Privacy policy

1. Introduction

This Privacy Policy ("Policy") outlines how we process your personal data with regard to your use of our student platform, Campus (“Platform”), available on our mobile application (the "App") and business portal (the "Portal"). The Campus Platform (including both services) is operated by Hexagons BV, a company registered under Belgian law with company/tax ID BE1009.785.044 ("Hexagons," "Campus," "we," "us").

Protecting your privacy is of utmost importance to us. Whether you are a student ("Student") or a company representative ("Business User"), this Policy explains how, why, and on what legal grounds we process your personal data. It also ensures you remain in control of your information while being informed about any data-sharing practices.

Your data is handled in compliance with Belgian and European data protection regulations, including the EU General Data Protection Regulation 2016/679 ("GDPR"), as well as applicable national laws.

We encourage you to read this Policy thoroughly. It outlines your rights regarding your personal data, details our data processing practices, and explains how you can exercise your rights.

Important Notes:

• This Policy does not apply to the practices or terms of third-party services.
• Our App and Portal are not intended for individuals under the age of 18. We do not knowingly collect data from minors. If we discover that a user is under 18, we will take appropriate action to deactivate their account promptly.

By using our Campus Platform, you agree to the terms of this Privacy Policy.

 

2. Responsibilities of data processors

As the data controller, we determine the purposes and means of processing your personal data, either independently or in collaboration with our customers (companies).

For personal data processed on the App related to Students, Hexagons BV and the Business User act as joint controllers. In accordance with Article 26 of the GDPR, we have established clear agreements with Business Users to define responsibilities and ensure compliance with GDPR requirements.

Important Notes:

• If you, as a Student, apply for a specific job vacancy, sign up for an event or use a service offer provided by a Business User through the App, the Business User will provide you with details of their data processing activities in their own privacy policy. Hexagons BV is not responsible for how your personal data is handled once it is processed outside the App. The Business User's privacy policy will apply, and it will be made available to you.

3. Data collection and purposes

The Campus Platform processes personal data for the following purposes, divided into a section for Students and for Business Users:

Students

 

Business Users

4. Third-party processors and data sharing

Cloud Data Storage

All user data collected through the Platform is securely stored in Google Cloud Platform (GCP) servers located in the European Economic Area (EEA). Google ensures compliance with EU data protection standards, providing robust security and privacy measures for your personal data.

For more information about how Google processes and protects your data, please refer to the Google Cloud Privacy Policy .

Additional third-party data processing

We work with carefully selected third-party service providers ("processors") who help us deliver our Platform and services. We only share what is necessary for the processors to perform their specific services. We only work with processors who can provide sufficient guarantees that they will protect your data in accordance with GDPR and other applicable data protection laws.

List of third-party processors with whom your personal data may additionally be shared by Hexagons BV:

Data Sharing

Hexagons BV only shares personal data that is relevant and necessary for your use of the Platform and for conducting our activities. Whenever we transfer your personal data to third-parties or processors, we ensure that appropriate safeguards and security measures are in place to protect your information.

Additionally, we may disclose your personal data if required by law or when we, in good faith, determine that such disclosure is necessary to:

• Comply with a request from a supervisory authority, judicial inquiry, court order, or legal proceeding related to the Campus Platform.
• Address claims against Hexagons BV regarding personal data that may infringe on the rights of third-parties.
• Protect the rights, property, or safety of Hexagons BV, our employees, contractors, users, or the general public.

Protecting Access to Your Data

Your personal data will only be accessed by processors, employees, or contractors of Hexagons BV, and third parties on a strict "need-to-know" basis. Access will be limited to the extent necessary to perform their specific tasks or services.

No Unauthorized Selling or Sharing

Hexagons BV will never lend or sell your personal data to third parties without your explicit consent. However, in the event of a corporate transaction—such as a merger, acquisition, reorganization, sale of assets, or bankruptcy—Hexagons BV may transfer your personal data as part of the transaction. In such cases, we will make reasonable efforts to ensure that the recipient adheres to this Privacy Policy.

 

5. Data location and transfer

We do not transfer your personal data outside the European Economic Area (EEA).

If a transfer of data outside the EEA becomes necessary in the future, we will ensure that appropriate safeguards are in place to comply with applicable data protection laws. These safeguards may include, but are not limited to:

• The use of Standard Contractual Clauses approved by the European Commission.
• Implementation of additional measures to provide adequate protection for your data.

You will be informed of such transfers and the applicable safeguards in accordance with legal requirements.

6. Data protection

At Campus, we implement appropriate technical and organizational measures to ensure a level of security that aligns with the risks associated with processing your personal data. These measures include, but are not limited to:

• Technical controls and safeguards, such as encryption, authentication and authorization to protect your data.
• Data recovery and backup systems to minimize the impact of potential incidents.
• Incident response plans to address security breaches efficiently.
• Regular testing and assessments of our security measures to maintain their effectiveness.

Important Note:
While we strive to protect your personal data, it’s important to understand that transmitting data over the Internet always carries inherent risks. Although we take every precaution to safeguard your information, we cannot guarantee absolute security.

 

7. Data retention

We will only process, store or retain your personal data for as long as necessary to fulfil the purposes described in section 3 of this Privacy Policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period in case of a legal obligation or in the event of a complaint or if we reasonably believe there is a dispute or possible litigation in respect to our relationship with you or the company or organization you work for. Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed.

The retention periods may vary depending on the purposes on the processing and our legal obligations.

The Campus Platform applies the following retention periods:

Students

• All data will be deleted 30 days after termination of the account. Accounts need to do a yearly email verification to validate that the user is still a student. If this verification fails or is ignored, the account will automatically be terminated.
• Location data will automatically be removed after a maximum of 2 hours after obtaining the data.

Business Users

• All data will be removed 10 years after the closing of all Business User accounts related to the Company of the Business User.

All technical information that has been (pseudo-)anonymized or aggregated will be deleted 12 months after collection.

 

8. Your rights and how to exercise them

Your rights

Under Articles 15–22 of the GDPR, you have the following rights concerning the processing of your personal data through the Campus Platform:

Right of Access

You have the right to request confirmation about whether we are processing your personal data. If so, you may access the data, understand how and why it is being processed, and request a copy of that data.

Right to Rectification

You can request correction of inaccurate personal data or completion of incomplete data that we process about you. As a Student, you can exercise this right by requesting a data modification request in the app, for all data that can’t be edited through self-service, such as first name or last name.

Right to Erasure ("Right to Be Forgotten")

You can request the deletion of your personal data under specific circumstances. As a Student, you can exercise this right by creating a data deletion request in the App.

Right to Restriction of Processing

You can request a limitation on the processing of your personal data in specific circumstances, such as when the accuracy of the data is contested or when processing is unlawful.

Right to Data Portability

You may obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format.

Right to Object

You can object to the processing of your personal data when it is based on our legitimate interest. You may also object at any time, free of charge, to the processing of your data for direct marketing purposes.

Exercising Your Rights

Through the Campus Platform, self-service is offered to view, update and delete the data connected to a user, either directly or by making a data update request.

To exercise any of these rights that aren’t offered as self-service directly via the Campus Platform, contact us at privacy@campusapp.app .

• The exercise of these rights is generally free of charge. However, we may charge a reasonable administrative fee for repetitive or excessive requests.
• To verify your identity, we may request proof, such as a copy of your identity card. Please ensure non-essential information (e.g., photo, ID number) is redacted before submission.

Complaints

If you believe your rights have been violated, you have the right to file a complaint with the relevant Data Protection Authority.

In Belgium, contact:

• Data Protection Authority
  • Email: contact@apd-gba.be
  • Address: Drukpersstraat 35, 1000 Brussels

We encourage you to contact us first at privacy@campusapp.app so we can address your concerns directly before escalating to the Authority.

 

9. Applicable law and jurisdiction

This Privacy Policy is governed by and interpreted under Belgian law. Any disputes arising from this Privacy Policy shall fall under the exclusive jurisdiction of the courts of Ghent. We encourage you to contact us first at privacy@campusapp.app so we can address your concerns directly before taking legal action.

 

10. Privacy policy changes

Hexagons BV reserves the right to update this Privacy Policy at any time. The date of the latest revision is noted at the top of this document.

• Notification of Changes: We will only notify you explicitly of significant updates through the Platform and, if necessary, seek your consent for significant changes.
• Effective Date: Updates take effect 7 days after publication, unless the changes are required to comply with legal obligations, in which case they take effect immediately.