Privacy Policy

1. Introduction

The Student Life is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect the personal data of students and other users who interact with our services. It also sets out your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws, and how you can exercise those rights.

The data controller responsible for the processing of personal data described in this policy is Socials BV, registered at Wolstraat 70, 1000 Brussels, Belgium, with company registration number 1023312881. The Student Life is a brand operated by this entity and is referred to in this policy as "The Student Life," "we," "us," or "our."

The Student Life is not required to appoint a Data Protection Officer under Article 37 GDPR. We have instead designated a named internal contact who is responsible for handling all privacy-related inquiries, requests, and complaints. You can reach this contact at support@jointhestudentlife.com.

2. Scope of this policy

This Privacy Policy applies to personal data we collect or process when you:

Visit our website, purchase a ticket to any of our events, join one of our community platforms such as WhatsApp groups, receive communications from us, or otherwise interact with our services.

This policy should be read together with our Terms and Conditions and our Refund Policy, which together form the full agreement between you and The Student Life.

3. What personal data we collect

We collect the following categories of personal data.

Registration and purchase data. When you purchase a ticket, we collect your full name, email address, phone number, and the city or event associated with your purchase. We do not collect your date of birth. Payment information, such as card details, is not collected or stored by The Student Life. Payment is processed directly by our ticketing partners, currently Weeztix and Celebratix.

Communication data. When you contact us by email or through any other channel, we collect the content of your message, your email address, and any additional personal data you choose to include.

Website usage data. When you visit our website, we automatically collect information about your device and browsing behaviour, including your IP address, browser type, operating system, referral source, pages visited, and length of visit. This data is collected through analytics tools, as described in section 8.

Community platform data. When you join one of our WhatsApp communities, your phone number and any content you post become visible within that group. We do not actively collect or store your phone number outside of WhatsApp. The processing of your data within WhatsApp itself is subject to WhatsApp's own privacy policy, over which we have no control.

Event media. At our events, third-party photographers engaged by us take photographs and video recordings. These may include identifiable images of you. This is described further in our Terms and Conditions and in section 5 below.

4. Why we collect your data and our legal basis for processing

Under Article 6 GDPR, we must identify a specific legal basis for each purpose for which we process your personal data. The legal bases we rely on are described below.

To provide our services and fulfil your ticket purchase. We process your registration and purchase data to issue your ticket, deliver the Welcome Package, provide access to events and community platforms, and manage your account. The legal basis for this is the performance of a contract under Article 6(1)(b) GDPR.

To communicate with you about your purchase. We process your contact data to send you confirmations, preparation guides, event updates, reminders, and any operational communications directly related to your purchase. The legal basis for this is the performance of a contract under Article 6(1)(b) GDPR.

To send you marketing communications about future events. We process your contact data to send you promotional emails about upcoming events and related offerings from The Student Life. We send these communications only with your explicit consent, which you give at the point of purchase through a clearly labelled opt-in. The legal basis for this is your consent under Article 6(1)(a) GDPR. You may withdraw your consent at any time, as described in section 13.

To improve our services and website. We process website usage data to understand how our website is used, identify technical issues, and improve the user experience. The legal basis for this is our legitimate interest under Article 6(1)(f) GDPR in maintaining and improving our services, balanced against your privacy rights.

To use photographs and video from events. We process event media for marketing and promotional purposes, as described in our Terms and Conditions. The legal basis for this is your consent given at the point of ticket purchase under Article 6(1)(a) GDPR, together with our legitimate interest under Article 6(1)(f) GDPR in promoting our events.

To comply with legal obligations. We may process and retain certain personal data to comply with our legal, tax, and regulatory obligations, such as invoicing and record-keeping requirements. The legal basis for this is compliance with a legal obligation under Article 6(1)(c) GDPR.

5. How we use your data

We use your personal data only for the purposes described in section 4. In particular, we use your data to:

Process ticket purchases and issue tickets, deliver the preparation guide and Welcome Package components, add you to the relevant WhatsApp community where applicable, send you operational communications about your purchase and events, send you marketing communications where you have given consent, respond to your questions and requests, improve our website and services through aggregated usage analytics, comply with our legal and regulatory obligations, and protect our rights and the safety of our events and community.

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you.

6. Third parties we share data with

We share your personal data only with trusted third parties who need it to provide services on our behalf, and only to the extent necessary. The categories of third parties with whom we share data are:

Ticketing and payment processors. Weeztix and Celebratix process ticket sales and payments on our behalf. They receive the personal data you provide at the point of purchase in order to process the transaction and issue the ticket.

Email communication tools. We use email marketing and communication tools (to be specified as services are implemented) to send transactional and, with your consent, marketing emails.

Analytics providers. We use analytics tools, including Google Analytics, to understand website usage. These tools may collect website usage data as described in section 3.

Community platform providers. WhatsApp is used as the platform for our community groups. Your interactions within WhatsApp are subject to WhatsApp's own privacy terms.

Event photographers. Third-party photographers engaged by us process event media on our behalf under a written agreement.

Legal and regulatory authorities. We may share your personal data with authorities, regulators, or law enforcement where required by law, or where necessary to protect our rights.

We do not sell your personal data to third parties, and we do not share it for advertising purposes with parties outside of those listed above.

All third parties we share data with are contractually bound to process your data only for the purposes we specify and in accordance with GDPR requirements.

7. International data transfers

Some of the third parties we work with, such as Google Analytics and WhatsApp, are based outside the European Economic Area (EEA), primarily in the United States. When we transfer your personal data outside the EEA, we rely on appropriate safeguards as required by GDPR. These include:

Standard Contractual Clauses approved by the European Commission, or other legally recognised transfer mechanisms, and adequacy decisions issued by the European Commission where applicable.

Where you would like more information about the specific safeguards applied to a particular transfer, please contact us at support@jointhestudentlife.com.

8. Cookies and tracking technologies

Our website uses cookies and similar tracking technologies to function correctly, to analyse website usage, and to improve your experience. Cookies are small text files that are stored on your device when you visit a website.

We distinguish between:

Strictly necessary cookies, which are required for the website to function and do not require your consent.

Analytics cookies, which are used to understand how visitors interact with our website. These cookies are only set with your consent.

When you first visit our website, you will be presented with a cookie banner that allows you to accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings link available on our website.

We do not currently use advertising or targeting cookies. If this changes, we will update this policy and ask for your renewed consent where required.

9. How long we keep your data

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

Registration and purchase data: We retain this data for the period required by Belgian statutory accounting and tax law, which obliges businesses to retain accounting records and supporting documents for a minimum of seven years following the relevant taxable period. Certain categories of document may be subject to longer statutory retention periods under Belgian law. This data is retained for the applicable statutory period following your last purchase.

Communication data: We retain emails and related communications for a maximum of one year after the end of our interaction, unless the data is required for an ongoing matter or a legal obligation.

Website usage data: Website analytics data is retained for a maximum of 14 months in line with Google Analytics default settings, after which it is automatically deleted.

Marketing consent and marketing data: Where you have given consent to receive marketing communications, we retain your data for this purpose until you withdraw your consent. Once consent is withdrawn, we remove your data from our marketing lists within 30 days.

Event media (photographs and videos): We retain event media for as long as it is used for promotional and archival purposes. You have the right to request the removal of specific content in which you are identifiable, as described in section 11.

After the applicable retention period, your personal data is securely deleted or anonymised.

10. Data security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, alteration, or disclosure. These measures include:

Storing personal data in reliable, access-controlled systems, restricting access to personal data to team members who need it for their specific role, using secure connections (HTTPS) on our website, using established third-party providers with their own security standards (Weeztix, Celebratix, Google), and reviewing our security practices periodically to address new risks.

No method of transmission or storage is fully secure. In the unlikely event of a personal data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority in accordance with Article 33 GDPR and within the required 72-hour timeframe.

11. Your rights under GDPR

You have a number of rights under GDPR in relation to your personal data. These are:

Right of access (Article 15). You have the right to request a copy of the personal data we hold about you.

Right to rectification (Article 16). You have the right to request that we correct any personal data about you that is inaccurate or incomplete.

Right to erasure (Article 17). You have the right to request that we delete your personal data in certain circumstances, including where the data is no longer needed for the purposes it was collected, where you withdraw consent, or where you object to processing.

Right to restriction of processing (Article 18). You have the right to request that we restrict our processing of your personal data in certain circumstances.

Right to data portability (Article 20). You have the right to receive a copy of your personal data in a commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible.

Right to object (Article 21). You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis, including for direct marketing.

Right to withdraw consent (Article 7). Where our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Right to lodge a complaint. You have the right to lodge a complaint with a data protection supervisory authority, as described in section 16.

Limits to the right to erasure. The right to erasure is not absolute. In some circumstances, we may be legally required or permitted to retain your personal data despite a deletion request. These circumstances include:

Where retention is necessary to comply with a legal obligation, such as Belgian accounting and tax law; where retention is necessary for the establishment, exercise, or defence of legal claims; where retention is necessary to prevent fraud or abuse of our services; and where another lawful ground under Article 17(3) GDPR applies.

Where we are unable to fully comply with a deletion request for one of these reasons, we will explain which data we are retaining and why, and we will delete any other data that falls within the scope of your request.

12. How to exercise your rights

To exercise any of the rights described in section 11, please contact us at support@jointhestudentlife.com. We will respond to your request within 30 days, in line with our GDPR obligations. In some cases, we may ask you to verify your identity before we can act on your request, in order to protect your data from unauthorised disclosure.

There is no fee for exercising your rights. If a request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse to act on the request, as permitted by GDPR.

13. Marketing communications and consent

We send marketing communications only with your explicit consent, which you give through a clearly labelled opt-in at the point of ticket purchase. You may also receive promotional content within our WhatsApp community platforms, which is sent to the group as a whole and is not personally targeted.

You can withdraw your consent and unsubscribe from marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email we send you, leaving the relevant WhatsApp community, or contacting us directly at support@jointhestudentlife.com.

Withdrawing consent will not affect your ability to receive operational communications related to any active ticket or purchase.

14. Children's data

Our services are intended only for persons aged 18 or older, or for persons who have reached the legal drinking age of the country in which the event takes place, whichever is higher. This 18-and-over threshold is an operational restriction based on the nature of our events, which typically involve alcohol.

This operational threshold is separate from the age of digital consent under GDPR, which in Belgium is set at 13 under the Belgian Data Protection Act of 30 July 2018. We do not knowingly process the personal data of any person below either the applicable GDPR digital consent age or our operational age threshold, whichever is higher.

If we become aware that we have collected personal data from a person below the applicable age, we will delete that data without undue delay. If you believe that this has occurred, please contact us at support@jointhestudentlife.com so we can take appropriate action.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we make material changes, we will notify you by email or by a clear notice on our website before the changes take effect. The "last updated" date at the top of this policy will always reflect the date of the most recent revision.

We encourage you to review this policy periodically to stay informed about how we process your personal data.

16. How to contact us and how to complain

If you have any questions, requests, or complaints in relation to this Privacy Policy or the way we process your personal data, please contact us at support@jointhestudentlife.com.

If you are not satisfied with our response, you have the right to lodge a complaint with a data protection supervisory authority. As Socials BV is established in Belgium, the relevant authority is:

Gegevensbeschermingsautoriteit / Autorité de protection des données Rue de la Presse 35 / Drukpersstraat 35 1000 Brussels, Belgium Website: www.gegevensbeschermingsautoriteit.be

If you are resident in another EU member state, you also have the right to lodge a complaint with the supervisory authority of your country of residence. A full list of national data protection authorities in the European Union is available through the European Data Protection Board at edpb.europa.eu/about-edpb/about-edpb/members_en.