ecoDa's Privacy Statement - May 2018
Who are we?
ecoDa is an European association based in Brussels. Our registered office is at Avenue des Arts 41, 1040 Brussels. Our VAT number is BE0870 726 636.
The protection of your personal data is very important to us. Therefore we are eager to guarantee you the right to informational self-determination on the basis of the EU General Data Protection Regulation (GDPR).
When establishing contact with us for example via contact form, email or telephone, the personal data of the user is processed in accordance with Article 1 Paragraph 1 (b) GDPR to pursue the fulfilment of a contract or pre-contractual measures.
Who is responsible for the processing of data and who can I turn to?
How the processing of personal data is done?
In general, we process personal data of our users only if it is necessary for the provision of a functioning website as well as of our contents and services. The processing of personal data of our users takes place only after their consent. An exception to this can be made in cases in which the user’s prior consent could not have been obtained due to factual reasons and the processing of data is permitted by legal provisions.In the course of this, the security of your personal data is our priority. Therefore, we protect your data through technical and organisational measures in order to prevent misuse. The adopted measures are examined regularly and adapted to current technical conditions. Beyond that, we require all our staff to maintain confidentiality in accordance with §28 GDPR.
Purpose and legal basis for the processing, transferring to third parties and abroad
Your data is processed by ecoDa as the responsible body for the following purpose:
- Fulfilment of new or existing contractual relationships, for example when personal data is provided to register to events or training programmes;
- Processing of contacting, for example when personal data is provided on our website for contacting as well as other ways to reach us for example via e-mail, telephone or social networks;
- Transmission of relevant corporate governance information.
In principal you can approach us when it comes exercising the rights of the person affected (right to information, withdrawal of a consent, right of rectification, erasure or blocking, right to object the processing of data).
We process data on the basis of the legal bases of Article 6 Paragraph 1 GDPR:
Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.
The transmission of your personal data is also based on the above mentioned permission and takes place within the limits of order data processing or in the case of other confidentiality obligations. If a transmission to third parties outside of the European Economic Area takes place, appropriate guarantees exist after Article 44 ff. GDPR.
How long will your data be stored?
Personal data is only processed and stored for the period that is necessary for the fulfilment of processing purposes. After the achievement of the purpose, your personal data is deleted or blocked, unless there is a statutory storage obligation.
What about Mailchimp, google forms and jotforms?
We send out a Newsletter with relevant Corporate Governance content.
We use the external service provider Mailchimp for the distribution of our Newsletter. For this purpose, data are transmitted to the US. The provider complies with the Privacy Shield.
You can read more about how MailChimp uses your personal information here: https://mailchimp.com/legal/privacy/.
The provider maintains a database, in which we can see Information concerning the registration and de-registration as well as opposition or revocation of consent.
We use google forms for events and survey as well as jotforms for registrations to our education sessions.
What is the policy regarding Cookies?
Through the usage of cookies ecoDa can provide a user-friendly website for its users, which would not be possible without it.
Information and offers on our website can be optimised in the interest of the user via the usage of cookies, since these enable to recognise the users of our website. This should facilitate the use of our website for our users.
The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus contradict the setting of cookies permanently. Cookies that were set beforehand can be deleted at any time via an internet browser or other software programs. If the person concerned deactivates the setting of cookies in the internet browser used, not all of the functions on our website might be entirely useable.