. The fact that the controller may not take immediate action against any infringement, cannot be considered as tacit consent, nor of a waiver of any right to prosecute the infringing party.

Article 4 – Management of the website

For the purpose of proper management of the site, the controller may at any time:

  • suspend, interrupt, reduce or decline access to the website for a particular category of visitors,
  • delete all information that may disrupt the functioning of the website or conflicts with national or international laws or is contrary to internet etiquette,
  • make the website temporarily unavailable in order to perform updates.

Article 5 – Responsibilities

  1. The controller is not liable for any failure, disturbances, difficulties or interruptions in the functioning of the website, causing the (temporary) inaccessibility of the website or of any of its functionalities. You, yourself, are responsible for the way you seek connection to our website. You need to take all appropriate steps to protect your equipment and data against hazards such as virus attacks on the Internet. Furthermore, you are responsible for which websites you visit and what information you seek.
  2. The controller is not liable for any legal proceedings taken against you:
  • because of the use of the website or services accessible via the Internet,
  • for violating the terms of this privacy policy.
  1. The controller is not liable for any damages that incur to you or third parties or your equipment, as a result of your connection to or use of the website and you will refrain from any subsequent (legal) action against the controller.
  2. If the controller is involved in a dispute because of your (ab)use of this website, he is entitled to (re)claim all subsequent damages from you.

Article 6 – Collection of data

  1. Your personal data will be collected by the I.M.U.N.A. Foundation and (an) external processor(s). 
  2. Personal data means any information relating to an identified or identifiable natural person (‘data subject’). 
  3. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  4. The personal data that are collected on the website are used mainly by the collector in order to maintain a (commercial) relationship with you and if applicable in order to process your orders. They are recorded in an (electronic) register. 

Article 7 – Your rights regarding information

  1. Pursuant to Article 13 paragraph 2 sub b GDPR each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of his personal data, as well as the right to object to the processing and the right to data portability. 
  2. You can exercise these rights by contacting us at it@imuna.nl.
  3. Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you. 
  4. Within one month of the submitted request, you will receive an answer from us. 
  5. Depending on the complexity and the number of requests this period may be extended to two months.

Article 8 – Legal obligations

  1. In case of infringement of any law or regulation, of which a visitor is suspected and for which the authorities require the personal data collected by the collector, they will be provided to them after an explicit and reasoned request of those authorities, after which these personal data do not fall anymore under the protection of the provisions of this Privacy policy.
  2. If any information is necessary in order to obtain access to certain features of the website, the controller will indicate the mandatory nature of this information when requesting these data.

Article 9 – Collected data and commercial offers

  1. You may receive commercial offers from the collector. If you do not wish to receive them (anymore), please send us an email to the following address: it@imuna.nl.
  2. Your personal data will not be used by our partners for commercial purposes.   
  3. If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.

Article 10 – Data retention

The collected data are used and retained for the duration determined by law, which is equal to seven years. Comments on blog posts or personal information in user accounts of the website get stored indefinitely. 

Article 11 – Cookies

The website makes use of cookies. For more information, please refer to the Cookie Statement below.

Article 12 – Imagery and products offered

You cannot derive any rights from the imagery that accompanies any offered product on our website.

Article 13 – Applicable Law

These conditions are governed by Dutch law. The court in the district where the collector has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.

Article 14 – Contact

For questions or information about the website itself, please reach out to our Head of Information Technology.

Cookie Policy (last updated: 29/11/2021)

  1. The use of cookies

www.imuna.nl uses cookies. A cookie is a small text file that is sent along with pages from this website and is stored by your browser on the storage medium of your electronic device. The information stored therein can be sent back to our servers on a subsequent visit.

A cookie contains data so you can be recognized as a visitor when you are visiting our website. It enables us to adjust to your needs and it facilitates you to log in to our website. When you visit our website, we inform you about the use of cookies. By continuing to use our website you accept its use unless we ask permission by other means. Your consent is valid for a period of thirteen months. 

The use of cookies is of great importance for our website’s smooth running, but cookies of which you do not immediately see the effect are very important. Thanks to the (anonymous) input from visitors, we can improve the use of the website and make it more user-friendly

  1. Permission for the use of cookies

Your permission is required for the use of certain cookies. We ask for consent through a pop-up that appears on the first visit to our website. Your consent is stored for 1 year, which shall be referred to as the “given consent period”. After the given consent period you will be required to give your consent again. To change your consent during the given consent period, a box with the text “manage consent” can be found at the bottom of any page at the website

  1. The type of cookies and their objectives We use the following types of cookies on our website:

Functional cookies: these allow us to operate the website better and they make our website more user-friendly for the visitor. For example, we store your login details in login cookies and use session cookies to collect session information.  

Anonymised analytical cookies: these ensure that an anonymous cookie is generated when you visit our website. These cookies know whether you have visited the site before or not. Only on the first visit, a cookie is created and on subsequent visits, the existing cookie is used. We cannot see who specifically visits our sites or from which personal device the visit has taken place. Because statistics are being tracked anonymously, no permission is asked to place analytical cookies. This cookie is only for statistical purposes. In this way, we can adjust our communication and information to the needs of our visitors. For example, the following data can be collected:

  • the number of unique visitors,
  • how often users visit the site,
  • which pages users view,
  • how long users view a certain page,
  • on which page visitors leave the site.

Site improvement cookies: these allow us to test different versions of a web page to see which page is best visited.

Social media cookies: on our website, we have included buttons for Facebook and Instagram to promote web pages (e.g. “like”, “pin”) or share (e.g. “tweet”) on social networks like Facebook and Instagram. These buttons work using pieces of code coming from Facebook and Instagram themselves. This code places cookies. These social media buttons also can store and process certain information, so a personalized advertisement can be shown to you.

Please read the privacy statement of these social networks (which can change regularly) to read what they do with your (personal) data which they process using these cookies. The data that is retrieved is anonymised as much as possible. Facebook and Instagram are located in the United States.

Specifically, we use the following cookies on our website:

    • WordPress (Functional) 
      • Usage: We use WordPress for website development.
      • Sharing Data: This data is not shared with third parties.
      • Cookie:
    • Google Maps (Marketing/Tracking)
      • Usage: We use Google Maps for maps display.
      • Sharing Data: For more information, please read the Google Privacy Statement.
      • Cookie:
        • Marketing/Tracking:
    • YouTube (Marketing/Tracking, Functional, Statistics)
      • Usage: We use YouTube for video display.
      • Sharing Data: For more information, please read the YouTube Privacy Statement.
      • Cookies:
        • Marketing/Tracking:
          • NameGPS
            • Retention: Session
            • Function: Store location data.
        • Functional:
        • Statistics:
          • NameYSC
            • Retention: Session
            • Function: Store a unique user ID.
          • NamePREF
            • Retention: 1 Year
            • Function: Store and track visits across websites.
    • Facebook (Marketing/Tracking, Functional)
      • Usage: We use Facebook for the display of recent social posts and/or social share buttons.
      • Sharing Data: For more information, please read the Facebook Privacy Statement.
      • Cookies:
        • Marketing/Tracking:
          • Nameactppresence
            • Retention: 1 Year
            • Function: Manage ad display frequency.
          • Name_fbc
            • Retention: 2 Years
            • Function: Store last visit.
          • Namefbm*
            • Retention: 1 Year
            • Function: Store account details.
          • Namexs
            • Retention: 3 Months
            • Function: Store a unique session ID.
          • Namefr
            • Retention: 3 Months
            • Function: Enable ad delivery or retargeting.
          • Name_fbp
            • Retention: 3 Months
            • Function: Store and track visits across websites.
          • Namedatr
            • Retention: 2 Years
            • Function: Provide fraud prevention.
          • Namesb
            • Retention: 2 Years
            • Function: Store browser details.
          • Name*_fbm_
            • Retention: 1 Year
            • Function: Store account details.
        • Functional:
          • Namewd
            • Retention: 1 Week
            • Function: Determine screen resolution.
          • Nameact
            • Retention: 90 Days
            • Function: Keep users logged in.
          • Namec_user
            • Retention: 90 Days
            • Function: Store a unique user ID.
          • Namecsm
            • Retention: 90 Days
            • Function: Provide fraud prevention.
          • Namepresence
            • Retention: Session
            • Function: Store and track if the browser tab is active.
        • Functional:
        • Statistics:
          • NameYSC
            • Retention: Session
            • Function: Store a unique user ID.
          • NamePREF
            • Retention: 1 Year
            • Function: Store and track visits across websites.

Give WP (Functional)

      • Usage: We use Give WP for our donation widget to allow someone to become a Friend of IMUNA.
      • Sharing Data: For more information, please read the GIVEWP Privacy Statement.
      • Cookies:
        • Functional:
          • Namewp-give_session_*
            • Retention: Session
            • Function: Store a unique user ID.
          • Namewp-give_session_reset_nonce_*
            • Retention: 12 Hours
            • Function: Store data that helps to identify a donor to fetch session data on the server for business logic like showing the donor a donation receipt.

Google reCAPTCHA (Functional)

    • Usage: We use Google reCAPTCHA to make a distinction between bots and humans.
    • Sharing Data: For more information, please read the Google Privacy Statement.
    • Cookies:
      • Functional:
        • Name: _grecaptcha
          • Retention: Persistent
          • Function: Stores a snapshot of the user’s browser.
  1. Your rights concerning your data

You have the right to inspect, rectify, limit and delete personal data. You also have the right to object to the processing of personal data and the right to data portability. You can exercise these rights by sending an email to it@imuna.nl. This does not include any data we are obliged to keep for administrative, legal, or security purposes. To prevent abuse, we may ask you to identify yourself adequately. When it comes to access to personal data linked to a cookie, we ask you to send a copy of the cookie in question. You can find this in the settings of your browser

  1. Blocking and deleting cookies

At any time you can easily block cookies yourself or delete them via your internet browser. You can also set your internet browser so that you receive a message when a cookie is placed. You can also indicate that certain cookies may not be placed. View the help function of your browser for this option. If you delete the cookies in your browser, this may have consequences for the pleasant use of this website. Some tracking cookies are placed by third parties which, among other things, show you advertisements via our website. You can delete these cookies centrally via youronlinechoices.com.

Please note that if you don’t want any cookies, we cannot guarantee that our website still works well. Some functions of the site may be lost or you may not be able to visit the website at all. Also, refusing cookies does not mean that you will no longer see advertisements at all. The advertisements are then no longer tailored to your interests and can therefore be repeated more often.

How you can adjust your settings differs per browser. Please refer to the help function of your browsing or click on one of the links below to go directly to the manual of your browser.

  1. New developments and unforeseen cookies

The texts of our website can be adjusted at any time due to continuous developments. This also applies to our cookie statement. Therefore, please read this statement regularly to stay informed of any changes. In blog articles, use can be made of content hosted on other sites and made accessible by www.imuna.nl utilizing certain codes (embedded content), as with YouTube videos. These codes often use cookies. However, we have no control over what these third parties do with their cookies.
 

It is also possible that cookies are placed via our websites by others, which we are not always aware of. Do you encounter unforeseen cookies on our website that you cannot find in our overview? Please contact it@imuna.nl. You can also contact the third party directly and ask which cookies they placed, what the reason is, what the lifespan of the cookie is and how they have guaranteed your privacy

  1. Concluding remarks
    If you require any additional information about the protection of personal data, please visit the website of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): https://autoriteitpersoonsgegevens.nl/nl.

We will have to adjust these statements from time to time, for example when we adjust our website or change the rules regarding cookies. You can consult this webpage for the latest version

If you have any questions, comments or remarks, please reach out to our Head of Information Technology.

Protocol Reporting Data Breaches (last updated: 29/11/2021)

Considerations:

  • The I.M.U.N.A. Foundation attaches importance to good security of its (electronic) systems in which personal data are stored and processed,
  • nevertheless, it can never be completely prevented that a data breach will occur.
  • The I.M.U.N.A. Foundation is under the General Data Protection Regulation (GDPR) obliged to report (serious) data leaks to the Dutch Data Protection Authority and to those involved.
  • The I.M.U.N.A. Foundation wishes to comply with its legal obligations.
  • The I.M.U.N.A. Foundation has therefore formulated a policy to act as adequately as possible in the unlikely event that a data breach does occur.

1 – Definition of a data breach

A data breach occurs when a breach of security occurs that accidentally or unlawfully leads to destruction, loss, alteration, or the unauthorized disclosure or access to transmitted, stored or otherwise processed data.

2 – Internal persons responsible for reporting data breaches

  1. The I.M.U.N.A. Foundation has appointed internal responsible persons who are responsible for reporting a data breach.
  2. Those responsible are: M.E. Kuipers, telephone number: +31725123202; email address: bod@imuna.nl and if not reachable R. van Kempen, telephone number: +31725123202; email address: bod@imuna.nl, hereinafter referred to as: “internal responsible“.

3 – Internal report when a data breach is discovered

  1. The person who discovers a data breach at the I.M.U.N.A. Foundation reports this immediately to the internal responsible.
  2. If possible, the person who discovered the data breach will simultaneously ensure that the leaked data is immediately remotely deleted or made inaccessible.

4 – Investigation by the internal responsible

The internal responsible investigates, among other things:

  • whether personal data has been lost or can be used unlawfully,
  • who or which departments within the organization are involved in the data breach,
  • whether a(n) (external) data processor is involved in the incident.

5 – Fight against data breach

The internal responsible will stop the data breach if that is still possible and will also take the necessary measures to combat the data breach as effectively as possible.

6 – Determining the consequences of a data breach

The internal responsible will investigate the possible consequences of the data breach based on the nature and extent of the data that have been leaked and determine what the adverse consequences of the data subjects may be.

7 – Cooperation with the provision of information regarding the data breach

The discoverer/reporter of the data breach fully cooperates with the internal responsible person by answering the following questions as quickly and as accurately as possible:

  • what happened? (description of the incident),
  • was it accidental or was it caused by malicious intent (e.g., hacked data)?,
  • when did it happen? (date and time),
  • when was it discovered? (date and time),
  • what data (registers) have been leaked? (see processing register),
  • is the data encrypted, and if so, how? (encryption type and process),
  • Could the data be remotely erased or made inaccessible, and if so, has that happened?,
  • what are the possible consequences for those involved?,
  • which group(s) of people is / are affected by this? (for example: sponsors, Executive Staff, delegates),
  • How many people are (approximately) affected by this?,
  • Has there also been data on persons in other EU countries affected by the data breach?,
  • Could technical and/or organizational measures already be taken as a result of the incident?.

8 – Availability of personnel after the discovery of data breach

The person responsible for the department from where the data breach took place as well as the discoverer of the data breach and anyone who, based on their position or knowledge, is able to take organizational and/or technical measures to limit the consequences of the data breach, keep themselves available the 1st 24 hours after the discovery of the data breach for consultation with the internal responsible person or any experts appointed by him/her, and for carrying out tasks assigned to them as a result of the data breach if necessary.

9 – Decision on reporting data breaches

  1. The internal responsible decides as soon as possible, but in any case within 60 hours after the discovery of the data breach – whether or not in consultation with the responsible person of the department in which the data breach was discovered and/or experts appointed by him – whether or not the discovered data breach must be reported to the Dutch Data Protection Authority and/or the parties involved.
  2. In principle, a data breach is always reported to the Dutch Data Protection Authority, unless it is unlikely that the data breach entails a risk to the rights and freedoms of the data subjects.
  3. The notification of the data breach is accompanied by answers to the questions as described in section 7.
  4. A data breach that was reported to the Dutch Data Protection is also reported to the data subjects if it poses a high risk to the rights and freedoms of natural persons unless appropriate measures have been taken to prevent the high risk.

10 – Reporting data leaks to the Dutch Data Protection Authority and/or those involved

  1. If necessary, the internal responsible is responsible for reporting to the Dutch Data Protection Authority and/or the person (s) involved.
  2. Reporting takes place as soon as possible after the discovery and no later than 72 hours after the discovery of the data breach.
  3. Any employee other than the internal controller is not permitted to report the (possible) data breach to the Dutch Data Protection Authority and/or the person (s) involved.
  4. If an employee does not agree with the decision of the internal responsible regarding whether or not to report the data breach to the Dutch Data Protection Authority and/or the person (s) involved, he can make his grievances known to the management.
  5. If requested to do so, an employee will cooperate fully with the controller in order to be able to inform the affected persons about the data breach in accordance with Article 34 GDPR.

11 – Consequences of reporting data leaks

  1. If the data breach has negative consequences for those involved, the internal responsible will do everything in his power to limit these consequences as much as possible.
  2. Depending on the nature and extent of the data breach for those involved, the internal controller determines:
  • how data subjects are informed (including at least the statements made about which types of personal data have been affected, what the possible consequences are, which measures the I.M.U.N.A. Foundation takes and how data subjects themselves can prevent or limit the damage)
  • which aftercare those involved receive
  • which actions are necessary for the interest of the organization
  1. If a data breach has taken place – regardless of whether it has been reported or not – adequate technical and/or organizational measures will be taken as soon as possible to prevent future similar data breaches.

12 – Keeping records of data leaks

The internal responsible person keeps a register of all data breaches, in which all data related to the data breach is registered, such as:

  • a description of the incident,
  • date and time of the data breach,
  • date and time of discovery of the data breach,
  • description of the type of leaked personal data,
  • description of the category (s) of data subjects affected (see processing register),
  • description of the number of parties involved (approximate),
  • whether data of persons in other EU countries has also been leaked,
  • whether the incident has been reported to the Dutch Data Protection Authority and, if so, date and time of the report,
  • whether the incident has been reported to the parties involved and, if so, date and time of the report,
  • how those involved have been informed,
  • the consequences of the data breach, including date and time if possible,
  • which technical and/or organizational measures have been taken after the data breach, stating the date and time if possible.

Processing Register (last updated: 29/11/2021)

Contact details:

Foundation: I.M.U.N.A. Foundation, Bergerhout 1, 1815 DA Alkmaar, email address: secretariat@imuna.nl, telephone number: +31725123202

Main responsible: M.E. Kuipers, email address: bod@imuna.nl, telephone number: +31725123202

Operational responsible: F. Bellis, email address: sg@imuna.nl, telephone number: +31614267353

Data Processing Officer: N.A., we have chosen not to appoint a Data Processing Officer. This decision was taken as we work with personal data on a relatively small scale, do not process special personal data and collect personal data in a fairly static way. As a result, it takes little effort to make any necessary adjustments and/or improvements in the future.

Processing activities of regular personal data:

  • Category of personal data: Name, address, place of residence
  • Category of stakeholders: Participants
  • The basis for processing: Agreement
  • Purpose of processing: Organising the I.M.U.N.A. conference
  • Processed ourselves: Yes
  • Processor location: Within the EU or in a country with sufficient legal guarantees
  • EU Processing Agreement: Yes
  • Retention period: 7 years
  • Security measures: Access restriction/prior authorization
  • Category of personal data: Place of birth and/or date/age
  • Category of stakeholders: Participants
  • The basis for processing: Agreement
  • Purpose of processing: Organising the I.M.U.N.A. conference
  • Processed ourselves: Yes
  • Processor location: Within the EU or in a country with sufficient legal guarantees
  • EU Processing Agreement: Yes
  • Retention period: 7 years
  • Security measures: Access restriction/prior authorization
  • Category of personal data: Email address/telephone number
  • Category of stakeholders: Participants
  • The basis for processing: Agreement
  • Purpose of processing: For organizing the I.M.U.N.A. conference
  • Processed ourselves: Yes
  • Processor location: Within the EU or in a country with sufficient legal guarantees
  • EU Processing Agreement: Yes
  • Retention period: 7 years
  • Security measures: Access restriction/prior authorization
  • Category of personal data: Digital data (IP addresses, login data)
  • Category of stakeholders: Website visitors
  • The basis for processing: Consent
  • Purpose of processing: To improve the website, user experience and to help spam detection
  • Processed ourselves: Yes, as well as by external processors (Google: https://policies.google.com/privacy, Gravatar: https://automattic.com/privacy/).
  • Processor location: Within the EU or in a country with sufficient legal guarantees
  • EU Processing Agreement: Yes
  • Retention period: 14 months
  • Security measures: Anonymization of personal data, access restriction/prior authorization

Processing activities of special personal data:

N.A., we do not collect special personal data.