Your personal data will be stored and used only for the legal purpose of accomplishing the tasks of the Association. Please read on.
Number of pages: 4
Date of last update: 3 September 2018
Date of final approval: 13 September 2018
Date of publication: 13 September 2018
Owner: Board EPO PA
Manager: Secretary EPO PA
The EPO PENSIONERS’ ASSOCIATION (hereinafter referred to as EPO PA) attaches great importance to the protection of the Personal Data of its members. Personal data is therefore handled and secured with the utmost care by the EPO PA. The EPO PA therefore always complies with the requirements set by the European General Data Protection Regulation (GDPR).
The EPO PA is responsible for drafting, implementing and enforcing the policy and is bound by the European Union General Data Protection Regulation and the Statutes of the EPO PA.
The EPO PA deals with Personal Data in a secure manner and respects the privacy of the members. The EPO PA adheres to the following principles:
LAWFULNESS, AUTHENTICITY, TRANSPARENCY
Personal data is processed in accordance with the law and in a proper and careful manner.
The EPO PA ensures that Personal Data is collected and processed for specified, explicit and legitimate purposes only. Personal data is only processed on a lawful basis.
The EPO PA processes only the Personal Data that is necessary for the predetermined purpose.
Personal data is not saved longer than necessary.
INTEGRITY AND CONFIDENTIALITY
The EPO PA deals carefully with Personal Data and treats it confidentially. For example, Personal Data is only processed by persons (Users) with a duty of confidentiality and for the purpose for which this data was collected. In addition, the EPO PA ensures appropriate security of Personal Data.
SHARING WITH THIRD PARTIES
The EPO PA does not share Personal Data with third parties.
The EPO PA will always weigh up whether the registration of a personal data does not disproportionately harm the interests of the person involved in relation to the purpose of the Processing.
RIGHTS OF THE PERSONS CONCERNED
The EPO PA respects all rights of the Involved.
Members have the following rights:
Right to information: Members have the right to ask the EPO PA if their Personal Data is processed.
Right of inspection: Members have the possibility to check whether, and in which way, his / her Personal Data is processed.
Right of correction: If it becomes clear that the Personal Data is not correct, the member concerned can submit a request to the EPO PA to correct this. Members have access to their own Personal Data after logging on to the website, where they can update their own data.
Right of objection: Members have the right to ask the EPO PA to stop using their Personal Data.
Right to be forgotten: In cases where the member has given permission to process Personal Data, the member has the right to have the Personal Data deleted.
METHOD OF PROCESSING OF DATA
The Processing of Personal Data takes only place if this is in accordance with the legal requirements and is carried out in a careful manner. Personal Data of Members is exclusively obtained from the member himself. The member will be informed of the Processing and the existence and retrievability of the applicable rules prior to the first Processing of his Personal Data. The new Member will grant prior, free, specific, informed and unambiguous consent to the Processing of Personal Data. Data shall be processed only to the extent that, having regard to the aforementioned purposes, it is adequate, relevant and not excessive. Data on participation in activities is not kept in the EPO PA member records.
The EPO PA only processes the data of the following persons:
– Members of the EPO PA;
– Persons who requested information or documentation from the EPO PA;
– Persons with whom the EPO PA has a business or financial relationship.
In all other cases, the Processing takes place via the secretariat of EPO PA.
ACCESS TO AND PROVIDING PERSONAL DATA
Depending on the allocated permissions, i.e. specific authorisations, some members, normally Board members,who fulfil a function within the association, may have access to Personal Data of Members.
The members who have access to (a part of) the Personal Data are obliged to keep confidential the Personal Data of which they are aware. Personal Data of Members is provided exclusively to Members, in the context of association activities and insofar as they are in accordance with the aforementioned purposes.
The Board of the EPO PA is responsible for the necessary physical, technical and organisational measures to protect the Personal Data stored in the member administration against loss or any form of unlawful processing. Log-in data is transmitted via an encrypted connection over the internet.
The website contains photo and video material and texts about events organised by EPO PA. The EPO PA does not publish this information without the consent of the person concerned. This information is only shared without permission with the members of the EPO PA and can only be accessed after logging in.
When you complete a web form, some data is automatically recorded. This is the date and time of recording and can also be the IP address. The policy is not to record the IP address. If a user logs in, the date and time of logging in is recorded. Only the last moment of login is retained.
LINKS TO THIRD PARTY WEBSITES
EPO PA’s website contains links to third-party websites, such as the EPO, The European Patent Office. Visitors are redirected to the website of the third party after clicking one of these links. The privacy regulations of the third party concerned apply to the use of such websites. The user of the website must read the privacy regulations of this third party in order to gain insight into how this party deals with his personal data. The EPO PA is not liable for the information that is provided, processed or collected by third parties during the visits of such websites.
There is a data breach, or a violation related to personal data, if personal data falls into the hands of third parties who have no access to this data. This will be reported to the Bavarian Data Protection Authority if it is likely that the infringement involves a high risk for the rights and freedoms of natural persons (article 33 GDPR). The Administrator ensures good access management. Preserved files with the secretary and other EPOPA officials are adequately secured.
This policy has been adopted by the Board of the EPO PA on 22-5-2018, updated on 13-9-2018.