This Policy provides you with the information required by the Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation) (“GDPR”) and by any other equivalent UK law relating to data protection, the processing of personal data and privacy enacted as a consequence of the United Kingdom leaving the European Union.
“Personal data” means any information that relates to an identified or identifiable natural person who can be identified from it.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Who Has Responsibility for Your Personal Data
3. Categories of Individuals About Whom We Process Personal Data
We process personal data from or about the following categories of individuals:
- Users of an OIX UK Europe website;
- Individuals who are, or are associated with, OIX UK Europe members, prospective members, OIX UK Europe chapters, vendors, or other business contacts with whom we interact or seek to establish a relationship, including individuals who participate in OIX UK Europe activities, attend OIX UK Europe events, communicate with OIX UK Europe, or subscribe to its blogs, newsletters, or other materials, or who are identified in data provided by or on behalf of OIX UK Europe members in connection with their participation in OIX UK Europe; or
- Individual contractors who provide services to OIX UK Europe.
4. Categories and Sources of Personal Data Processed
We may collect and store various types of personal data about you. The following describes the personal data about you that we may process and the sources of such personal data
4.1 Users of an OIX UK Europe Website
You do not have to submit any personal data in order to use our Website.
Categories: When you visit an OIX UK Europe website, we may collect two types of data: (1) personal data about you that you voluntarily choose to provide to us, and (2) information related to your activities on the OIX UK Europe website that we automatically collect as you interact with the Website (“Website Usage Information”).
- Information You Voluntarily Provide: We collect personal data that you voluntarily provide in response to requests we may make at various places and through various mechanisms on an OIX UK Europe website. The personal data we collect is business-oriented data and is usually limited to contact information necessary for the relationship, such as name, company name, job title, and email address. We may collect such information, for example, when you fill out and submit a form, such as if you register for an event, register to receive a newsletter or email communications, when you submit an inquiry or request to us using a form or e-mail address link on an OIX UK Europe website, and when you send an email to an OIX UK Europe address or OIX UK Europe mail list that is listed on an OIX UK Europe website. In such case, we will collect whatever personal data you voluntarily provide in response to our request.
- Special Categories of Personal Data: In connection with the registration for and provision of access to an event or seminar, we may ask for information about your health for the purpose of identifying and accommodating any disabilities or special dietary requirements you may have. Any use of such information is based on your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.
- Necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable the website to perform as intended and to access secure areas of our website.
- Analytical/performance cookies. They allow us to recognize and count the number of visitors and repeat visitors, to see how visitors move around our website when they are using it, to see which search engine is being used to access our website, the region a visitor is browsing from, and the type of device a user is visiting from. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. We use third-party services, currently Google Analytics, to collect standard internet log information and details of visitor behavior patterns. This information is only processed in a way that does not identify anyone. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
If you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to change cookie settings you may not be able to use the full functionality of our website. These settings will typically be found in the "options" or "preferences" menu of your browser. Further, most browsers permit individuals to decline cookies. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.aboutcookies.org or www.allaboutcookies.org.
- Information about Children. Neither any OIX UK Europe website nor any of our products or services are directed to children younger than age sixteen (16). We do not knowingly collect personal data from children under the age of sixteen (16) via any OIX UK Europe website and we will delete any such information later determined to be from a person younger than age sixteen (16).
Sources We obtain data about you from your use of OIX UK Europe Websites (i) directly from you if you voluntarily choose to enter personal data on an OIX UK Europe website, and (ii) from the data analytics software, cookies, and web beacons that we may use on anOIX UK Europe website.
4.2 OIX UK Europe Members, Participants in OIX UK Europe Activities, Business Contacts, and Associated Individuals
As any business, we collect, receive, and process Personal Data regarding our members, potential members, and other third parties (e.g., vendors, industry participants, and other business and professional contacts) with whom we may interact from time to time, including participants in OIX UK Europe working groups, projects, meetings, conferences, seminars, and other activities or events and individuals whose data is provided to us by our members.
Categories: The Personal Data that we collect and process typically consists of information such as your name, title, position, employer, email address, other business contact data (e.g., business card data), and similar relationship type data.
Sources: We obtain Personal Data about you (i) directly from you, such as when you contact us, attend a seminar or another event, or sign up to receive newsletters, emails, or other information from us, or when you or your organization offer to provide or provide services to us, (ii) from members and others (e.g., referrals), (iii) from third parties, such as industry groups or government agencies, and (iv) from publicly available sources, such as websites (e.g., LinkedIn, your business’ website, etc.).
4.3.Individual Contractors We Engage to Provide Services
Where we engage self-employed individual contractors to provide services, we collect and process information relating to those contractors or proposed contractors.
Categories. The personal data we collect and process consists of information we require in connection with the engagement, such as your name, address, title, position, email address, bank account information, tax and social security related information, and information relating to any background checks.
Sources: We obtain such Personal Data primarily from the contractor or proposed contractor and sometimes from organizations who carry out background checks on our behalf.
5. Purposes and Legal Basis for the Processing:
We process Personal Data for the following purposes:
- building relationships with, or providing products and services to, existing and potential OIX UK Europe members, participants in OIX UK Europe activities, and other interested parties, including communicating with such parties;
- analyzing and improving the OIX UK Europe websites;
- keeping people informed of the latest industry developments and notifying them of projects, products, seminars, and hosted events;
- products and services to our members and the general public;
- publishing material which has been submitted by members or other individuals for publication;
- engaging individuals as contractors;
- generally operating OIX UK Europe’s business; and
- in connection with an actual or proposed merger, sale or other organizational change of OIX UK Europe.
The legal basis for such processing is that:
- it is necessary for legitimate business interests pursued by OIX UK Europe which are not overridden by your interests, rights or freedoms;
- in some cases because it is necessary for the performance of a contract with you or to take steps at your request before entering into a contract;
- in some cases because it is necessary to comply with our legal obligations (such as record-keeping obligations), compliance screening or recording obligations;
- in some cases, on your freely given consent which is specific to the processing.
6. Sharing of Personal Data - Recipients
We may share selected personal data about you with the following parties or in the following circumstances.
6.1. OIX and Other OIX Chapters. We may share personal datawith OIX or other OIX Chapters that require access to personal datafor business purposes related to processing any application, request, inquiry, membership service, event, project, or other participation activity consistent with the business of OIX UK Europe.
6.2. Third Party Service Providers. We may share personal data about you with third parties who perform services for us or on our behalf, for the limited purpose of carrying out such services. This includes, without limitation, third parties that assist in managing our organization, hosting meetings, hosting or administering the OIX UK Europe websites or other systems, sending communications on our behalf, maintaining or analyzing our data, providing marketing assistance, or in otherwise providing services to us or our members.
6.3. Corporate Change. We reserve the right to disclose and transfer personal data about you in connection with a merger, consolidation, restructuring, financing, sale of substantially all assets, or other organizational change of OIX UK Europe.
6.4. Legal Requirements and Law Enforcement. We may disclose personal data about you to governmental authorities or a court when we believe in good faith that the law requires it; at the request of governmental authorities conducting an audit or investigation; pursuant to a court order, subpoena, or discovery request in litigation; to verify or enforce compliance with our agreements or policies and applicable laws, rules, and regulations; or whenever we believe disclosure is necessary to limit our legal liability or to protect or enforce the rights, interests, or safety of OIX UK Europe, its users, or other third parties. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
6.5. Consent. We may also share personal data about you in accordance with any express consent you or your authorized agent give us which is specificto the purposes of the processing which you will be informed about at the time we request such consent. You do not have to give such consent. If you do give consent, you may withdraw it at any time by contacting us (see “How to Contact Us” section below), however please be aware that such withdrawal will not affect the lawfulness of personal data collected and processed prior to the date of your withdrawal of consent. In addition, if you withdraw your consent you may also forfeit other benefits, such as the participation in.
7. Cross-Border Transfers of Personal Data
OIX UK Europe is located in the United Kingdom, and many of its members, participants, events, and projects are located in different countries. The OIX UK Europe websites (and all personal data collected via such OIX UK Europe websites) are hosted in Switzerland, with additional copies located in Germany, the United Kingdom, and the United States. All personal data that we collect and maintain via the OIX UK Europe websites will also be processed and stored in one or more of these countries, where data protection and privacy regulations may provide different levels of protection compared with your jurisdiction.
Whenever OIX UK Europe transfers personal data from one country to another, it will do so in compliance with applicable privacy and data protection law. For purposes of facilitating transfers of 6personal data from the EU to OIX in the U.S., OIX has self-certified under the EU-US Privacy Shield. To facilitate other cross-border data transfers outside of the EU, OIX UK Europe will only transfer the data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or will enter into EU Standard Contractual Clauses with the recipient prior to any data transfer.
8. Data Retention Period
Allpersonal data retained by OIX UK Europe will be deleted when such personal data are no longer necessary for the purposes for which it was processed, unless applicable law requires a longer retention period, in accordance with our retention policynoted below.
Our policy is that if you engage in any transaction or contract with us, such as membership, we will usually retain your personal data for 5 years from the later of the date the contract expires or the last transaction with you is concluded. Otherwise, we will usually delete your data 2 years from the date on which we last received a communication (e.g., event registration) from you, except that if you sign up for a listserv we will retain your data until you unsubscribe. This is however subject to the requirements of applicable data protection laws and the purpose for which the data is collected and used, taking into account legal and regulatory requirements to retain data for a minimum period.
9. Your Rights as Data Subjects
You have the following rights:
- to obtain confirmation as to whether we process your personal data
- to access a copy of your personal data that we do process, along with information on what personal information we use, why we use it, who we share it with and, how long we keep it for
- to request the correction of inaccurate personal data we hold about you
- to request that we delete your data, or stop processing it or collecting it, in some circumstances
- in certain cases, to request that we transfer or port elements of your personal data either to you or a third party providing you with similar services
We do not generally impose any charge for these requests (except where excessive or unfounded). For any such request, you can contact us by e-mail, postal mail, or phone as specified in the “How to Contact Us” section below. We will endeavor to respond to all reasonable requests in a timely manner, but in no event longer than the amount of time required by applicable law.
To the extent OIX UK Europe is not the controller of your data, we will notify the controller of your request if required by applicable law.
Updating personal data about you
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, pleasecontact us as specified in the “How to Contact Us” section below. We will not be responsible for any losses arising from any inaccurate, inauthentic,deficient or incomplete personal data that you provide to us.
Where the lawful basis of our processing under the GDPR is that you have consented to it for a particular identified purpose, you have the right to withdraw that consent atany time. To do so, please contact us as specified in the “How to Contact Us” section below. If you do withdraw consent, this will not affect the lawfulness of any processing that was based on your consent before its withdrawal.
Filing a Complaint
In addition to the foregoing, you have the right to lodge a complaint in respect of your data protection rights with the applicable supervisory authority for data protection in your jurisdiction. If you are in the United Kingdom, that supervisory authority is the UK’s Information Commissioner’s Office: https://ico.org.uk/.
10. Security of Personal Data
We have implemented appropriate technical and organizational measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.
11. Data Integrity and Purpose Limitation
OIX UK Europe shall only process personal data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by you. To the extent necessary for those purposes, OIX UK Europe shall take reasonable steps to ensure that personal data is accurate, complete, currentand reliable for its intended use.
13. How to Contact Us
By e-mail: firstname.lastname@example.org
By postal mail:
Open Identity ExchangeUK Europe
Suite 1, 3rd Floor
11-12 St James’s Square
London SW1Y 4LB