PRIVACY & PERSONAL DATA PROTECTION POLICY
I. GENERAL CONDITIONS
ESSKA performs personal data processing in compliance with the current regulation and standards and in particular with EU Regulation n°2016/679 known as the “GDPR” (hereinafter “Data Regulation”).
GDPR establishes the following definitions:
“Personal data” as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter “Personal Data”).
Processing: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;”
Controller: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”
Processor: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;”
Personal Data Breach: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;”
All terms and references used herein starting with a capital letter shall be read and understood as they are defined by GDPR.
For the purpose hereof and in relation to all Personal Data stated herein, ESSKA acts as the Controller.
For any question concerning your Personal Data and/or to exercise your rights in relation thereto, please contact ESSKA’s Data Protection Coordinator (hereinafter “DPC”) Ms Zhanna Kovalchuk at Tel.: +352 44117026 / e-mail: firstname.lastname@example.org
ESSKA primarily processes Personal Data of its staff, members, ESSKA friends, editorial teams, award, fellowship and training program users, online tool users and event participants.
It primarily includes identification data, personal and professional life data (date of birth, profession, employer,…) as well location data (IP, logs,…).
ESSKA does not operate online payments nor process or save any payment Personal Data. All online payments are externalized to a third-party partner, the company PAYSAFE which operates and secures payment Personal Data based on their own Terms and Conditions. ESSKA bears no responsibility related thereto.
ESSKA collects Personal Data mostly directly through its website www.esska.org (herein after “ESSKA’s Website”), through other platforms used in connection with the services and products ESSKA provides, through registration documents or questionnaires and other methods of communication (telephone, email, letters etc.), but also sometimes indirectly through service providers , partners and/or other third-parties entrusted with collecting your Personal Data on behalf and for ESSKA such as event organizers or editorial/publishing partners.
Each Personal Data processing carried out by ESSKA pursues a specific purpose based on specific legal basis and implies a specific conservation period as described below under section II herein “II. Specific Conditions”.
Failure to provide Personal Data might prevent ESSKA from preforming one or several of the set purpose(s).
ESSKA’s Personal Data processing activities are performed on the basis of the individual’s formal and prior consent insofar as possible or based on the strict necessity of the performance of contracts, ESSKA’s legitimate interest and/or of compliance with legal obligations.
ESSKA protects the Personal Data through organisational and technological measures to guarantee their security, confidentiality, integrity and availability and resilience of processing systems and services, in compliance with Data Regulation.
The recipients and/or beneficiaries of the Personal Data stated herein are ESSKA and its employees and subordinates and – only if needed to fulfil the relevant purpose of each processing activity – professional partners/providers under contract with ESSKA, such as but not limited to publishers, educational teams, award/fellowship teams and juries, digital service providers, Congress and event organizers, sponsors etc.
In some cases, those recipients and/or beneficiaries are located outside the European Union including in the USA.
These recipients and/or beneficiaries guarantee the same level of Personal Data protection as ESSKA.
Within processes and conditions stated by Data Regulation, individuals are entitled to
request from ESSKA access to, rectification and/or erasure of their Personal Data, restriction of their Personal Data processing by ESSKA as well as portability of their Personal Data.
They may also at all times oppose to the use their Personal Data for direct marketing purposes.
To exercise one or more of these rights, ESSKA must be contacted in writing using the contact details stated above.
Individuals also hold the right to submit a complaint to a supervisory authority, such as the CNPD.
II. SPECIFIC CONDITIONS
A) When you enter Personal Data on ESSKA’s Website on the page “Contact us”:
Your Personal Data is processed by ESSKA on the legal basis of GDPR provision 6 §1 f) with the legitimate interest to answer your questions and/or requests submitted on this page.
Your Personal Data will be retained for the time needed to respond to your questions and/or requests submitted on this page and deleted within a maximum of 60 days later.
B) When you subscribe to an ESSKA service (Membership subscription, Congress and /or Event registration and follow-up, Training, Fellowship and/or Award application, Academy subscription, etc) on ESSKA’s Website or partner websites (Event organizer, Training facilities…)
Your Personal Data is processed by ESSKA on the legal basis of GDPR provision 6 §1 b) in order to satisfy ESSKA’s per-contractual or contractual obligations towards you and provide you with the product or service acquired and GDPR provision 6§1 c) in order to satisfy ESSKA’s legal obligations such as in regard to tax collection, travel regulation, etc.
This Personal Data will be retained for the time needed by ESSKA to perform the ESSKA service you have bought online and for the duration of the legal statutes of limitation related thereto as well as for the duration of ESSKA’s legal obligations.
C) When you tick one or several of the following boxes:
You give formal agreement to ESSKA to process your PD for direct marketing purposes.
Your data is processed by ESSKA with your formal consent on the legal basis of GDPR provision 6 §1 a) with the purpose in the 1rst case to send your general information on ESSKA’s activities, congresses, and events and in the 2nd case to send you marketing offers (sales information, promotion deals, etc).
The Personal Data will be saved retained for three (3) years following my last contact with ESSKA or until I unsubscribe, whichever comes first.
To unsubscribe and withdraw your consent to one or the other of these uses you can either click on the relevant link in ESSKA’s mailings or submitting a written request to ESSKA at email@example.com.
The withdrawal of consent will not affect the legality of the processing prior to the withdrawal date. It will however prevent ESSKA from further fulfilling the relevant purpose and therefore from sending you information and/or offers related to ESSKA’s activities.
Date: October 6th, 2021.