Privacy Policy
This Privacy Policy sets out how the European Public Affairs Consultancies' Association (EPACA) collects, stores and uses information about you when you use or interact with our website, epaca.org, and where we otherwise obtain or collect information about you. This Privacy Policy is effective from 25 May 2018.
EPACA processes personal data in accordance with applicable legislation, including Regulation 2016/679 of 27 April 2016 (General Data Protection Regulation), applicable from 25 May 2018.
By accessing epaca.org, you fully and unreservedly accept this Privacy Policy, as well as our general terms of use and cookie policy.
Summary
This section provides a general overview of how we obtain, store and use information about you. It must be read in conjunction with the full sections below.
Data controller
European Public Affairs Consultancies' Association (EPACA)
How we collect information about you
We collect information when you contact us by email or sign up for our newsletter, and through your use of our website via cookies.
Information we collect
We collect your IP address, information from cookies, information about your device and browser, information about how you use our website (pages visited, time and date of visits, links clicked), and the geographical location from which you accessed our website based on your IP address.
How we use your information
We use your information for administrative and business purposes, to analyse how our website is used, and, where you have subscribed, to send you our newsletter.
Disclosure to third parties
We only share your information with service providers with whom we have a data processing agreement in place, where necessary to fulfil contracts with you, or where required by law.
Your rights
You have the right to access your information, have it corrected or deleted, restrict its use, receive it in a portable format, object to its use, and withdraw your consent at any time. You also have the right to lodge a complaint with a supervisory authority.
Sensitive personal information
We do not collect sensitive personal information.
Our details
The data controller is the European Public Affairs Consultancies' Association (EPACA), the representative trade body for public affairs consultancies working with EU institutions.
You can contact us at:
EPACA, 2-4 Rond-Point Schuman, B-1040 Brussels
Tel: +32 2 230 08 14
Email: info@epaca.org
For any questions about this Privacy Policy, please contact us at info@epaca.org.
Information we collect when you visit our website
Web server log information
Our website is hosted by a third-party server provider. Our server automatically logs the IP address you use to access our website, along with the pages accessed, information requested, date and time of the request, the source of your access, and your browser version and operating system. Our server is located in a data centre in Belgium.
Use for IT security purposes
We collect and store server logs to ensure network and IT security and to keep our server and website protected. This includes analysing log files to identify and prevent unauthorised access, the distribution of malicious code, denial of service attacks and other cyber threats. We do not attempt to identify you from server log information unless investigating suspicious or potential criminal activity.
Use to analyse and improve our website
We use server log data to analyse how visitors interact with our website, including the number of visits, time and date of visits, location, and browser and operating system used. This analysis helps us improve the content, structure and performance of our website.
Cookies
Cookies are data files sent from a website to a browser to record information about users. We use essential, functional and analytical cookies on our website. For full details, please see our cookie policy.
You can reject some or all cookies by changing your browser settings or using our cookie control tool. Please note that doing so may affect your ability to use certain features of our website. For more information about cookies, visit allaboutcookies.org.
Information we collect when you contact us
When you send an email to an address displayed on our website, we collect your email address and any other information you provide, including your name, telephone number and any information contained in your email signature.
Post
If you contact us by post, we collect any information you include in your postal communication.
Disclosure and additional uses of your information
Disclosure to service providers
We use third-party service providers who process your information on our behalf. We do not publicly disclose their identities for security and competitive reasons. If you have a legitimate reason to request this information, please contact us directly at info@epaca.org.
Disclosure to other third parties
We share information with Google Inc. through our use of Google Analytics. Google uses this information, including IP addresses and cookie data, to improve its services. Information is shared on an aggregated and anonymised basis. For more information on how Google uses this data, visit google.com/policies/privacy/partners. You can opt out of Google Analytics by installing the Google Analytics opt-out browser plugin.
Disclosure for legal reasons
We may disclose your information to a competent authority if we suspect criminal or potential criminal activity. We may also use your information in connection with the enforcement of our legal rights, to resolve disputes, or to comply with legal obligations such as court orders.
How long we retain your information
Retention periods
Server log information is retained for 10 years. Correspondence and enquiries are retained for as long as necessary to respond and resolve the matter, and for 10 years thereafter.
Criteria for determining retention periods
In all other cases, we retain your information no longer than necessary, taking into account the purpose and future use of the information, any legal obligations to retain it, the legal basis for processing it, its value, relevant industry practices, the risks and costs associated with continued retention, and the ease of keeping it accurate and up to date.
How we secure your information
We take appropriate technical and organisational measures to protect your information against unauthorised or unlawful use and accidental loss or destruction. These measures include:
- sharing and providing access to your information only to the minimum extent necessary, subject to confidentiality restrictions and on an anonymised basis wherever possible;
- using secure servers to store your information;
- verifying the identity of any individual who requests access to information before granting access;
- using Secure Sockets Layer (SSL) software.
Transmission of information over the internet is not entirely secure. If you submit information to us over the internet, you do so at your own risk. We cannot be held responsible for any loss or damage resulting from your decision to transmit information by such means.
Transfers of your information outside the European Economic Area
All your information is stored in Belgium. We do not intend to transfer your information outside the EEA, except where required to comply with legal obligations. In the unlikely event such a transfer is necessary, we will ensure appropriate safeguards are in place.
Google Analytics
Information collected by Google Analytics, including your IP address and your actions on our website, is transferred to and stored on Google's servers in the United States of America. This country is not subject to an adequacy decision by the European Commission. Google has self-certified its compliance with the EU-U.S. Privacy Shield. You can access Google's privacy policy at google.com/policies/privacy.
Your rights in relation to your information
Subject to certain limitations, you have the following rights regarding your information:
- the right to access your information and to receive information about how we use and process it;
- the right to have your information corrected or deleted;
- the right to restrict our use of your information;
- the right to receive your information in a structured, commonly used and machine-readable format, and to have it transferred to another data controller;
- the right to object to the processing of your information for certain purposes;
- the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
In accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or where an alleged infringement occurred.
Verifying your identity
Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so, in order to protect your information and reduce the risk of unauthorised access.
Sensitive personal information
Sensitive personal information includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, and information about a person's sex life or sexual orientation.
We do not knowingly or intentionally collect sensitive personal information. You must not submit sensitive personal information to us. If you inadvertently do so, you will be considered to have explicitly consented to our processing it for the sole purpose of deleting it.
Changes to our Privacy Policy
Minor changes
Where we make minor changes to this Privacy Policy, we will update it with a new effective date. Our processing of your information will be governed by the updated version from that date onwards.
Major changes
Where we make major changes to this Privacy Policy or intend to use your information for a new or different purpose, we will notify you by email where possible, or by posting a notice on our website. We will provide you with the relevant information before using your data for any new purpose, and will obtain your prior consent where required.