Privacy Policy

ESN Sweden Privacy Policy

Last updated: 27 March 2026

Erasmus Student Network Sverige (“ESN Sweden”), org.nr. 802422-8960, is a non-profit organisation part of Erasmus Student Network (“ESN”). We work for the integration and wellbeing of international students in Sweden.

This privacy policy explains how we collect and use your personal data, who we share it with and your data protection rights. It applies when you register for our events, contact us, or otherwise interact with ESN Sweden.

Data we collect

When you register for an event, we collect the information necessary to manage your participation. This may include your name, email, phone number, birthdate, nationality, country of residence and address.

For certain events, we may also collect:

  • ID details (e.g., passport number) — for participant verification.
  • Clothing sizes — to provide event merch.
  • Gender — to assign rooms or teams appropriately.
  • Dietary preferences & special needs — to accommodate dietary, accessibility, or other requirements during the event.

Payment information, such as credit card numbers, is directly handled by our payment provider Stripe and is not collected or accessible by ESN Sweden.

When you contact us by email or using a form on our website, we collect your name, email address and any other information you provide so we can assist you.

When you fill out an event‑related form (for example, a Google Form sent to participants), we collect the information you provide so we can organise the event.

How we use your data

We use your personal data to:

  • Process your order and provide you with information about the event
  • Organise and deliver our events, including logistics, accommodation, safety, and participant management.
  • Provide support when you contact us by email or through a form.

We process this data on the legal bases of performing a contract (your event registration), fulfilling legal obligations (such as passenger lists required by transport providers), and our legitimate interest in organising safe and effective events.

Who we share your data with

For Sea Battle, we share your name, date of birth and nationality with Tallink which are required to have a passenger list by law. With Generator Hostels, we share your name, age and gender which is required for booking.

For other events, we may share your data with third parties involved in organising the event, such as accommodation providers, venues, universities, or other partners when required to deliver the event .

Storage and retention

Event registration data is stored on our server hosted by Microsoft Azure in Sweden. Emails and support messages are stored on Google’s infrastructure.

Access to personal data is restricted to authorised individuals involved in organising the event or providing customer support. We maintain technical and organisational measures to protect personal data from unauthorised access, loss, or misuse.

We keep event registration data for up to one year after the last day of the related event, unless a longer retention period is required by law. After this, the personal data will be deleted or anonymised.

International transfers

Some of our service providers, such as Google and Stripe, may process personal data outside the EU/EEA. When this happens, they use legally recognised safeguards to ensure that the data remains protected.

Your data protection rights

You have the following rights regarding the personal data we process about you:

  • Right to access – You can request confirmation of whether we process your personal data, what categories of data we hold, who it has been shared with, and you can receive a copy of your data.
  • Right to rectification – You can ask us to update or correct your personal data if it is inaccurate, incomplete or outdated.
  • Right to erasure – You can request that we delete your personal data, unless we still need it to organise an event you are registered for or we are required to keep it for legal reasons.
  • Right to restrict processing – You can ask us to limit how we use your personal data while we resolve an issue, such as verifying its accuracy or handling an objection.
  • Right to withdraw consent – If we process your personal data based on your consent, you can withdraw that consent at any time.
  • Right to object – You can object to our processing of your personal data when we rely on legitimate interests. Unless we have compelling legal grounds to continue, we will stop processing your data.
  • Right to data portability – You can request that we transfer your personal data to you or to another organisation, when technically feasible.

To make a request, please contact our Data Protection Officer using the contact details at the bottom of this page. You will receive an answer within a month.

Changes to our privacy policy

We may change the privacy policy from time to time to reflect changes in our services, privacy practices or applicable laws. The “Last updated” legend at the top of this page indicates when the privacy policy was last materially revised.

Contact us

If you have any questions about our privacy policy or you would like to exercise your data protection rights, please contact our Data Protection Officer:

Email[email protected]

Postal address

C/o Linnékåren
Universitetsplatsen 1, Huvudgodsmottagningen
352 52 Växjö
Sweden

Make a complaint with the national authority

If you think that we are not fulfilling our obligations and are dissatisfied with how we process your personal data, you can file a complaint with the Swedish Authority for Privacy Protection (IMY).

Complain about incorrect processing of your personal data

Email[email protected]

Phone+46 8-657 61 00