This privacy statement describes how the Charter collects and uses the personal information you provide, how we use it and how you can interact with us about it. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. The Charter is committed to protecting the privacy of users of its website and services, including any non-member visitors to the website and any queries members and non-members may submit to us via our contact points.
We try to keep this notice as simple and as clear as possible. To better inform you of our policy concerning user privacy, we have adopted the following terms, which adhere to the European Commission’s GDPR Policies.
Data Protection Person
The Information we Collect
Data Integrity; Use of the Information
Other Tracking Technologies and Automated-Decision Making Practices
Links to other Websites
Onward Transfer of Information & Charter Contact List
How long we Keep your Information
Your Consent; Opting Out
Subject Access Request Policy
Enforcement and Dispute Resolution
Data Breach Policy
Contact our Data Protection Person
Data Protection Person
Our Data Protection Person (DPP) oversees how we collect , use, share and protect your information to ensure your rights are fulfilled. You can contact our DPP at [email protected].
The Information we Collect
The personal information that the Charter collects will depend on how you are involved in the Charter.
- To enable your access to the Charter website, either as a visitor or non-member, the only information we collect is via a Visitor Counter to the website (at the Footer of the website). This counts; the number of daily visitors; cumulative weekly, monthly and total visits. Aside from this, the website has the facility to assess further visitor information, which consists of the country from which you have accessed the website only. No personal information is collected by these means. Other information, such as more detailed locational information or Internet Protocol (IP) Addresses are not collected.
- Should you email us an enquiry, we may collect your name, email address and possibly request your postal address and phone number for the purpose of assisting with your enquiry and / or for verification of your identity. As part of our response to your enquiry you may be asked to fill our GDPR Form. We will never collect your financial information, such as your credit card or bank details and there will be no third party involvement.
- In connection with your participation in Charter events, meetings, etc, where you either represent a visiting delegation or are a hosting member – and are a Charter member as a consequence – you will be presented with a GDPR Form at the time of Registration of the Meeting and a Charter Meeting Registration Form to complete. These will be presented to you when you arrive at your Host Municipality. We collect this information so that you may engage and participate in Charter Activities through the registration process by completing a Registration Form, which is required by the European Commission’s Citizenship Programme (through which the Charter operates). A Delegation Form will be completed between one and two months before the Charter Meeting. As a visiting delegate, your Municipality Communications Officer (or the person who acts as this in your Municipality) will complete this form with information about you as a Visiting Delegate.
The Delegation Form will ask for: your name; your age range; your sex; your mobile phone number; and any dietary, accessibility, health or allergy requirements you may have. This information is emailed to the Hosting Municipality. The purpose of this information is to help the Hosting Municipality arrange a host family for you, give them your information so that your visit as a delegate is harmonious for everyone including you and be able to directly contact your only when necessary, for example for your safety or well-being. The Delegate Form is sent to the Hosting Municipality’s person responsible – usually their Communications Officer – so they may organise the Meeting. After the Meeting the Hosting Communications Officer deletes this information as it is no longer required. Your own Municipality Communications Officer deletes their copy of this information after the Charter Meeting, but not before you have been paid the partial refund of your travel costs that you are entitled to.
Completing the GDPR Form enables you to participate in the Charter Activities. It informs you of what Personal Information we hold, how it is stored and why we hold it. It also informs you that the only Data or Personal Information we share of you, is any photographs or videos taken during the Charter Meetings. These images may be displayed on the Media Section of the Charter website (and from time to time may be placed in print or hard copy format). The purpose for retaining, displaying and reproducing any images is for Charter Reports, General Promotional Purposes and other Charter Booklets or publications. The GDPR Form is collected by the Hosting Communications Officer or the appointed person of the host municipality and sent by secure registered post to the Charter’s Data Protection Person (DPP). The DPP scans the forms and stores them digitally on a secure encrypted external hard drive. Each form is given a unique number and listed and held digitally on a different secure encrypted external hard drive and an encrypted computer. The list facilitates finding the correct reference number for each person and as a consequence the correct scanned form, so that should you at any time wish to opt out of the Charter and/or your information held by the Charter, this can be readily facilitated by easily locating your information and deleting it. Any such information about you held by the Charter can also be made available by this means to you at your request and within a reasonable period.
At no time is the meeting Registration Form information (which asks for your name, postal address, age, email address and contact number) ever shared with any third party other than the European Commission and only in order to fulfil our legal and financing obligations to the European Commission. The Charter will never contact you using the Registration Form, but there is a small possibility that the European Commission may contact you and only in order to verify you attended the Charter Meeting. We have written to the European Commission seeking their clarification for the necessity of the personal information they require and ask that this can be reduced. While we await their response, it is necessary that we continue to use this form in order to be in compliance with their rules and regulations that govern our activities. The Registration Form is collected by one appointed person of the host municipality – usually the Communications Officer – and sent by registered post to the European Commission.
We will always seek your permission to collect any personal information of you. In general, unless you provide us with personally identifiable information, you remain anonymous to us. If you attend a Charter Meeting, either as a Delegate or as a Hosting Member, your GDPR Consent Details and Media (photographs and/or video) will be retained, unless you opt out. The Registration Information shall be sent to the European Commission. All other non-photographic or video information created by you attending a Charter Meeting, will have strictly limited access and shall be deleted once the meeting concludes and travel payment has been made to you. You can opt out by emailing the DPP directly at [email protected].
The Charter does not knowingly collect Personally Identifiable Information (PII) from anyone under the age of 16. If it is discovered that we have collected PII from someone under 16 we promptly will delete that information.
Data Integrity; Use of Information
We use the personal information collected in ways that are compatible with the purposes for which it was intended to be used: to enable your participation in the Charter and use of the Charter Website and Charter services; to respond to your inquiries; for only essential system administration and support, for announcements; for sending newsletters. The Charter will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. If you wish to opt out of our use of your personally identifiable information email the Charter Data Protection Person at [email protected] and title the email with “Your Consent; Opting out” or “My Right to be Forgotten”.
Other Tracking Technologies and Automated-Decision Making Practises
As with most web sites, the Charter gathers certain information automatically and stores it in log files. The only information we collect is via a Visitor Counter to the website (at the Footer of the website). This counts the number of daily visitors; cumulative weekly, monthly and total visits. Aside from this, the website has the facility to assess further visitor information, which consists of the country from which you have accessed the website only. No personal information is collected by these means. Other information, such as more detailed locational information or Internet Protocol (IP) Addresses are not collected.
Through this policy, we will notify individuals of any future automated-decision making practices we may engage in regarding PII, including the logic involved and the significance of the decision as well as the consequences for you. We also will ensure that you may opt out of such automated-decision making practices.
Links to Other Websites
Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites. We do not share any personal information to other websites. From time to time, some websites may create link(s) to our website. Any such links can only access non-personal information.
Our Web site includes Social Media Features, such as the Facebook Like button. These Features may collect your IP address, but are subject to Facebook data protection and privacy policies. As an open social media platform, other persons and members of the public may post personal information for which we have no control. Should we observe personal information or images posted to either “People meet People” or “Meet Europe for Free” Facebook pages, which we deem is inappropriate or in breach of privacy policies, we will immediately remove this material without advance notice to the person responsible for making the post. We may further censure the person responsible. This statement is in good practise and does not obligate us to ensure all such third party postings are appropriate. Furthermore, in connection with postings you may make that are available to the general public on any Charter-related page on social networking sites, including but not limited to statements made on our Facebook Page (being “People meet People” and “Meet Europe for Free”), your name, statement, comment may be used in Facebook and newsletters.
Onward Transfer of Information and Charter Contact List
The Charter works with member municipalities to provide the expected services (Meetings, Activities, etc) for its users and members. Some of these functions require the collection of your personal information. These are described above under the heading of The Information the Charter Collects and how this information is used, stored and deleted. In order for the effective operating of the Charter, there is a Charter Contact List. Each Member Municipality is responsible for maintaining their relevant list of contacts up-to-date and to provide these updates to the Charter Data Protection Person at [email protected]. The Charter Contact List lists the person(s) appointed by each Municipality to receive Charter Information, disseminate Charter Information locally; and send Charter Information, either to the Presidium of the Charter, internal agent(s) of the Charter and appointed by the Presidium; or colleagues within other Municipalities and for Charter purposes only. At no time is it permitted to share these contact details with other persons external to the Charter or non—Charter purposes. Each Municipality is responsible for keeping their copy or copies of the Charter Contact List in a secure manner. Persons listed, with their contact details, in the Charter Contact List remain on the list as officially recognised communication and information points, within the Charter and on behalf of their municipality. Each municipality is responsible for maintaining their personnel contact list up-to-date and ensuring removal of out-of-date contacts.
The Charter will provide you all of your retained personal information provided on your request. This can be done by emailing [email protected] and title the email with “Request for my Information”.
How Long we Keep your Information
We keep your information while you are a member of the Charter. You become a member of the Charter by participating in our activities, Meetings, other events, submitting personal information to us on request, or by completing the GDPR Form. Personal Information is collected from time to time and in accordance with registering for our activities as a delegate or otherwise and disposed of in a secure manner when no longer required. Photographs and videos of Charter activities may hold your image and remain as part of the Charter archive, unless you request otherwise. Persons listed, with their contact details, in the Charter Contact List remain on the list as officially recognised communication and information points, within the Charter and on behalf of their municipality. Each municipality is responsible for maintaining their personnel contact list up-to-date and ensuring removal of out-of-date contacts.
We protect your personal information from unauthorised access and disclosure through the use of passwords, physical security measures, managerial measures, individual access, and data encryption. We nonetheless recognise that third parties may obtain access to information through unlawful actions, and thus do not promise that your information always will remain private, despite our efforts and the importance we place on maintaining your privacy. In addition, we do not claim any responsibility for information collected by or from websites linking to or from the Charter Website.
In the event that we discover or are notified of a security breach where personal information is at risk, we will notify you electronically if we have your email address. If you do not wish to be notified via email in the event of a breach, please contact us at [email protected].
We will retain your personal information for as long as you are active in or with the Charter. If you wish to cancel your participation or being a member of the Charter or request that we no longer use or hold your information contact us at [email protected]. We will retain and use your information as necessary to comply with our obligations to you (legal or otherwise), maintain our agreements, or provide necessary required information only to the European Commission.
We do not display or use testimonials – personal or otherwise – on our website.
Subject Access Request Policy
You have a right, under the General Data Protection Regulation, to access the personal data we hold on you. To do so, you should make a subject access request, and this policy sets out how you should make a request, and our actions upon receiving the request.
“Personal data” is any information relating to an identifiable person who can be directly or indirectly identified, in particular, by reference to an identifier, including your name.
“Special categories of personal data” includes information relating to:
- ethnic origin
- trade union membership
- biometrics (where used for ID purposes)
- sex life or
- sexual orientation.
MAKING A REQUEST
Although subject access requests may be made verbally, we would advise that a request may be dealt with more efficiently and effectively if it is made in writing. Requests that are made directly by you should be accompanied by evidence of your identity. If this is not provided, we may contact you to ask that such evidence be forwarded before we comply with the request.
Requests made in relation to your data from a third party should be accompanied by evidence that the third party is able to act on your behalf. If this is not provided, we may contact the third party to ask that such evidence be forwarded before we comply with the request.
Usually, we will comply with your request without delay and at the latest within one month. Where requests are complex or numerous, we may contact you to inform you that an extension of time is required. The maximum extension period is two months.
We will normally comply with your request at no cost. However, if the request is manifestly unfounded or excessive, or if it is repetitive, we may contact you requesting a fee. This fee must be paid in order for us to comply with the request. The fee will be determined at the relevant time and will be set at a level which is reasonable in the circumstances.
In addition, we may also charge a reasonable fee if you request further copies of the same information.
INFORMATION YOU WILL RECEIVE
When you make a subject access request, you will be informed of:
- whether or not your data is processed and the reasons for the processing of your data;
- the categories of personal data concerning you;
- where your data has been collected from if it was not collected from you;
- anyone who your personal data has been disclosed to or will be disclosed to, including anyone outside of the EEA and the safeguards utilised to ensure data security;
- how long your data is kept for;
- your rights in relation to data rectification, erasure, restriction of and objection to processing;
- your right to complain to the Office of the Data Protection Commissioner if you are of the opinion that your rights have been infringed;
- the reasoning behind any automated decisions taken about you.
Enforcement and Dispute Resolution
CIRCUMSTANCES IN WHICH YOUR REQUEST MAY BE REFUSED
We may refuse to deal with your subject access request if it is manifestly unfounded or excessive, or if it is repetitive. Where it is our decision to refuse your request, we will contact you without undue delay, and at the latest within one month of receipt, to inform you of this and to provide an explanation. You may appeal the decision to:
Obere Hauptstrasse 4,
You will be informed of your right to complain to the Office of the Data Protection Commissioner and to a judicial remedy.
We may also refuse to deal with your request, or part of it, because of the types of information requested. For example, information which is subject to legal privilege or relates to management planning is not required to be disclosed. Where this is the case, we will inform you that your request cannot be complied with and an explanation of the reason will be provided.
If you have an unresolved privacy or data concern that we have not addressed satisfactorily, please contact us. If you remain unsatisfied, European Union data subjects may seek an administrative or judicial remedy or to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Information on how to file such a complaint is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
As a not-for-profit organisation, we subject ourselves in the Charter to the Implementation of Privacy to the Highest Practicable Standards and maintain a reasonable duty of care to all those impacted by our activities. We agree to adhere to the EU GDPR in recognition of their importance in ensuring the protection of user information.