Last Updated: August 23, 2025

Section 1: Introduction

1. This Privacy Policy explains how UNCOVER Madeira Island ("the organization") collects, uses, stores, and protects the personal data of its members and users of the Membership Card.

2. It applies to all members of UNCOVER Madeira Island, as well as to users of the Membership Card and related services.

3. This Privacy Policy forms part of and complements the Terms & Conditions of the Membership Card.

4. UNCOVER Madeira Island is committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner.

5. This Privacy Policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Portuguese data protection laws.

Section 2: Data Controller

1. The Data Controller responsible for the collection and processing of personal data under this Privacy Policy is UNCOVER Madeira Island.

2. All inquiries regarding personal data, privacy rights, or the processing of data should be directed to the dedicated email address: info@weareuncover.com.

3. A general contact person has been assigned to handle all privacy-related matters.

4. At this time, the organization will not provide a postal address or phone contact for privacy inquiries; all communication will be handled digitally.

5. The organization aims to respond to all privacy inquiries within 7 calendar days.

6. The Data Controller is responsible for all personal data collected in relation to the Membership Card, events, and partner activities.

7. Members may exercise their rights under GDPR by contacting the organization through the dedicated email address.

Section 3: Personal Data Collected

1. The organization collects the following categories of personal data from members:

   • Full name

   • Date of birth

   • Nationality

   • Phone number

   • Email address

   • Proof of enrolment (e.g., university certificate)

   • Acceptance letters or confirmations from mobility/volunteer programs

   • Identification documents (if required for verification)

   • Photos and videos (for membership verification, organizational communication, and promotional purposes)

   • Any other data reasonably necessary for membership management or compliance with legal obligations.

2. In specific cases, the organization may also collect special categories of data, such as health or accessibility information required for participation in activities or events. Such data will only be collected with the member’s explicit consent and processed with appropriate safeguards.

3. Data may be collected directly from members or, where legally permitted, from third-party sources such as universities, Erasmus/mobility programs, or volunteer program coordinators, in accordance with EU and Portuguese law.

4. All personal data collected is strictly necessary for the issuance of the Membership Card, membership management, access to services and events, or compliance with legal obligations.

5. Members are responsible for ensuring that the personal data they provide is accurate and up-to-date, and must notify the organization of any relevant changes.

Section 4: Purposes of Processing

1. Members’ personal data is processed for the following main purposes:

   • Issuing and managing the Membership Card

   • Verifying eligibility and status (student, trainee, volunteer, etc.)

   • Managing membership records

   • Granting access to events, services, and discounts

   • Facilitating communication between the organization and its members

   • Using photos or videos of members for organizational communications and promotion

   • Sharing relevant data with partners to provide benefits or services

   • Supporting internal administration, event planning, and operational management

2. Members consent to receive communications, newsletters, updates, and partner offers upon receiving the Membership Card.

   • Members can withdraw consent at any time by contacting the organization.

3. Members’ data may be processed as required for legal, regulatory, or contractual obligations, such as accounting, audits, or reporting to authorities.

4. Data may also be processed for statistical analysis and reporting, such as tracking membership numbers or participation rates.

   • Such data will always be aggregated or anonymized to prevent the identification of individuals.

5. Members’ personal data will never be processed for unrelated purposes without first informing members and obtaining their consent where required.

6. Members will always be informed about how their data is used, and any new purposes will require notice or consent.

7. Certain processing, such as internal administration or organizational communications, is based on the organization’s legitimate interests, in compliance with GDPR.

8. Special categories of data (e.g., health or accessibility information) are only processed when strictly necessary for participation in activities or events, and only with explicit consent and appropriate safeguards.

Section 5: Data Sharing and Third Parties

1. Members’ personal data may be shared with official partners or service providers only when necessary to verify membership status or provide agreed services/benefits.

2. The organization is not responsible for any use, misuse, or processing of personal data by third parties once it has been shared for legitimate purposes.

3. Members’ personal data is not transferred outside the EU by default.

   • If a transfer outside the EU/EEA is necessary, it will occur only in compliance with GDPR, using standard contractual clauses or other legally approved mechanisms to ensure adequate protection.

4. Any sharing of personal data with third parties will be conducted only for purposes aligned with Section 4, such as membership management, event participation, communications, or legal obligations.

5. Any agreements with third parties who process members’ personal data on behalf of the organization will include data protection obligations to ensure compliance with GDPR.

6. Only the minimum necessary data will be shared with third parties to accomplish the intended purpose.

7. Where legally permissible, members may withdraw consent for certain data sharing by contacting the organization via the dedicated email.

Section 6: Data Retention

1. Retention of Personal Data:
   Personal data will be retained for the duration of active membership.
   After membership ends, personal data will be retained only as long as necessary to comply with legal, regulatory, or administrative obligations, or up to 5 years from the end of membership, whichever is longer.

2. Special Categories of Data:
   Special categories of personal data (e.g., health or accessibility information) will be retained only as long as strictly necessary for the activity or event for which it was collected, and deleted or anonymized promptly afterward, unless retention is required by law.

3. Secure Deletion/Anonymization:
   Once the retention period expires, all personal data will be securely deleted or anonymized to prevent unauthorized access or identification of individuals.

4. Exceptions for Legal Obligations or Disputes:
   Personal data may be retained beyond the standard retention period if required to comply with legal obligations, ongoing audits, or disputes.

5. Retention Review:
   The organization will regularly review stored data to ensure retention periods are respected and unnecessary data is deleted.

6. Member Inquiry:
   Members may request information about how long their personal data will be retained by contacting the organization via the dedicated email address.

Section 7: Data Security

1. Data Storage and Protection:
   Members’ personal data will be stored and protected using appropriate technical and organizational measures, which may include secure digital storage with encryption, access controls, and restricted physical storage, depending on the nature of the data and processing activity.
   These measures are designed to prevent unauthorized access, loss, or misuse of personal data.

2. Restricted Access:
   Access to personal data is limited to authorized staff or representatives who need the information to perform their duties.

3. Protection Against Risks:
   The organization implements measures to protect personal data against accidental loss, destruction, unauthorized access, or other unlawful processing.

4. Member Responsibility:
   Where applicable, members are responsible for protecting their login credentials and devices used to access organizational services.

5. Security Audits and Reviews:
   The organization will regularly review and update its security measures to ensure ongoing protection of personal data in accordance with GDPR and applicable laws.

6. Incident Response:
   The organization has procedures in place to respond to data breaches or security incidents and will notify authorities and affected members as required by law.

7. Third-Party Security:
   Any third parties processing personal data on behalf of the organization are required to maintain adequate security measures to protect personal data in compliance with GDPR.

Section 8: Member Rights

1. Member Rights under GDPR:
   Members have the following rights regarding their personal data:

   • Right of Access – to know what data is being processed.

   • Right to Rectification – to correct inaccurate or incomplete data.

   • Right to Erasure (“Right to be Forgotten”) – to request deletion of personal data where legally permitted.

   • Right to Restriction of Processing – to limit how personal data is used.

   • Right to Data Portability – to receive their data in a structured, commonly used format.

   • Right to Object – to object to certain processing, including marketing.

2. Exercising Rights:
   Members can exercise any of their GDPR rights by contacting the organization via the dedicated email address: info@weareuncover.com.
   Requests should include enough information to identify the member and the request being made.

3. Response Time:
   The organization will respond to members’ requests within 30 calendar days from receipt.

   • For complex requests, this period may be extended by up to 2 additional months, with notification to the member.

4. Cost of Exercising Rights:
   Exercising GDPR rights is free of charge for members.

   • A reasonable fee may be charged if a request is manifestly unfounded, excessive, or repetitive, in accordance with GDPR.

5. Supervisory Authority Complaints:
   Members have the right to file a complaint with a data protection supervisory authority if they believe their rights under GDPR have been violated.

6. Support and Guidance:
   The organization can assist members in understanding and exercising their rights, especially for first-time or complex requests.

Section 9: Changes to Privacy Policy

1. Policy Updates:
   The organization reserves the right to update or modify this Privacy Policy from time to time to reflect changes in legal requirements, organizational practices, or data processing activities.

2. Notification of Changes:
   Members will be notified of any updates to the Privacy Policy via a notice on the organization’s website.

3. Acceptance of Updated Policy:
   Continued use of the Membership Card or participation in the organization’s services constitutes acceptance of the updated Privacy Policy.

4. Scope of Changes:
   Updates to the Privacy Policy apply to all members, including both new and existing members.

5. Member Objection:
   Members who do not agree with changes to the Privacy Policy may contact the organization via the dedicated email address to express their concerns or seek clarification.

6. Effective Date:
   All updates to the Privacy Policy become effective from the date they are posted on the organization’s website.

Section 10: Cookies & Tracking

1. Use of Cookies and Tracking Technologies:
   The organization’s website and digital platforms use cookies and similar tracking technologies to enhance user experience, analyze website traffic, and provide personalized content.

2. Types of Cookies:
   The website uses the following types of cookies:

   • Essential Cookies – necessary for basic website functionality and membership-related services.

   • Analytics Cookies – to analyze website traffic, performance, and usage patterns.

   • Marketing Cookies – to provide personalized content and track engagement with promotional materials.

3. Cookie Consent:
   Members and visitors have the option to accept or reject non-essential cookies (analytics and marketing) through the website’s cookie consent banner or settings.

   • Essential cookies cannot be rejected as they are necessary for basic website functionality.

4. Purpose of Cookies:

   • Essential Cookies – enable core website functions such as navigation, secure access, and membership verification.

   • Analytics Cookies – help the organization understand website usage, improve user experience, and monitor performance.

   • Marketing Cookies – provide personalized content, track engagement with promotions, and support targeted advertising when applicable.

5. Managing Cookies:
   Members and visitors can manage or delete cookies at any time by adjusting their browser settings.

Section 11: Contact Information

1. Dedicated Email:
   Members may contact the organization regarding privacy-related inquiries at info@weareuncover.com.

2. Physical Address:
   A physical address for privacy-related inquiries may be provided in the future if required.

3. Phone Contact:
   A phone number for privacy-related inquiries may be provided in the future if required.

4. Types of Inquiries:
   Members may use the dedicated contact to submit inquiries regarding:

   • Access to their personal data

   • Correction or deletion requests

   • Complaints or concerns regarding privacy practices

   • General questions about the organization’s data processing activities

5. Expected Response Time:
   The organization will respond to privacy-related inquiries within 30 calendar days from receipt of the request, in accordance with GDPR.

6. Alternative Contact Options in the Future:
   The organization may offer additional contact methods in the future, such as a physical office or phone line.

7. Assistance for Complex Requests:
   The organization can assist members in submitting complex requests or clarifying inquiries related to their personal data.

Section 12: Definitions

1. Member:
   Any individual holding a valid Membership Card, including full-degree students, trainees (including internships), volunteers (including international and European programs), and staff of the organization.

2. Personal Data:
   Any information relating to an identified or identifiable individual, including but not limited to name, date of birth, nationality, contact information, and any other data collected by the organization.

3. Processing:
   Any operation or set of operations performed on personal data, whether or not by automated means, including collection, storage, use, disclosure, or deletion.

4. Special Categories of Data:
   Sensitive personal data that requires extra protection under GDPR, including but not limited to health information, accessibility data, or other data revealing racial or ethnic origin, political opinions, religious beliefs, or trade union membership.

5. Third Party:
   Any individual or organization outside of the organization itself, including official partners or service providers, that may process personal data on behalf of the organization.

6. Consent:
   Any freely given, specific, informed, and unambiguous indication of the member’s wishes by which they agree to the processing of their personal data.

7. Data Controller and Data Processor:

   • Data Controller: The organization, which determines the purposes and means of processing personal data.

   • Data Processor: Any third party that processes personal data on behalf of the organization.

8. Website or Digital Platform:
   Any online service or platform operated by the organization, including membership portals, event registration pages, and related digital services, where cookies, tracking, and data collection may occur.

9. Organization-Specific Terms:
   Any other terms specific to this Privacy Policy or membership program will be defined contextually within the relevant sections.

Privacy Policy