Eurapco Privacy and Personal Data Processing Policy
1. Processing of personal data in Eurapco
We consider the careful and safe handling of personal data to be of prime importance. When processing personal data, we comply with GDPR legislation, follow good data management and processing practices, and exercise caution. We take measures to ensure that the privacy and other fundamental rights of our stakeholders are assured.
2. What personal data do we collect?
We collect only the data that is appropriate and relevant for the purpose of the business. The type of data collected from each stakeholder in a certain situation is determined by the purpose of the service offered. By stakeholders we mean mainly Eurapco Partner’s employees, but also third parties, consultants, keynote speakers and any other supplier providing us services which support our business model and activities.
We may collect data such as:
- Company name
- Postal code
- Social media
- Phone number
- Job position
- Skills and experience
- Professional memberships
- Data on choices made by the stakeholder, such as consents, restrictions or refusals related to the use of personal data
- Other types of data
Data is collected for purposes such as identification, communication, event management and in order to meet the legislative requirements.
3. Where do we collect personal data?
We collect personal data primarily from employees of Eurapco Partners in connection to business meetings and events organised by the Eurapco Alliance. We also receive data on our stakeholders when they participate in campaigns, surveys or when they register in e-join, our collaboration platform. We also receive data from participants in educational programmes offered by the Eurapco Academy. Stakeholder data is also collected using cookies.
4. For what purposes do we collect data?
We collect, store and process our stakeholders’ personal data only for predefined purposes of use. We may use the data we collect, for example, to determine how we can provide our Partners with the best service and deliver personalised communications and event invitations according to their profile and/or preferences. We use personal data for purposes including:
- Identification of stakeholders
- Eurapco communications and news
- Participant evaluation surveys
- Eurapco marketing campaigns
- Enabling participation in events: registration, logistics and post event communications
- Collaboration purposes in working groups and projects
- Eurapco Academy programme information
- Eurapco Academy alumni communications
Fulfilment of legal requirements
5. Image capture
Images may be captured during events hosted or organised by Eurapco using photography, video or other medium. These images may be used on the Eurapco website, for newsletter publications, and for internal and external materials, such as presentations. Eurapco informs all participants taking part in events that they may be photographed or filmed. All participants are deemed to have given their consent by remaining at the event, unless they express their objections. Objections to being captured on image, should be raised with the host or the photographer present at the event.
6. Who processes the personal data and to whom is the data disclosed?
Eurapco Partners may consult and process our stakeholders’ personal data in accordance with the current data protection legislation. Access to personal data is granted only to Eurapco employees whose job duties require the processing of personal data.
7. How long is the data stored?
We store our stakeholders’ personal data only for as long as is necessary for their intended purpose or for as long as required by contract or law. We do not store personal data that is not necessary for our business operations.
8. Information security
To protect personal data, we use technical and organisational information security measures in line with necessity and best practices. All the suppliers we work with are responsible for personal data storage and their systems have been audited or otherwise inspected.
Personal data is secured in such a way that accessing, disclosing, destroying or other processing is done appropriately and only by persons with the right to carry out the activities.
The protection of personal data is safeguarded for example with firewalls, different cryptographic techniques, and by ensuring the safety and appropriate access control of the equipment rooms. Appropriate access to personal data is ensured through access management processes, and access based on work assignment and job role.
The processing of personal data is monitored for example by logging. Logs reveal what, why and when something occurred. Logs are used to investigate errors or to make sure that errors have not occurred and that the processed data is accurate. Staff participating in the processing of personal data are trained and instructed regularly. The operations of subcontractors are also regularly inspected and audited.
9. How to impact the processing of personal data
Data protection is the protection of people’s private lives. This includes each individual’s right to their own personal data. The protection of personal data from unauthorised or detrimental usage is the basic principle of the rights of a stakeholder.
We offer our stakeholders opportunities to decide and to control the processing of their own personal data. Listed below are ways in which our stakeholders can impact the collection and processing of their data.
10. Email communications
The stakeholder has the right to refuse the use of their personal data in direct communications, newsletters, marketing campaigns, and opinion surveys at any time. The stakeholder may decide to what extent or for which parts they wish to exercise this right. Exercising this right is free of charge.
A stakeholder may file a communications prohibition by announcing it to Eurapco either by emailing email@example.com or by mail to the following address:
European Alliance Partners Company AG
Stakeholders can also unsubscribe from receiving electronic direct communications by following this link: https://apps.eurapco.com/unsubscribe . The link is always included in all Eurapco communication and newsletters.
11. Right of access
Our stakeholders have the right of access to data in Eurapco’s personal register concerning themselves. The stakeholder must report details needed for the search and delivery of the data. Such details include, for example, name, email address, what topic or issue the data requested is related to, whether data is requested for a certain time period or whether the right of access is exercised on all data.
The stakeholder can make an access request by sending a signed request for verification in writing to the following address:
European Alliance Partners Company AG
12. Right of correction
The stakeholder has the right to demand that registered personal data found erroneous or insufficient in terms of processing be removed or supplemented. The data must concern the requesting stakeholder themselves.
A request for correction can be made by submitting a signed specified request or additional clarification in writing by emailing to firstname.lastname@example.org or by mail to the following address:
European Alliance Partners Company AG
The more justifiable, specified and clear the request for correction is, the better we can process it.
We strive to ensure the currency and accuracy of our stakeholder data by constantly keeping our systems up-to-date.
We will either correct inaccurate or insufficient personal data upon request of the stakeholder or else return a certificate of refusal in writing containing the reasons for why the correction request was not accepted. If we have submitted the data to third parties, we will inform them of the correction of the data.
13. Removal of data
The stakeholder has the right to demand, subject to certain exceptions, that data outdated or unneeded in terms of the purpose of the processing be removed. This does not mean that all personal data must be removed immediately and definitively after a demand has been made. If data storing is necessary for example due to legal obligations or contracts, the data may be stored for such a purpose for as long as is necessary.
The removal of outdated or unneeded data will always be decided on a case-specific basis. The obligation to remove outdated or unneeded data may result in documents that the stakeholder wants to review on the basis of their right of access to the register data can no longer be found in our systems.
The stakeholder can make a request of removal by sending a signed request of removal in writing. It can be scanned and sent via email to email@example.com or by mail to the following address:
European Alliance Partners Company AG
The request should contain at least the full name of stakeholder, company, address and phone number, as well as what data the stakeholder wants to be removed.
14.1 Data Collection concerning e-join
All Eurapco Partner employees have the possibility to sign up for an e-join account. By registering on e-join, they can provide their photo, full name, email address, contact information, job information, company information and social media information.
The personal data entered by e-join members is collected, stored and used exclusively for use of the e-join platform. This data is visible and accessible by any active member in the platform.
Any content posted and uploaded by e-join members can be identified with the profile of that person. Content and contributions shared by e-join members belong to Eurapco and will not be removed by Eurapco unless data is non-compliant or sensitive information is shared. Members can always delete their own contributions if desired.
14.2 Third parties
Personal data provided by e-join members is never shared with third parties unless there is a statutory obligation from authorities.
14.3 Removal of data from e-join
We are unable to remove e-join accounts. However, any e-join member can request to deactivate their account at any time by sending an email to firstname.lastname@example.org. Their account will be listed as inactive on the platform, but their content and contributions will remain stored on the platform for business purposes.
Members that have not logged in for 12 months will receive an automatic notification to inform them about the deactivation of their account. Unless they take action to log-in to the platform, their account will be made inactive.
Inactive members who do not wish for their content and contributions to be associated with their personal profile can request for this information to be anonymised. This process is not standard by default, but available upon special request. e-join members can request content anonymisation by contacting email@example.com.
15. Additional information
European Alliance Partners Company AG is the controller for the processing of data under this policy. Current version is 1.5.
This policy can be adapted & changed from time to time. It is recommended to periodically check & consult the latest version.
If you have any questions regarding the processing of personal data and information security you can email firstname.lastname@example.org.