When you create a personal cabinet, we process your personal data in accordance with the EBA's Privacy Policy, which is set out below. Therefore, we need your consent to the processing of personal data and confirmation that you have read our Privacy Policy.
EBA Privacy Policy
European Business Association ("EBA") respects your data privacy. This Privacy Policy ("Policy") covers issues regarding the collection, use, disclosure, transfer and storing of your personal information.
Please make sure that you are familiar with our privacy practices and contact us if you have any questions.
1) Definitions
To ensure that you understand the issues of data processing, we will firstly explain the terms used in this Policy:
- Personal data means any information relating to an identified or identifiable natural person (in particular, data relating to you);
- Data subject is any identified or identifiable natural person (in particular, you), whose personal data is processed by the controller responsible for the processing;
- Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, depersonalization, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future;
- Controller is the natural or legal person, which alone or jointly with others determines the purposes of the processing of personal data, establishes composition of this data and procedures of its processing (in particular, EBA);
- Processor is a natural or legal person, which processes personal data on behalf of the controller;
- Third party is a natural or legal person other than the data subject, controller or processor to whom personal data is transferred by the controller or processor and who is authorized to process personal data;
- Consent of the data subject is a voluntary expression of will of a natural person to grant permission to process his or her personal data in accordance with the declared purpose of its processing, expressed in a manner that allows making a conclusion about provision of consent;
- IP address is a unique identifier used by certain electronic devices to identify and communicate with each other on the Internet.
2) What data do we collect?
When you communicate with us by any means of communication including, but not limited to e-mail, fax, phone, social networks, online application form, send us different files, CV’s, use a personal electronic cabinet on the EBA website, conclude agreements with us, or participate in events organized or co-organized by us, we may collect your personal data, including:
- contact details (name, surname, date of birth, position, company, telephone, fax, e-mail address, links to personal pages in social networks, etc.);
- Identity document (ID) data;
- photos, video recordings, etc.
We may also collect data that contains information about the domain name or IP address, date and length of time spent by the Internet user on the EBA website. Such data is collected automatically when the Internet user visits the EBA website. In conjunction with other data, this information helps us determine the most attractive content for our visitors. In addition, such data helps us to detect any destabilization of our facilities.
The EBA may also receive personal data from third parties (e.g., partners) who are the controllers of the respective personal data. Such third parties shall ensure the legality of the respective transfers and, if necessary, obtain voluntary informed consent for the transfer from the data subjects. In some cases, the EBA may act as a data processor and process the received data in accordance with the provided instructions and exclusively for the purposes for which they were transferred to the EBA. If such an obligation is applicable, the EBA will notify the data subjects of receiving their personal data within a reasonable period.
3) Cookies policy
The EBA website uses cookies – small text files that are placed on your device for storing data and that can be read by the web server in the domain that hosted them. We use cookies for enabling you to sign-in, analyzing how our website performs, keeping track of activity on our website, collecting traffic data and fulfilling other legitimate purposes.
Most web browsers automatically use cookies, while allowing users to control the process by blocking or deleting them. Instructions for blocking or deleting cookies can be found in each browser's privacy settings or reference documentation.
4) How do we use your data?
The purposes of data processing by the EBA depend on the character of our relations with you:
If you are an employee of the EBA Member, our general purpose for collection and processing of your data is to enable your possibility to get access to the benefits that are related to membership in the EBA of your employer. Therefore, processing your personal data is conducted for such purposes:
- sending you e-mails that contain information about news, events etc. that we think might interest you
- preparing working bodies lists and meetings
- responding to your requests, questions, and reacting to your concerns
- conducting surveys and research as well as sharing their results with you
- administering membership and collection of fees to the EBA
- storing, updating, and analyzing data in corporate software
- enabling you to use the EBA website and its features
- administering your account with us, the EBA websites, including improvement of our Internet services (developing new features and offerings, etc.)
If you are a participant in the events organized (co-organized) by the EBA, we will collect and/or process your personal data for reaching the following purposes:
- processing of your registration (that might include arranging your access to the venue, generating links enabling your connection to events held in online or semi-online format, etc.).
- follow-up on your registration and any comments and complaints in this context
- collection of fees (if applicable for the respective event)
- providing you with additional materials that might be available for participants of particular events
- storing, updating, and analyzing data in corporate software
If you are a representative of the EBA potential member, we collect and process your personal data for reaching the following purposes:
- sending you e-mails that contain information about news, events etc. that we think might interest you
- execution of procedures necessary for the completion of the membership acquiring process
- storing, updating, and analyzing data in corporate software
- responding to your requests, questions, and reacting to your concerns
If you are a representative of a company which is not an EBA Member but has access to some of the EBA benefits, we will collect and process your personal data to reach the following purposes:
- enabling you to use the EBA website and its features
- administering your account with us, the EBA websites, including improvement of our Internet services (developing new features and offerings, etc.)
- storing, updating, and analyzing data in corporate software
- sending you e-mails that contain information about news, events etc. that we think might interest you
- responding to your requests, questions, and reacting to your concerns
- collection of fees (if applicable)
If you are an employee or representative of a supplier with which the EBA has (or intends to have, or had in the past) contractual relations, we will collect and/or process your personal data for the purposes of performance of contractual relations (if they are ongoing) and fulfilment of our legal obligations (e.g., to store accounting documents during the period established by legislation). This might also involve storing, updating, and analyzing data in our corporate software.
If you are a candidate for employment in the EBA, we will collect and process your personal data for reaching the purposes of your possible employment in our organization and fulfilling our legal obligations if such are applicable. In relation to this purpose, your data might be stored, updated, and analyzed in our corporate software. Please, be aware that the candidates for employment in the EBA are not subject to automated individual decision-making.
It is important to mention that apart from the purposes listed above, we may also process your personal data to provide law enforcement authorities with the information necessary for criminal proceedings or if such processing is necessary for another legal obligation to which we are subject, in order to protect your vital interest as a data subject or the interest of another natural person or for the purpose of any other legitimate interest pursued by the EBA or a third party that does not violate your fundamental rights and freedoms as a data subject.
Legitimate interest means the interest of the EBA in terms of conducting its statutory activity. When we process your personal information for the purposes of our legitimate interests, we balance any potential impact on you and your rights. Our legitimate interests do not automatically override your interests.
We process personal data for particular legitimate purposes, which include but are not limited to:
- communication with you;
- sending you e-mails that contain information about news, events etc. that we think might interest you.
We also may collect data in a form that does not, on its own, permit direct association with any specific individual (non-personal data). We may collect, use, transfer, and disclose non-personal data for any purpose. If we do combine non-personal data with personal data, the combined data will be treated as personal data as long as it remains combined.
5) How long do we store your data?
We try to make it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfil the purposes outlined in this Policy. When assessing these periods, we carefully examine our necessity to collect personal information at all and if we establish such necessity, we only retain it for the period required to realize the purpose of collection (for instance, the term of your employment in EBA Member, etc.) unless a longer retention period is required by law.
We anticipate that the EBA Member will inform us if an employee leaves a company and that will give us an understanding that the data of the person can no longer be used for the purposes related to the membership in the EBA of his former employer.
6) With whom do we share your data?
We do not share your personal data with companies, organizations, or individuals outside of the EBA except in the following cases:
- personal data of employees/representatives of the EBA Members, potential EBA members, companies which are not the EBA Members but have access to some of the EBA benefits, may be shared with postal services, mailing systems, EBA’s outsourcing accounting companies, restaurants, banks, payment systems, taxi services, journalists, security companies, cloud services, phone operators, public authorities to the extent of EBA’s statutory activity, with EBA Members or counterparties (for instance, delivery services)
- personal data of participants of EBA events or participants of events in which EBA acts as co-organizer may be shared with pertinent public authorities, venues to ensure their free entrance and with speakers (moderators) of such events or with service providers for organizing video conferences, if the event is held in an online or semi-online format (for example, Zoom, Microsoft Teams, Google Meets, etc.) for ensuring the possibility to join a videoconference
- personal data of EBA suppliers may be shared with EBA Members, accounting companies, banks, etc.
Only names, surnames, emails, photos and positions of participants of EBA events or participants of events in which the EBA acts as co-organizer, members of EBA governing bodies, and EBA Members’ employees may be published on the EBA website (websites).
The EBA publishes on its website the names, surnames, and photos of representatives of the EBA Members, who represent them in the EBA governing bodies (e.g., in the EBA Board), in the management of the EBA working bodies (industrial and open committees, temporary and permanent working groups, etc.) and the EBA regional offices (the regional offices’ coordination councils, if they are established).
7) How do we protect your personal data?
The EBA treats the security of your personal data very seriously. We protect your personal data by various means in order to maintain its confidentiality and integrity and prevent the unauthorized use or disclosure of your personal data and to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration or destruction.
Firstly, the EBA has corporate procedures that define how employees should leave their working space when they leave the office (clear desk policy). Moreover, each EBA employee has a unique password in order to access the website’s back office as well as passwords to access the local database that also include necessity to undergo two-factor verification in order to obtain respective access.
Hosting providers and cloud service providers guarantee protection by means of encryption. Some types of data that are stored on cloud services may be restricted for a certain group of users. For instance, employees from one department cannot access data from other departments.
The premises with laptops and local servers are equipped with an alarm system and are under the security provided by the lessor of the premises where the EBA office is located. Access to such premises with laptops can be obtained only with passes to the location, which are unique for each EBA employee.
8) How can you control your personal data?
You have the right to access, rectify or have your personal data erased or restricted from processing or to object to the processing of your personal data. If processing is based on your consent, you have the right to withdraw your consent at any time.
To exercise these rights, please contact us: [email protected].
9) Data transfer
Information we collect may be transferred to, stored and processed in any country where one or more EBA Member or third party service provider are located or maintain their facilities. Third parties may be located outside Ukraine or the European Economic Area ("EEA"), so their processing of your personal data will involve a transfer of data outside Ukraine and the EEA, respectively.
In particular, we may share personal data of EBA Members’ employees with our mailing service provider – The Rocket Science Group LLC registered in the USA, in order to dispatch newsletters, invitations, offers, etc.
We also may share personal data with the operator of our cloud service – Microsoft Corporation registered in the USA, in order to provide the storage of information.
Data may also be transferred to Google LLC by the use of cookies by Google Analytics. In this case, Google LLC serves as the processor of such data.
Additionally, the data may be transferred to companies-providers of video conference services Zoom (Zoom Video Communications, Inc.), Microsoft Teams (Microsoft Corporation), and Google Meet (Google LLC), registered in the USA, to ensure the possibility of joining video conferences organized or co-organized by the EBA.
While such territories may not have the same standards of data protection as those within your home country, we will continue to protect the personal information we transfer in accordance with this Policy.