PRIVACY NOTICE THIRD PARTIES
This privacy notice (this "Notice") describes how The Red Cross EU Office ("We", "us", "our") processes the Personal Data of certain categories of Data Subjects that are not associated to us, in line with EU Privacy Law.
In carrying out our activities, We process Personal Data relating to contractors, individuals visiting our website or registering for our conferences and other events, officials of the European institutions and EU agencies, EU Member State officials, journalists and other stakeholders ("You") in the EU policy areas that We are involved in.
We are a data controller. This means that We are responsible for deciding how We collect and use (process) Personal Data about You. We are required under GDPR to notify You of the information contained in this Notice.
What Personal Data do We hold about You?
Depending on who You are, We collect different Personal Data from You, for specified purposes and based on a specific legal ground.
Policy makers: EU Member State officials, including PermReps and Council working groups, and officials of the EU institutions and agencies, such as the European Commission the European External Action Service, and the European Parliament, as well as members of technical committees at EU and national level involved in matters affecting our activities.
Name, organisation, job title, department, email address, postal address, professional telephone number (fixed and/or mobile), twitter handle, as well as appointments on files or affiliations to groups and committees relevant to our activities, for example if You are an MEP, political group and committee membership, role as rapporteur or shadow.
Conducting Red Cross EU Office advocacy and representation activities in the policy and programming fields We are involved in, including sending You our position papers and recommendations, emailing You with questions, sharing our perspective on policy and programming issues, inviting You to an event.
Legitimate interests – We believe that, as a membership office active in the humanitarian field, We have the legitimate interest to conduct our advocacy and representation activities on behalf of our members (as described in our Terms of Reference).
Partners and policy stakeholders, including journalists, CSOs and NGOs involved in the policy areas that We are active in.
Name, organisation, job title, professional email address, professional telephone number (fixed and/or mobile), and twitter handle.
Third party contractors/service providers.
Name, organisation, job title, email address, telephone number, bank account details.
Preparing, executing and terminating a contract We have with You.
Prior to conclusion of the contract – during the contract initiation phase – Personal Data is processed to prepare bids or purchase orders or to fulfill other requests that relate to the contract.
Performance of a contract
Individuals submitting a query via our website’s contact form.
Name, e-mail address and content of the query.
To manage and address queries submitted via the contact form.
When You register to our events, You will receive a specific privacy notice.
Change of purpose
We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your Personal Data for an unrelated purpose, We will notify You and We will explain the legal basis which allows us to do so.
Which third parties process your Personal Data? Do We share, disclose or transfer Personal Data?
We share your Personal Data with IT service providers.
Any such third-party service provider engaged by us is expected to comply with the requirements of the GDPR and this Notice. List of data processors:
- Google Analytics
- Google Suite
- Campaign Monitor
- Typi Design
When we transfer your Personal Data to third parties outside of the EEA and/or disclose your Personal Data to other recipients than those identified in this Notice, We comply with EU Privacy Law.
Your Personal Data are treated as confidential. We never pass on your contact details to third parties for commercial purposes. In order to safeguard your Personal Data from unauthorised access, collection use, disclosure copying, modification, disposal or similar risks, We have developed security measures that are appropriate on the technical and organisational levels to secure all storage and transmission of Personal Data by us, and disclosing Personal Data both internally and to our authorised third party service providers and agents only on a need-to-know basis. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, We strive to protect the security of your information and are constantly reviewing and enhancing our information security measures. We commit to taking appropriate disciplinary measures to enforce our staff's privacy responsibilities.
How long will We retain your Personal Data?
We store your Personal Data as long as it is necessary to perform the contract We have with You, or as long as You don't withdraw your consent or don't object to the Processing.
We undertake, absent of any Processing activities within a period of 24 months, to delete the Personal Data We hold on You. However, We may retain your Personal Data under EU or national laws. We may retain electronic copies of files containing Personal Data created pursuant to automatic archiving or back-up procedures which cannot reasonably be deleted. In these cases, We shall ensure that the Personal Data are not further actively processed.
“Cookies” and Internet tags
We process information about visits to our websites, the web pages visited, the date and time that you view our website and what you clicked on, your IP address, the geographical location from which you accessed our website based on your IP address, information about your computer or device (device and browser type), your computer’s language settings, whether you are a new or returning visitor, your screen resolution, service provider and downloads. Such information includes Personal Data. We use this information for internal purposes to compile aggregate statistical data about users' browsing actions and patterns and to estimate our audience size and usage patterns.
Your rights in connection with Personal Data
Under EU Privacy Law, You have the right to:
- Request access to your Personal Data. This enables You to receive a copy of the Personal Data We hold about You and to check that We are lawfully Processing it.
- Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
- Request erasure of your Personal Data. This enables You to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised your right to object to Processing (see below).
- Request the restriction of Processing of your Personal Data. This enables You to ask us to suspend the Processing of Personal Data about You, for example if You want us to establish its accuracy or the reason for Processing it.
- Request the transfer of your Personal Data to another party (right to data portability).
When You provided your consent to the collection, Processing and transfer of your Personal Data for a specific purpose, You have the right to withdraw your consent for that specific Processing at any time.
When We process your Personal Data based on our legitimate interest (or those of a third party), You have the right to object to such Processing.
To withdraw your consent, object to the Processing, exercise any of your rights as Data Subject, or make queries or complaints, please contact the person in charge of Personal Data at the Red Cross EU Office either via email: firstname.lastname@example.org, or by post to: Red Cross EU Office Director, Rue de Treves 59-61, 1040 Brussels, Belgium – subject to including a copy of an official form of identification. If You are dissatisfied with any aspect of our handling of your Personal Data, You have the right to make a complaint at any time to the relevant Supervisory Authority.
Changes to Notice
We may revise this Notice from time to time. Any revisions will be made available to You via our website (www.redcross.eu).
Our contact details
Red Cross EU Office
Rue de Trèves 59-61
Tel. +32 (0) 2 235 06 80
Fax. +32 (0) 2 230 54 64
In this Notice:
"EU Privacy Law" means the General Data Protection Regulation 2016/679 ("GDPR") and the Belgian national privacy laws, as amended from time to time.
"Data Subject" means an identified or identifiable individual.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data, manually or by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Supervisory Authority" means the Belgian Data Protection Authority or the relevant Data Protection Authority of the data subjects' habitual residence or place of work.
Last update: December 2019