We will always process your personal data based on one of the legal basis provided for in the GDPR (Articles 6 and 7). In addition, we will always process your sensitive personal data, for example, concerning your trade union membership, religious views, or health condition, in accordance with the special rules provided for in the GDPR (Articles 9 and 10).
We may collect and process your personal data for the purposes detailed below, which are required so that we can pursue our legitimate interests and provide you with adequate services:
We may also collect and process your personal data for the following purposes, based on the execution of our contractual relationship between you and us:
Please be aware that you are entitled to withdraw your consent at any time, and this without affecting the lawfulness of processing based on your consent before withdrawal thereof.
We will process your data for these specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support its business activities (Article 5 and 25(2) GDPR).
For a more extensive description about our processing your personal data, see below.
We process personal data of our employees as part of our Human Resources and employment-related tasks. The personal data processed for these purposes includes employees' surname, name, company name, title, executive/non-executive, telephone number, mobile phone number, professional and personal email address, salary details and salary history, payroll information, health data, CV, social security/fiscal number, and bank account information. We process this personal data in order to perform our contract with our employees (Article 6(1)(b) GDPR), and where this is not required, in both our employees' and our own interest to manage and honor our contractual relationship (Article 6(1)(f) GDPR). Where required, we also process this data in order to comply with labor law obligations (Article 6(1)(c) GDPR). If we need to process any special category of personal data from you (e.g., health data), we will do it subject to your explicit consent (Article 9(2)(a) GDPR), or further to employment or health regulations (Articles 9(2)(b) and (h) GDPR).
We also process personal data for marketing and public relationship purposes. The personal data processed for these purposes includes pictures for photo contests, email addresses to deliver newsletters, press releases, and distribution of brochures. We are also active online, where we might process personal data related to the delivery of online advertisings and networking sites, through which we might process your personal data (e.g., IP addresses, e-mail addresses, personal interests). We process this personal data based on our legitimate interests to provide you with these services and your legitimate interests to receive them (Article 6(1)(f) GDPR). Where consent is required, we will obtain it prior to delivering to you any advertising or communication (Article 13(1) and (2) e-Privacy Directive).
We process personal data of our members, customers, businesses partners, members, contractors, vendors, seminar participants and their respective employees, in order to arrange services (e.g., e-learning, online training) and events (e.g., familiarization trips), and to prepare surveys, reports and follow-up documents of such services and events. The personal data processed for these purposes includes the third-parties' surname, name, address, telephone number, email address, and other useful information as appropriate. We process this personal data in order to perform our contract with the third parties (Article 6(1)(b) GDPR), and where this is not required, in both their and our own interest to provide them with these services (Article 6(1)(f) GDPR). If we need to process any special category of personal data from you (e.g., health data), we will do it subject to your explicit consent (Article 9(2)(a) GDPR).
We can obtain such personal data either directly from you when you decide to communicate such data to us (i.e., when you fill in forms displayed on the Website) or indirectly where such personal data is provided to us by your electronic communication terminal equipment or your Internet browser. We ensure that the personal data processed be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
We may share your personal data between the offices of Organization and with third parties in accordance with the GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing (Articles 26, 28 and 29). Furthermore, where we share your data with any entity outside the European Economic Area, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 ff. GDPR).
Subject to your prior consent, your personal data may be transferred to, stored, and further processed by strategic partners that work with us to provide our services or help us market to customers. Your personal data will only be shared by us with these companies in order to provide or improve our services and advertising.
We share your personal data with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys. .
We may share your personal data with all Organization's affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
Such disclosures may involve transferring your personal data out of the European Union to the following countries: Japan, Canada, the United States, Russia, Australia, China, India, Indonesia, South Korea, Malaysia, Singapore, Thailand, the Philippines, and Vietnam. Such transfer may take place in order to ensure the provision of services by vendors and service providers to the Organization, and the sharing of useful information within the Organization. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred, in particular by entering into standard contract clauses as defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and 2010/87/EU, or by any standard data protection clauses adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR.
We handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30) when we process personal data. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organisational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
You have the following rights regarding personal data collected and processed by us.
If you intend to exercise such rights, please refer to the contact section below. If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.
We may propose hypertext links from the Website to third-party websites or Internet sources. We do not control and cannot be held liable for third parties' privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.