Your privacy and trust are important to us and this Privacy Notice provides important information about how The European Centre for Ecotoxicology and Toxicology of Chemicals AISBL (referred to in this Privacy Notice as “ECETOC”, “we”, “us” and “our”) treats your personal data. We are committed to keeping your personal data safe and confidential both online and offline.
The purpose of this Privacy Notice is to make you aware of the types of personal data we collect, how we process it, who it may be transferred to and the rights you have in relation to it. Please read this Privacy Notice carefully and contact us using the details in section 12 below if you have any questions or complaints in relation to our privacy practices.
We are a “data controller” for the purposes of the General Data Protection Regulation 2016/679 (“GDPR”). This means we decide the “how” and “why” of the processing of your personal data and are responsible for making sure it is handled in accordance with data protection law. We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the GDPR.
- WHAT PERSONAL DATA WE COLLECT ABOUT YOU
2.1 When we use the term “personal data”, we mean any information which relates to a living person from which they can be identified. Your name, address and birth date are all examples of personal data.
2.2 “Processing” means any handling or operation involving your personal data. For example collection, recording, storage, alteration, use and transmission are all examples of processing of personal data.
2.3 When you use our services and products, members area, tools or visit our website, we typically process the following types of personal data about you:
(a) Your name, email address and other contact details (both personal and professional);
(b) Your role, employer, position and/or job title within your employment;
(c) details of your visits to our website, such as your browser type including any plug-ins and version, your operating system, and your IP address; and
(d) Details of your registration to and attendance at ECETOC events at our premises and externally (such as the time, date and location of your attendance, any presentations given by you and any dietary requirements).
2.4 When we use the term “sensitive personal data” or “special category data”, we simply mean certain categories of personal data which are, by their nature, more sensitive and therefore require a greater level of protection under data protection law. These categories include health data and data about an individual’s ethnic origin.
2.5 We may process data relating to your medical conditions and any disabilities (for example, if you request accessibility assistance or notify us of any dietary requirements when you attend an ECETOC event).
- HOW WE COLLECT PERSONAL DATA
We usually collect your personal data from the information you provide to us during the course of your relationship with us. We collect personal data direct from you when you:
(a) sign up to use our members area on your own, or your employer’s, behalf;
(b) sign-up to receive our e-newsletter;
(c) contact us via email;
(d) register to receive press releases from us;
(e) register to attend an ECETOC event;
(f) register to download ECETOC risk assessment or other tools; and
(g) browse our website.
- HOW WE PROCESS YOUR PERSONAL DATA LAWFULLY
4.1 We only use your personal data where we have a valid lawful basis. We have set out below the lawful basis we rely on for the ways in which we use your personal data. We will process your personal data as necessary and where:
(a) you have given your consent to such processing, which will include if you:
(i) you opt-in to receive our e-newsletter;
(ii) submit an enquiry or ask us for further information, either by completing the “contact us” for on this website, emailing us or speaking to one of our staff;
(iii) register to receive press releases by completing the form on our website;
(b) the processing is necessary to perform our obligations under a contract with you,
(i) where you are a supplier of goods and services to ECETOC and we are required to process your personal data in order to perform our obligations under our contract with you;
(c) the processing is necessary for compliance with our legal obligations, for example:
(i) to maintain a suppression list if you decide to opt-out of our communications to ensure that we do not breach data protection laws by communicating with you when you have asked us not to;
(d) the processing is necessary for our legitimate interests or those of any third party recipients that receive your personal data, for example:
(i) to improve our services or develop our products or website;
(ii) to notify you about changes to our website, terms of business, privacy notice or other terms and conditions in order to keep you up to date with our most recent policies, maintaining our network security and administering our IT services;
(iii) to monitor our website and use data analytics to improve our website, products, services, and marketing, and to ensure that the content on our website is presented to you as effectively as possible;
(iv) to develop our products and services and in informing our marketing and corporate strategy; and
(v) comply with court orders and exercise and/or defend our legal rights .
4.2 Generally, we are only allowed to process your sensitive personal data under specific circumstances, these include where:
(a) you have given your explicit consent to such processing, for example:
(i) where we obtain consent from you for processing of your health data to provide you with accessibility assistance at ECETOC events or meetings; and
(ii) where we obtain your consent for processing or publishing personal data relating to your political opinions; and
(b) the processing is necessary for the establishment, exercise or defence of legal claim.
- INTERNATIONAL TRANSFERS OF PERSONAL DATA
The personal data we collect from you may be transferred to (including accessed in or stored in) a country or territory outside the European Economic Area (“EEA”), including to countries whose laws may not offer the same level of protection of personal data as are enjoyed within the EEA. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the GDPR. Copies of the relevant safeguard documents are available on request by emailing us at the address set out in section 12 below.
- WHEN WE MAY DISCLOSE YOUR PERSONAL DATA
6.1 We may use third parties to carry out certain business functions on our behalf (such as our hosting or payment providers) and may transfer your personal data to these third parties so that they can perform those functions. We may also disclose your personal data to third parties who will process it for their own purposes and will determine how the data is processed.
We will share your personal data only in the ways set out in this privacy notice, and in particular, with the following recipients:
(a) third parties who process your personal data on our behalf (including outsourced IT support and cloud storage providers);
(b) to representatives of other companies who are also a member of ECETOC, and other individual members;
(c) to any third party to whom we assign or novate any of our rights or obligations;
(d) to any prospective buyer in the event we sell any part of our organisation or assets;
(e) to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
- HOW WE PROTECT YOUR PERSONAL DATA
We are committed to safeguarding and protecting personal data and will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
- YOUR RIGHTS IN RELATION TO THE PERSONAL DATA WE COLLECT
8.1 If you wish to:
(a) update, modify, delete or obtain a copy of the personal data that we hold on you;
(b) restrict or stop us from using any of the personal data which we hold on you, including by withdrawing any consent you have previously given to the processing of such data; or
(c) where any personal data has been processed on the basis of your consent or as necessary to perform a contract to which you are a party, request a copy of such personal data in a suitable format you can request this by emailing us at the address set out in section 12 below. We endeavour to respond to such requests within one month or less, although we reserve the right to extend this period for complex requests.
8.2 In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
8.3 We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal data, and for any additional copies of the personal data you request from us.
8.4 Where you have provided us with your consent, you have the right to withdraw this at any time. This will not affect the lawfulness of any processing performed before your withdrawal.
8.5 If you withdraw your consent for marketing communications and/or our e-newsletter, we will not be able to send you any further communications or our e-newsletter unless you re-subscribe, and you may miss out on e-newsletters and information which may be of interest to you.
8.6 Where we rely on your explicit consent to process your sensitive personal data to provide you with accessibility assistance or cater to your dietary requirements and you withdraw such consent, we will no longer be able to provide you with the assistance you have requested unless an alternative legal basis applies to such processing.
- HOW LONG WE WILL HOLD YOUR PERSONAL DATA FOR
We will only retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
- HOW WE UPDATE OR CHANGE THIS PRIVACY NOTICE
We may change or update parts of this privacy notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this privacy notice on www.ecetoc.org. You will not necessarily be directly notified of such a change so please ensure that you regularly check this privacy notice so you are fully aware of any changes or updates.
- HOW YOU CAN CONTACT US
If you have any queries about the contents of this privacy notice, wish to inform us of a change or correction to your personal data, would like a copy of the data we collect on you or would like to raise a complaint or comment, please contact:
Post: Ms. Geneviève Gerits
- HOW TO LODGE A COMPLAINT TO THE REGULATOR
You are entitled to lodge a complaint with our data protection regulator if you consider that we have breached your data protection rights. Our data protection regulator is the Data Protection Authority, which can be contacted at Rue de la Presse 35, 1000 Brussels, Belgium.
- CHANGES TO THIS PRIVACY NOTICE
We keep our privacy notice under regular review. This Privacy Notice was last updated on 15 January 2019.