The European Jewish Congress’ Privacy Policy

The European Jewish Congress (hereinafter referred to as “EJC”, “we”, “our” and “us”) is committed to protecting and respecting the privacy of our online and offline followers, consultants, suppliers and contacts, including members, online users, event attendees and visitors. EJC operates in accordance with the following privacy policy (“Policy”).

This Policy explains:

  • when and why we collect personal information about people we meet, have contractual relationships with, send marketing communications to and people who visit our website (eurojewcong.org);
  • how we use this personal information, the conditions under which we may disclose it to others and how we keep it secure.

For the purposes of the processing activities set out in this General Privacy Policy, EJC is a “controller” in relation to its use of your personal data. This is a legal term – it means that we make decisions about how and why we use your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws, in particular with the provisions of the General Data Protection Regulation (“GDPR”) and the Belgian Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data. In this General Privacy Policy, reference to “personal data”, means any information that relates to an identifiable natural person. The term “process” means any activity relating to personal data, including, by way of example, the collection, storage, use, consultation, and transmission to such data.

We may change this Policy from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed, so please check this page occasionally to ensure that you are happy with any changes.

By using our website, you are agreeing to be bound by this Privacy Policy. If you do not agree with any of these terms, we urge you not to make use or access our website.

  1. Who Are We?

The European Jewish Congress is a not-for-profit organization. Based in Brussels, the European Jewish Congress is the representative umbrella organisation of national Jewish communities. It federates democratically elected national Jewish community organisations in over 40 European countries uniting 2.5 million Jews across the continent. The EJC was created to give a unified voice to Jewish communities around Europe, representing their common interests and concerns, but at the same time allowing smaller Jewish communities a wider platform to express their specific needs.

  1. How do we collect personal data from you?

We obtain information about you when we meet, when we have contractual relationships with you, when you use our website, when you attend our events or if you register to receive our newsletter.

  1. What type of personal data is collected from you?

We collect your personal information from various sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.

Category Types of personal data Collected from
Contact information
  • Name
  • Address
  • Telephone number
  • Organisation details (e.g. your place of work, job title, studies, previous work experiences and organisation contact information)
  • Language
  • You
  • Publicly available resources (e.g. from LinkedIn, Instagram, Twitter)
Identity information
  • Date of birth, Place of birth
  • Identification information (e.g. ID-card, passport)
  • Signature
  • Gender
  • Pictures
  • Flight and booking information (for events)
  • Your credit card details
  • You
Billing Information (in particular with respect to our suppliers/consultants)
  • Details relating to your enquiries
  • Information about other people (e.g. our/your personnel) that you share with us in connection with your matters
  • Information you provide to us when you come to our office (e.g. for a meeting)
  • User IDs and passwords used by you when making use of our IT system
  • Your billing, payment and banking details
  • You
  • Other third parties working on your matters
Marketing Preferences
  • Area interests
  • Marketing communications preferences
  • You
  • Publicly available information from online resources such as LinkedIn
Browsing and Device Usage Information
  • Information automatically generated through your use of our website
  • IP address
  • Information revealing the location of your electronic device
  • You and your use of our website
Sensitive personal data
  • Information when you attend an event (e.g. food allergies); information necessary to provide hospitality services
  • Religious or philosophical beliefs
  • Data concerning health
  • Data consisting of ethnic origin in line with the purpose of our organisation
  • You (with your consent only or where it is necessary for reasons of substantial public interest)

 

 

  1. What do we do with your personal data?

We process your personal data for a number of different purposes. We must always have a “lawful basis” (i.e. a reason, prescribed by law) for processing your personal data. The table below sets out the different purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.

  Lawful basis
Purposes of processing Your consent To perform a contract with you To comply with a legal obligation For our legitimate interests
Responding to your enquiries   x

x

(It is important that we can respond to your enquiries)
Resolving any complaints from or disputes with you    

x

(We need to be able to try and resolve any complaint or dispute you might raise with us)
Performing identity checks (including those against third party sources) for identity verification purposes

x

  x (We might need to verify the identities of people, also to provide access to buildings, for events, etc.)
Carrying out various tasks and services in connection with our organisation and for our members which may involve you (e.g. informing you about antisemitic incidents across Europe)       (We need to be able to carry out the tasks required in connection the provision of our services)
Sending you information about campaigns, appeals, or activities; x      (To carry out the tasks required in connection the provision of our services)
Enrolment for and organisation of webinars, events, lectures, excursions, visits x x    (We need need to be able to carry out the tasks required in connection the provision of these services)
Obtaining services and assistance from suppliers and consultants with the performance of the services our organisation offers   x    (We need to be able to carry out the tasks required in connection the provision of our services)
Monitoring our systems and processes to identify, record, and prevent fraudulent activities       (We need to be able to monitor our systems in this way to help protect them, us and you from illegal activity)
To publish press releases or articles in newspapers/online x      (To carry out the tasks required in connection the provision of our services)
Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law     x  
Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws)     x  
Purchasing, maintaining and claiming against our insurance policies     x (It is in our interests to protect our business against specified losses)
Training our staff or consultants     x (Sometimes, it is appropriate for us to use your personal information so that we can provide our staff/consultants with training to manage risk and improve the quality of our services)
Complying with instructions from our members in relation to their regulatory obligations      

x

Obtaining legal advice, and establishing, defending and enforcing legal rights and obligations in connection with any legal proceedings (including prospective legal proceedings)       (We must be able to establish and defend legal rights and obligations, and seek legal advice in connection with them)
Maintaining the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same)   x   (We need to make sure our that our business processes are secure)

 

Where we process your sensitive personal data, we treat such personal data with even more care than usual and in compliance with the additional legal requirements. For these categories of personal data, different lawful bases apply. We only process your Sensitive Personal Data with your consent or where it is necessary for reasons of substantial public interest.

  1. Who do we share your personal data with?

Sometimes we share your personal data with third parties where permitted by law, including the following:

  • other companies or organisations in our network;
  • consultants, auditors, law firms or other professional advisers in order to provide our services;
  • regulatory bodies, European institutions, national authorities;
  • suppliers to assist with the services we provide (e.g. for catering, hotel services, venue booking, photographers, for organisation of transport, etc.)
  • courts and other judicial bodies, where we are asked to respond to an order or other binding requests;
  • third party service providers for IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, document and workflow management systems and other systems and applications;
  • other third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf;
  • to third parties where otherwise permitted or required by applicable law; and
  • other third parties in connection with our legitimate business activities.

Unless you explicitly requested us to do so or if we are required to do so by law, we only disclose your personal data that is necessary for the purpose we disclose such personal data and we shall make sure to have agreements in place with our service providers which will restrict how they are able to process your personal data (e.g. not to use it for their own direct marketing purposes)  and impose appropriate security standards on them.

It is possible that these organisations or authorities use your personal data as a “data controller”. In such case, they have their own responsibilities to comply with applicable data protection laws and they will have their own privacy notices which you might need to consult.

  1. What rights you have over your personal data?

Depending on the circumstances, you may have the right to:

  • access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipients to whom it is disclosed and the period for which it will be stored;
  • require us to correct any inaccuracies in your personal data without undue delay;
  • require us to erase your personal data;
  • require us to restrict processing of your personal data;
  • receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated; and
  • object to a decision that we make which is based solely on automated processing of your personal data.

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, without this affecting the lawfulness of processing based on consent before its withdrawal.

Note that if you exercise one of the above rights, it might be possible that we are no longer able to provide you with the services we offer.

Please contact us by sending an e-mail to [email protected] or by completing our contact form if you would like to exercise any of your privacy rights.

You also have the right to lodge a complaint with the relevant Data Protection Authority.

  1. Where we host your personal data?

Our hosting company is in the European Union and it is GDPR compliant.
Our newsletter services are hosted by Mailchimp, based in Atlanta, USA and is GDPR compliant. Any information is sent over SSL / HTTPS to ensure security.

  1. How we protect your personal data?

We take the required steps to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage. Our server has malware protection mechanisms, internal reporting systems and an email notification system if any suspicious activity is detected. Moreover, we are entirely using SSL/HTTPS throughout all our sites. This encrypts our user communications with the servers so personal identifiable information is never captured by third parties without authorization.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and to use different secure passwords for any other online services you may use.

If a person tries to access the admin area of our site without having permission, then we keep his IP address in our logs. This suggests improper use and malignant effort and therefore we have the right to keep such logs and process them.

  1. How long do we keep your personal data?

We only retain personal data for as long as necessary for the purposes for which we are processing it for. This will depend on a number of factors, including: (i) any laws or regulations that we are required to follow; (ii) whether we are in a legal or other type of dispute with each other or any third party; (iii) the type of information that we hold about you; and (iv) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

When we retain your personal data, we protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. After replying to your request, your data and email are deleted.

  • Newsletter

By registering to our newsletter, you agree to share your email address to our newsletter provider, Mailchimp (based in Atlanta, USA). We use a two-factor authentication, so after submitting your email, you will receive a validation email. Only if you accept that email you will be registered in our newsletter. The newsletters we send are mainly about our news and we do not advertise other companies or products. You may update your personal information or unsubscribe at any time, by following the respective links that you can find at the bottom of all newsletters that you receive by us. Alternatively, you may contact us to update or delete your email. The EJC is the only one to have access to this information. For more information about Mailchimp, you may refer to its privacy policy. Should you choose to unsubscribe from our newsletter, you will no longer receive emails by us.

  • Cookies and similar technologies

For more information regarding how we use cookies and similar technologies in connection with your use of our platforms, please read our Cookies Policy.

  • Embedded content from other websites and links to other websites

Articles on our website or other of our social media (e.g. Twitter, Instagram) may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

In addition, our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

Furthermore, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

  • Children: 16 or Under

We are committed to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal data.

  • Transferring your personal data outside of the EEA

For European Union (“EU”) citizens, as part of the services offered to you, the personal data which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if our servers or third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the EU. By submitting your personal data, you are agreeing to this transfer, storing or processing. If we transfer your personal data outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

  • More information

If you are still looking for more information, then you can contact us at: [email protected]

Last updated on 1 September 2020