EuCham CEE (hereinafter called Organization) is an international NGO registered as association in EU (European Union).
Registered seat: Italy, 34170 Gorizia, Via Terza Armata 117/4. Registered on 10 May 2011, fiscal code 91034190313.
The Organization is committed to respect the privacy of its contacts and its members and describes hereunder its privacy practices.
The Organization informs the Participants registering to its events/activities (conferences, meetups, trainings, etc.) and its communication channels (newsletter, etc.) on the personal data managed, the principles and practice of such data management and the rights and remedies of the Participants and prospective members and partners in relation thereto.
Scope of the personal data, purpose of data management and duration
| Purpose | Data recorded | Duration | Note |
| Event organization | Name, email, phone number, workplace and position, billing data, events/activities/topics the Participant is interested in, events attended by the Participant. | Unless requested for erasure, up to five years. The Organization revises every three years if the managed personal data are necessary for the performance of its purpose. | |
| Newsletters and marketing materials to be sent by email or direct message in connection to events/activities | Name, email, phone number, workplace and position, billing data. | Unless requested for erasure, up to five years. The Organization revises every three years if the managed personal data are necessary for the performance of its purpose. | |
| Provision of marketing services to prospective members or partners who entered in contact with the Organization | Name, email, phone number, workplace and position, billing data, public social media links, websites connected. | Unless requested for erasure, up to five years. The Organization revises every three years if the managed personal data is necessary for the performance of its purpose. | Data may also be gathered through voluntary filling of forms and business card exchanges. |
| Contacting prospective members or partners with potential opportunities | Name, email, phone number, workplace and position, billing data, public social media links, websites connected. | Unless requested for erasure, up to five years. The Organization revises every three years if the managed personal data is necessary for the performance of its purpose. | Data gathered through publicly available contact information. |
The Organization will store the information of the Participants as long as they use its services or are members of the network and until five years after their last use of the services or the written termination of the membership.
Legal basis of the data management
The legal basis of the data management is the consent of the Participant as data subject under Regulation (EU) 2016/679 (GDPR – General Data Protection Regulation).
By registering to the events of the Organization and providing the data indicated in the Section 1 the Participants expressly consents to the management of their personal data in line with this policy.
Access to data, data transfer, security, and data processing
Only collaborators who need the information to perform specific actions are granted access to personally identifiable information.
Personal data may be transferred for purposes of contacting the Participants, invoicing, etc. to the nonprofit service company EuCham Nonprofit Ltd. (registered seat: Hungary, 1054 Budapest, Szabadság tér 7, tax no. 25330500-2-41).
Personal data of Participants are not transferred to other contracting parties or sponsors.
Personal data are stored in:
a) Google Drive (drive.google.com) with strong limitation to access and strict user authentication.
b) Tresorit (tresorit.com) encrypted cloud, with end-to-end encryption to protect personal data from exposure and unauthorized access. Tresorit doesn’t have access to the Organization’s encryption keys or to the personal data recorded in the files. Even if the servers of Tresorit were hacked, no one could read the personal data in the files. As a result, the 72-hours data breach notification requirement doesn’t apply. Data are stored in secure, EU-based data centers. Tresorit provides a Data Processing Agreement (DPA) with legally binding data protection guarantees, demonstrating the compliance to data protection authorities.
Precautions are taken to protect its information both online and offline. The servers on which personally identifiable information is stored are protected and kept ander secure environment.
Personal data is processed by automatized methods as well, using data processing services such as Mailchimp (mailchimp.com), Eventbrite (eventbrite.com), PayPal (paypal.com), Billingo (billingo.hu).
Service providers
The Organization may employ third-party companies and individuals due to the following reasons: to facilitate its Services; to provide Services on its behalf; to get assistance in analysing how its Services are used.
These service providers include: Microsoft, Google, Apple, Tresorit, Mailchimp, Dropbox, PayPal, etc. The Organization only chooses third-party companies that are GDPR compliant.
Cookies
The Organization does not collect cookies. If the registration for events or activities is done through the websites of some of the above mentioned online services, the Participant can get further information in their privacy policy.
Rights and remedies
The Participants may object to the management of its personal data even after providing them, may request the correction of the provided personal data, and may request further information on the management of their personal data. If a Participant requests deletion or correction of its personal data, the Organization will arrange, without delay, the deletion or correction of the personal data within the timeframe required by the regulation in force.
Before turning to the national or international authorities for data protection or filing a statement of claim before a court, the Participants are kindly asked to get in contact with the Organization in order to have their case examined and solved as soon as possible. For correction or deletion of your personal data, you can reach the Organization at the address indicated under “Contact details”.
Breach notification
In case of a breach the Organization will notify all data subjects that a security breach has occured within the given timeframe provided by the regulation in force on data protection, after first discoverage. The method to conduct these notifications include, but are not limited to, email, social media, public announcement and other partner channels.
Update
This policy is updated from time to time, especially in case of changes in EU law or national law. The latest version is available on this page and has been originally published on 20 May 2018, with a minor review on 24 Aug 2021. It is advised that you may review this page periodically for any changes. These changes are effective immediately, after they are posted here.
Contact details
Address: Italy, 34170 Gorizia, Via Terza Armata 117/4
Email: info@eucham.eu – Phone: +36 1 445 1055
Representative office: Hungary, 1134 Budapest, Váci út 47/E (WHITE HOUSE building, SPACES offices)
Responsible: its legal representative, in the person of its elected president. Currently: Mr Michele Orzan linkedin.com/in/orzan