The ECFA respects the privacy of its online visitors and complies with applicable laws for the protection of your privacy, including, without limitation, the European Union General Data Protection Regulation (“GDPR”) and the Swiss and EU Privacy Shield Frameworks.
- Definitions Wherever we talk about Personal Data below, we mean any information that can either itself identify you as an individual (“Personally Identifying Information”) or that can be connected to you indirectly by linking it to Personally Identifying Information. The ECFA will only collect and store e-mail addresses, hereafter referred to as “Personal Data”.
- Why the ECFA Collects and Processes Data
The ECFA collects and processes Data for the following reasons:
a) where it is necessary for the purposes of the legitimate and legal interests of the ECFA, except where such interests are overridden by your prevailing legitimate interests and rights; or
b) where you have given consent to it.
These reasons for collecting and processing Personal Data determine and limit what Personal Data we collect and how we use it (section 3. below), how long we store it (section 4. below), who has access to it (section 5. below) and what rights and other control mechanisms are available to you as a user (section 6. below).
- What Data We Collect and Process
3.1 Subscriber Data
When subscribing, the ECFA will collect your email address only. We do not require you to provide or use your real name or country of residence to join our Subscriber list. This data is shared only with our third-party supplier for electronic communications, Dotmailer, and only for the specific purpose of delivering Newsletters to our subscriber list.
3.2 Other Data You Explicitly Submit
We will collect and process Personal Data whenever you explicitly provide it to us or send it as part of communication with the ECFA. This data is limited to information that you post, comment or send via the ECFA’s online contact and subscribe forms.
3.3 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on visitors’ computers, to help the website operators analyze how visitors use the site. The information generated by the cookie about the visitors’ use of the website will generally be transmitted to and stored by Google on servers in the United States. Users can prevent the collection of data about their use of the website (including their IP address) generated by the cookie, and the processing of data by Google, by downloading and installing the browser plug-in through the following link: http://tools.google.com/dlpage/gaoptout?hl=en
- How Long We Store Data We will only store your Personal Data for as long as necessary to fulfil the needs of the ECFA’s mailing programme or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. If you choose to unsubscribe from the ECFA’s mailing list your e-mail address will be marked for deletion and processed in the earliest possible time.
- Who Has Access to Data
5.2 The ECFA may release your e-mail address to comply with court orders or laws and regulations that require us to disclose such information.
- Your Rights and Control Mechanisms
The data protection laws of the European Economic Area and other territories grant their citizens certain rights in relation to their Personal Data. While other jurisdictions may provide fewer statutory rights to their citizens, we make the tools designed to exercise such rights available to our customers worldwide.
As a resident of the European Economic Area you have the following rights in relation to your Personal Data:
6.1 Right of Access.
You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge (i) information whether your Personal Data is retained, (ii) access to and/or (iii) duplicates of the Personal Data retained.
6.2 Right to Rectification.
If we process your Personal Data, we shall endeavor to ensure by implementing suitable measures that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information you provided via the Privacy Dashboard.
6.3. Right to Erasure.
You have the right to obtain deletion of Personal Data concerning you if the reason why we could collect it (see section 2. above) does not exist anymore or if there is another legal ground for its deletion. You can request the deletion of your ECFA subscription via the ECFA contact form or by clicking the “Unsubscribe” link on any one of our Newsletters.
6.4 Right to Object.
When our processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR, you have the right to object to this processing. If you object we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular if the data is necessary for the establishment, exercise or defense of legal claims.
You also have the right to lodge a complaint at a supervisory authority.
- Contact Info
You can contact the ECFA’s data protection team at any time at firstname.lastname@example.org.
- Additional Information for Users from the European Economic Area
In compliance with the Privacy Shield Principles, the ECFA commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the ECFA here. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. As explained in the Privacy Shield documentation (https://www.privacyshield.gov/article?id=ANNEX-I-introduction) certain residual claims not resolved by other means may be subject to binding arbitration. In such event, an arbitration option will be made available to you.
The Privacy Shield Principles describe the ECFA’s accountability for Personal Data that it subsequently transfers to a third party agent. Under the Principles, the ECFA shall remain liable if third party agents process the personal information in a manner inconsistent with the Principles, unless the ECFA proves it is not responsible for the event giving rise to the damage.
The Federal Trade Commission has jurisdiction over the ECFA’s compliance with the Privacy Shield.
Revision Date: 13th June 2018