PRIVACY STATEMENT – PCO / ESVD
We are Pauwels Congress Organisers B.V. (‘PCO’), a Dutch company that provides services. We operate within the European Economic Area (EEA) and we store our data on servers within the EEA, unless indicated otherwise. We process your personal data if you use our services, applications, websites, and software. Examples of our services include registrations for conferences and related administration and invoicing, and memberships of associations and related administration. We call this the ‘Service’. In this privacy statement we summarize when and how we collate, use, and secure your personal data.
We may decide to change provisions of this privacy statement. If so, we will notify you. Nevertheless, we recommend that you check this privacy statement from time to time yourself for any change that may have been made.
3. What personal data do we collate?
There are a number of ways in which we can collate your personal data. In this section we explain what personal data concerning you we can collate. The personal data is sorted according to the various purposes for processing it. For each purposes there is a time limit for how long the personal data will be stored. Personal data that we collate ourselves, or that you supply directly to us
3.1 Processing for which there is a statutory basis
1. Administrative obligations: we store this personal data for a maximum period of 10 years
• VAT number
• invoicing data
We can share this personal data with our accountant in order to meet our statutory obligations. If you wish to use our Service, you are required to supply this personal data to us, because we need it in order to comply with our statutory obligations.
3.2 Processing necessary for performing the contract between you and PCO / ESVD (a contract for the supply of the Service).
1. General: we store the following personal data for a maximum period of 2 years following the end of the contract
• private and/or business e-mail address (e.g. so we can contact you about the Service)
• telephone number (work and private)
• job title
• company name
• date of birth (if you wish to participate in competitions)
• dietary requirements
• registration number
• BIG registration number
• other association membership numbers
• amounts of payments made
• bank account number (in the case of use of a bank account)
• all other personal data supplied to us in the context of our Service
• other personal data you supply us when you contact PCO / ESVD.
It is possible that your name may be stored in Dropbox. Dropbox stores its data in the United States. If you wish to use our Service, we require you to supply this personal data, because we need it to be able to provide you with the Service.
To be able to provide our Service we may share the above data with the following parties who function independently as controller:
• hotels and booking agencies; (names and addresses, e-mail addresses)
• caterers; (name and any dietary requirements)
• stand construction companies (only if you are a conference sponsor); (names and addresses, e-mail addresses and telephone numbers, VAT number)
• publishers of (academic) journals; (names and addresses, e-mail addresses and telephone numbers)
• our client, the party that organizes the conference, (names and addresses, membership number, registration number);
• our accountant (names and addresses, VAT number, payments made and receivable); and
• PE online (BIG registration number)
3.3 Processing beneficial to our legitimate interests
1. To improve our service: we store the following personal data for a maximum period of 2 years
• online/cookie identification number
• IP address
• your use of our website
• data concerning the device you use to visit our website
• e-mail address
• (other) information filled in on the evaluation form
2. Preserving the security of the Service: we store the following personal data for a maximum period of 6 months
• user name and password
• IP address
• device ID
• user ID
• operating system
• time, date, and place of login
3. To be able to inform you about our other services (if you have purchased a paid Service from us): we store the following personal data until you inform us that you no longer wish to receive marketing information
• e-mail address
4. If you apply to work for us: we store the following personal data for 4 weeks following the end of the recruitment process, or for 1 year if you consent to this
• e-mail address
• telephone number
• CV (including any photo)
• supporting letter
5. Photos and videos (of events): we store the following personal data for as long as this is relevant to the purposes indicated in advance or until you inform us that you do not wish for your photo to be processed any further
We process this personal data on the basis of a balancing of interests. If you do not wish to provide the data specified under 3.3.1 or 3.3.2, then we ask you to inform us of this and explain why. We will take account of this explanation and look again at the balance of interests. If after this new balancing of interests we conclude that we still need to you supply your personal data then you will not be able to use our Service if you continue to refuse to supply this personal data. You can find more information about your rights below under the heading ‘Your rights’. You can exclude yourself from the processing described under 3.3.3 by following the instructions for unsubscribing including with every marketing e-mail. If you unsubscribe, then this has no consequences for our ability to send you important e-mails about the Service and your account, or for our use of your personal data in the manner described in this privacy statement.
3.4 Processing with your consent, for a period of 2 years following the end of the contract
1. To inform you (at your request) about the Service you are interested in or other services we provide: we store the following personal data until you inform us that you no longer wish to receive marketing information
• telephone number
• e-mail address
2. To respond to your request and answer your questions: we store the following personal data for a maximum period of 2 months after your request or question has been dealt with
• e-mail address
• telephone number
• other personal data that you supply us when you contact PCO / ESVD
Photos and videos could be processed in the United States by, for example, Google’s YouTube or Google). We will only permit this data to be processed in the United States once we have received assurance that the parties with which we collaborate comply with the GDPR and have taken adequate security measures. You are not obliged to provide us with this personal data. If you do not wish to provide it to us, this will not adversely affect your use of the Service, which you can continue to use as normal. We only process this personal data if and when you have actually consented to this or have supplied us with this personal data yourself.
4. Sharing personal data
We do not sell or market your personal data to others, unless we indicate otherwise in this privacy statement.
4.1 Sharing with processors
We may ask others to assist us supply the Service. It may be that these third parties, referred to below as the ‘Processor’ process your personal data. We enter into processor agreements with these Processors. We engage the following types of Processors:
• storage of (personal) data and database management and maintenance (Dropbox);
• research bureaus and analytical software for improving our service (such as a privacy-friendly setting of Google Analytics which does not involve the sharing of any personal data with Google);
• administrators of evaluation forms;
• software for file transfer (WeTransfer);
• app developers;
• hosting provider(s); and
• video managers and video storage (YouTube).
In some cases the Processor may collate your personal data on our behalf. We inform Processors that they may only use personal data obtained from us in order to enable the supply of the Service. Processors may not use this data for advertising purposes. If you yourself provide additional information to these Processors yourself, then we are not responsible for this. We recommend that you obtain adequate information about the Processor and its business yourself, before you supply any personal data.
4.2 Sharing data with your consent
We may also share your personal data with others if you allow us to do this. We may collaborate with other parties, for example, to be able to provide you with specific services or promotions. If you register for these services or promotions, then we can supply your name or contact details if these are necessary to provide this service or to contact you.
4.3 Our statutory liability
We may share your personal data with third parties if this is:
1. reasonably necessary or appropriate to comply with any statutory obligations;
2. necessary to comply with statutory requests from authorities;
3. necessary to respond to any claims;
4. necessary to protect the rights, property or security of ourselves, our employees, or the public;
5. necessary to protect ourselves and our users against fraudulent, offensive, inappropriate, or unlawful use of the Service.
We will notify you immediately if any government body makes a request that relates to your personal data, unless any law prohibits us from doing so.
4.4 Merger or sale of the business or part thereof
In some circumstances we may publish, share, or transfer your personal data if we assign any part of our business. Examples would include a merger, negotiations for a merger, the sale of parts of the business or the acquiring of financing. We will of course try to limit the impact of this on you as far as possible by only transferring such personal data as is necessary.
5. Protection of personal data
It is important for us that we take care in the processing and security of your personal data. We have therefore taken appropriate technical and organizational security measures in order to secure your personal data. The measures we have taken include:
• physical and electronic measures designed to prevent as far as possible unauthorized access, loss or misuse of personal data;
• the encryption of sensitive information or personal data transmitted to or by us, such as account passwords and other identifiable information;
• where reasonably possible, making back-ups of personal data;
• the storage of sensitive information in encrypted form if this is possible and the database is not externally accessible;
• vulnerabilities in the software will be resolved as soon as reasonably possible, and servers and software will receive frequent security updates;
• our online environment will undergo penetration tests at regular intervals.
We would like to point out that it is not possible to guarantee at all times the absolute security of personal data that is sent via the internet or stored.
6. Links to third-party sites
7. Your rights
You can access, update, rectify, or erase the personal data collated by us. You can also ask us to restrict the processing of your personal data or to transfer it to another party, in which latter case you must inform us what information you wish to be transferred. We will comply with any such request that pertains to information processed by us as described in sections 2 or 4 of Article 3 of this privacy statement, unless this information includes personal data concerning other persons. If you wish to exercise any of these rights you should contact us. Our contact details are contained in Article 8 of this privacy statement. If the Service itself offers the option to contact us, then of course that is also possible.
We will assess your request to check that the statutory requirements are met and that your request does not adversely affect any legitimate interest on our part. For example, we have a legitimate interest if we need the personal data to be able to supply our service to another party, to resolve disputes, to enforce the relevant conditions of use, for technical and/or legal requirements, and/or this is required by the Service itself or by law. To be able to access your own personal data by e-mail you must supply sufficient proof of your identity in the manner we request. If we are not certain that you are the actual person to whom the personal data relates then we may refuse you access to the personal data.
We will respond to all requests to exercise any of the aforesaid rights within 4 weeks. In the event of a complex request we may extend this period by a further 4 weeks, but if we do so we will notify you accordingly within 4 weeks of receipt of your request. You have the right to file a complaint with the competent privacy authority in respect of the way in which we handle your personal data. The competent authority in the Netherlands is the Data Protection Agency, which you can contact via its website: https://autoriteitpersonal data.nl.
8. Photos and Videos
During conferences organized by PCO / ESVD it is possible that photos and/or videos are made. These photos and/or videos can be used for or on publicly accessible websites for illustration purposes and/or to give form to the website(s) related to PCO ESVD and/or for or in news items, reports, newsletters, guides, leaflets, advertising and/or social media related to PCO / ESVD. You are entitled at any time to object to this processing of personal data by sending a statement to that effect to PCO / ESVD. PCO / ESVD will, where reasonably possible, erase the personal data and, if this is not possible, cease further use of the personal data.
If you have any question, problem, or comment regarding this privacy statement you can contact us by e-mail at firstname.lastname@example.org.