Privacy notice for members

This privacy notice (the "Notice") describes how The Red Cross EU Office ("We", "us", "our") processes the Personal Data We collect data from our members (the 27 National Red Cross Societies in the EU, the British Red Cross, the Norwegian Red Cross and the International Federation of Red Cross and Red Crescent Societies) and other components of the International Red Cross and Red Crescent Movement as required, collectively referred to hereafter as ("You"), in line with EU Privacy Law. 

We are a data controller. This means that We are responsible for deciding how We collect and use (process) Personal Data about You. We are required under GDPR to notify You of the information contained in this Notice.

What Personal Data do We collect about You?

The personal data We collect about You are:

  1. First name and last name;
  2. Email address;
  3. Name and postal address of the organisation you belong to;
  4. Function within the organisation (job title and department);
  5. Your professional fixed and/or mobile phone number and skype account;
  6. If you are a speaker at an event, your photo, twitter handle and biography or information in your CV; 
  7. Photos and videos.

All together your "Personal Data

We typically collect Personal Data directly from You or from the organisation You belong to online, by email or fax (in such case under the assumption that specific measures have been put in place by such organisations to lawfully provide us with your Personal Data).  

How do We collect and process (use) your Personal Data? And on which legal basis? 

We process your Personal Data in order to run the operations of the organisation and to provide You with the associated benefits of your membership.

In particular, We process your Personal Data to: 

  1. Organise and handle annual meetings, extraordinary annual meetings and coordination group meetings;
  2. Keep records of the coordination group meetings, annual meetings and extraordinary annual meetings and circulate minutes;
  3. Administer your organisation's membership;
  4. Keep membership records;
  5. Process membership fee payments; 
  6. Send out surveys, or other information relevant to our functions and obligations;
  7. Establish and maintain communications with You;
  8. Provide content or services You request from us;
  9. Invite You to attend our committees and working groups and run such committees and working groups;
  10. Administer your account on our intranet (members’ area);
  11. Send You our publications, brochures, newsletters, reports and other materials;
  12. Invite You to our events, conferences and workshops;
  13. Publish your contact details on our intranet (members’ area) in order for our members to be able to know who is participating in the different working groups and projects, and be able to work on cross-border matters;
  14. Manage complaints and conduct investigations and disciplinary or dispute resolution activities.

We do so based on our legitimate interest. As a membership office representing the interested of of the 27 National Red Cross Societies in the EU, the British Red Cross, the Norwegian Red Cross towards the EU we have the interest in carrying out the activities necessary to perform the purpose ascribed in our statutes. In doing so, we considered your rights and expectations as a Data Subject and have assessed that your interest, fundamental rights and freedoms are not put at risks. When we collect and process your Personal Data based on legitimate interest, You have specific rights (see below for more information in that regard).

When You register to our events, You will receive a specific privacy notice.

Change of purpose

We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your Personal Data for an unrelated purpose, We will notify You and We will explain the legal basis which allows us to do so (as well as your rights in relation to such further processing).

Which third parties process your Personal Data? Do We share, disclose or transfer Personal Data?

In order to conduct our activities, We may have to share or disclose your Personal Data with third parties, including third-party service providers. 

We share your Personal Data with:

  1. IT service providers; NovabeeSurveyMonkeyEventbriteCampaign MonitorDigitalOceanGoogle SuiteGoogle AnalyticsTypi Design.
  2. Travel agencies;
  3. Where necessary and appropriate, with our counsel (who is bound by professional secrecy rules) or financial institutions.

When we transfer your Personal Data to third parties outside of the EEA and/or disclose your Personal Data to other recipients than those identified in this Notice, We comply with EU Privacy Law.

Data security

Your Personal Data are treated as confidential. In order to safeguard your Personal Data from unauthorized access, collection use, disclosure copying, modification, disposal or similar risks, We have put in place appropriate administrative, physical and technical measures. We restrict access to Your Personal Data to those employees and staff who need to know that information to provide benefits or services to You. In addition, We train our staff about the importance of confidentiality and maintaining the privacy and security of Your information. We commit to taking appropriate disciplinary measures to enforce our staff's privacy responsibilities.

How long will We retain your Personal Data?

We retain your Personal Data in accordance with our retention policy. As a general principle, We keep your Personal Data only as long as it is necessary or legally required. 

“Cookies” and Internet tags

A “cookie” is a small text file that is placed on the hard disk of your computer or mobile device when you visit a website. The cookie identifies your device by a unique identification number when you return to the website and collects information about your browsing behaviour. Our Website uses cookies and similar technologies in order to distinguish your use preferences from those of other users of our Website. This helps us to optimise our Website and offer you a better user experience when you visit.

We process information about visits to our websites, the web pages visited, the date and time that you view our website and what you clicked on, your IP address, the geographical location from which you accessed our website based on your IP address, information about your computer or device (device and browser type) your computer’s language settings, whether you are a new or returning visitor, your screen resolution, service provider and downloads. We also use authentication cookies to identify the user when he/she is logged-in to our intranet (members' area), as well as data on your newsletter preferences and tracking data (subscriptions, bounces, opens, clicks and geographic location). Such information includes Personal Data. We use this information for internal purposes to assess the relevance of our newsletters and to compile aggregate statistical data about users' browsing actions and patterns and to estimate our audience size and usage patterns. 

Your rights in connection with your Personal Data

Under EU Privacy Law, You have the right to:

  1. Request access to your Personal Data. This enables You to receive a copy of the Personal Data We hold about You and to check that we are lawfully processing it.
  2. Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
  3. Request erasure of your Personal Data. This enables You to ask us to delete or remove personal information where there is no good reasons for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised your right to object to processing (see below).
  4. Object to processing of your Personal Data where We are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes You want to object to the processing on this ground.  
  5. Request the restriction of processing of your Personal Data. This enables You to ask us to suspend the processing of Personal Data about You, for example if You want us to establish its accuracy or the reason for processing it.
  6. Request the transfer of your Personal Data to another party (data portability). 

If You are dissatisfied with any aspect of our handling of your Personal Data, You have the right to make a complaint at any time to the Supervisory Authority.

How can You contact us?

For more information, if You have questions about your Personal Data or the way We collect and process Personal Data, or if you want to exercise any of your rights under this Notice, You can contact the  organisation's the person in charge of Personal Data at the Red Cross EU Office either via email: data@redcross.eu, or by post to: Red Cross EU Office Director, Rue de Treves 59-61, 1040 Brussels, Belgium – subject to including a copy of an official form of identification.

Changes to Notice

We may revise this Notice from time to time. Any revisions will be made available to You via our intranet (members’ area on www.redcross.eu).

Our contact details 

Red Cross EU Office
Rue de Trèves 59-61
1040 Brussels
Tel. +32 (0) 2 235 06 80
Fax. +32 (0) 2 230 54 64

Glossary

In this Notice:

"Data Subject" means an identified or identifiable individual.

"EU Privacy Law" means the General Data Protection Regulation 2016/679 ("GDPR") and the Belgian national privacy laws, as amended from time to time. 

"Processing" means any operation performed on Personal Data, manually or by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Supervisory Authority" means the Belgian Data Protection Authority or the relevant Data Protection Authority of the data subjects' habitual residence or place of work.

Last update: December 2019