We collect the following categories of personal data when you use AIT Community Netherlands: Account Information — When you register, we collect your name and email address. If you sign in via GitHub OAuth, we receive your GitHub username, profile URL, and public email from GitHub's API. You can also add optional profile details such as a bio, skills, company name, and social links. Payment Data — Event tickets and sponsorship payments are processed by Mollie (our payment service provider). Mollie collects your payment details directly. We receive only a transaction reference, amount, and payment status — we never store your credit card number, IBAN, or other payment instrument details on our servers. Sponsor & Employer Information — If you apply as a sponsor, we collect your company name, website, contact person name, contact email, selected sponsorship tier, and any message you include. Job listings submitted by sponsors include the job title, description, location, job type, salary range, and an application URL. Community Content — Posts, threads, ideas, votes, and replies you create on the community board are stored alongside your user ID and display name. Event Data — When you register for an event, we record your RSVP, attendance status, and any event-specific information required for the event (e.g. dietary preferences for catered events). Analytics — We collect anonymized usage data such as page views, session duration, and referral sources to understand how the platform is used and to improve it. We do not build advertising profiles.

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases under Article 6 for processing your personal data: Consent (Art. 6(1)(a)) — When you create an account, you consent to the processing of your profile data. When you opt in to our newsletter, you consent to receiving email communications. You may withdraw consent at any time by deleting your account or unsubscribing. Performance of a Contract (Art. 6(1)(b)) — Processing is necessary to fulfil our obligations when you purchase an event ticket, enter into a sponsorship agreement, or use platform features that require an account. Legitimate Interest (Art. 6(1)(f)) — We process anonymized analytics data to improve the platform and monitor community safety (e.g. detecting spam or abuse). We balance these interests against your privacy rights and limit data collection to what is strictly necessary. Legal Obligation (Art. 6(1)(c)) — We retain certain financial records (invoices, transaction records) for seven years to comply with Dutch tax and accounting regulations (Algemene wet inzake rijksbelastingen).

We share personal data only with the following categories of service providers, and only to the extent necessary to operate the platform: Mollie B.V. — Processes payments for event tickets and sponsorships. Mollie acts as an independent data controller for payment data. See Mollie's privacy policy at mollie.com/privacy. Resend — Handles transactional email delivery (account verification, password resets, event confirmations, newsletter). Email addresses and message content are shared with Resend solely for delivery purposes. Hosting Provider — Our application and database are hosted on infrastructure within the European Union. The hosting provider processes data on our behalf under a Data Processing Agreement. We do not sell, rent, or trade your personal data to third parties. We do not share data with advertisers. We will disclose data to law enforcement only when required by a valid legal order under Dutch law.

Our use of cookies is minimal and respectful: Essential Cookies — We use a session cookie to keep you signed in and to protect against cross-site request forgery (CSRF). These cookies are strictly necessary for the platform to function and cannot be disabled. Analytics Cookies — With your consent, we may set a cookie to collect anonymized usage statistics (pages visited, session duration). No personally identifiable information is stored in analytics cookies. No Third-Party Advertising Cookies — We do not use any third-party advertising or tracking cookies. No data is shared with ad networks. You can manage cookie preferences through your browser settings. Blocking essential cookies may prevent you from signing in.

We retain your data according to the following schedule: Account Data — Your profile information is retained for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Some data may persist in encrypted backups for up to 90 days before being overwritten. Payment Records — Transaction records, invoices, and related financial data are retained for seven (7) years after the transaction date, as required by Dutch tax law (Algemene wet inzake rijksbelastingen, Article 52). Community Content — If you delete your account, your community posts (threads, replies, ideas) are anonymized rather than deleted. The content remains visible but is no longer linked to your identity. This preserves the integrity of community discussions. Event Data — Event attendance records are retained for twelve (12) months after the event for community analytics, then anonymized. Analytics Data — Anonymized analytics data is retained indefinitely as it cannot be linked back to individual users.

Under the GDPR, you have the following rights regarding your personal data: Right of Access (Art. 15) — You can request a copy of all personal data we hold about you. Right to Rectification (Art. 16) — You can update or correct inaccurate personal data via your profile settings, or by contacting us. Right to Erasure (Art. 17) — You can delete your account at any time from your profile settings. You may also request erasure by contacting us. Note that we may retain certain data where we have a legal obligation (e.g. financial records). Right to Data Portability (Art. 20) — You can request a machine-readable export of your personal data. Right to Restriction (Art. 18) — You can request that we limit how we process your data in certain circumstances. Right to Object (Art. 21) — You can object to processing based on legitimate interest, including analytics. To exercise any of these rights, email us at privacy@aitcommunity.nl. We will respond within 30 days as required by the GDPR. If you believe we have not handled your request appropriately, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Our primary data processing takes place within the European Economic Area (EEA). However, some of our sub-processors (such as email delivery and analytics services) may process data outside the EEA. Where personal data is transferred outside the EEA, we ensure adequate protection through one or more of the following mechanisms: — European Commission adequacy decisions for the recipient country. — Standard Contractual Clauses (SCCs) as approved by the European Commission, incorporated into our agreements with sub-processors. — Additional technical and organizational measures where appropriate. You may request information about the specific safeguards in place by contacting us at privacy@aitcommunity.nl.

For any questions about this privacy policy or your personal data, contact us: AIT Community Netherlands Amsterdam, The Netherlands Email: privacy@aitcommunity.nl We aim to respond to all privacy-related inquiries within 14 days.