WHAT PERSONAL INFORMATION WE COLLECT AND USE
Processing personal information is incidental to our operations. The categories of personal information we process on a regular basis are names, professional affiliation, contact details (mostly professional email addresses), brief biographies, communications you send us.
We occasionally process travel schedules for our guests and payment information for reimbursements, as well as images of the participants to our events.
Rarely, if you are one of the professionals we would appreciate to engage with as part of our core activity, we obtain your contact details and affiliation from third parties or from publicly available sources.
WHY AND HOW WE USE YOUR PERSONAL INFORMATION
We use this personal information to send you communications related to our work, invitations for events or to facilitate your participation to our working groups, conferences and other events.
Our email delivery vendor will use a web beacon which tracks whether recipients have opened the emails we send in order to provide us open rate information about our email communications. Please choose plain text email in order to decline this tracking.
WHO HAS ACCESS TO YOUR DATA
Sometimes we share your information with our partners. This happens when we co-organize events, panels, or engage in initiatives jointly with other entities. The information we share is limited to name, affiliation and contact information, and exceptionally it may include biographic information.
We also share your information to third parties that are our vendors and process personal information on our behalf and for no other purposes. We use:
- an email delivery service,
- an email and virtual common workplace service provider,
- a provider of cloud services,
- an online conference system provider,
- a Customer Relationship Management service provider,
- an online registration service provider (for participation to events we organize).
All of these service providers are based in the US.
We will share your information with authorities only if the law requires us to.
We only keep your data for as long as you want to hear from us and stay connected to our work. This period of time varies, so we can’t give you a precise number. As a rule, if you are a newsletter subscriber, we will continue sending you our newsletter until you opt out or our email bounces. In these cases, we will proceed to erasing your email address from our database. If you work for one of our Members, we keep your contact information for the duration of the membership. If you are a registrant for one of our events, we are storing your name and contact details to send you notice of future events, unless you instruct us at registration not to so.
YOU’RE IN CHARGE
If you want to check with us whether we have your personal information and what personal information we have about you, if you want to correct or update your information or even if you want us to erase your contact details, send us an e-mail at firstname.lastname@example.org
ARE YOU BASED IN THE EU/EEA?
If you are based in the EU or EEA and interact with us, the processing of your personal data (or personal information) may fall under the General Data Protection Regulation. This depends on whether your personal data is processed in the context of us providing you services or monitoring your behavior. All the information above is applicable to you as well. In addition:
LEGAL BASES AND PURPOSES
Know that we are controller of the processing of personal data in relation to conducting our activity. We process your personal data:
- on the basis of your consent when you subscribe to our newsletters, when you request to be included among our contacts for future events or to follow our activity, when we take photos during the events we organize in the EU and when our website places non-essential cookies on your device,
- on the basis of necessity to enter a contract or for the performance of a contract when you provide us information to register for participation to the conferences and other events we organize,
- on the basis of our legitimate interests to:
- engage with relevant stakeholders to promote principled data practices in support of emerging technologies, when we obtain your professional contact details, we maintain them and contact you as one of our stakeholders; we’ve balanced your rights and our legitimate interest and we believe that the small amount of personal data we process, the type of data (your professional contact information and your affiliation), your probable expectation to be contacted in relation with your professional expertise, as well as the possibility you have to opt-out of this processing at any time, allow us to rely on our legitimate interests for this processing.
- communicate with the relevant representatives of our Members for the purpose of providing our services; we can rely on this ground, since there is a clear expectation of the relevant representatives of our Members that they will be engaged in our activities and that we will communicate with them.
You have the right to obtain access, rectification, erasure, restriction of personal data, portability of personal data and to object to the processing, under the conditions and restrictions laid out in Chapter III of the GDPR. You can also withdraw your consent at any time, when processing is based on consent, as described above. Just send us an e-mail at email@example.com with any request you may have regarding these rights.
We transfer your personal data to the United States whenever you interact with us. The US has not sought, nor obtained adequacy status from the European Union. The EU-US Privacy Shield framework obtained an adequacy decision. The level of protection of your personal data is not deemed equivalent to the one in the EU, unless the receiving organization is self-certified under the EU-US Privacy Shield. As a not-for-profit organization, we are not able to adhere to the EU-US Privacy Shield Principles.
We transfer your personal data on the basis of the derogations in Article 49 GDPR, particularly:
- consent, for newsletter subscribers and certain processing in relation to organizing events – such as collecting and storing images;
- necessity to enter and for the performance of a contract for registration information to participate to our events;
- our compelling legitimate interests to engage with stakeholders to advance our mission and bridge the understanding of the American and European privacy cultures, for obtaining the professional contact details and communicating with stakeholders for sending occasional invitations to events or exchanging information. For this last derogation, we took into account that we only process personal data occasionally, mostly from publicly available sources, concerning a very limited number of data subjects, in a non-intrusive way and posing no risks to rights of individuals.
As for safeguards to your personal data, we directly apply the GDPR provisions to your personal data.
As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data. Exceptionally, we share personal data with our partners when we organize events jointly. We select carefully our processors and our partners, having regard to their stance related to privacy, to their adherence to the EU-US Privacy Shield Framework or their implementation of other mechanisms that ensure lawful transfers of personal data from the EU.
If you have concerns, questions or requests about how we process personal data, write to us at firstname.lastname@example.org. If we will not be able to ease your concerns, you can address them to the data protection Supervisory Authority in your country, pursuant to Article 77 GDPR.