Privacy Policy (GDPR)
I. Privacy Principles
ESU takes your privacy seriously. Personal data is collected, stored and processed according to the General Data Protection Regulation, fairly and transparently.
The following principles underpin our approach to respecting your privacy:
We value the trust that you place in us by giving us your personal information. We will always use your personal information in a way that is legal, fair and secure.
We will provide clear information about how we use your personal information. We shall always be transparent with you about what information we collect, what we do with it, with whom we share it and who you should contact if you have any concerns.
- We keep your data only as long as it is necessary
- We will take all reasonable steps to protect your information from misuse and keep it secure.
- We will comply with all applicable data protection laws and regulations and we will cooperate with data protection authorities.
- This notice explains how we collect and use data that we may hold about you as an individual.
This notice covers the following:II. How do we collect personal information?
We collect personal information about you from various sources including:
- Information that you give us directly;
- Information collected automatically when you use ESU websites;
- Information we may receive from third parties (e.g. when receiving answers to surveys for events).
III. What information do we collect?
We may collect the following categories of information about you:
Information that you give us directly
We may collect information from you directly when you provide us with personal information, e.g. when you sign up to receive information, attend an event, use applications, fill out a survey, or make an inquiry. The types of information we may collect from you directly include your:
- Personal contact details such as name, title, address, telephone number and personal email addresses
- Date of birth or age
- Gender
- Any other personal information that you voluntarily provide to us
Information collected automatically when you use ESU websites;
We use cookies and other tools (such as web analytic tools and pixel tags) to automatically collect information about you when you use ESU websites, subject to the terms of this Privacy Notice and applicable data laws and regulations. The types of information collected automatically may include:
- Information about the type of browser you use
- Details of the web pages on our websites which you have viewed
- Your IP address
- The hyperlinks you have clicked
- Your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites (such as when you use the “Like” functionality on Facebook)
Information we collect from third parties
We may receive personal information about you from other legitimate sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. The types of personal information that we may collect from such sources include your:
- Personal contact details such as name, title, address, telephone number and personal email addresses
- Date of birth
- Gender
IV. How do we use your information?
We may use your information for the following purposes:
- To administer the relationship you have with ESU, and to provide you with information about ESU activities and for other related purposes
- If applicable, to administer financial relationships with you and provide you with information that you require to continue that relationship.
- To administer peer to peer network forums for sharing best practice amongst both staff and elected representatives from members and non-members.
- To administer your attendance at an ESU event to ensure that your requirements are accommodated so that you can fully participate in the event in an accessible way.
- To use your responses for statistical purposes in policy making or in advocacy.
You can opt out of receiving communications from us at any time. Any communications that we send to you will provide the information and means necessary to opt out by unsubscribing or sending an email to secretariat@esu-online.org.
In order to protect information from accidental or malicious destruction, when we delete information from our services we may not immediately delete residual copies from our servers or remove information from our backup systems. However, once a request has been made, all information is deleted, including from residual copies or backups.
We keep this privacy notice up to date, so if there are any changes to the way inV. What is the legal basis that permits us to use your information?
Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so as set out in the General Data Protection Regulation. The legal basis that permits us to use your information depends on the basis that we are using that information for. We rely on the following legal bases to use your information you consent us to process:
- Where we need information to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (to collect data for statistical purposes in policy making or in advocacy) and your interests and fundamental rights do not override those interests.
- In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent.
- We will use information about your physical and mental health or disability status to comply with our legal obligations, including to ensure your health, safety and wellbeing at an event.
Some information is classified as “special” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal information. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal information in the following circumstances:
VI. How do we share your information?
We share your personal information in the following ways:
- When we use third party services providers who process personal information on our behalf in order to provide services to us. This includes IT systems providers and IT contractors.
- We will share your personal information with regulators where we are required to do so to comply with our regulatory obligations.
- We will share your personal information with third parties where we are required to do so by law.
When we share your personal information with third parties we ensure that we have appropriate measures in place to safeguard your personal information and to ensure that it is solely used for legitimate purposes in line with this privacy notice and according to GDPRVII. How do we keep your information secure?
We take all reasonable precautions to keep your personal information secure and require any third parties that handle or process your personal information for us to do the same. Access to your personal information is restricted to prevent unauthorised access, modification or misuse and is only permitted among our employees and elected representatives on a need-to-know basis.
VIII. When do we transfer your information overseas?
When data is transferred to countries outside of Belgium and the European Union, those countries may not offer an equivalent level of protection for personal information to the laws in the EU. Where this is the case we will ensure that appropriate safeguards are put in place to protect your personal information.
IX. For how long do we keep your information?
As a general rule we retain your information for the duration of the time that we need to use it. For example, if you are attending an event, the information required is only required until the event has finished. Within 1 year of the event finishing, the information that is not necessary for other reasons (for example the name of the participants for reporting to external funding authorities such as the European Commission) will be deleted.
However, where we have legal or contractual obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer.X. Your rights in relation to your information
You have a number of rights in relation to your personal information, these include the right to:
- be informed about how we use your personal information;
- obtain access to your personal information that we hold;
- request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate;
- request that we erase your personal information, in any circumstances, without any justification.
- ask us to restrict our data processing activities.
- request a copy of certain personal information that you have provided to us in a commonly used electronic format. This right relates to personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information;
- object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful.
- not be subject to automated decisions which produce legal effects or which could have a similarly significant effect on you.
If you would like to exercise any of your rights or find out more, please contact secretariat[at]esu-online.org- be informed about how we use your personal information;
XI. Complaints / Contact Us
Contact details
Our contact details are as follows:
Address: Rue de la Charite 22, Bruxelles, B-1040
Telephone: +32 (2) 893 25 47
We have appointed a person with responsibility for data protection matters. You can contact our GDPR officer using the following details: secretariat[at]esu-online.org
Complaints
If you have any complaints about the way we use your personal information please contact secretariat[at]esu-online.org who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority in your country (the Information Commissioner in Belgium).