Personal-data protection information for student associations

Your student association probably collects and stores personal data about its members. This may include their names, addresses, email addresses, and other details, such as the specific events that members attend (through registration forms or meeting minutes, for example). That means your association is subject to Swiss and possibly EU data-protection regulations.

These regulations are intended to protect the identities and fundamental rights of the individuals whose personal data are collected. The regulations set forth a series of rules to make sure that the data are handled in a legal, faithful, and transparent manner, are used for narrowly defined purposes, are accurate and limited to necessary data, are stored for the shortest time necessary, and are kept confidential and uncorrupted, and that the persons responsible for compliance with data-protection regulations are clearly identified. The regulations also specify the rights of individuals whose data are collected, such as the right to access their personal data, to know how their personal data will be used, and to correct or delete their personal data.

We strongly suggest you consult an expert if you have any questions related to the handling of personal data. More specifically, you should get the advice of a professional if your association plans to outsource the collection and/or storage of personal data (particularly if the service provider is located outside Switzerland); conduct profiling (the analysis of personal data to determine certain personal characteristics); collect sensitive data such as information about members’ ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, or sexuality; collect genetic or biometric data for identification purposes; or collect information about any debt-collection proceedings under way or any criminal or administrative sanctions in force.

Here are some websites with useful information about personal data protection:

Your association is subject to the GDPR if you handle the personal data of people located in the EU, if you collect personal data as part of the provision of goods or services to people located in the EU, or if you collect data on the behaviors of individuals provided that those behaviors occur in the EU.