From 25th May 2018 the EU GDPR (General Data Protection Regulation) becomes law. Most organizations operating within the EU that process personal information are required to be compliant with these regulations. The GDPR also applies to organizations outside the EU that process the personal information of individuals within the EU. (See section: ‘What constitutes Personal Data under GDPR’)
Organizations based in the EU that transfer personal data outside the EU are required to ensure that data is protected to GDPR standards either through legally binding agreements, binding corporate rules, GDPR compliant data protection clauses or approved code of conduct/certification mechanisms.
The C2030E is absolutely committed to protecting your personal information and being transparent about what information we hold. We treat the security of this information extremely seriously, including helping you understand how and why we process this information and what your rights are related to this information.
This Privacy Notice explains the types of personal data the C2030E may collect about you when you contact us via email, phone, social media, write to us, register with us, request information or services from us or kindly donate to us. It also explains other reasons we may collect personal data directly, share data or receive data. It explains how we store and process that data, and ensure it is secure.
This Notice also describes how the C2030E will make use of any personal data we handle in relation to individuals who contact us, subscribe, donate and other sources of personal data we may have been provided. It describes your data protection rights, including a right to object to or opt out of some of the processing we perform. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
This Privacy Notice may occasionally be updated. The C2030E will communicate any significant changes or changes that may require your interaction on its website or by contacting you if you have agreed to that contact.
The EU GDPR on data protection details various reasons the C2030E may collect and process personal data. This includes:
In specific situations, we can collect and process your data with your consent, for example when you tick a box to receive C2030E news, updates and information.
In certain circumstances, we need your personal data to comply with and act on any contractual obligations, for example if you work or volunteer for the C2030E we require certain information as part of your contract of employment or agreement.
If the law requires us to, we may need to collect and process your data, for example we may pass on details of people involved in fraud or other criminal activity affecting the C2030E to appropriate law enforcement authorities.
In some scenarios we may use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running the C2030E and which does not materially impact your rights, freedom or interests, for example to notify you of a link to a new source of information in your stated fields of interest, to investigate issues or problems with our web site or services, to administer and protect our business, troubleshooting and retaining your contact information until you request to opt out.
We collect and process personal data from a variety of sources and reasons for doing so. This can include one or more of the following:
The C2030E considers all matters pertaining to the Security of its data, systems and services to be of the highest priority, particularly the security of personal, confidential or classified data belonging to individuals and third parties who have entrusted C2030E with their information;
The C2030E are actively engaged in ensuring the Confidentiality, Integrity and Availability of its Information Technology systems, applications and data;
Personal, Confidential or sensitive information is subject to evolving security programs of work that seek to ensure ‘Better than’ commercial best practice protection is implemented and maintained;
The C2030E will only keep personal data for as long as is required and only for the purpose it was collected. Once that period has expired, or for example you have requested to be removed from our contact databases, we will ensure all your information is deleted as there will be no legal or contractual reason to retain it any longer.
Contact Database Information
The C2030E does not share or sell its contact database (Your information) with any third parties. If you are not employed by the C2030E, volunteer with the C2030E or have any contractual or related dealings with us then we have no legal or contractual reasons to share your data without your consent.
If you volunteer for C2030E we must collect, process and share certain personal information for legal and contractual reasons with external third parties,e.g. related to travel insurance.
All such personal information is only retained and processed by C2030E for as long as is necessary and as required to do so legally or contractually.
Sometimes, we may receive information about you from third parties.
We may receive information relating to your existing registrations with other related organizations. Additionally, for certain C2030E role holders or those working with children, we may receive information from the Disclosure and Barring Service on the status of any DBS check you have been required to take.
We may also receive information from other organizations with similar views, goals and objectives to the C2030E.
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You can do this by contacting us using the details set out below in the “How do I get in touch with the C2030E?” section.
You have the right to ask us for a copy of your personal data; to correct, delete or stop any processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below. If you have any concerns or feel a request has not been dealt with appropriately and to your satisfaction, you also have the right to complain to the Information Commissioner’s Office. (But please contact us first to respond and/or rectify)
The controller for your personal data and C2030E’s Data Protection Officer can be contacted via Countdown2030@ippfen.org or write to Countdown 2030 Europe secretariat, IPPF European Network, 55 Rue Royale, 1000 Brussels, Belgium.
If you would like a form to be emailed that you can print, complete and re-scan (along with any required proof of identity) please contact the C2030E email address above.
Our Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to the protection of personal data. Please contact us at either address if you have any concerns or questions about the above information or you wish to ask us not to process your personal data for particular purposes or to update/erase your data. Where you have specific requests relating to how we manage your data, we will endeavour to resolve these, but please note that there may be circumstances where we cannot comply with specific requests.
We you send us any request to access, modify, change use or delete your personal information we may need to request additional information to confirm your identity and right to request this action. This ensures that only you can access your personal information and it is not disclosed to anybody else.
We aim to respond to all legitimate requests within one month. It may take longer than a month if your request is particularly complex or you have made several requests.
We will notify you and keep you updated if your request is likely to exceed the specified time period.
You will not normally have to pay a fee for any requests related to your personal data. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Under certain circumstances under GDPR guidelines we may also refuse to comply with your request (for example if we are unable to confirm your identity, it is excessive/unfounded or repetitive)
Cookies are tiny text files stored on your computer when you visit certain web sites and pages, which we use to keep track of what you are accessing, remember you when you return to our site and for anonymous statistical usage analysis and reporting.
If you don't wish to enable cookies, you'll still be able to use the site, but some functionality and formatting may not work as well or at all.
Please note that cookies from the C2030E website (and most legitimate websites) do not damage or infect your computer. The C2030E cookies do not store any personally identifiable information, and any information gathered from them is only used to help improve users experience of the site. For example, they help us to identify and resolve errors while browsing.
The C2030E only use Google Analytics to monitor web site traffic (For purposes of performance and usage reporting. All information C2030E obtain from Google Analytics is aggregated and anonymized and does not identify an individuals IP address or any other personal information.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymized – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
C2030E websites may include links to other 3rd party (non-C2030E) websites, plug-ins and applications. Clicking on these links or enabling connections to these sites or services may allow third parties to collect or share data about you. We do not control these sites and are not responsible for how they acquire, process and secure any personal information.