PRIVACY

GENERAL PRIVACY POLICY FOR EUROPEAN YOUTH CARD ASSOCIATION EURO<26

Introduction

This is the General Privacy Policy of the European Youth Card Association Euro<26, with its HQ and mailing address Centre Dansaert, 7/11 Rue d’Alost, 1000 Brussels, Belgium and with registered seat at Amsterdam, Netherlands, Dutch Chamber of Commerce file no. 34142416. Our contact details are the following: online form freely accessible from our webpage www.eyca.org (see section “contact” ) online; hereinafter as “EYCA”, “we”, “us”, “our”.

We are the umbrella organisation for the development and promotion of the European Youth Card, endorsed by the Council of Europe and supported by the European Commission.

This General Privacy Policy is elaborated in respect with Regulation No. 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter as “GDPR”.

In this General Privacy Policy will be used legal terms as defined in GDPR; mainly will be used following terms:

  • personal data - means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • controller - means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. EYCA);
  • processor - means a natural or legal person, which processes personal data on behalf of the controller (like our cloud provider, payment provider etc.);
  • consent - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data;
  • data subject – natural person whom personal data are processed (app user, cardholder…);
  • Data processing shall be in compliance with GDPR, this General Privacy Policy as well as other disclaimers published at EYCA webpage or apps.

I. Why we process personal data?

EYCA as a controller processes personal data of young people buying the European Youth Card via the KIOSK or the myEYC mobile app for iOS or Android.

EYCA does not process personal data of cardholders if the European Youth Card was issued by an EYCA

Member Organisation (usually organisation issuing European Youth Card in European countries). In that case EYCA provides only the European Youth Card logo (as license) and archives only the card number, the date of issue of the card and its expiration date. Personal data collected and written on the card are obtained and processed by the EYCA Member. However, if cardholder decides to use myEYC mobile app, by registration of the account the EYCA processes user’s personal data altogether with relevant Member Organisation that issued EYC card.

In respect with above stated, we collect personal data due to following operations of EYCA:

  • Providing European Youth Card via KIOSK (at EYCA’s webpage)
  • Providing the European Youth Card for participants in the European Solidarity Corps or other volunteering activities
  • Providing app for European Youth Card users (myEYC)
  • Sending promotional communications if you so consented

II. What kind of your personal data we collect?

We collect personal data filled in the online registration forms on our webpage or in our app.

  • Contact form – website
  • Card purchase form – website/kiosk
  • Registration form – myEYC app

Data we collect varies according to the registration form you fill in:

For account creation in the myEYC app we collect:

  • Full name
  • Date of birth
  • Email address
  • your location if you choose to provide it to us via the settings in your telephone.

For purchases made via the KIOSK we collect:

  • Full name
  • Date of birth
  • Email address
  • Payment and billing information
  • Telephone number

For requests made through the contact form we collect:

  • First name
  • Email address

We do not collect special categories of personal data (e.g. health data, ethnic, religious data, political, etc).

III. Legal basis and purpose of data processing

We process your personal data mainly based on your consent to your personal data processing.

Purpose of data processing is strictly fixed to the action you have taken – for example:

If you contact us via contact form – we use your data for purpose of preparation of answer to your questions.

If you buy the European Youth Card, we use your data purposes of card issuing, delivery of card and payment for services if required.

If you wish to use our app, we collect your personal data in relation with provision of app services. We will use your personal data with purpose to verify you are a European Youth Cardholder, to create your account and manage it, as well as to improve our services. We may also collect additional information about data usage, your device or other technical measures.

Your consent is necessary for using some of our services (contact form, some functions of our app), therefore it is a contractual requirement.

We do not process your personal data for promotional activities (e.g. sending promotional emails) unless you provide us with your consent for that purpose.

IV. Retention of personal data

We store your data for determined purposes only and for a determined period of time. That is the time during which you are a user of our services.

If you buy a European Youth Card, we store your data from the moment you provide them to us until the expiration date of your card.

If you use our app, we store your data only during the time you are using our app, i.e. until the moment you manually delete your account.

If you contact us, we will store your data for period while your request is managed, maximum up to two months after last communication.

After mentioned periods, we will use your personal data only for compatible purposes that are statistical and archival purposes.

V. Security of your data and data transfer

We store your data on our secured servers located in Germany. Cardholder data safety is very important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

We do transfer your data outside the EU if you are using myEYC app – to prevent myEYC app data loss if our primary German server fails, we maintain secure backup of personal data of app users in Montenegro by our service provider. Altogether with high up to date protection encryption standard we also use standard data protection clauses with our partner providing IT services to secure maximum safety of personal data of app users.

VI. Who else process your personal data

We share your personal data with our partners that process your personal data on our behalf. These partners are Member Organisations that approved your EYC card, companies fabricating and issuing European Youth Cards, companies providing delivery services, companies providing legal services, companies providing IT services, our Data Protection Officer.

They are obliged to us by strict processing agreements and rules they have to follow.

Beside that we provide your personal data to other entities if we are required to do (e.g. to state or European authority, police, courts…).

VII. Rights of individuals

You are fully entitled to manage your personal data processing as well as participate in the process. For that GDPR grants you certain rights as specified below that you can exercise.

In connection with exercising your rights you can contact us or our Data Protection Officer who handles your requests.

If you wish to contact us directly, you can do it by contact form published on our webpage under section “contact” , or via correspondence address European Youth Card Association Euro<26, Centre Dansaert, 7/11 Rue d’Alost, 1000 Brussels, Belgium.

You can also directly contact our Data Protection Officer: Steiner & Associates, s.r.o., which is a law firm based in Slovakia, that will handle your requests: Timonova 4B , 040 01 Košice, Slovakia, email office@steinerassoc.eu . Our Data Protection Officer will manage your request and will give you additional information about how it will be handled.

If you exercise your right, we will contact you as soon as possible to confirm the acceptance of your request, and you will get answer from us within one month following your request at the latest.

We are obliged to secure your identity, therefore we may ask you to provide additional proof of your identity for the purpose of handling your request.

Please acknowledge that you can choose the form in which you would like to communicate with us. If you do not choose such a form, we will communicate with you in the form that you used for your request.

If you exercise you right, we will contact you as soon as possible to confirm the acceptance of your request, and you will get answer from us within one month following your request at the latest.

We are obliged to secure your identity, therefore we may ask you to provide additional proof of your identity for the purpose of handling your request.

Please acknowledge that you can choose the form in which you would like to communicate with us. If you do not choose such a form, we will communicate with you in the form that you used for your request.

Your rights

1. Right to access to your data

You have right to know if we process your personal data, and if we do, you are entitled to obtain a copy of summary of your data processed. This copy would contain information about data processing, e.g. purposes of data processing, categories of your personal data, recipients of your personal data, data storage and so on.

2. Right to rectification

We shall process only your accurate personal data. If there are changes to your personal data or any kind of mistakes in processed personal data, we urge you to contact us and we will correct your data.

3. Right to erasure

You have the right to request erasure of your personal data, if there is fulfilled at least one condition stated in Art 17 of GDPR. For example, you can exercise your right to erasure if your personal data are no longer necessary to process for original purpose, you withdrawn your consent with data processing, your data have been unlawfully processed and so on.

However, we will not erase your personal data if their further processing is necessary to submit a legal requirement from state or EU law, their processing is needed for establishment, exercise or defence of legal claims or we process your data only for statistic and archiving purpose.

4. Right to restriction of processing

You can request from us restriction of your personal data processing if there is fulfilled any condition stated in Art 18 of GDPR. For example, you can apply your right to restriction of processing in case you already contested to the accuracy of your data, processing of your data is unlawful, but you do not wish to erase data – only restrict their processing, we do not need your personal data for original purpose but for establishment, exercise of defence of legal claims of you already exercised right to object personal data processing.

If you exercise the right to restriction of processing, data processing will cease and further processing of your data is possible only by your exclusive consent, or for establishment, exercise or defence of legal claims or for protection of another individual’s rights.

5. Right to data portability

You have right to obtain your personal data we process in a structured, commonly used and machine-readable format (e.g. xml format) and you can transmit these data to another controller. If it is technically possible and you require it, we will transmit your personal data to another controller directly.

6. Right to object and automated decision making

This right is fixed with data processing based on legitimate interests of controller or on task carried out in the public interest. We do not process your personal data on these grounds, but on your consent. Therefore, this right would not apply in our case.

We do not make decision based solely on automated processing including profiling, which produces legal effects to you.

7. Right to withdraw your consent

If you gave us consent to your personal data processing, you have the right to withdraw it any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint to supervisory authority

If you are not satisfied with the result of your request solution or you have concerns regarding the lawfulness of your personal data processing, you can lodge a complaint to our supervisory authority that is the Belgium Data Protection Authority www.dataprotectionauthority.be/citizen

Brussels, 5 March 2026.

Download myEYC App!
QUICK LINKS
© Copyright 2021, EuropeanYouth Card Association Disclaimer Privacy Code of Conduct
CONTACT DETAILS
European Youth Card AssociationCentre DansaertRue d'Alost 7-111000 BrusselsEU Transparency Register number: 320962593161-97
FAQ & Contact form