General Privacy Policy

When we use your personal information, we always use it in a reasonable and responsible way, minimizing both the type of information we collect and hold about you, the period of time we retain it and the ways we use that information. This General Privacy Policy covers all our operations: organizing events, managing relationships with our members and supporters and the use of our websites.

Who we are

We are the Future of Privacy Forum and you can find our contact information here. If you have any questions about how we use your personal information or any requests relating to your information, send an e-mail to [email protected].

What personal information we collect and use

Processing personal information is incidental to our operations. The categories of personal information we process on a regular basis are names, professional affiliation, contact details (mostly professional email addresses), brief biographies, communications you send us.
We also have access to some personal information of the users that access our websites. Please see here the detailed Website Privacy Policy.
We occasionally process travel schedules for our guests and payment information for reimbursements, as well as images of the participants to our events.
As a rule, we obtain personal information directly from you. In limited situations, we also use information we observe about you. This happens when you visit our website, if you accept cookies (see website privacy policy for more details) and when we receive information on whether you opened or not the emails with our Newsletters (unless you block this tracking).
Rarely, if you are one of the professionals we would appreciate to engage with as part of our core activity, we obtain your contact details and affiliation from third parties or from publicly available sources.

Why and how we use your personal information

We use this personal information to send you communications related to our work, invitations for events or to facilitate your participation to our working groups, conferences and other events.
Our email delivery vendor will use a web beacon which tracks whether recipients have opened the emails we send in order to provide us open rate information about our email communications.  Please choose plain text email in order to decline this tracking.

Who has access to your data

Sometimes we share your information with our partners. This happens when we co-organize events, panels, or engage in initiatives jointly with other entities. The information we share is limited to name, affiliation and contact information, and exceptionally it may include biographic information.
We also share your information to third parties that are our vendors and process personal information on our behalf and for no other purposes. We use:

All of these service providers are based in the US.
We will share your information with authorities only if the law requires us to.  

Retention

We only keep your data for as long as you want to hear from us and stay connected to our work. This period of time varies, so we can’t give you a precise number. As a rule, if you are a newsletter subscriber, we will continue sending you our newsletter until you opt out or our email bounces. In these cases, we will proceed to erasing your email address from our database. If you work for one of our Members, we keep your contact information for the duration of the membership. If you are a registrant for one of our events, we are storing your name and contact details to send you notice of future events, unless you instruct us at registration not to so.

You’re in charge

If you want to check with us whether we have your personal information and what personal information we have about you, if you want to correct or update your information or even if you want us to erase your contact details, send us an e-mail at [email protected]

Are you based in the EU/EEA?

If you are based in the EU or EEA and interact with us, the processing of your personal data (or personal information) may fall under the General Data Protection Regulation. This depends on whether your personal data is processed in the context of us providing you services or monitoring your behavior. All the information above is applicable to you as well. In addition:

Legal bases and purposes

Know that we are controller of the processing of personal data in relation to conducting our activity. We process your personal data:

Your rights

You have the right to obtain access, rectification, erasure, restriction of personal data, portability of personal data and to object to the processing, under the conditions and restrictions laid out in Chapter III of the GDPR. You can also withdraw your consent at any time, when processing is based on consent, as described above. Just send us an e-mail at [email protected] with any request you may have regarding these rights.

International transfers

We transfer your personal data to the United States whenever you interact with us. The US has not sought, nor obtained adequacy status from the European Union. The EU-US Privacy Shield framework obtained an adequacy decision. The level of protection of your personal data is not deemed equivalent to the one in the EU, unless the receiving organization is self-certified under the EU-US Privacy Shield. As a not-for-profit organization, we are not able to adhere to the EU-US Privacy Shield Principles.
We transfer your personal data on the basis of the derogations in Article 49 GDPR, particularly:

As for safeguards to your personal data, we directly apply the GDPR provisions to your personal data.
As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data. Exceptionally, we share personal data with our partners when we organize events jointly. We select carefully our processors and our partners, having regard to their stance related to privacy, to their adherence to the EU-US Privacy Shield Framework or their implementation of other mechanisms that ensure lawful transfers of personal data from the EU.  

Concerns

If  you have concerns, questions or requests about how we process personal data, write to us at [email protected]. If we will not be able to ease your concerns, you can address them to the data protection Supervisory Authority in your country, pursuant to Article 77 GDPR.

Changes to this Privacy Policy

If we make any material changes to our privacy policy, we will notify you by posting the revised policy with the date of revision on this page and provide notice of this change on our website home page. We will duly inform you of any changes via our platform and we will give you the opportunity to express your consent for processing your data for different and new purposes, or we will in any case inform you about the legal basis of such processing other than consent.