ETSA GDPR CHARTER

ETSA is very conscious of our responsibilities to our Members. So we have reviewed our process and procedures to ensure best compliance with the new GDPR* which came into effect on 25th May 2018.

The following ETSA GDPR Charter explains how we handle personal data and protect your privacy and rights as individuals.

ETSA’s GDPR* Charter

  1. The only data to be held by ETSA will be that required to perform the operational aspects of running the Association in accordance with its objectives and corporate governance, as published on the ETSA website www.etsa.eu
  2. Data will be used only for the prescribed purpose for which it was collected
  3. ETSA has never made, nor will it ever make, any personal data which it may hold available to third parties, nor will it share such data with a partner, associate or other organisation
  4. ETSA will not obtain personal data from data agencies or other third parties. Only data directly made available to ETSA from Members and individuals will be kept by ETSA. Such organisations and persons shall be advised of how, and for what purpose, this personal data shall be used.
  5. ETSA identifies the ETSA Chief Operating Officer as the ‘Data Protection Officer’ and the ‘Controller’ of all data
  6. ETSA identifies the ETSA Company Secretary as the ‘Processor’ of all data
  7. All electronic data, communications and databases are stored on the ETSA Operational Headquarters Admin laptop and backed up on the ETSA external hard drive
  8. To assist in travel of Headquarters personnel, this data may be temporarily copied to a portable laptop or netbook, but will be deleted from such device when the travel need has been satisfied
  9. All hardcopy data, such as (but not limited to); Contractual agreements, Correspondence, ETSA Membership Application forms, Business cards and Financial data (invoices, expense forms, bank statements, etc.); are held in a secure location at the ETSA Operational Headquarters
  10. For audit purposes, all data will be kept for a minimum of six years after its effective date. Electronic data will be archived, and hard copy securely destroyed, after a maximum of 10 years.
  11. Personal data limited to; 1. ETSA Member Organisation, 2. Individual’s email address and 3. ‘Known as’ name; will be held in the ETSA Newsletter Distribution Database (ENDD) for the sole purpose of sending ETSA communications to its Members’ nominated beneficiaries and other individuals who may (at ETSA’s discretion) choose to opt in
  12. Personal data limited to; 1. Individual’s name and 2. Individual’s email address; will be held in the ETSA Conference Database (ECD) for the sole purpose of sending limited specific ETSA communications relating to ETSA Conferences and similar events to individuals who may (at ETSA’s discretion) choose to opt in
  13. Individuals may request, at any time to be added to, or removed from, the ENDD or ECD
  14. All data associated with ETSA Membership will be held in the ETSA Operational Database and will be used for the sole purpose of administration of Membership, invoicing and tracking the status/progress of current, potential and lapsed Members
  15. Any queries or complaints about the ETSA GDPR or its implementation should be referred to the undersigned.

Authorised by Steve Wilkinson, ETSA Chief Operating Officer

ETSA Operational HQ, 28 Sea Crest Road, Newbiggin-by-the-Sea, NE64 6BW, England

e: steve.wilkinson@etsa.eu   w: www.etsa.eu   t: +44 (0) 77 22 234 752

Version 3.0    25th May 2018

 

* The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

For further information on GDPR, and how it effects you, please go to https://www.eugdpr.org/