Privacy Notice (Version 1.0 – dated [August 1, 2020])
The European Economic Association understands that your privacy is important to you and that you care about how your personal data is used. In this Privacy Notice we therefore describe how we collect, use and store your personal data. We advise you to carefully read this Privacy Notice.
Please rest assured that in processing your personal data we always try to act in accordance with the provisions of the General Data Protection Regulation (EU Regulation 2016/679 or “GDPR”) and any other applicable laws or regulations on the protection of personal data.
1. Information About Us
The European Economic Association (also referred to as “we” or “us”) is a non-profit international scientific association constituted under Belgian law, with company number 0429.064.949 and with registered address at Neerstraat 107, 3980 Tessenderlo, Belgium. In the framework of this Privacy Notice, we shall act as the data controller.
If you would like to contact us in relation to this Privacy Notice, you can do so by using the following contact details:
Data protection lead: General Manager
Email address: firstname.lastname@example.org
Telephone number: 0039 340 8357633
2. What Does This Privacy Notice Cover?
This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights in relation to the processing of your personal data.
The Privacy Notice is applicable to all data processing activities carried out by the European Economic Association, including the data processing activities carried out through our websites or in the framework of our service provision. By continuing to use or websites and services, you confirm to have read and understood the content of this Privacy Notice.
3. What Personal Data Do We Collect?
Personal data is defined by the GDPR as any information relating to an identified or identifiable natural person who can be directly or indirectly identified in particular by reference to an identifier. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
When you use our websites or sign up to our services, we may collect some or all of the following personal data (this may vary according to your relationship with us):
• Name and surname;
• Year of birth;
• (Work) Address;
• Email address;
• Telephone number;
• Business name;
• Job title;
• Payment information;
• Information about your research preferences and interests.
For “in-person” event organisation, we may collect the following:
• Information on any food allergies;
• Photos of people taken at the event (provided – where necessary – you have given your consent to such photos being taken and published).
These personal data are processed in order to allow us to provide you with the requested services (e.g. membership registration or registration for one of our events), to be able to handle your requests (e.g. to answer the queries addressed to us via the contact form) or because it is in our legitimate business interest to do so. Hence, your data are processed on the legal basis existing in the necessity to be able to perform a contract we have (or will engage in) with you, on the basis of your consent or on the basis of our overriding legitimate business interest.
Some of the above mentioned information is mandatory to provide (which will always be indicated appropriately). If you fail to provide us with such mandatory information, we will not be able to provide you with the requested services.
Where we process your personal data for direct marketing purposes on the basis of your consent, you have the right to withdraw such consent at any time (opt-out). You can exercise this right be using the unsubscribe button in the email, by changing the preferences in your account or by sending an email to the following address: email@example.com.
4. How Do We Use Your Personal Data?
Your personal data may be used for the following purposes:
• Providing and managing the services we provide to you, such as membership and event registration.
• Communicating with you. This may include responding to emails or calls from you.
• Supplying you with information that you have opted-in to (you may unsubscribe or opt-out at any time).
• Evaluating, managing and updating our websites.
We have taken all reasonable and suitable technical and organizational measures in order to protect your personal data as well as possible against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
Your personal information will also be treated as strictly confidential at all times.
5. How Long Will We Keep Your Personal Data?
We will not keep your personal data for any longer than is necessary for the purpose for which it has been collected or for as long as legally required. The length of time we keep your data for may vary depending on the activity it relates to.
In the event that no legal obligation to store your personal data exists, your personal data shall be erased on a routine basis once the purpose for which the personal data is collected has been achieved.
Most of your personal information will be retained by us for a period of maximum 10 years following the end of our membership relationship with you.
We may store your personal data for longer if you have given us your consent to do so or where such storage is necessary for the establishment, exercise or defense of legal claims. In this last instance, certain personal data may be used for evidence purposes.
6. How and Where Do We Store or Transfer Your Personal Data?
We will in principle only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
Should it nevertheless be necessary to transfer your personal data outside of the EEA, we will take measures to ensure that your personal information is protected at all times (for example, signed standard contractual clauses).
7. Do We Share Your Personal Data?
We may sometimes contract with selected third parties to supply services to you on our behalf. In some cases, those third parties may require access to some or all of your personal data that we hold.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. Such third party service providers shall in principle only process your personal information as data processors acting on our behalf and we will take appropriate measures to ensure that an contract has been signed with them so that they respect similar privacy standards as the ones set out in this Privacy Notice.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
Personal data that is voluntarily disclosed on any (third party) bulletin boards or in chat areas accessible to other users of our website could potentially be collected by such users and/or disclosed to third parties. We cannot accept any liability is for such collection and disclosure.
8. What Are Your Rights in relation to Your Personal Data?
Under the GDPR, you have the following rights, which we will always work to uphold in as far as the conditions for the exercise of such rights are fulfilled:
a) The right to be informed about our collection and use of your personal data.
b) The right to access the personal data we hold about you.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business.
To exercise any of these rights, please address your request to us in writing, using the email address shown in Part 9.
There is normally no charge for such request. However, if your request is manifestly unfounded or excessive (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
In order to verify your identity, we ask you to enclose a copy of the front of your identity card with each request. After verifying your identity, we will destroy such copy. If your identity can correctly be verified, we will assess your request to see whether all conditions have been fulfilled and whether we can indeed grant your request.
In any case, we will respond to your request within one month of receiving it. Normally, we aim to provide a complete response within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
If you have any cause for complaint about our use of your personal data, you also have the right to lodge a complaint with the Belgian supervisory authority through http://www.privacycommission.be/
9. How Can You Contact Us?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please contact the General Manager: firstname.lastname@example.org
10. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. The latest version of this Privacy Notice will be published on our websites.