PRIVACY POLICY

General Data Protection Regulation (GDPR) Compliance Statement

1. Introduction

This GDPR Compliance Statement explains how personal data in the database used for managing THIMUN participants is collected, used, and protected. We are committed to processing all personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Data Controller

The data controller responsible for the processing of personal data is:

THIMUN Foundation
2e van Blankenburgstraat 119
The Hague

For any inquiries regarding this policy, you may contact: info@thimun.org.

3. Personal Data Collected

THIMUN collects and stores only the necessary data required for THIMUN participation and organisation in the database. This may include:

  • Personal information: Full name, gender, date of birth, nationality
  • Email address
  • School/Institution attended by the participant
  • Delegation and assigned country during the conferences
  • Committee and role during the conferences
  • Contact details of advisors/supervisors
  • Badge photographs
  • Any other relevant THIMUN-related information

4. Purpose of Data Processing

Personal data is collected and used for the following purposes:

  • Organising and managing THIMUN events
  • Communicating important event details
  • Assigning committees and delegations
  • Ensuring security and verification of participants
  • Fulfilling administrative obligations
  • Post – event communications
  • Developing and maintaining a THIMUN Alumni network

5. Legal Basis for Processing

The lawful bases for processing personal data under GDPR include:

  • Consent – Users provide their data for participation.
  • Contractual necessity – Data is required to facilitate THIMUN participation.
  • Legitimate interests – Data is used to ensure event security and proper organisation.

6. Data Storage and Security

All personal data is securely stored and protected against unauthorised access, loss, or misuse. Measures include:

  • Encrypted data exchange with storage systems
  • Access restrictions limited to authorised personnel
  • Security and data protection reviews

7. Data Sharing and Third Parties

We do not sell, rent, or exchange personal data. However, we may share it with:

  • THIMUN personnel and Board members, staff and authorised subcontracted individuals, companies, or organisations
  • Hosting platforms or software providers
  • Legal authorities if required by law

All third-party services comply with GDPR regulations and maintain exacting standards of data security.

8. Data Retention Policy

THIMUN Data Retention

For activities related to THIMUN (The Hague International Model United Nations), personal data of participants, advisors, schools, volunteers, and alumni are collected and processed in order to:

  • Manage event registrations and participation
  • Maintain contact for future THIMUN-related opportunities
  • Document participation for educational and historical purposes
  • Provide Certification to participants

Personal data related to THIMUN activities will be retained for as long as necessary for the purposes stated. Personal data will be retained for at least six years after the relevant event and will be deleted or anonymised in the seventh year. This retention period supports our aim to preserve historical records, verify past participation, and maintain connections for an alumni network.

All retained data is subject to review to ensure it remains accurate and necessary. Where data is no longer relevant, it will be securely deleted or anonymised. Data subjects have the right to access, correct, or request deletion of their personal data at any time, unless it is required to be retained for legal or documented legitimate interests.

9. User Rights under GDPR

Users have the following rights regarding their personal data stored:

  • Right to Access – Request a copy of the personal data.
  • Right to Rectification – Request corrections to inaccurate data.
  • Right to Erasure (“Right to be Forgotten”) – Request deletion of personal data.
  • Right to Restrict Processing – Limit how data in certain circumstances is processed.
  • Right to Data Portability – Obtain data in a structured, machine-readable, or digital format.
  • Right to Object – Object to data processing based on legitimate interests.
  • Right to Withdraw Consent – Withdraw consent at any time (this does not affect prior lawful processing).

Requests to exercise these rights can be made by contacting [info@thimun.org].

10. Cookies and Tracking Technologies

Cookies or tracking technologies may be used for functionality and security purposes. Users will be informed about any tracking methods and can manage preferences accordingly.

11. Data Breach Notification

In the event of a data breach, affected users will be notified when required under the GDPR. If the breach poses a risk to individual rights and freedoms, the appropriate supervisory authority will be informed within 72 hours in accordance with GDPR guidelines.

12. Updates to this Policy

This GDPR compliance statement may be periodically updated. Users will be notified of significant changes.

13. Contact Information

For any GDPR-related inquiries or data protection concerns, please contact:

THIMUN Foundation
Info@thimun.org
2e van Blankenburgstraat 119
2517 HC, The Hague
Netherlands

LAST UPDATED: 16/07/2025