• How we collect your information

    As a non-profit foundation we may have a direct relationship with you, and you may choose to provide personal data to us in connection with that relationship or we may collect it via other means. The data we collect about you may include:

    • Contact information
    • Login details
    • Financial information
    • Content you provide to us
    • Technical information about your device and website usage

    Contact information

    If you interact with us (e.g. through our website(s)) then we will collect certain basic contact information about you. This may include your name, postal address, email address, phone number and fax number.

    Know your client information

    This may include your date of birth and personal address, passport number and/or national insurance number.

    Content you provide to us

    For instance, you may get in touch with us via our website(s) or by telephone, we may email you or vice versa or you may send us feedback via a survey form.

    Technical information about your device and website usage

    If you use our website(s) or mobile applications then we will install certain cookies and web beacons on your device.

    Through cookies, web beacons and similar technologies we may collect details about your device, such as IP address, internet browser type and operating system. We may also collect information about your browsing activity, such as how you use our website(s), the pages you have visited, the date and time of each visit and the URLs of any websites that re-directed you to our website(s).

  • How we collect your information

    We use different methods to collect data from and about you, depending upon the nature of our relationship.

    Direct interactions

    You may provide us with your data by completing forms (e.g. through our website(s)) or by corresponding with us by post, phone, email or otherwise. This includes data you provide when you:

    • Register for a conference.
    • Register for our Newsletter.
    • Provide us with feedback.
    • Otherwise communicate with us.

    Automated technologies

    As you interact with our website(s), we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.

  • How we use yout data

    Depending on the nature of our relationship with you, we may use your data to:

    • Process your membership
    • Process your participation in conferences.
    • Administer your receipt of our newsletter.
    • Protect ourselves against fraud and money laundering.
    • Provide you with information about our activities.
    • Allow you to participate in interactive features e.g. via the website(s).
    • Operate, evaluate and improve our purpose and idea of the foundation.
    • Comply with our legal obligations, applicable industry standards and our policies.
    • Other ways which we notify you of at the time of its collection or use.

    The table below sets out further information about the purposes for which we use data about you, with the corresponding categories of data processed in each case and the legal basis that we rely upon for its use.

    We may also share your personal data with third parties in the event that we cooperate with other foundations or organisations with the same purpose.

    If we use your personal data in ways that are not described above, we will provide you with notice of this before doing so.

  • Data we share and receive

    We do not sell or otherwise disclose your data, except as described in this privacy policy. We may share your data with the following parties:

    • Members of WPL.
    • Other legal parts of WPL.
    • IT suppliers.
    • Our insurers and professional advisers.
    • Regulators and other government agencies including, but not limited to, public authorities, regulators, the police and other law enforcement agencies.

    We do not authorise any third parties that we share data with to use or disclose your data except as necessary to perform certain services on our behalf or comply with legal requirements. We require these third parties, through our contractual arrangements with them, to appropriately safeguard the privacy and security of the data they process on our behalf.

    We may also receive data about you from the following third parties:

    • Social media platforms.
    • Other foundations and NGO´s.
    • Regulators and other government agencies.

    If you would like to receive a full list of our suppliers and other third parties who we share your data with or receive your data from then you can get in touch with us using the details provided in the section “Who should you contact with questions?"

  • Where your data may be sent

    As with any multinational organisation, we are often required to transfer data internationally. Accordingly, your personal data may be transferred globally (if your data is collected within the European Union, this means that your data may be transferred outside of it). This includes transfers that have been identified in the previous section “Who do we share your data with and for what purposes”.

    When using personal data as described in this privacy policy, it may be transferred either within or outside the country or territory where it was collected, including to a country, territory or international organisation that may not have EU equivalent data protection standards.

    For example, we may transfer your personal data to a cooperation partner or service partner based outside the European Union. In all cases, the transfer will be on the basis of a European Commission adequacy decision or we will implement adequate measures, for example the EU Model Contracts, and including appropriate security measures, for the protection of personal data in those countries, territories or international organisations in accordance with applicable data protection laws. If you would like more information about any of the data transfer measures on which we rely please contact us using the details provided in the section “Who should you contact with questions?”.

  • How we keep your information secure

    WPL will take appropriate technical and organisational security measures to secure your personal data and to protect it from loss, misuse or alteration. Personal data that we hold about you is stored on our secure servers or those of our appointed suppliers. Our web pages that collect your data are secured.

    Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website(s), you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

    WPL maintains an information security program that is designed to:

    • Secure and maintain confidentiality of your personal data.
    • Protect against anticipated threats or hazards to security or integrity of your data.
    • Protect against unauthorised access to or use of your data that could result in substantial harm or inconvenience to you.
    • Comply with applicable laws.
  • How long we may keep your data

    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

    To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    Details of retention periods for different aspects of your personal data can be requested by contacting the DPO.

    In some circumstances you can ask us to delete your data, please see “Your Rights and Choices”.

    In some circumstances we may anonymise your personal data (so that it can no longer be associated with or be used to identity you) for research or statistical purposes in which case we may use such data indefinitely without further notice to you.

  • Your rights and choices

    You may have some or all of the following rights in respect of personal data about you that we hold:

    • Request us to give you access to it.
    • Request us to rectify it, update it, or erase it.
    • Request us to restrict our using it, in certain circumstances.
    • Object to our using it, in certain circumstances.
    • Where legally possible, withdraw your consent to our using it.
    • Data portability, in certain circumstances.

    You are able to exercise these rights by contacting us using the details set out at in the “How to reach us” section below.

    You have the rights set out in the table below:

    Right in respect of the data about you that we hold
    Further detail (note: certain legal limits to all these rights apply)
    To request us to give you access to it

    This is confirmation of:

    • whether or not we process data about you;
    • our name and contact details;
    • the purpose of the processing;
    • the categories of data concerned;
    • the categories of persons with whom we share the data and, where any person is outside the EU and does not benefit from a European Commission adequacy decision, the appropriate safeguards for protecting the data;
    • (if we have it) the source of the data, if we did not collect it from you;
    • (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and
    • the criteria for determining the period for which we will store the data.

    On your request we will provide you with a copy of the data we hold.

    To request us to rectify or update it
    This applies if the data we hold is inaccurate or incomplete.
    To request us to erase it

    This applies if:

    • The personal data we hold is no longer necessary in relation to the purposes for which we use it;
    • we use the data on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all personal data about you in which case we will respect your wishes);
    • we use the data on the basis of legitimate interests and we find that, following your objection, we do not have an overriding interest in continuing to use it;
    • the data was unlawfully obtained or used; or
    • to comply with a legal obligation.
    To request us to restrict our processing of it

    This right applies, temporarily while we look into your case, if you:

    • contest the accuracy of the personal data we use; or
    • have objected to our using the personal data on the basis of legitimate interests

    (if you make use of your right in these cases, we will tell you before we use the data again).

    This right applies also if:

    • our use is unlawful and you oppose the erasure of the data; or
    • we no longer need the data, but you require it to establish a legal case.
    To withdraw your consent to our using it

    This right applies to any data which we have collected and process based on your consent.

    You have the right at any time to withdraw the consent you have provided to us.

    To data portability

    This right applies:

    (i) to personal data that you have provided to us; and

    (ii) if we use that data on the basis either of your consent, or on the basis of discharging our contractual obligations to you.

    If both (i) and (ii) apply, you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible.

    To lodge a complaint with the supervisory authority in your country

    Each European Union country must provide for one or more public authorities for this purpose.

    You can find their contact details here:

    http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

  • How to reach us

    If you have any questions about our privacy policy, including any requests to exercise your legal rights in relation to the data we hold on you, then please contact our DPO using the details set out below:

    Prof. Dr. Stephanie Michel

    Tannenwaldallee 16

    61348 Bad Homburg

    Dataprotection@wpl.org

    If your country of residence has a data protection authority, you have a right to contact it with any questions or concerns. If we cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.

  • Updates to this privacy policy

    We will update this policy from time to time to reflect changes in our Foundation. We will inform you of these changes as required under applicable laws.

    This privacy policy was last modified on [25 October] 2018.