ERC3643, a non-profit organisation (association sans but lucratif) with address at 9, rue du Laboratoire, L-1911 Luxembourg, Luxembourg and registered with the R.C.S. Luxembourg under number F14003 (the “Controller” or “we”) is the operator of the website https://www.erc3643.org/ (the “Website”) and responsible body within the meaning of the EU General Data Protection Regulation (the “GDPR”). We collect and process personal data of individuals (the “User” or “you”) using the Website and the services offered through the Website. The protection and confidentiality of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with the applicable data protection laws, in particular with the GDPR.
In the following, we will inform you what data is collected during your visit of our Website, as well as the legal bases for the processing of personal data, the purpose of the data processing, the use, the duration of the storage of data and your rights.
If you have any questions relating to data processing and your rights according to the applicable data protection laws, you may contact us by email: email@example.com.
When do we collect personal data? We will notably collect personal data:
- When you navigate through our Website and therefore when you use our services;
- When you request that we contact you to answer any of your questions including on technical and support related issues;
- When you download material such as documents and videos;
- When you apply to become a member, sponsor, joining company or a speaker notably via our registration forms;
- When you log in to our services;
- When you participate to or attend events referenced in our Website.
Update of personal data. We will endeavour to keep the personal data in our possession or control accurate. Data subjects providing personal data are however responsible for promptly informing us of any change to their personal data.
Refusal to provide your personal data. You have the right to refuse to provide us with your personal data but you are aware that not providing us with some specific personal data (e.g. data requested for contacting us) would unfortunately prevent us from answering to you, from providing you with our services, or from entering into an agreement or maintaining the related ongoing agreement with you.
We aim to be transparent about what we process and why. We request that you provide us with personal data that is only necessary for us to carry out our services in the context of the related Website, such as the following types of personal data but not limited to:
- identification information, such as first name, last name, picture, corporate name, logo, email, postal address, legal representative, and membership category;
- contact information, such as email address, phone number, address, postal code, city and country of residence;
- business-related information such as company you work for or represent, role, position and country of work;
- record of your correspondence including e-mail address;
- IT-related information, such as your IP address, the name of your internet service provider, the operating system and the browser you used, the date and duration of your visit, the name(s) of the visited page(s) and your login information, if any;
- financial and banking information such as for payment of membership’s fees;
- your relationship with us such as your membership, your sponsorship and your inclusion in our connected network and your status of joining company or your role of speaker during our events; and
- any other type of personal data related to the conduct of our activities or business.
Furthermore, when you visit our Website, we may collect data such as the website from which you visited us from, the parts of our Website that you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We may process this usage data for statistical purposes, to improve our site and to recognise and stop any misuse.
In most cases, personal data will be processed for at least one of the following:
- to communicate with you (e.g. when you ask us a question);
- to provide you with(targeted) information on our activities and services, based on legitimate interest, or if you request it, e.g. by subscribing to our newsletter or becoming a member. In any case, you can opt out of receiving any more of these communications;
- it is necessary for us to take measures at your request prior to entering into a membership or any contract, or for the performance of any contractual obligations towards you;
- you have given prior consent to the processing of your personal data and your consent has been obtained pursuant to applicable laws, such as to receive communications from us;
- it is necessary for us to be able to perform an obligation according to law or any decision by a public authority, such as to allow us to comply with applicable laws and any regulatory obligations and to respond to requests and comply with requirements from public authorities; or
No automated decisions will be made in relation to the personal data processed.
To achieve the above purposes, we may disclose personal data to the following recipients: our partners, members, sponsors, clients, external service providers, subcontractors, third parties to which we provide services, professional advisors, purchasers or sellers of our assets and entities linked to us, if any, as well as public organisations, administrative or legal authorities and supervisory bodies if applicable. In particular, data may be disclosed to professional service providers we might engage for administration of membership fees.
Transfer of personal data. You are informed that certain recipients may be located outside the territory of the European Economic Area in countries that do not offer a level of protection equivalent to the one granted in the European Union. Any personal data transfer to such recipients will, depending on the nature of the transfer:
- be covered by appropriate safeguards such as standard contractual clauses approved by the European Commission; or
- be otherwise authorised under data protection law, as the case may be, as such transfer is necessary for the performance or execution of your membership or for the establishment, exercise or defence of legal claims or for the performance of a member relationship between you and us.
We will store your personal data only for as long as necessary for the relevant processing activity to be completed and/or for the retention period permitted under applicable law.
In relation to your personal data, you have the right to:
- access the personal data held about you and receive information about how it is processed;
- rectify or complete any inaccurate or incomplete personal data
- seek the erasure of your personal data when its processing is no longer necessary for the purposes described above, when the processing is not or no longer lawful for any reasons, when you have withdrawn your consent to the processing according to applicable laws, when the erasure is necessary to comply with applicable laws or when you object to the processing in the absence of any overriding legitimate ground for such processing;
- object, on grounds relating to your particular situation, to any processing based on our legitimate interest;
- receive your personal data and transmit it to another data controller to the extent that the legitimacy of the processing lies on contractual performance and is carried out by automated means;
- withdraw any consent given to the processing at any time to the extent that your consent justified such processing; and
- seek the restriction of the processing, for instance, when you contest the accuracy of the personal data or when the processing is not or no longer compliant with the exception of storage, only processed in specific cases (e.g. for the establishment, exercise or defence of our legal claims).
We will respond to individual complaints and questions relating to privacy and will investigate and attempt to resolve all complaints. We will only be able to answer favourably to any of the above requests related to the right to oppose, right of erasure and right of restriction provided that it does not interfere with or contradict our legal obligations (e.g. legal obligation to keep the related personal data) or due to any other impediment that would justify that we would not be able to grant such requests. We undertake to handle each request free of charge and within a reasonable timeframe (in any case no longer than 1 month).
You may also lodge a complaint with the data protection authority in Luxembourg, the Commission Nationale pour la Protection des Données (the “CNPD”),as the competent authority. The CNPD can be contacted as follows:– Telephone: (+352) 26 10 60 – 1– Website:https://cnpd.public.lu/en.html– Web-form:https://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html– Address: 15, Boulevard du Jazz,L-4370 Esch-sur-Alzette, Luxembourg
Ensuring that personal data is appropriately protected from data breaches is a top priority for us. We implement adequate technical and organisational security measures, to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected.