NUSAS – Privacy, Data & Cookie Policy (GDPR Compliant)

Newcastle University Shipping Alumni Society (NUSAS) – nusas.co.uk

1. Introduction

This document constitutes the official Privacy, Data, and Cookie Policy of the Newcastle University
Shipping Alumni Society (NUSAS), based in Athens, Greece. It is a core and required element for
full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, ensuring that
all data collected through nusas.co.uk is processed lawfully, transparently, and securely.

2. Data Controller

NUSAS, headquartered in Athens, Greece, acts as the Data Controller responsible for the
processing of personal data of members and visitors to nusas.co.uk. Contact email:
board@nusas.co.uk

3. Categories of Data Collected

Personal data collected may include: full name, email address, graduation year, professional
position, company, country of residence, and newsletter preferences. Technical information such as
IP address or browser type may be collected for website security and performance purposes.

4. Purpose of Processing

Personal data is used exclusively for membership registration and verification, communication
about events and updates, networking among alumni, and statistical analysis to improve services.
Mailchimp is used to manage newsletters and communications, and tracking cookies are used to
monitor open and click rates for engagement analysis.

5. Legal Basis for Processing

Processing is based on the explicit consent of members, as well as the legitimate interest of
NUSAS to maintain communication and organizational coordination within its alumni network.

6. Data Sharing & Third-Party Processors

Data is not shared with third parties unless necessary for technical or operational reasons,
including: – Website hosting providers (under EU-based GDPR-compliant contracts) – Mailchimp
(email campaign management and analytics, under the EU–US Data Privacy Framework). All third
parties operate under strict confidentiality and GDPR compliance.

7. Data Retention

Personal data is retained as long as membership remains active. Upon termination or deletion
request, data will be erased within 30 days. Mailchimp subscriber data is also deleted upon request
or unsubscription

8. Data Subject Rights

Members have the right to: access, rectify, delete, restrict, or transfer their data, and to withdraw
consent at any time. Requests can be submitted to board@nusas.co.uk. Members also have the
right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) via www.dpa.gr.

9. Data Security Measures

NUSAS applies technical and organizational security measures including: SSL encryption, limited
access to authorized board members, and regular data backups. All website traffic is encrypted,
and personal data is handled with the highest confidentiality.

10. Cookie & Tracking Policy

NUSAS uses cookies essential for website functionality and analytics. Analytics cookies (e.g., via
Mailchimp) track engagement metrics such as email opens and link clicks. By continuing to browse
or by accepting the cookie banner, users consent to the use of cookies as described. Users may
disable cookies at any time through their browser settings.

11. Policy Updates

This Privacy and Cookie Policy may be updated from time to time. Any substantial changes will be
communicated via the website or email notice. The latest version will always be available at
nusas.co.uk.

12. Consent Declaration

By registering or subscribing through nusas.co.uk and selecting ‘Accept’, you confirm that you have
read, understood, and agree with this Privacy, Data, and Cookie Policy, and you consent to the
processing of your personal data under GDPR as described above.