PRIVACY POLICY & DATA PRIVACY NOTICE
The EPI Consortium and its members (the EPI) believe in respecting your privacy. We do not collect any personally identifiable data from visitors to this website other than when you subscribe to any of our services. The basis on which we collect such data and other relevant information are set out in our Data Privacy Notice below.
We explain below how we analyse data from this website. Any links to external sites are out of our control and we encourage you to always read the privacy statements on the other websites you visit.
Visits to our website
We use a third-party service, Ikoula, to host our website. The security of the website is protected by industry standard encryption processes (SSL encryption).
We have no legal means of finding out the identities of persons visiting our website and do not make any attempt to do so.
Cookie Use and Policy
We use a number of different cookies for various purposes, including enhancing website functionality and website analytics.
For example, we use Google Analytics to collect standard internet log information, details of visitor behaviour patterns and the number of visitors to the various parts of the site. This information is processed in such a way that we cannot identify a specific individual, i.e. there are no unique identifier cookies. IP addresses are anonymized immediately after they are collected.
We also us the _NID technical cookie for the technical purpose of determining whether or not the user is human (Captcha).
Full details of the cookies we use can be found in our cookie tool, the link to which is displayed in the cookie bar. When you visit this website, you are directed to this cookie bar.
DATA PRIVACY NOTICE
The EU General Data Protection Regulation (GDPR), effective from 25 May 2018, gives individuals living in the European Union enhanced rights over the use of their personal data. Under the GDPR, we are required to give you certain information, including your rights when you provide us with your personal data.
Contract
If you subscribe to attend one of our conferences or other events, we will ask you for a minimal amount of personal data to enable us to process your booking, to keep you informed of any developments concerning your attendance at the conference or event and for administration purposes. The types of data we collect are only the ones displayed on the registration form. Our legal basis for processing your personal data for these purposes is contractual (Article 6(1)(b) GDPR).
Consent
If you opt-in to receiving marketing information about our events and/or related services, you are giving us your explicit consent under Article 6(1)(a) GDPR to process your personal data for these specific purposes. This consent can be withdrawn at any time.
Data Use
The personal data you provide us with when subscribing for our services will be used only for the purposes of providing you with and improving those services. Some data elements, e.g. job titles and company names, may be aggregated on an anonymised basis for analytical and statistical purposes to enable us to improve our services. Our legal basis for processing your personal data for these purposes is our legitimate interest (Article 6(1)(f) GDPR).
Protection of your Personal Information
We take all reasonable care and apply necessary technical and organisational measures to protect your personal data. Where we employ data processors to process your data on our behalf, we ensure that the necessary contractual protections are in place.
We will not sell your personal data under any circumstances. We will not transfer your personal data to any third parties unless you have specifically consented to this under our marketing terms, other than to our data processors who will be contractually bound to process your data only in accordance with our instructions and to keep your data secure.
We do not ourselves transfer your personal data outside of the EU/EEA. However, certain of our data processors (e.g. Google Analytics) may do so and where this occurs, such transfer will only be to the USA and will fall under the Privacy Shield.
Data Retention
In accordance with the principle of minimising data retention, we will retain your personal data only for so long as is necessary for the purposes for which it was acquired, subject to legal and other relevant requirements, in accordance with our data retention policy, as follows:
- Data acquired for contractual purposes – 10 years
- Data acquired through marketing activities – 2 years since our last exchange
At the expiry of the relevant data protection period, personal data will be deleted or anonymised.
Legal Rights
Your rights under the GDPR include the following:
- The right at any time to withdraw your consent to the processing of your personal data for marketing purposes.
- The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it.
- The right to have your personal data rectified in the event that it is inaccurate or incomplete.
- The right to request the erasure of your personal data (also called the right to be forgotten), subject to our retention policy.
- The right to restrict the processing of your personal data.
- The right to data portability (i.e. transfers of your personal data at your request to another organisation).
- The right to be informed of any automated profiling (We currently do not process your personal data in this manner).
Your rights above can be exercised free of charge by contacting us as described below.
In all cases, we will need to satisfy ourselves of your identity before we can action a subject access request under the GDPR. We will usually require proof of identity such as a passport or an ID card. No copy of these document shall be kept in our records as they will be deleted right after the verification of your identity.
If you feel that any of your rights have been infringed, you have the right to lodge a complaint with the French Information Commissioner’s Office (www.cnil.fr).
HOW TO CONTACT US
If you have any queries about our website or about how we process data, you can contact The EPI Consortium in our quality or Data Processor as follows:
The EPI Consortium
c/o Atos
80 Quai Voltaire
95870 Bezons Cedex – France
Email address: dpo@european-processor-initiative.eu
Telephone No.: 00 33 6 88 70 70 24
26 March 2020
We reserve the right to make changes from time to time to our Privacy Policy and Data Privacy Notice which will be effective from the time that they are published on this website.