This Privacy Policy explains how the International Student Society (“ISS”, “we”, “our”, “us”) collects, uses, and protects your information when you use our website and mobile application (ISS Hub). We are committed to processing your personal data in accordance with the General Data Protection Regulation (GDPR), Irish Data Protection laws, and platform policies (including Google Play and Apple requirements).

Who We Are

Our website address is: https://atuiss.com. The International Student Society (ISS) operates across Ireland, supporting international students and residents through community, events, and digital services. We are committed to ensuring your personal data is processed lawfully, fairly, and transparently.
ISS acts as the Data Controller for the personal data collected through its services.

Information We Collect

We may collect the following types of information:
• Information you voluntarily provide (name, email, profile details, nationality, institution, event bookings, communications).
• Login information (securely processed and never stored in plain text).
• Media you upload (photos, files, posts, comments).
• Technical information such as IP address, device type, operating system, browser type, and usage logs.
• Cookies and usage data.
• Information processed by third-party services such as analytics tools, payment processors, and notification systems.

Identity Verification (IRP / PSC)

To ensure eligibility, prevent fraud, and maintain a safe community, we may request identity verification documents such as:
• Irish Residence Permit (IRP)
• Public Services Card (PSC)
• Student ID or proof of enrolment

These documents:
• Are used strictly for identity and eligibility verification
• Are never publicly displayed
• Are never sold or used for marketing purposes
• Are securely stored with restricted access
• Are retained only as long as necessary for verification and compliance purposes

Processing of identity verification data is based on our legitimate interests in maintaining a safe and trusted community and preventing fraud.

Comments

When visitors leave comments, we collect the data shown in the comments form, the visitor’s IP address, and browser user agent string to help spam detection. An anonymised string (hash) may be sent to the Gravatar service. After approval, your profile picture becomes visible in the context of your comment.

Media

If you upload images to the website, please avoid uploading images with embedded location data (EXIF GPS), as visitors may extract this data.

Cookies

We use cookies to store preferences and maintain sessions. You can disable cookies in your browser settings, although some features may not function correctly.

Embedded Content From Other Websites

Content on this site may include embedded content (e.g., videos, images, articles). These behave as if you visited the external website directly and may collect data, use cookies, and track interactions.

How We Use Your Data

Your data may be used to:
• Manage your account and membership
• Verify identity and eligibility
• Provide website and app services
• Process event bookings and payments
• Communicate updates and notifications
• Detect and prevent fraud or misuse
• Improve performance, security, and user experience

If you request a password reset, your IP address may be included for security purposes.

Legal Basis for Processing

We process personal data under the following lawful bases:
• Consent
• Contractual necessity (e.g., event bookings and membership services)
• Legal obligations
• Legitimate interests (such as improving services and ensuring security)

Third-Party Services

We may share limited data with trusted third-party providers that help operate our services, including:
• Payment processors (e.g., Stripe)
• Analytics providers
• Push notification services (e.g., Firebase Cloud Messaging)
• Spam detection tools

These providers process data on our behalf and are subject to their own privacy policies.

International Data Transfers

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses or compliant providers.

How Long We Retain Your Data

We retain data only as long as necessary:
• Account data: while your account is active
• Event and transaction data: as required for legal and financial purposes
• Technical logs: up to 12–24 months
• Identity verification documents: only as long as necessary for verification and compliance

Your Rights Over Your Data

Under GDPR, you have the right to:
• Access your personal data
• Correct inaccurate information
• Request deletion of your data
• Restrict or object to processing
• Withdraw consent at any time
• Request data portability
• Lodge a complaint with the Irish Data Protection Commission (DPC)

You may request a copy or deletion of your data by contacting iss@atuiss.com.

Data Deletion

You may request deletion of your personal data at any time. Upon verification, we will delete:
• Your account and profile information
• Posts, comments, and uploaded content
• Booking history (unless required for legal or financial purposes)

Local app data will be removed when you uninstall the app.

Where Your Data Is Stored

Your data is stored on secure servers and may be processed within the European Union or by trusted providers with appropriate safeguards.

Children’s Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect data from children. If such data is identified, it will be deleted.

Security

We implement appropriate technical and organisational measures, including encryption (HTTPS), secure authentication, and restricted access controls. However, no system is completely secure.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updated versions will be posted with a revised “Last Updated” date.

Contact Us

If you have questions or requests regarding your data:

Email: iss@atuiss.com
Website: https://atuiss.com