Stamily Privacy Statement
May 18, 2025
​
1 Who we are
Stamily is committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This Privacy Statement explains how we collect, use, store, and protect your personal data.
The data controller responsible for your personal data is:
Stamily
Akenwerf 11, 2317DJ Leiden, the Netherlands
​
Stamily does not have a formally appointed Data Protection Officer (DPO), as we are not legally required to do so under current GDPR obligations. The GDPR allows for a DPO to be either an individual or an external organization, but only where certain criteria apply—such as large-scale processing of sensitive data or systematic monitoring of individuals—which does not reflect the nature of our activities.
​
However, if you have any questions or concerns about how we handle your personal data, you can contact us at the email address above. Your inquiry will be directed to the appropriate person within our organization who is responsible for data protection matters.
​
2 Overview of data processing for our projects and services
2.1 Membership registration​
2.1.1 How we collect your data
We collect your data when you register for membership.
​
2.1.2 What personal data we collect
When someone becomes a member of Stamily, we collect the following information through our membership form:
-
First name and last name
-
Email address
-
Phone number
-
Year of birth
-
Nationality
-
Motivation to join Stamily
-
Confirmation of being 18 years or older
-
Payment details (such as your name and payment reference), which may become visible to us through Wix, our payment platform. Some of this data may also be stored by Wix in accordance with their privacy statement.
​
2.1.3 Why we collect your data
We collect this information to:
-
Manage and administer membership
-
Communicate with members via email, phone and WhatsApp (for contact, updates, activities, and newsletters)
-
Confirm eligibility (members must be 18 or older). Our services are not intended for individuals under the age of 18.
-
Understand the demographics and motivations of our member base to improve our activities and inclusivity
-
Process and verify membership payments, including payment confirmation, reminders and follow-up if needed
​
2.1.4 Legal basis for processing
We process your personal data based on your consent (when you complete the form and agree to our privacy statement) and our legitimate interest in managing our association and communicating with our members.
​
2.1.5 How we store and protect your data
Your membership data is securely stored in access-controlled systems used by our team. Access is limited to authorized volunteers and board members who require the data for membership administration.
​
2.1.6 How long we keep your data
We retain your data for as long as you are a member. We retain your personal data for up to 5 years after your membership ends, unless we are legally required to keep it longer (for example, for tax or payment records). In practice, we may delete or anonymize most of your data sooner. Payment-related data may be retained longer due to system limitations or legal obligations.
​
2.1.7 Sharing your data with third parties
We do not sell or rent your personal data to third parties.
We only share your data in the following cases:
-
Aggregated and anonymized statistics: To provide insight into our membership base, we may include general data (e.g., age ranges, nationalities) in our annual report. These statistics cannot be traced back to individual members.
-
Service providers: We may share limited data with trusted third-party providers who help us operate our services, such as Wix (for membership payment processing) and our email or communication platforms. These providers are only permitted to use the data as necessary to perform their services for us and are bound by data protection agreements or equivalent safeguards.
-
Legal obligations: We may disclose your data if required to do so by law or if we believe such action is necessary to comply with legal obligations or protect the rights, safety, or integrity of Stamily or others.
​
2.2 Youth Exchanges​
2.2.1 How we collect your data
We collect your data when you register for a Youth Exchange and complete the required questionnaires. At the end of the event, we may also ask you to fill in an evaluation form.
​
2.2.2 What personal data we collect
When you participate in a Youth Exchange project, we may collect the following personal data:
Contact and identification details:
-
First and last name
-
Phone number
-
Email address
-
Whether you use WhatsApp
-
Gender
-
Date of birth
-
Country of residence
Travel-related information:
-
Mode of transportation to and from the Youth Exchange
-
Travel dates and times
-
Travel costs and related tickets, receipts, and boarding cards
Health and dietary information (only if relevant to your participation):
-
Food preferences and allergies
-
Medication use and other relevant health information
-
Medical background
-
Ability to swim and/or hike longer distances
Other information necessary for participation:
-
Emergency contact person (including phone number)
-
Preferred sleeping accommodation
-
Willingness to assist in the organization
-
Consent for the use of photo and video material
Payment-related information:
-
Bank transfer details (e.g., sender’s name or payment reference) if visible to us when you pay the participation fee
Additional documentation (only with your explicit consent):
In certain situations, such as in the case of late cancellation or a no-show, we may request additional documentation to demonstrate to Erasmus+ that you intended to participate. This may include:
-
A copy or screenshot of travel tickets or booking confirmations
-
Proof of payment for travel or accommodation
This information is collected only when necessary and only with your explicit consent.
​
2.2.3 Why we collect your data
We collect this information to ensure the Youth Exchange runs smoothly, safely, and inclusively.
-
Travel details enable us to support participants with their journey to and from the event.
-
Health and dietary information is essential to safeguard your well-being during the exchange.
-
Information about gender, age and country of residence is used to help form a well-balanced group. This is not assessed on an individual basis, but rather to ensure diversity and balance at the group level (e.g. gender ratio, age range, representation).
-
Information about your motivation to join the Youth Exchange is collected to help ensure a safe and inclusive environment, and to make adjustments based on any specific needs you may have.
-
Age information is required to meet the eligibility criteria of the Erasmus+ programme (typically 18–30 years old).
-
Gender information helps us form a balanced group.
-
General information about preferences, hobbies, and backgrounds contributes to creating a well-rounded group dynamic and helps us prepare relevant activities.
-
Payment details may be needed to confirm receipt of your participation fee and for administrative purposes.
-
In rare cases where a participant must cancel shortly before the event, Erasmus+ may require us to demonstrate that the participant had concrete plans to attend. To meet this requirement, we may ask for proof such as travel bookings or payment confirmations. This is strictly voluntary and will only be requested with your explicit consent. It helps us comply with Erasmus+ guidelines and ensures the project remains financially accountable.
-
In some cases, accommodations require limited personal details (such as names, ID numbers). This will be handled on a case-by-case basis and only shared with your explicit consent.
​
2.2.4 Legal basis for processing
We collect and process your personal data as part of our responsibility to organize Erasmus+ Youth Exchange projects. These projects are funded by the Erasmus+ programme and must meet certain quality and safety standards, which require us to collect specific participant information. Our legal basis for processing is therefore the performance of a task carried out in the public interest (Article 6(1)(e) GDPR) and, where applicable, your explicit consent (Article 6(1)(a) and 9(2)(a) GDPR for health-related data).
​
2.2.5 How we store and protect your data
Your data is stored securely on Google Shared Drives, which are protected by access controls. Access rights are actively managed and limited to those who need the data for organizational purposes at that time. We take reasonable technical and organizational measures to protect your information against unauthorized access, loss, or misuse.
​
2.2.6 How long we keep your data
We retain your data only as long as necessary to organize and evaluate the event, and to meet our reporting obligations towards Erasmus+. In general, this means we keep most data for up to two years after the event. Where applicable, we follow legal and grant-related retention requirements.
Any particularly sensitive information, such as medical details or motivation letters, is deleted within one year after the Youth Exchange, and preferably sooner, once it is no longer needed for preparation or safeguarding purposes.
​
2.2.7 Sharing your data with third parties
We organize Youth Exchange projects in collaboration with partner organizations, as listed in our Erasmus+ grant agreements. Representatives from these organizations who have a direct organizational role may be granted access to relevant personal data, but only to the extent necessary for fulfilling their responsibilities. Similarly, participants who take on specific organizational tasks may temporarily access certain data if it is essential for their role.
In rare cases, such as when a participant cancels shortly before the event, we may be required to share additional documentation (e.g., proof of travel bookings or payments) with the Erasmus+ National Agency to demonstrate that the participant had intended to attend. This will only be done with your explicit consent and only when necessary to comply with funding and reporting requirements.
In some cases, we may need to share limited information with accommodation providers (e.g. for check-in). This will only happen when necessary and always with your explicit consent.
We do not share your data with third parties for commercial purposes.
​
2.3 StammerOn Fund applications​
2.3.1 How we collect your data
We collect your personal data when you apply for the StammerOn Fund via the Google Form provided.
2.3.2 What personal data we collect
When you apply, we ask for the following information:
-
Name
-
Age
-
Email address
-
Country of residence
-
Whether you stutter
-
Artistic background
-
Intended use of funds and potential impact of support
If your application is successful, we will also ask for:
-
Payment details (e.g., your bank account number or IBAN) to transfer the grant
​
2.3.3 Why we collect your data
We collect this information to assess applications and allocate the fund to individuals who best meet the criteria. This helps ensure fair and effective distribution of support. If your application is approved, we also need your payment details to process the financial transfer.
​
2.3.4 Legal basis for processing
Your application is voluntary. We process your data based on your consent and for the legitimate purpose of administering the fund.
​
2.3.5 How we store and protect your data
Your data is securely stored on Google Shared Drives, protected by access controls. Access is limited to those involved in the fund's administration and is actively managed. We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse.
​
2.3.6 How long we keep your data
We retain your data for as long as necessary to process your application and manage the fund, up to a maximum of five years. After that, your data will be securely deleted.
​
2.3.7 Sharing your data with third parties
The StammerOn Fund is a collaborative initiative between Stamily, the Scottish Stammering Network, and the British Stammering Association (STAMMA). Each organization appoints a representative to the selection committee. These representatives have access to the data solely for the purpose of reviewing and evaluating applications. The same data retention period of up to five years applies to these partner organizations, after which the data will be securely deleted.
​
2.4 Local meetup registration​
2.4.1 How we collect your data
We collect your personal data when you sign up for a Stamily in-person meetup. The organizing committee—consisting of appointed Stamily members—gathers the necessary information through forms or direct communication (e.g., email or chat).
​
2.4.2 What personal data we collect
To organize the meetup effectively, the organizing committee may collect various types of information, which can vary from year to year depending on the specific plans and needs of the event. This may include, for example:
-
Name
-
Sleeping arrangements or room preferences
-
Food allergies and their severity
-
Dietary restrictions and breakfast preferences
-
Travel details (e.g., arrival/departure times, modes of transport)
-
Emergency contact information
-
Accessibility needs
-
Participation in specific activities or sessions
-
Payment-related information (e.g., your name or bank account reference, if this is visible to us when you transfer your participation fee)
-
In some cases, accommodations require limited personal details (such as names, ID numbers). This will be handled on a case-by-case basis and only shared with your explicit consent.
​
2.4.3 Why we collect your data
This data is needed to organize the meetup effectively and safely—such as booking accommodations, planning meals, arranging group activities, and managing payments.
​
2.4.4 Legal basis for processing
Participation in the meetup is voluntary, and by registering, you consent to us using the data you provide for the purpose of organizing and running the event.
​
2.4.5 How we store and protect your data
Your data is stored securely in the Stamily Google Workspace (Shared Drive), which is protected by access controls. Access is limited to the members of the organizing committee and is actively managed. We take appropriate technical and organizational measures to safeguard your information.
​
2.4.6 How long we keep your data
We keep your data only as long as needed to organize and follow up on the event, generally no longer than one year after the meetup. After that, it is securely deleted unless a legal or financial reason requires longer retention (e.g., for accounting records related to payments).
​
2.4.7 Sharing your data with third parties
We do not share your data with external parties unless necessary for the logistics of the event (e.g., providing your name and dietary needs to a hostel or caterer). In such cases, we share only the minimum required information.
In some cases, we may need to share limited information with accommodation providers (e.g. for check-in or dietary arrangements). This will only happen when necessary and always with your explicit consent.
​
3 Contact with Confidants​
Our association offers the option to contact a confidant for confidential support or to discuss concerns. Reaching out to a confidant is entirely voluntary. To protect the privacy and trust of those involved, records of these conversations are not stored centrally and are not accessible to the board or other organizational structures, as confidants may also handle matters involving the board.
Each confidant manages their own notes or records, if any, in accordance with privacy and discretion, and only for the purpose of providing appropriate support.
​
4 International data transfer​
Some of the tools and service providers we use to process your personal data are located outside the European Economic Area (EEA), or may store data on servers located outside the EEA. For example, we use Google Workspace (for shared drives and forms) and Wix (for payments), both of which may involve transfers to the United States or other countries.
When such international data transfers occur, we ensure that appropriate safeguards are in place, such as:
-Standard Contractual Clauses (SCCs) approved by the European Commission
-Adequacy decisions where applicable (e.g. transfers to countries the EU considers to provide an adequate level of data protection)
-Contractual and technical measures to protect your data against unauthorized access
By interacting with our services, you acknowledge that your data may be processed in countries outside the EEA, where data protection standards may differ. However, we take steps to ensure your data remains protected in line with GDPR requirements.
​
5 Data Security​
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or disclosure.
​
While we take steps to protect your data, if a data breach occurs that poses a risk to your rights and freedoms, we will notify the appropriate supervisory authority without undue delay and, where required by law, inform you directly.
If a breach is likely to result in a high risk to your privacy, we will also notify you as soon as reasonably possible, providing details about the nature of the breach, the likely consequences, and the steps we are taking to address it.
If you suspect any misuse or unauthorized access to your data, please contact us immediately at hello@stamily.org.
​
6 Cookies and Tracking Technologies​
We use cookies and similar technologies to improve user experience.
​
7 Your rights under GDPR​
You have the following rights regarding your personal data:
-
Right to access your data
-
Right to rectification (correction of inaccurate data)
-
Right to erasure ("right to be forgotten")
-
Right to restrict processing
-
Right to data portability
-
Right to object to processing
-
Right to withdraw consent at any time
To exercise your rights, please contact us at hello@stamily.org. We respond to all data access or deletion requests within 30 days. You may be asked to verify your identity.
​
8 Updates to this privacy statement
We may update this Privacy Statement periodically. The latest version will always be available on our website.
​
9 Contact information
If you have any questions about this Privacy Statement or our data practices, please contact us at: