The EPI Consortium and its members (the EPI) believe in respecting your privacy. We do not collect any personally identifiable data from visitors to this website other than when you subscribe to any of our services. The basis on which we collect such data and other relevant information are set out in our Data Privacy Notice below.
We explain below how we analyse data from this website. Any links to external sites are out of our control and we encourage you to always read the privacy statements on the other websites you visit.
Visits to our website
We use a third-party service, Ikoula, to host our website. The security of the website is protected by industry standard encryption processes (SSL encryption).
We have no legal means of finding out the identities of persons visiting our website and do not make any attempt to do so.
Cookie Use and Policy
We use a number of different cookies for various purposes, including enhancing website functionality, website analytics and marketing.
For example, we use Google Analytics to collect standard internet log information, details of visitor behaviour patterns and the number of visitors to the various parts of the site. This information is processed in such a way that we cannot identify a specific individual, i.e. there are no unique identifier cookies.
Full details of all the cookies we use can be found in our cookie tool, the link to which is displayed in the cookie bar. When you visit this website, you are directed to this cookie bar and asked to confirm your preferences. You are able to change your preferences at any time through this tool.
DATA PRIVACY NOTICE
The EU General Data Protection Regulation (GDPR), effective from 25 May 2018, gives individuals living in the European Union enhanced rights over the use of their personal data. Under the GDPR, we are required to give you certain information, including your rights when you provide us with your personal data.
If you subscribe to attend one of our conferences or other events, we will ask you for a minimal amount of personal data to enable us to process your booking, to keep you informed of any developments concerning your attendance at the conference or event and for administration purposes. Our legal basis for processing your personal data for these purposes is contractual (Article 6(1)(b) GDPR).
We retain third-party research services to identify appropriate persons at companies and other organisations who we feel, given their position and role, may be interested in, or benefit from, receiving details of our future conferences or other services. These researchers obtain the details of such persons from publicly-available information on the internet. The legal basis on which we process personal data and communicate with data subjects in these circumstances is our legitimate interests under Article 6(1)(f) of GDPR. In conducting our legitimate interests’ assessment, consideration was given to the following:
- The amount of personal data processed is minimal;
- The data is publicly available and is not sensitive in any way;
- The relationship is business to business and relevant to the job title;
- There is minimal privacy risk;
- There is no viable alternative means of communication;
- The processing is vital to our business operations;
- The data subjects are senior business people who would mostly be interested in the services we offer;
- There is a simple opt-out facility after you opted-in.
On balance, we concluded that the processing is justified as it is vital to our business interests while having a minimal impact on the rights and freedoms of data subjects.
The personal data you provide us with when subscribing for our services will be used only for the purposes of providing you with and improving those services. Some data elements, e.g. job titles and company names, may be aggregated on an anonymised basis for analytical and statistical purposes to enable us to improve our services.
Protection of your Personal Information
We take all reasonable care and apply necessary technical and organisational measures to protect your personal data. Where we employ data processors to process your data on our behalf, we ensure that the necessary contractual protections are in place.
We will not sell your personal data under any circumstances. We will not transfer your personal data to any third parties unless you have specifically consented to this under our marketing terms, other than to our data processors who will be contractually bound to process your data only in accordance with our instructions and to keep your data secure.
We do not ourselves transfer your personal data outside of the EU/EEA. However, certain of our data processors (e.g. Google Analytics) may do so and where this occurs, such transfer will only be to the USA and will fall under the Privacy Shield.
In accordance with the principle of minimising data retention, we will retain your personal data only for so long as is necessary for the purposes for which it was acquired, subject to legal and other relevant requirements, in accordance with our data retention policy, as follows:
- Data acquired for contractual purposes – 10 years
- Data acquired through marketing activities – 2 years since our last exchange
At the expiry of the relevant data protection period, personal data will be deleted or anonymised.
Your rights under the GDPR include the following:
- The right at any time to withdraw your consent to the processing of your personal data for marketing purposes.
- The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it.
- The right to have your personal data rectified in the event that it is inaccurate or incomplete.
- The right to request the erasure of your personal data (also called the right to be forgotten), subject to our retention policy.
- The right to restrict the processing of your personal data.
- The right to data portability (i.e. transfers of your personal data at your request to another organisation).
- The right to be informed of any automated profiling (We currently do not process your personal data in this manner).
Your rights above can be exercised free of charge by contacting us as described below.
In all cases, we will need to satisfy ourselves of your identity before we can action a subject access request under the GDPR. We will usually require proof of identity such as a passport or an ID card.
If you feel that any of your rights have been infringed, you have the right to lodge a complaint with the French Information Commissioner’s Office (www.cnil.fr).
HOW TO CONTACT US
If you have any queries about our website or about how we process data, you can contact us as follows:
The EPI Consortium
80 Quai Voltaire
95870 Bezons Cedex – France
Email address: firstname.lastname@example.org
Telephone No.: 00 33 6 88 70 70 24
17 January 2020