Privacy Statement for the European Criminal Bar Association (ECBA)

Effective Date: [Insert Date after approval]

The European Criminal Bar Association (“ECBA”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Statement explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

By visiting our website and engaging in activities related to ECBA, you agree to the collection and use of information as outlined in this Privacy Statement.

1. Data Controller

ECBA is the data controller responsible for the processing of your personal data. If you have any questions or concerns about how we handle your data, or if you wish to exercise any of your rights, please contact us at:

Email: secretariat@ecba.org
Postal Address: Mondriaantoren 19th floor, Amstelplein 40, 1096 BC Amsterdam, The Netherlands
Telephone: +31 20 782 02 08

2. Personal Data We Collect

We may collect the following types of personal data:

• Identification Information: Your full name, title, professional status, contact details (email address, phone number), and other information relevant to your membership or participation.
• Membership Data: Information regarding your ECBA membership status, history, preferences, and any payments made in relation to your membership.
• Usage Information: Data about how you interact with our website, including your IP address, browser type, operating system, pages visited, and links clicked.
• Event and Activity Participation: Details about your registration, participation, and attendance at ECBA events, seminars, conferences, or other activities.
• Communication Preferences: Information about your preferences for receiving communications from us (e.g., newsletters, event updates, and marketing materials).

3. How We Use Your Data

Your personal data is processed for the following purposes:

• Membership Management: To administer and manage your ECBA membership, including processing applications, renewals, payments, and related services.
• Communication: To send you relevant updates, newsletters, and communications regarding ECBA activities, events, and services.
• Event Management: To facilitate your participation in ECBA events, seminars, and conferences, including registration and related services.
• Legal Compliance: To fulfill our legal obligations, including data protection laws, and to comply with applicable regulatory and legal requirements.
• Website Functionality: To improve and personalize your experience when using our website and services.

4. Legal Basis for Processing

We rely on the following legal bases under the GDPR for processing your personal data:

• Consent: Where you have provided us with explicit consent, such as subscribing to newsletters or registering for events.
• Contractual Necessity: When processing is necessary for the performance of a contract (e.g., managing your membership or processing payments).
• Legal Obligation: Where processing is necessary to comply with our legal obligations (e.g., tax or regulatory requirements).
• Legitimate Interests: Where we process your data based on legitimate interests, such as enhancing our services, improving website functionality, and engaging with our members. We ensure that such interests do not override your rights and freedoms.

5. Sharing Your Data

We may share your personal data in the following circumstances:

• Service Providers: We may disclose your data to trusted third-party service providers who assist us in running our website, managing membership, organizing events, or sending communications. These providers will process your data only in accordance with our instructions.
• Legal Obligations: We may disclose your personal data if required to do so by law, regulation, or legal process (e.g., responding to a court order).
• Affiliated Organizations: If necessary, we may share personal data with other entities within the ECBA network to coordinate our activities and enhance member services.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the relevant third party.

6. Data Retention

We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Statement, or for as long as required to comply with applicable laws and regulations. After this period, your personal data will be securely deleted or anonymized.

7. Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights:

• Right to Access: You have the right to request access to the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete information we hold about you.
• Right to Erasure: You can request that we delete your personal data, subject to certain exceptions (e.g., legal obligations).
• Right to Restrict Processing: You can request that we limit the processing of your personal data in certain circumstances (e.g., if you contest the accuracy of the data).
• Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
• Right to Withdraw Consent: If you have provided consent for any processing activity, you can withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• To exercise any of these rights, please contact us at the details provided above. We will respond to your request without undue delay and within one month, unless the request is complex or numerous, in which case we may extend the period by a further two months.

8. Data Security

We employ appropriate technical and organizational measures to ensure the security of your personal data. These measures aim to protect your data from unauthorized access, alteration, disclosure, or destruction. However, please note that no data transmission or storage system is entirely secure, and we cannot guarantee the absolute security of your data.

9. International Data Transfers

Your personal data may be transferred to countries outside the European Economic Area (EEA), which may not have data protection laws equivalent to those in the EU. In such cases, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or other lawful mechanisms, to protect your personal data in compliance with the GDPR.

10. Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our data practices or legal requirements. Any changes will be posted on this page with an updated “Effective Date.” Please review this Privacy Statement periodically to stay informed about how we are protecting your personal data.

11. Contact Us

If you have any questions or concerns regarding this Privacy Statement or the way we process your personal data, or if you wish to exercise your rights under the GDPR, please contact us at:

Email: secretariat@ecba.org
Postal Address: Mondriaantoren 19th floor, Amstelplein 40, 1096 BC Amsterdam, The Netherlands
Telephone: +31 20 782 02 08