Privacy Policy

Welcome

The European Advertising Standards Alliance (EASA) is committed to ensuring the protection of your Personal Data and your privacy.

This privacy policy is intended to inform you, in a transparent manner, about the data EASA collects the purpose for collecting it, the way it uses it and the rights you have regarding the processing of such data.

Privacy Policy

Privacy policy for non-EASA members

1. Notice statement

The European Advertising Standards Alliance (EASA) is established Rue des Deux Églises, 26, 1000 Brussels, Belgium (hereafter “EASA ”has prepared this data protection notice (the “Notice”) to describe its practices regarding the collection, use, storage, transfer and other processing of individually identifiable information about you (“Personal Data“).  Unless specified otherwise, EASA is the controller responsible for the processing of Personal Data described in this Notice.

2. What personal data EASA collects and how it uses it?

2.1 Legal basis

The processing of your Personal Data described in this policy is based on your consent or on the contractual necessity (which means that the processing of your Personal Data is required for EASA to provide services to you).

When submitting a complaint to EASA’s self-regulatory network via EASA’s complaints form, you agree that EASA collects, stores, processes and transfers your personal data to the relevant self-regulatory organisation if the object of your complaint is deemed to fall within its jurisdiction. To this end, EASA acts as processor on behalf of the self-regulatory organisations part of its self-regulatory network.

Self-regulatory organisations ensure advertising across Europe is legal and respects high advertising standards and to this end they are responsible for complaints handling. Consequently, they handle and share information and advice about your complaint that you have voluntarily submitted.  The further processing of your Personal Data by the self-regulatory organisations, acting as controllers, may be based, depending on the circumstances, on your consent, on the contractual necessity and/or on legitimate interests. For further information, you are invited to read the privacy policies of the self-regulatory organisations.

The processing of your Personal Data described in this Policy is based on EASA’s legitimate interests for the following:

  • Communication to the individuals who were in contact with EASA before 25 May 2018 but who may not have provided a consent fully compliant with the new data protection legislation requirements. Such individuals have the absolute right to object to these communications;
  • Where the processing of Personal Data is strictly necessary and proportionate for the purposes of ensuring network and information security.

2.2 What personal data does EASA collect and use?

The categories of Personal Data that EASA processes are:

  • Personal details and contact information: this includes without limitation name, maiden name and surname, e-mail and telephone details, work address, job title, LinkedIn URL, IP addresses and photograph;
  • Any additional personal data you provide this includes without limitation response or booking, participation and/or attendance details, dietary requirements (where refreshment including lunch is provided), billing details (if appropriate), your requirements about confidentiality, how you prefer EASA to communicate with you, newsletter subscriptions.
  • IP addresses When visiting this site, visitors’ IP addresses are automatically collected by EASA for system administration and statistical purposes in order to optimise the user experience of this site. Depending on the circumstances, collected IP address data may allow conclusions to be drawn about users’ interaction with this site. However, EASA does not combine IP addresses with other information on the users and cannot relate IP addresses with the identity of the user. EASA solely use IP addresses as such and is not able to identify specific users by way of IP addresses. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have.

2.3 How does EASA use personal data?

Except where restricted by local law, EASA uses the Personal Data listed above for the following purposes;

  • Submitting a complaint to EASA’s self-regulatory network: administering your complaint you have asked us to channel on your behalf before to the relevant self-regulatory organisation. The legal basis for such processing is defined by the relevant self-regulatory organisation. For further information, you are invited to read the privacy policies of the self-regulatory organisations;
  • Communications: sending invitations and communications related to EASA events, as well as relevant EASA publications and EASA news, keeping a record of your relationship with EASA including ensuring we know how you prefer to be contacted. The legal basis for such processing is your consent;
  • Event booking: ensuring the proper organisation of the event with regarding notification of participants and logistics. The legal basis for such processing is the contractual necessity;
  • Information, enquiries and services: providing you with information and access to services that you have requested from us or which we feel may be of interest to you, where you have consented to be contacted for such purposes. The legal basis for such processing is the contractual necessity yet you may opt-out for some of the communications;
  • Job applications: to processing applications for a position at EASA. The legal basis for such processing is your consent.

3. How does EASA store personal data and who can access it?

EASA maintains an automated record of your Personal Data.  Additionally, EASA maintains Personal Data in various digital documents, namely event attendee lists, meeting minutes and records.

The persons and entities that can have access to your Personal Data are:

  • All EASA staff based in the offices in Brussels (rue des Deux Églises, 26, 5th floor);
  • External professional services, such as IT systems providers (EASA online domain/website hosting supplier, its database software supplier);
  • In the case of event organisation, co-organiser and event agency for the sole purpose of the organisation of an event you have registered to;

·         In the case of complaints submitted to EASA’s self-regulatory network, EASA shall send your complaint to an advertising self-regulatory organisation in the European Union or outside of the European Union if the object of your complaint is deemed to fall within its jurisdiction. In case your complaint to a self-regulatory body outside of the European Union, the country where the self-regulatory body is located is considered to provide an adequate level of protection for personal data or we have implemented appropriate safeguards to protect your personal data. A referral will involve passing on your personal contact details as well as your complaint. 

·         Third party service providers as our processors to only hold and use personal data on our behalf in order to provide us with a service.  We may also disclose personal data to our professional advisors and experts in order to obtain their assistance in carrying out our services and our activities.

Where EASA engages a third-party processor to process Personal Data on its behalf, such as those listed above, EASA will delegate such processing in writing, will choose a processor that provides sufficient guarantees with respect to technical and organisational security measures governing the relevant processing, and will obligate the processor to act on EASA’s behalf and under EASA’s instructions.  In addition, EASA will impose in writing appropriate data protection and information security requirements on such third-party processors.

4. Confidentiality and Security

EASA will stores your data safely and, therefore, EASA maintains appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to Personal Data.  To try to prevent unauthorized access, maintain data accuracy and ensure the correct use of information EASA maintains physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of Personal Data. Only a limited number of persons within our organisation are authorised to access, delete or modify your data. These measures are aimed at ensuring the on-going integrity and confidentiality of Personal Data.  EASA evaluates these measures on a regular basis to ensure the security of the processing. You can obtain more information concerning the confidentiality and security measures in place by contacting EASA at privacy@easa-alliance.org

EASA’s employees or any of EASA’s contractual partners who have access to your data in order to provide services to EASA (e.g. its online domain/website hosting supplier, its database software supplier) are contractually obliged to keep such information in confidence and may not use these data for any other purpose than performing their contractual missions for EASA.

5. Data retention

EASA will retain your Personal Data as follows:

  • Submitting a complaint to EASA’s self-regulatory network: for 1 year from the date of the settlement of the complaint;
  • Communications:  Personal Data will be kept for as long as you do not withdraw your consent;
  • Event booking: for 1 year after the event;
  • Information, enquiries and services: for 1 year, unless you withdraw your consent to the processing of your Personal Data earlier;
  • Job applications: for 1 year, unless you withdraw your consent to the processing of your Personal Data earlier.

EASA will retain your Personal Data in accordance with applicable legal requirements, and only for as long as necessary for the purposes described in this Notice, as indicated above or as long as required by law or to defend potential legal claims.

If you wish to obtain additional information concerning the duration of the contract between EASA and your EASA Member Organisation please contact: privacy@easa-alliance.org

6. Your rights

You have the right to withdraw your consent to the processing of your Personal Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To the extent required by applicable law and subject to legal limitations, you have the right:

  • to have access to your Personal Data;
  • to have inaccurate data corrected or removed,
  • to object to the processing of your Personal Data;
  • to restrict EASA’s use of your Personal Data;
  • to the erasure of your Personal Data;
  • to receive your Personal Data in a usable electronic format and transmit it to a third party (right to “data portability”); and
  • to lodge a complaint with their local data protection authority (www.privacycommission.be)

In particular, EASA is committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.  If, however, you believe that EASA has not been able to assist with your complaint or concern, you have the right to make a complaint with the competent EU Member State authority.

If you have any questions or wishes in connection with your personal data or you want to exercise your rights, please contact EASA by sending a letter/fax/e-mail or calling at:

EASA European Standards Alliance
Address: Rue des Deux Églises, 26 / Tweerkerkenstraat, 1000 Brussels, Belgium
Telephone: +32 (0)2 513 78 06
Fax: +32 (0)2 513 28 61
Email: privacy@easa-alliance.org

7. Notice updates

In case of any material changes to the way in which EASA collects or uses Personal Data, the type of Personal Data it collects or any other aspect of this Notice, EASA will issue a revised Notice. If EASA makes significant changes to our Privacy Notice, it will use reasonable efforts to contact you to notify you of such changes.

Last updated on May 16, 2018

 

Privacy policy for EASA Members

1. Notice statement

The European Advertising Standards Alliance (EASA) established rue des Deux Églises, 26, 1000 Brussels, Belgium (hereafter “EASA” or the “Alliance”) has prepared this data protection notice (the “Notice”) to describe its practices regarding the collection, use, storage, transfer and other processing of individually identifiable information about data subjects (representatives, authorized persons, and other contact persons whose personal data is provided by the Member) (“Personal Data“). EASA is the controller responsible for the processing of Personal Data described in this Notice.

2. What personal data EASA collects and how it uses it?

2.1 Legal basis

The processing of your Personal Data described in this Notice is based on your consent or on the contractual necessity (which means that the processing of your Personal Data is required for EASA to provide the services to which EASA Members Organisations are entitled).

The processing of your Personal Data described in this Notice is based on our legitimate interests for the following:

  • communication to the individuals who were in contact with EASA before 25 May 2018 but who may not have provided a consent fully compliant with the new data protection legislation requirements. Such individuals have the absolute right to object to these communications;
  • where the processing of Personal Data is strictly necessary and proportionate for the purposes of ensuring network and information security.

2.2 What personal data EASA collects and uses?

The categories of Personal Data that EASA processes will be those provided by the data subject of the member, they are:

  • Personal details and contact information: this includes without limitation name, maiden name and surname, e-mail and telephone details, work address, job title, LinkedIn URL, IP addresses and photograph.
  • Any additional personal data you provide this includes without limitation response or booking, participation and/or attendance details, dietary requirements (where refreshment including lunch is provided), billing details (if appropriate), your requirements about confidentiality, how you prefer us to communicate with you, newsletter subscriptions.
  • IP addresses When visiting this site, visitors’ IP addresses are automatically collected by EASA for system administration and statistical purposes in order to optimise the user experience of this site. Depending on the circumstances, collected IP address data may allow conclusions to be drawn about users’ interaction with this site. However, EASA does not combine IP addresses with other information on the users and cannot relate IP addresses with the identity of the user. EASA solely use IP addresses as such and is not able to identify specific users by way of IP addresses. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have.

2.3 How EASA uses personal data?

Except where restricted by local law, EASA uses the Personal Data listed above for the following purposes:

  • Entering into a contract with new EASA Member Organisations: EASA processes the Personal Data of applicant EASA Member Organisations’ contact persons for the purpose of entering into a contract with the respective applicant EASA Member Organisation. The legal basis for such processing is the contractual necessity;
  • Communications: upon your Organisation or entity joining the EASA’s network and based on your job title, its representatives will be added to different relevant working groups and their contact lists, as well as to the relevant EASA Newsletters. On the basis of this, EASA will be sending invitations to meetings, meeting minutes, requests to fill out surveys and communications related to EASA events, trainings and working groups, as well as EASA publications and the relevant EASA Newsletters (Including without limitation the EASA Newsletter and EASA Policy Newsletter). The legal basis for such processing is the contractual necessity yet you may opt-out for some of the communications.
  • Other: for cases not described above and which go beyond the strict provisions of the services to which EASA Members Organisations are entitled, EASA will ask for your consent.

3. How does EASA store personal data and who can access it?

EASA maintains an automated record of each Member’s Personal Data.  This automated record contains most of the data held in the Member’s file.  Additionally, EASA maintains Personal Data in various digital documents, namely event attendee lists and meeting records and minutes.

The persons and entities that can have access to your Personal Data are:

  • All EASA staff based in the offices in Brussels (rue des Deux Églises, 26, 5th floor);
  • External professional services, such as IT systems providers (EASA online domain/website hosting supplier, its database software supplier);
  • In the case of event organisation, co-organiser and event agency for the sole purpose of the organisation of an event you have registered to;

·         Third party service providers as our processors to only hold and use personal data on our behalf in order to provide us with a service.  We may also disclose personal data to our professional advisors and experts in order to obtain their assistance in carrying out our services and our activities.

Where EASA engages a third-party processor to process Personal Data on its behalf, such as those listed above, EASA will delegate such processing in writing, will choose a processor that provides sufficient guarantees with respect to technical and organisational security measures governing the relevant processing, and will obligate the processor to act on EASA’s behalf and under EASA’s instructions.  In addition, EASA will impose in writing appropriate data protection and information security requirements on such third-party processors.

4. Confidentiality and Security

EASA stores your data safely and, therefore, EASA maintains appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to Personal Data.  To try to prevent unauthorized access, maintain data accuracy and ensure the correct use of information EASA maintains physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of Personal Data. Only a limited number of persons within our organisation are authorised to access, delete or modify your data. These measures are aimed at ensuring the on-going integrity and confidentiality of Personal Data.  EASA evaluates these measures on a regular basis to ensure the security of the processing. You can obtain more information concerning the confidentiality and security measures in place by contacting EASA at privacy@easa-alliance.org

EASA’s employees or any of EASA’s contractual partners who have access to your data in order to provide services to EASA (e.g. its online domain/website hosting supplier, its database software supplier) are contractually obliged to keep such information in confidence and may not use these data for any other purpose than performing their contractual missions for EASA.

5. Data retention

EASA will retain your Personal Data for the duration of the contract with the respective EASA Member Organisation in accordance with applicable legal requirements, and only for as long as necessary for the purposes described in this Notice or as long as required by law or to defend potential legal claims.

If you wish to obtain additional information concerning the duration of the contract between EASA and your EASA Member Organisation please contact: privacy@easa-alliance.org

6. Your rights

To the extent required by applicable law and subject to legal limitations, you have the right:

  • to have access to your Personal Data;
  • to have inaccurate data corrected or removed,
  • to object to the processing of your Personal Data;
  • to restrict EASA’s use of your Personal Data;
  • to the erasure of your Personal Data;
  • to receive your Personal Data in a usable electronic format and transmit it to a third party (right to “data portability”); and
  • to lodge a complaint with their local data protection authority. (www.privacycommission.be)

In particular, EASA is committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.  If, however, you believe that EASA has not been able to assist with your complaint or concern, you have the right to make a complaint with the competent EU Member State authority.

If you have any questions or wishes in connection with your personal data or you want to exercise your rights, please contact EASA by sending a letter/fax/e-mail or calling at:

EASA European Standards Alliance
Address: Rue des Deux Églises, 26 / Tweerkerkenstraat, 1000 Brussels, Belgium
Telephone: +32 (0)2 513 78 06
Fax: +32 (0)2 513 28 61
Email: privacy@easa-alliance.org

7. Notice updates

In case of any material changes to the way in which EASA collects or uses Personal Data, the type of Personal Data it collects or any other aspect of this Notice, EASA will issue a revised Notice. If EASA makes significant changes to our Privacy Notice, it will use reasonable efforts to contact you to notify you of such changes.

Click here to read privacy policies of each SRO

Last updated on January 7, 2020