Privacy Policy ELSA the Netherlands


The European Law Students’ Association the Netherlands (“ELSA the Netherlands”) is committed to protecting the privacy and personal data of our members, participants in activities and partners. This privacy policy explains how we collect, use, and protect personal data in compliance with the European Union’s General Data Protection Regulation (“GDPR”).

Data Controller

ELSA the Netherlands acts as the Data Controller for the personal data we process. If you have any questions or concerns about our privacy practices, please contact us at

Collection of Personal Data

We collect personal data from members, participants in activities and partners. The personal data we collect may include:

– Name

– Email address

– Phone number

– Payment details

– Enrollment in a university

– Membership of a Local or National Group of ELSA

– Company name

– Job description

– Professional certifications

– Emergency contact information

– Special categories of personal information, including but not limited to:

– medical information

– religious or philosophical information

Use of Personal Data

We use personal data to provide our services. The specific purposes for which we use personal data may include:

– Managing membership and partner relationships

– Organisation of our activities

– Processing payments

– Providing educational and professional development resources

– Communicating with members and partners

– Sending newsletters and promotional emails

– In case of emergencies during our activities, providing necessary information to emergency services

– Complying with legal obligations

Legal Basis for Processing

We process personal data on the basis of one or more of the following legal grounds:

– Consent: You have given us explicit consent to process your personal data for a specific purpose.

– Contract: Processing your personal data is necessary for the performance of a contract to which you are a party.

– Legal Obligation: We are required by law to process your personal data.

– Legitimate Interests: We have a legitimate interest in processing your personal data that is not overridden by your rights and freedoms.

We process special categories of personal information only if you have given us explicit consent to do so.

Sharing of Personal Data

We only share information within the organisation on a need to know basis. Unless you have given us explicit consent that we may share personal information outside the organisation.

We may share personal data with third-party service providers who assist us with our activities, such as payment processing and email marketing. We ensure that these third-party service providers are GDPR compliant and have appropriate safeguards in place to protect your personal data.

We may also disclose personal data if required by law or to protect our rights or the rights of others.

Security of Personal Data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, or destruction. We regularly review and update our security measures to ensure the ongoing confidentiality, integrity, availability, and resilience of personal data.

Retention of Personal Data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When personal data is no longer necessary, we securely delete or destroy it.

Your Rights

You have the right to access, rectify, or erase personal data that we hold about you. You also have the right to restrict or object to the processing of your personal data and the right to data portability.

To exercise your rights or to request further information about our privacy practices, please contact us at

Complaint at National Privacy Autorities

You have the right to lodge a complaint with the national privacy authorities of the Netherlands, the Autoriteit Persoonsgegevens (AP), if you believe that your personal information has been processed in a way that does not comply with applicable data protection laws and regulations.

To lodge a complaint you may contact the AP using the following details:

Autoriteit Persoonsgegevens
Telephone number: +31(0)70 888 85 00
PO Box 93374

You can also use the website of the AP to lodge a complaint using this link (page is in Dutch)

We encourage you to contact us first before making a complaint to the AP, as we would welcome the opportunity to address your concerns and work with you to find a satisfactory resolution.

Changes to this Privacy Policy

We may update this privacy policy from time to time. The most current version of the privacy policy will always be available on our website. We encourage you to review this privacy policy regularly to stay informed about our privacy practices.

Last updated: 15 May 2023