EUROAVIA Data Protection Policy
EUROAVIA is committed to protecting its members’, partners’ and visitors’ privacy and takes its responsibility regarding the security of their information very seriously. It will be clear and transparent about the information it is collecting and what it will do with that information.
This data protection policy ensures EUROAVIA:
- Complies with data protection laws and follow good practice;
- Protects the rights of members, partners and visitors;
- Is open about what personal data collects and processes about them in connection with their relationship with the association;
- Is open about how it stores and processes individuals’ data;
- Protects itself from risks of a data breach.
All personal data is collected and processed in accordance with the EU General Data Protection Regulation 2016/679 (GDPR).
EUROAVIA respects the right of its users to be informed with regard to the collection and other processing operations concerning their personal data. In processing the data, it may, directly or indirectly, identify you.
However, the use of your personal data is kept to a minimum and so that your data is not processed when the purposes sought in the individual cases may be achieved through the use of anonymous data or through other methods, which allow the interested party to be identified only when necessary. The decisions concerning the purposes, terms for processing your personal data, and the instruments used, including the safety profile, are the responsibility of the EUROAVIA International Board, data controller of the personal data of EUROAVIA members.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The data protection act is underpinned by eight important principles. They say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European economic area (EEA), unless that country or territory also ensures an adequate level of protection.
This policy applies to:
- The International Board of EUROAVIA
- All Working Groups of EUROAVIA
- All members of EUROAVIA
- All contractors, suppliers and other people working with or in behalf of EUROAVIA.
EUROAVIA’s International Board is the data controller of all personal information that is collected and used. For exclusively organizational and functional requirements, the International Board of EUROAVIA has appointed some data processors to process the personal data of users for purposes that are strictly connected and related to the provision of services on EUROAVIA platforms.
Personal data means any information relating to you which allows EUROAVIA to identify you, such as your name, contact details and information about your access to our website.
Specifically, EUROAVIA may collect the following categories of information:
- Name, mail address, e-mail address, telephone number;
- Nationality, date of birth, gender;
- Passport or ID number, expiry date and country of issue;
- Dietary requirements;
- Information about your use of EUROAVIA’s website and/or App;
- The communications you exchange with EUROAVIA and its members via letters, emails, chat service, calls, and social media.
Processors sort and monitor the personal data of users of EUROAVIA platforms according to the instructions provided by EUROAVIA. It is periodically verified that processors have completely fulfilled the tasks assigned to them and that they are continuing to provide suitable assurance of full compliance with the provisions of personal data protection.
A complete list of the processors handling your data is given below:
Affiliated Societies Working group (AS WG)
The AS WG collects, processes and temporary stores personal data, included in the category a, of EUROAVIA (prospective) local board members to contact them, schedule meetings and carry on the working group’s goals.
Communication Working Group (CM WG)
The CM WG collects, processes and temporary stores personal data included in the categories a, e and f:
- To send the EUROAVIA Newsletter via email;
- As part of the processes of purchasing the EUROAVIA, via email and mail;
- For specific posts to be published in the EUROAVIA social media.
Company Relations Working Group (CR WG)
The CR WG collects, processes and temporary stores contact info of companies that may be potential EUROAVIA sponsors or partners.
Design Working Group (DN WG)
The DN WG collects, processes and temporary stores contact info, included in the categories a, e and f, for ordering and purchasing promotional material, brochures and merchandise of EUROAVIA.
EUROAVIA Training System Working Group (ETS WG)
The ETS WG collects, processes and temporary stores data, included in the category a, of internal and external trainers for communication purposes.
It may also temporary collect and process personal data of (prospective) participants of training events such as Formation Workshops and Train New Trainers.
Human Resources Working Group (HR WG)
The HRWG collects and processes personal data, included in the categories a, e and f, of (prospective) working groups members for contacting them and training purposes.
Innovation and Development Working Group (ID WG)
The ID WG may collect and process personal data, included in the categories a, b and c, of people that take part to challenges, design workshops and other events organised by EUROAVIA. Moreover, it can discloser the aforementioned data to third parties that are co-organising the events people are participating in.
International Events Working Group (IE WG)
The IE WG collects, processes and temporary stores personal data, included in the category a, of EUROAVIAns attending international events to improve the association’s performances. Moreover, it may give these data to the HR WG for sending them opportunities that may arise within the association.
Information Technology Working Group (IT WG)
The IT WG collects and processes personal data, included in the categories a, b, c, d, e and f:
- As part of the website registration processes through the respective registration form in order to provide you with access services to restricted areas and services of EUROAVIA;
- within the context of the request for technical assistance through Helpdesk to provide you with information regarding issues and help you regarding the IT services;
- To ensure an efficient communication and provide the best opportunities to EUROAVIAns through the development of a database.
Statutes and Bylaws Working Group (SB WG)
The SB WG may collect and process data, included in the categories a, b and c, of EUROAVIA members for grants application purposes and it may share these data with the European Union for the aforementioned reasons or others related with that one.
Your personal data may also be used in other processing operations, however, under terms that are compatible with these purposes.
Your personal data is primarily processed electronically and, in some cases, even in paper format.
Your personal data will be kept in a form that allows you to be identified for the time strictly necessary for the purposes for which the data was collected and subsequently processed and, in any case, within the legal limits.
To ensure that your personal data is always accurate and up-to-date, EUROAVIA asks that you please update it within the login section in the website, by contacting the specific data processor or the data controller.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
EUROAVIA, upon your express consent, processes your personal data for statistical analyses aimed, for example, at:
- Revealing the degree of satisfaction with the services offered;
- Improving the association by yours advises and inputs;
- Knowing the gender distribution amongst the association.
This activity occurs through emails.
The purposes for which your personal data is processed will nevertheless be specifically noted, in each instance, in the text of the notice presented to the user on the page or email where the personal data is requested.
4. Data Protection Officer
The International Board of EUROAVIA shall at the beginning of the business year appoints a Data Protection Officer (DPO) to oversee compliance with this policy.
The International Board, the EUROAVIA Woking Groups and the Local Groups directly collect personal data and other information from users as part of the online or paper based registration process for becoming member of EUROAVIA, by filling in forms for specific purposes, like ordering products or applying for a EUROAVIA international event.
The data processers reserves the right to eliminate the accounts of registered users and all of the relative data, in the event that it is determined to contain unlawful information that is detrimental to the image of EUROAVIA, or in any event content that is offensive or that promotes illegal or defamatory activity, pornographic content, that incites violence, that promotes discrimination in relation to race, sex, religion or sexual orientation.
Providing your personal data is necessary to become a member of EUROAVIA, to participate at international events, to purchase orders and to allow EUROAVIA provides with other services.
Any refusal to provide the data necessary for such purposes could result in it being impossible to provide services available on the EUROAVIA network, moreover, to properly fulfil the legal and regulatory obligations.
Depending on the case and, where necessary, in each instance, the EUROAVIA processors will duly inform you of whether it is mandatory or optional to provide your personal data. They will specify whether it is mandatory or optional to provide your data by affixing an (*) to information that is mandatory.
- The personal data of members should never be disclosed to any third parties or other members of EUROAVIA, except for the International Board and Working Group designated to manage them. These bodies will process your personal data exclusively for the purposes indicated in this policy and, in any case, in accordance with the legal limits and consent provided by you. Data shall not be disclosed, assigned, or in any other manner transferred to other third parties unless the members have been previously informed and, upon their consent, when this has been required by law.
In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, EUROAVIA will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the International Board where necessary.
EUROAVIA may publish and provide cumulative statistics created through the data to third parties.
Your personal data will not be transferred abroad to countries other than those belonging to the European Union and EUROAVIA network, which do not provide adequate levels of personal protection.
This policy helps to protect EUROAVIA from some data security risks, including:
- Breaches of confidentiality. For instance, information being given out inappropriately.
- Failing to offer choice. All individuals should be free to choose how the association uses data relating to them.
- Reputational damage. The association could suffer if hackers successfully gained access to sensitive data.
EUROAVIA adopts technical and organizational security measures to adequately protect customers data from unauthorised access. Moreover, to ensure the security of data processing carried out within the association, in some areas EUROAVIA uses an encrypted procedure. The information provided by the user is transmitted in an encrypted form by SSL (Secure Socket Layer) protocol to prevent data misuse by third parties.
EUROAVIA has adopted safety measures to reduce the risk of data destruction and loss, nevertheless, it cannot guarantee to its users that the measures adopted for the security of the website, database, Office365 and transmission of data and information on all its platforms limit or exclude all risk of access without consent or dissemination of data. EUROAVIA advises you to make sure that your computer is equipped with the appropriate software to protect from transmission to data networks, both incoming and outgoing (such as up-to-date antivirus systems) and that your Internet services provider has adopted suitable measures for safely transmitting data onto the network (such as, for example, firewalls and anti-spam filters).
Under certain circumstances, by law you have the right to:
- Request information about whether EUROAVIA holds personal information about you, and, if so, what that information is and why it is holding/using it;
- Request access to your personal information. This enables you to receive a copy of the personal information EUROAVIA holds about you and to check that it is lawfully processing it;
- Request correction of the personal information that EUROAVIA holds about you. This enables you to have any incomplete or inaccurate information EUROAVIA holds about you corrected;
- Request erasure of your personal information. This enables you to ask EUROAVIA to delete or remove personal information where there is no good reason for it continuing to process it. You also have the right to ask EUROAVIA to delete or remove your personal information where you have exercised your right to object to processing (see below);
- Object to processing of your personal information where EUROAVIA is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
- Request the restriction of processing of your personal information. This enables you to ask EUROAVIA to suspend the processing of personal information about you, for example if you want EUROAVIA to establish its accuracy or the reason for processing it;
- Request transfer of your personal information in an electronic and structured form to you or to another party. This enables you to take your data from EUROAVIA in an electronically useable format and to be able to transfer your data to another party in an electronically useable format;
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once EUROAVIA has received notification that you have withdrawn your consent, EUROAVIA will no longer process your information for the purpose or purposes you originally agreed to, unless it has another legitimate basis for doing so in law.