Data & Information Privacy Notice Summary
From 25th May 2018 the EU GDPR (General Data Protection Regulation) becomes law. Most organizations operating within the EU that process personal information are required to be compliant with these regulations. The GDPR also applies to organizations outside the EU that process the personal information of individuals within the EU. (See section: ‘What constitutes Personal Data under GDPR’)
Organizations based in the EU that transfer personal data outside the EU are required to ensure that data is protected to GDPR standards either through legally binding agreements, binding corporate rules, GDPR compliant data protection clauses or approved code of conduct/certification mechanisms.
The C2030E is absolutely committed to protecting your personal information and being transparent about what information we hold. We treat the security of this information extremely seriously, including helping you understand how and why we process this information and what your rights are related to this information.
This Privacy Notice explains the types of personal data the C2030E may collect about you when you contact us via email, phone, social media, write to us, register with us, request information or services from us or kindly donate to us. It also explains other reasons we may collect personal data directly, share data or receive data. It explains how we store and process that data, and ensure it is secure.
This Notice also describes how the C2030E will make use of any personal data we handle in relation to individuals who contact us, subscribe, donate and other sources of personal data we may have been provided. It describes your data protection rights, including a right to object to or opt out of some of the processing we perform. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
This Privacy Notice may occasionally be updated. The C2030E will communicate any significant changes or changes that may require your interaction on its website or by contacting you if you have agreed to that contact.
Explaining the legal basis for handling personal data
The EU GDPR on data protection details various reasons the C2030E may collect and process personal data. This includes:
In specific situations, we can collect and process your data with your consent, for example when you tick a box to receive C2030E news, updates and information.
In certain circumstances, we need your personal data to comply with and act on any contractual obligations, for example if you work or volunteer for the C2030E we require certain information as part of your contract of employment or agreement.
If the law requires us to, we may need to collect and process your data, for example we may pass on details of people involved in fraud or other criminal activity affecting the C2030E to appropriate law enforcement authorities.
In some scenarios we may use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running the C2030E and which does not materially impact your rights, freedom or interests, for example to notify you of a link to a new source of information in your stated fields of interest, to investigate issues or problems with our web site or services, to administer and protect our business, troubleshooting and retaining your contact information until you request to opt out.
When do the C2030E collect your data
- When you visit any of our websites and register your contact details to receive information or register your support;
- When you engage with us on social media
- When you download anything from our sites
- When you contact us by any means with queries, complaints, requests or provide us with information;
- When you request information or services about the C2030E via any associated organization;
- When you complete any surveys or questionnaires for us;
- When you comment on or review our services;
- When you apply for a job, contract, consultancy or volunteer for us;
- When you have given any third-party permission to share information they hold about you;
- When you book any appointment with us or book to attend an event organized by us;
- When you use C2030E premises that have CCTV systems. These systems may record your image during your visit;
- When you kindly donate to us and register your details;
- When you apply to or enter into any professional or voluntary contract with us to provide goods or services, send us information on goods and services, contracts, proposals, bids or any other business-related documentation that may contain personal information.
What personal data do we collect
We collect and process personal data from a variety of sources and reasons for doing so. This can include one or more of the following:
- Copies of documents you provide to prove your age or identity where the law or contract requires this. (Including your passport, Visa, driver’s license). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
- Details of your interactions with us via telephone, online or by using one of our applications or services;
- Your passport, National Insurance details and Visa where we have to check your eligibility or ability to work for us;
- Your payment and/or bank account details, where you provide these as an employee, contractor, consultant, volunteer or donor;
- Your medical conditions or disability, where you provide this to us with your consent to ensure we are aware of any support we may need to provide to you (i.e. Occupational Health, employee records, Insurance)
- Your CV, Resume, references, portfolio, presentations, case studies, academic and professional certificates or qualifications
- Details for life insurance, health plans, emergencies, next of kin, alternate contact details (Phone numbers, email and postal addresses)
- Employee records including your gender, sex, race, beliefs, orientation, health (weight, height, disabilities) for medical, safeguarding, equal opportunities and other anti-discriminatory recording and reporting requirements;
- Your contact details i.e. email address, mobile number when you register to receive information or services;
- Where activity, event and security logs may be kept and used for security and equipment performance monitoring and alerting purposes;
- Where any personal information (i.e. contact details) appear on any business-related documentation such as contracts, proposals, bids, invoices, correspondence, project plans, marketing / information sheets;
- Note: The C2030E does not collect personal information from cookies or services such as Google Analytics – for more information please see the sections on ‘Cookies’ and ‘Google Analytics’.
How the C2030E uses your data
- The C2030E uses your personal data to manage and administer contact lists of registered individuals to keep them up to date with news, events and information from the C2030E and applicable sources of interest;
- Amongst the data we collect from you may be financial (Bank) information. We will only hold this where you have given consent, for example regular donations;
- If you decide to change or withdraw the way we use your data you can easily do so – please refer to the section titled ‘What Rights Do I Have?’
- Please remember, if you choose to withhold certain personal information or refuse to be contacted we may not be able to provide certain services you have requested.
How the C2030E protects your data
The C2030E considers all matters pertaining to the Security of its data, systems and services to be of the highest priority, particularly the security of personal, confidential or classified data belonging to individuals and third parties who have entrusted C2030E with their information;
The C2030E are actively engaged in ensuring the Confidentiality, Integrity and Availability of its Information Technology systems, applications and data;
Personal, Confidential or sensitive information is subject to evolving security programs of work that seek to ensure ‘Better than’ commercial best practice protection is implemented and maintained;
Data Retention and Deletion (How long do we keep your data and when do we securely delete it)
The C2030E will only keep personal data for as long as is required and only for the purpose it was collected. Once that period has expired, or for example you have requested to be removed from our contact databases, we will ensure all your information is deleted as there will be no legal or contractual reason to retain it any longer.
Who we share personal data with
Contact Database Information
The C2030E does not share or sell its contact database (Your information) with any third parties. If you are not employed by the C2030E, volunteer with the C2030E or have any contractual or related dealings with us then we have no legal or contractual reasons to share your data without your consent.
If you volunteer for C2030E we must collect, process and share certain personal information for legal and contractual reasons with external third parties,e.g. related to travel insurance.
All such personal information is only retained and processed by C2030E for as long as is necessary and as required to do so legally or contractually.
What information do we receive from third parties?
Sometimes, we may receive information about you from third parties.
We may receive information relating to your existing registrations with other related organizations. Additionally, for certain C2030E role holders or those working with children, we may receive information from the Disclosure and Barring Service on the status of any DBS check you have been required to take.
We may also receive information from other organizations with similar views, goals and objectives to the C2030E.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You can do this by contacting us using the details set out below in the “How do I get in touch with the C2030E?” section.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or stop any processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below. If you have any concerns or feel a request has not been dealt with appropriately and to your satisfaction, you also have the right to complain to the Information Commissioner’s Office. (But please contact us first to respond and/or rectify)
How do I get in touch with the C2030E?
The controller for your personal data and C2030E’s Data Protection Officer can be contacted via Countdown2030@ippfen.org or write to Countdown 2030 Europe secretariat, IPPF European Network, 55 Rue Royale, 1000 Brussels, Belgium.
If you would like a form to be emailed that you can print, complete and re-scan (along with any required proof of identity) please contact the C2030E email address above.
Our Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to the protection of personal data. Please contact us at either address if you have any concerns or questions about the above information or you wish to ask us not to process your personal data for particular purposes or to update/erase your data. Where you have specific requests relating to how we manage your data, we will endeavour to resolve these, but please note that there may be circumstances where we cannot comply with specific requests.
Additional information, Response Times and Fees
We you send us any request to access, modify, change use or delete your personal information we may need to request additional information to confirm your identity and right to request this action. This ensures that only you can access your personal information and it is not disclosed to anybody else.
We aim to respond to all legitimate requests within one month. It may take longer than a month if your request is particularly complex or you have made several requests.
We will notify you and keep you updated if your request is likely to exceed the specified time period.
You will not normally have to pay a fee for any requests related to your personal data. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Under certain circumstances under GDPR guidelines we may also refuse to comply with your request (for example if we are unable to confirm your identity, it is excessive/unfounded or repetitive)
Cookies are tiny text files stored on your computer when you visit certain web sites and pages, which we use to keep track of what you are accessing, remember you when you return to our site and for anonymous statistical usage analysis and reporting.
If you don’t wish to enable cookies, you’ll still be able to use the site, but some functionality and formatting may not work as well or at all.
Please note that cookies from the C2030E website (and most legitimate websites) do not damage or infect your computer. The C2030E cookies do not store any personally identifiable information, and any information gathered from them is only used to help improve users experience of the site. For example, they help us to identify and resolve errors while browsing.
The C2030E only use Google Analytics to monitor web site traffic (For purposes of performance and usage reporting. All information C2030E obtain from Google Analytics is aggregated and anonymized and does not identify an individuals IP address or any other personal information.
What Constitutes ‘personal data’ under GDPR
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymized – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Links to other websites
C2030E websites may include links to other 3rd party (non-C2030E) websites, plug-ins and applications. Clicking on these links or enabling connections to these sites or services may allow third parties to collect or share data about you. We do not control these sites and are not responsible for how they acquire, process and secure any personal information