EUCROF is committed to Personal Data Protection. This Data Privacy Policy is addressed to any physical person, hereinafter referred to as "Data Subject", from whom EUCROF is collecting Personal Data, and aims at ensuring full transparency and pedagogy about EUCROF's commitments and practices when processing such Personal Data.
EUCROF is committed to use all collected data in compliance with the General European Regulation 2016/679 of 27 April 2016 on the protection of data, hereinafter referred to as the "Regulation".
This Data Privacy Policy applies to any Data Subject (i.e. EUCROF website visitors and EUCROF members).
Personal Data: information that can identify a natural person, directly (for example his/her first and last names), or indirectly (for example, his/her phone number or email address, his/her contract number, his/her nickname, an IP address, etc.…).
Processing of Personal Data: an operation or an organised set of operations performed on personal data (collection, structuring, archiving, modification, communication ...);
Data Subject: the person that can be identified through the data used as part of the Processing of Personal Data.
Controller: the organisation deciding how and for what purpose the Processing of Personal Data is implemented, including determining what tools shall be used for such processing.
Processor: a person or legal entity carrying out operations on the data on behalf of the data Controller. The Processor signs a contract with the Controller to carry out certain tasks and is committed to implement the technical and organisational guarantees, allowing him to deal with the Personal Data in accordance with the Regulation.
Recipient: a person or legal entity receiving authorised communication of Personal Data.
EUCROF is the Controller of the following Processing of Personal Data:
As a Controller, EUCROF complies with the following principles:
Representatives of EUCROF and subcontractors are regularly made aware of data protection principles and informed of their corresponding responsibilities in this regard.
EUCROF is committed to ensure compliance with the Regulation and the rules described within this Data Privacy Policy, and in particular:
For any question and / or enquiry relating to Data Protection matters, please write to the following address:
EUCROF uses Personal Data for the following purposes:
The Processing of the Personal Data is based on the Data Subject’s consent:
The Data Subject may withdraw his or her consent at any time and without justification by writing to the EUCROF email address specified in article 3 to this Data Privacy Policy.
In this case, he or she acknowledges that he or she will no longer be able to benefit from the services delivered by EUCROF.
The withdrawal of the Data Subject’s consent shall not affect the lawfulness of Data processing carried out before the withdrawal of his or her consent.
Data Subjects are aware that their login, passwords and all activation clicks within the EUCROF information system will be evidence of their identification and acceptance of the Processing of their Personal Data and will establish their electronic signature in accordance with the Regulation, until proven otherwise. Through this process of electronic signature, Data Subjects expressly agree that the data held in the EUCROF information system have conclusive force with regards to performance of their obligations. Data held in the EUCROF information system are evidence which, if they are offered as evidence in any litigation procedure or in any other proceedings, will be admissible and invoked against the concerned Data Subject the same way and with the same conclusive force as any other document that may be drawn up, received or held in writing.
EUCROF assesses on a case by case basis, the Recipients of Personal Data considering their mission and clearance to receive data in accordance with the specified purposes.
Personal Data of the Data Subjects are strictly accessible by EUCROF for the purpose described in article 4. “Use of Data”.
EUCROF uses data Processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the requirements of the Regulation and ensure the protection of the rights of the Data subjects.
Personal Data of Data Subjects may also be accessible by any regulated profession authorised to receive data for the satisfaction of legal and regulatory obligations, such as in particular auditors, accountants, any auditor of a competent authority, courts, judicial authorities …
EUCROF guarantees that Personal Data of Data Subjects will not be transmitted to any unauthorized third party.
EUCROF has established appropriate rules applying to the storage period of Personal Data to strictly limit such period to the necessary duration.
When Personal Data are processed to give authorised representatives of EUCROF Members, Associate Members and Partners access to online services, EUCROF ensures that Personal Data are stored for the duration necessary for the use of these services.
If such access is no longer used by the authorised representative for 12 months, EUCROF will note the inactivity of the personal account and will proceed with its closure.
After the closure of the access, the Personal Data will be deleted.
Personal Data maintained as part of the mailing list of recipients of the EUCROF electronic newsletter, are stored for a period of three years after the collection of Data Subject’s consent.
His or her Personal data will then be deleted unless he or she has expressed to EUCROF his or her wish to continue to receive such information.
Data security relies on the measures taken to protect the Personal Data from:
In order to guarantee the safety of Personal Data, EUCROF and its Processors implement appropriate technical and organisational measures taking into account the state of knowledge, costs, nature, scope, context and purposes of the data processing.
When necessary, the following measures are implemented:
EUCROF and its Processors implement appropriate devices, compliant with the state of art and applicable standards to ensure the protection of the Personal Data.
Where Personal Data are collected on the website, the website security is reinforced.
Each and every Data Subject has the right:
The Data Subject can also oppose, where legal grounds apply, the Processing, diffusion, transmission, storage and hosting of his or her Personal Data.
The Data Subject can exercise these rights at any time and without justification by writing to the EUCROF email address specified in article 3 to this Data Privacy Policy.
When submitting a request and to facilitate such procedures, EUCROF encourages Data Subjects to:
All Data Subjects have the right to lodge a complaint with a supervisory authority. The activities of EUCROF are carried out within the whole European Territory and therefore potentially include cross-border data transfers. The lead supervisory authority for EUCROF is:
Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy
75334 PARIS Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: http://www.cnil.fr/
EUCROF is a European organisation with international reach. Although the large majority of its Members, Associate Members and Partners are based in countries of the European Union, this is not the case for all of them. However, EUCROF will not transfer Data Subjects’ Personal Data outside of the EU.
EUCROF website uses cookies.
Cookies are small files that are stored locally in the cache of the visitor's Internet browser. They serve to make the website more user-friendly, effective and secure - for example, when it comes to accelerating navigation on the platform. In addition, cookies enable measurement of the frequency of page views and general navigation. The setting of how long cookies are stored, when they are deleted or whether they are generally rejected, can be specified in the settings of the browser. Please read the instructions for your browser. Please notice, that in this case you may not be able to use all functions of this website to their full extent.
In the context of this Data Privacy Policy, a "cookie" should be understood in its broader definition covering any type of browsing tracers, regardless of the type of terminal used and concerns for example, the tracers deposited on computers, smartphones, digital tablets and video game consoles connected to the Internet.
Cookies serve as the website’s memory by enabling it to recognize the computer device of the user during his subsequent visits. They also allow to compile statistics of visits, to improve the user experience, etc.
To find out more about cookies, including how to control and delete them, visit www.aboutcookies.org
EUCROF’s website uses session cookies, deleted as soon as the browser is closed, and permanent cookies deposited on computers, smartphones, digital tablets used to access the website for a determined and longer period of time.
Cookies used on the website aim to:
EUCROF does not use targeting or advertising cookies within the website.
The following cookies are being used on the EUCROF website:
Regarding the use of audience measurement cookies and persistent cookies, an information banner is displayed when connecting to the website, to inform the Data Subjects prior to the deposit of these cookies and to collect their prior consent.
Data Subjects’ consent is valid for 12 months.
Data Subject can express and modify their wishes regarding cookie at any time.
The Data Privacy Policy is subject to changes. When changes occur, EUCROF is committed to inform Data Subjects prior to the implementation of the scheduled changes that could impact the Personal Data.
EUCROF will make its best efforts to inform about the eventual impacts of such changes.
Prior to its release, this document was approved by the Executive Board and the Full Members Board of EUCROF. This document is subject to yearly revisions.
September 19th, 2018
