Please make sure that you are familiar with our privacy practices and contact us if you have any questions.
To ensure that you understand the issues of data processing, we will firstly explain the terms used in this Policy:
- Personal data means any information relating to an identified or identifiable natural person (in particular, data relating to you);
- Data subject is any identified or identifiable natural person (in particular, you), whose personal data is processed by the controller responsible for the processing;
- Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, depersonalization, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future;
- Controller is the natural or legal person, which alone or jointly with others determines the purposes of the processing of personal data, establishes composition of this data and procedures of its processing (in particular, EBA);
- Processor is a natural or legal person, which processes personal data on behalf of the controller;
- Third party is a natural or legal person other than the data subject, controller or processor to whom personal data is transferred by the controller or processor and who is authorized to process personal data;
- Consent of the data subject is a voluntary expression of will of a natural person to grant permission to process his or her personal data in accordance with the declared purpose of its processing, expressed in a manner that allows making a conclusion about provision of consent;
- IP address is a unique identifier used by certain electronic devices to identify and communicate with each other on the Internet.
2. What data do we collect?
When you communicate with us by any means of communication including, but not limited to e-mail, fax, phone, social networks, online application form, send us different files, CV’s, use a personal electronic cabinet on the EBA website or conclude agreements with us we may collect your personal data, including:
- contact details (name, surname, date of birth, position, company, telephone, fax, e-mail address, links to personal pages in social networks, etc.);
- Identity document (ID) data;
- photos, video files, etc.
We may also collect data that contains information about the domain name or IP address, date and length of time spent by the Internet user on the EBA website. Such data is collected automatically when the Internet user visits the EBA website. In conjunction with other data, this information helps us determine which content is most attractive to our visitors. In addition, such data helps us to detect any destabilization of our facilities.
3. Cookies policy
4. How do we use your data?
The EBA collects your data for purposes of:
- communication with you;
- sending you e-mails that contain information about news, events etc. that we think might interest you;
- responding to your requests, questions, and reacting on your concerns;
- conducting surveys and research;
- administering membership and collection of fees;
- storing, updating and analyzing data in corporate software (Terrasoft CRM, EBA website CRM system, HR CRM);
- organization and registration for EBA events in the context of its statutory activity or events in which the EBA acts as a co-organizer;
- recruitment (for candidates);
- transfers of information to courier companies, outsourcing accounting companies/banks;
- enabling you to use the EBA website and its features;
- administering your account with us, EBA websites, including improvement of our Internet services (developing new features and offerings, etc.).
Please pay attention that apart from the purposes listed above, we may also process your personal data to provide law enforcement authorities with information necessary for criminal proceedings or if such processing is necessary for another legal obligation to which we are subject, in order to protect your vital interest as a data subject or the interest of another natural person or for the purpose of any other legitimate interest pursued by the EBA or a third party that does not violate your fundamental rights and freedoms as a data subject.
Legitimate interest means the interest of the EBA in terms of conducting its statutory activity. When we process your personal information for the purposes of our legitimate interests, we balance any potential impact on you and your rights. Our legitimate interests do not automatically override your interests.
We process personal data for particular legitimate purposes, which include but are not limited to:
- communication with you;
- sending you e-mails that contain information about news, events etc. that we think might interest you.
We also may collect data in a form that does not, on its own, permit direct association with any specific individual (non-personal data). We may collect, use, transfer, and disclose non-personal data for any purpose. If we do combine non-personal data with personal data, the combined data will be treated as personal data as long as it remains combined.
5. How long do we store your data?
We try to make it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfil the purposes outlined in this Policy. When assessing these periods, we carefully examine our necessity to collect personal information at all and if we establish such necessity, we only retain it for the period required to realize the purpose of collection (for instance, term of your employment in EBA Member, etc.) unless a longer retention period is required by law.
6. With whom do we share your data?
We do not share your personal data with companies, organizations, or individuals outside of the EBA except in the following cases:
- personal data of EBA Members’ employees may be shared with postal services, mailing systems, EBA’s outsourcing accounting companies, restaurants, banks, payment systems, taxi services, journalists, security companies, cloud services, phone operators, public authorities to the extent of EBA’s statutory activity, with other EBA Members or counterparties (for instance, delivery services);
- personal data of participants of EBA events or participants of events in which EBA acts as co-organizer may be shared with pertinent public authorities, venues to ensure their free entrance and with speakers (moderators) of such events;
- personal data of EBA suppliers may be shared with EBA Members, accounting companies, banks, etc.
Only names, surnames, emails, photos and positions of participants of EBA events or participants of events in which the EBA acts as co-organizer, members of EBA governing bodies, EBA Members’ employees may be published on EBA website (websites).
7. How do we protect your personal data?
The EBA treats the security of your personal data very seriously. We protect your personal data by various means in order to maintain its confidentiality and integrity and prevent the unauthorized use or disclosure of your personal data and to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration or destruction.
Firstly, the EBA has corporate procedures that define how employees should leave their working space when they leave the office (clear desk policy). Moreover, each EBA employee has a unique password in order to access the website’s back office as well as passwords to access the local database.
Hosting providers and cloud service providers guarantee protection by means of encryption. Some types of data that are stored on cloud service may be restricted for certain group of users. For instance, employees from one department cannot access data from other departments.
Premises with laptops and local servers are equipped with an alarm system and are closed during non-working hours. At any time, premises cannot be accessed without key and password.
8. How can you control your personal data?
You have the right to access, rectify or have your personal data erased or restricted from processing or to object to the processing of your personal data. If processing is based on your consent, you have the right to withdraw your consent at any time.
To exercise these rights, please contact us: [email protected]
9. Data transfer
Information we collect may be transferred to, stored and processed in any country where one or more EBA Member or third party service provider are located or maintain their facilities. Third parties may be located outside Ukraine or the European Economic Area (“EEA“), so their processing of your personal data will involve a transfer of data outside Ukraine and the EEA, respectively.
In particular, we may share personal data of EBA Members’ employees with our mailing service provider – The Rocket Science Group LLC registered in the USA, in order to dispatch newsletters, invitations, offers, etc.
We also may share personal data with the operator of our cloud service – Microsoft Corporation registered in the USA, in order to provide the storage of information.
While such territories may not have the same standards of data protection as those within your home country, we will continue to protect the personal information we transfer in accordance with this Policy.