Privacy Policy

We collect personal data when you submit a form on our website. The exact fields depend on whether you submit as a student, a business, or via a general contact form.

We store submissions in a database (PostgreSQL) via Prisma as part of our internal workflow.

• To respond to your message and follow up on your request.
• To assess fit and coordinate project matching between students and businesses.
• To administer our programs (e.g., scheduling, documentation, and communication).
• To improve our services and internal processes (aggregated / minimal data where possible).
• If you opt in: to send updates via our mailing list.

We process personal data based on one or more of the following legal bases:

• Consent (e.g., mailing list subscription; optional information you choose to provide).
• Legitimate interests (e.g., responding to enquiries and coordinating matches).
• Performance of steps prior to a contract (if collaboration leads to a structured agreement).
• Legal obligation (if we must retain certain information for compliance).

You can withdraw consent at any time (without affecting processing before withdrawal).

We retain submissions only as long as necessary for the purposes described above.

• General enquiries: up to 12 months after last contact.
• Student/business submissions: for the duration of collaboration plus a follow-up period of 24 months.
• Mailing list: until you unsubscribe.
• Backups may persist for a limited time due to technical retention cycles.

We do not sell your data. We share it only when needed to operate our services.

• Hosting provider(s) for our website and database.
• Email provider(s) used to communicate with you.
• Service providers supporting operations (e.g., forms, monitoring, backups), where applicable.

If a provider processes data outside the EU/EEA, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) where required.

We take reasonable technical and organizational measures to protect your data, such as:

• Access controls and least-privilege permissions.
• Encrypted connections (HTTPS/TLS) for data in transit.
• Database access restricted to authorized personnel and services.
• Monitoring, backups, and incident response processes (where applicable).

No system is perfectly secure, but we work to reduce risk and respond quickly to issues.

Under GDPR, you have rights regarding your personal data, including:

• Access: request a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion in certain cases.
• Restriction: request limited processing in certain cases.
• Objection: object to processing based on legitimate interests.
• Portability: receive data you provided in a structured format (when applicable).
• Withdraw consent: when processing is based on consent.

To exercise your rights, contact info@collegiumnovum.eu. You also have the right to lodge a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens).