This Policy explains:
- when and why we collect personal information about people we meet, have contractual relationships with, send marketing communications to and people who visit our website (eurojewcong.org);
- how we use this personal information, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed, so please check this page occasionally to ensure that you are happy with any changes.
Who Are We?
The European Jewish Congress is a not-for-profit organization. Based in Brussels, the European Jewish Congress is the representative umbrella organisation of national Jewish communities. It federates democratically elected national Jewish community organisations in over 40 European countries uniting 2.5 million Jews across the continent. The EJC was created to give a unified voice to Jewish communities around Europe, representing their common interests and concerns, but at the same time allowing smaller Jewish communities a wider platform to express their specific needs.
How do we collect personal data from you?
We obtain information about you when we meet, when we have contractual relationships with you, when you use our website, when you attend our events or if you register to receive our newsletter.
What type of personal data is collected from you?
We collect your personal information from various sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.
|Category||Types of personal data||Collected from|
|Billing Information (in particular with respect to our suppliers/consultants)||
|Browsing and Device Usage Information||
|Sensitive personal data||
What do we do with your personal data?
We process your personal data for a number of different purposes. We must always have a “lawful basis” (i.e. a reason, prescribed by law) for processing your personal data. The table below sets out the different purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.
|Purposes of processing||Your consent||To perform a contract with you||To comply with a legal obligation||For our legitimate interests|
|Responding to your enquiries||x||
|(It is important that we can respond to your enquiries)|
|Resolving any complaints from or disputes with you||
|(We need to be able to try and resolve any complaint or dispute you might raise with us)|
|Performing identity checks (including those against third party sources) for identity verification purposes||
|x||(We might need to verify the identities of people, also to provide access to buildings, for events, etc.)|
|Carrying out various tasks and services in connection with our organisation and for our members which may involve you (e.g. informing you about antisemitic incidents across Europe)||(We need to be able to carry out the tasks required in connection the provision of our services)|
|Sending you information about campaigns, appeals, or activities;||x||(To carry out the tasks required in connection the provision of our services)|
|Enrolment for and organisation of webinars, events, lectures, excursions, visits||x||x||(We need need to be able to carry out the tasks required in connection the provision of these services)|
|Obtaining services and assistance from suppliers and consultants with the performance of the services our organisation offers||x||(We need to be able to carry out the tasks required in connection the provision of our services)|
|Monitoring our systems and processes to identify, record, and prevent fraudulent activities||(We need to be able to monitor our systems in this way to help protect them, us and you from illegal activity)|
|To publish press releases or articles in newspapers/online||x||(To carry out the tasks required in connection the provision of our services)|
|Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law||x|
|Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws)||x|
|Purchasing, maintaining and claiming against our insurance policies||x||(It is in our interests to protect our business against specified losses)|
|Training our staff or consultants||x||(Sometimes, it is appropriate for us to use your personal information so that we can provide our staff/consultants with training to manage risk and improve the quality of our services)|
|Complying with instructions from our members in relation to their regulatory obligations||
|Obtaining legal advice, and establishing, defending and enforcing legal rights and obligations in connection with any legal proceedings (including prospective legal proceedings)||(We must be able to establish and defend legal rights and obligations, and seek legal advice in connection with them)|
|Maintaining the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same)||x||(We need to make sure our that our business processes are secure)|
Where we process your sensitive personal data, we treat such personal data with even more care than usual and in compliance with the additional legal requirements. For these categories of personal data, different lawful bases apply. We only process your Sensitive Personal Data with your consent or where it is necessary for reasons of substantial public interest.
Who do we share your personal data with?
Sometimes we share your personal data with third parties where permitted by law, including the following:
- other companies or organisations in our network;
- consultants, auditors, law firms or other professional advisers in order to provide our services;
- regulatory bodies, European institutions, national authorities;
- suppliers to assist with the services we provide (e.g. for catering, hotel services, venue booking, photographers, for organisation of transport, etc.)
- courts and other judicial bodies, where we are asked to respond to an order or other binding requests;
- third party service providers for IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, document and workflow management systems and other systems and applications;
- other third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf;
- to third parties where otherwise permitted or required by applicable law; and
- other third parties in connection with our legitimate business activities.
Unless you explicitly requested us to do so or if we are required to do so by law, we only disclose your personal data that is necessary for the purpose we disclose such personal data and we shall make sure to have agreements in place with our service providers which will restrict how they are able to process your personal data (e.g. not to use it for their own direct marketing purposes) and impose appropriate security standards on them.
It is possible that these organisations or authorities use your personal data as a “data controller”. In such case, they have their own responsibilities to comply with applicable data protection laws and they will have their own privacy notices which you might need to consult.
What rights you have over your personal data?
Depending on the circumstances, you may have the right to:
- access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipients to whom it is disclosed and the period for which it will be stored;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data;
- require us to restrict processing of your personal data;
- receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated; and
- object to a decision that we make which is based solely on automated processing of your personal data.
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, without this affecting the lawfulness of processing based on consent before its withdrawal.
Note that if you exercise one of the above rights, it might be possible that we are no longer able to provide you with the services we offer.
Please contact us by sending an e-mail to [email protected] or by completing our contact form if you would like to exercise any of your privacy rights.
You also have the right to lodge a complaint with the relevant Data Protection Authority.
Where we host your personal data?
Our hosting company is in the European Union and it is GDPR compliant.
Our newsletter services are hosted by Mailchimp, based in Atlanta, USA and is GDPR compliant. Any information is sent over SSL / HTTPS to ensure security.
How we protect your personal data?
We take the required steps to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage. Our server has malware protection mechanisms, internal reporting systems and an email notification system if any suspicious activity is detected. Moreover, we are entirely using SSL/HTTPS throughout all our sites. This encrypts our user communications with the servers so personal identifiable information is never captured by third parties without authorization.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and to use different secure passwords for any other online services you may use.
If a person tries to access the admin area of our site without having permission, then we keep his IP address in our logs. This suggests improper use and malignant effort and therefore we have the right to keep such logs and process them.
How long do we keep your personal data?
We only retain personal data for as long as necessary for the purposes for which we are processing it for. This will depend on a number of factors, including: (i) any laws or regulations that we are required to follow; (ii) whether we are in a legal or other type of dispute with each other or any third party; (iii) the type of information that we hold about you; and (iv) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
When we retain your personal data, we protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. After replying to your request, your data and email are deleted.
- Cookies and similar technologies
- Embedded content from other websites and links to other websites
Furthermore, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
- Children: 16 or Under
We are committed to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal data.
- Transferring your personal data outside of the EEA
For European Union (“EU”) citizens, as part of the services offered to you, the personal data which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if our servers or third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the EU. By submitting your personal data, you are agreeing to this transfer, storing or processing. If we transfer your personal data outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
- More information
If you are still looking for more information, then you can contact us at: [email protected]
Last updated on 1 September 2020