Privacy notice

A. Introduction

This is the privacy notice of the Ecumenical Youth Council in Europe. In this document, “EYCE”, “we”, “our”, or “us” refer to Ecumenical Youth Council in Europe. We are an international, non-governmental and non-profit organization registered in Belgium under registry number 5945 / 2000. Our company number (Numero d’entreprise) is 471359226. We have been recognized as an international not-for-profit association (Association internationale sans but lucrative) under Belgian law by royal decree of 16 December 1999. Our registered office is at Rue Brogniez 44, B-1070 Brussels, Belgium. Our e-mail address is general.secretary@eyce.org.  

This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.

We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party. Our policy complies with applicable laws on data protection, including the EU General Data Protection Regulation (“GDPR”).

The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org.

Except as set out below, we do not share, or sell, or disclose to any third party, any information collected through our website. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain your consent. We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.

B. General use of our website

I. Hosting

Our website is currently hosted in Germany. When you visit our website, a series of information about your computer is processed by the web server and stored in the server’s access log file for a maximum of three months. The access log file contains the time of the request, the truncated (and thus anonymized) IP address of the device or network from which you access the internet, the HTTP method and version used, the URL called up, the HTTP response status, the number of bytes delivered, the referrer (this is the URL of the page that linked to the page called up) and the user agent (this is an indication of your browser and your operating system with version). We use this information in aggregate to create statistics on the usage of our website, including the number of visitors, referring websites, search terms used to find our website, and the popularity of individual pages on our website. Neither the log files nor the statistics are publicly available, and we do not combine them with data from any other sources.

In some circumstances your full IP is stored instead of a truncated version in our server’s log files. This is the case when a technical error occurs while try to visit our website, or when you use features of our website that allow us to interact with you, such as registration, contact form, newsletter registration, or application for jobs and participation in one of our activities (“interactive features”). These extended log files are exclusively used to ensure the proper functioning of our website and prevention of abuse, since the storage of the full IP, combined with date and time of its use, is the only way to prevent misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Neither the log files nor the statistics are publicly available, and we do not combine them with data from any other sources. This data is not passed on to third parties unless there is a statutory obligation to do so or when the transfer serves the aim of criminal prosecution.

II. Cookies

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. Like most other websites, we place a cookie on our website which contains a randomly generated identification (“session cookie”). We require session cookies to protect our website from abuse and hacking attempts. The cookie does not contain any personal data. It merely serves to establish a unique link between your browser and our server for the duration of your visit to our website. The validity of this cookie is limited to your current browser session, which means that it is automatically deleted when you close your browser.

When you use interactive features on our website (i.e., any feature where you actively submit personal data such as newsletter subscription, contact form, application forms or the alumni database), we may also store persistent cookies, which remain on your device and enable us to recognize your browser the next time you visit. We use these cookies to store information like log-in data, language settings, used search terms, the number of your visits to our website and the pages displays. This is how we can offer you our services more user-friendly, more effectively and safer. When you try to log in to our website’s backend systems, we also use persistent cookies to protect us from hacking attempts. These cookies are stored on your hard disk and are deleted automatically after the specified time. Their life span is 1 month to 10 years.

You may at any time set your browser in such a way that the setting of cookies is permanently denied or subject to individual approval for each website. Furthermore, you may at any time use your browser’s designated features to delete cookies that have previously been set. If you deactivate the setting of cookies in your browser used, not all functions of our website may be entirely usable.

III. Social media

We do embed plugins from social media services such as Facebook, Google+ or Twitter on our website. However, no data are transmitted to these services until any of these plugins is expressly activated by you through clicking on any of the respective buttons or links. This click will activate the desired plugin, through which you may then be able to share your website or perform other actions. Hence, the first click on any social media button on our website will lead to the transmission of personal data to the respective service provider, in particular information about your presence on our website. The service provider may combine these data with personal information they received from other sources. Note that when you enable social media plugins on our website, transmission of data to the respective service provider is beyond our control.

C. Information you provide to us

I. When you contact us

When you contact us, whether by telephone, through our website or by e-mail, we process the data you have given to us in order to reply with the information you need. We keep a record of our correspondence so as to be able to track our communications with you. Unless you expressly consent, there is no transfer of this personal data to third parties other than indicated in the present notice.

II. Newsletter

When you subscribe to our newsletter, the input mask used for this purpose determines what personal data are transmitted. Furthermore, we also store your IP address (see above) as well as the date and time of your registration. The collection of this data is necessary in order to understand the (possible) misuse of your e-mail address at a later date, and it therefore serves the aim of our own legal protection.

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of our campaigns. Based on the embedded tracking pixel, we may see whether and when you opened a certain e-mail. By including individualised links in our newsletters, we may also see on which on which links in the newsletter you clicked. We make use of these techniques order in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters better to the interests of our readership.

The personal data acquired through our newsletter system are stored exclusively on our web server and will not be passed on to third parties. We do not combine this information with personal data from other sources.

You may cancel your newsletter subscription at any time by using the designated form on our website or by clicking the “Unsubscribe” link which is provided at the end of each newsletter issue. When you unsubscribe, we may continue to store your personal data in order to analyse the perception of our newsletter with the readership. You may at any time demand the full deletion of your personal data we gathered in this way.

III. Registration on our website

You are free to register on our website by indicating personal data, for instance by applying for one of our activities or by signing up to our alumni network. Which personal data are transmitted and stored is determined by the respective input mask. In addition to these visible data, we store your full IP address (see above) as well as the date and time when you registered or modified your data. We collect and store these data exclusively for the purposes indicated at the respective page of our website, such as gathering information about individuals who previously participated in our activities, or candidates who are interested to do so in the future.

We do not pass on this information to third parties unless this is expressly indicated or necessary for achieving the purpose of the registration. You are free to change the data you specified during registration at any time, to request a copy of the information we store about you or to demand a complete deletion of your data.

IV. Application for jobs and employment

When you apply for jobs offered by us, which personal data are transmitted and stored is determined by the respective input mask and your submissions outside the formalised input mask (e.g. attached files such as CVs). In addition to these visible data, we store your full IP address (see above) as well as the date and time when you registered or modified your data. We will collect and process the personal data of applicants for the purpose of the processing of the application procedure. Due to the international nature of our organizations, application procedures are always carried out electronically, in particular by requesting applications and corresponding documents be sent to us via e-mail by means of registering through a web form on our website.

When we conclude an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded between you and us, we may keep the application documents for a maximum of 6 months, provided that we have no other legitimate interest keeping the data, including a burden of proof in lawsuit under equal treatment legislation.

V. Application for and participation in our activities

When you apply to participate in one or several of our events, seminars, training courses, working groups, statutory meetings etc. (“our activities”), which personal data are transmitted and stored is determined by the respective input mask and your submissions outside the formalised input mask (e.g. attached files such as CVs). In addition to these visible data, we store your full IP address (see above) as well as the date and time when you registered or modified your data. Due to the international nature of our organizations, application procedures are always carried out electronically, in particular by requesting applications and corresponding documents be sent to us via e-mail by means of registering through a web form on our website.

When we accept your application to participate in one of our activities, the submitted data will be stored for the purpose of organising your participation in the respective activity. You may be requested to submit additional personal data that are required for facilitating your participation, including dietary information, passport and visa details and logistical information such as travel itineraries. We will store these data as long as it is required for organising the activity and respective follow-up such as reporting. Personal data will be shared with third parties (including donors, hotels, travel agencies, transport companies, local NGO partners etc.) insofar as it is required for offering the activity, organising your participation therein and ensuring funding from third-party donors. This may involve personal data such as your address, birthdate, dietary requirements, passport and visa information and travel itineraries.

During our activities, we take photos and videos. We publish these on our website and on social networks such as Facebook, Instagram, Youtube and Twitter. We do so in order to involve a wider audience in our activities, since only a small percentage of our audience are able to attend to our activities physically due to the international nature of our organisation. We also may include photos and videos in reports that we share with third parties such as member organisations, partner organisations and donors. By participating in our activities, you agree to be visible in these photos and videos and to them being published in said manner. You have the right to withdraw this consent at any time. For the removal of photos and videos at a later time, see section E.III. of this notice. Note that we will strive to remove photos and videos that show you individually or in a small group, but not group pictures showing larger numbers of participants including you.

VI. Transmission of data to third parties

In principle, we only use your personal data within our organization. If and to the extent that we involve third parties in the performance of contracts (e.g. travel agencies, hotels, airlines or partner organisations), receive this personal data only to the extent that which requires the transmission for the corresponding service.

VII. External data processing

In the event that we outsource certain parts of data processing to external service providers, we contractually oblige contractors to process personal data only in accordance with the requirements of the GDPR and other applicable data protection legislation, and to ensure the protection of the statutory rights of you and of other affected parties.

D. Legal basis for the storage and processing of personal data

Where we obtain consent for processing your personal data for a specific purpose, Art. 6 para. 1 lit. a GDPR serves as the legal basis for processing these data. If the processing of personal data is necessary for the conclusion or performance of a contract to which you are a party, as is the case, for example, when you participate in of our activities, or order goods or any kind of service from us, processing of your personal data is based on Article 6 para.1 lit. b GDPR. Where we are subject to a legal obligation that requires processing of personal data, such as for the fulfilment of obligation pertaining to our non-profit status, the processing is based on Art. 6 para. 1lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of you or someone else, for instance when during one of our events one of the participants were injured and his or her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 para. 1 lit. d GDPR. Finally, processing operations could be based on Article 6 para. 1 lit. f GDPR.

E. Your rights

According to the applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please send your enquiry by e-mail or by post to the address specified above, clearly identifying yourself.

I. Right to confirmation and information

You are entitled to receive confirmation from us at any time as to whether we process personal data related to you. If this is the case, you have the right to receive from us free of charge information about the data stored about you. Furthermore you have the right to the following information:

  1. processing purposes;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular for recipients in third countries or international organisations;
  4. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  5. the existence of a right to rectification or deletion of the data concerning your personal data or to the restriction of the processing by the person responsible or a right of objection against this processing;

II. Right to rectification

You have the right to demand from us to rectify any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – including by means of a supplementary declaration.

III. Right to erasure (“right to be forgotten”)

Pursuant to Art. 17 GDPR, you have the right to demand that your personal data in question will be deleted immediately, and we are obliged to delete your personal data immediately, provided that one of the following reasons apply:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. you withdraw your consent to the processing of personal data and there is no other legal basis for the processing;
  3. you file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR;
  4. the personal data have been processed unlawfully;
  5. the personal data have to be erased for compliance with a legal obligation in European Union law or the law of a EU Member State to which we are subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

Where we have made the personal data public and are is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform persons which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

IV. Right of restriction of processing

Pursuant to Art. 18 GDPR, you have the right to obtain from us restriction of processing where one of the following applies:

  1. you are contesting the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. we do no longer need the personal data for the purposes of processing, but nevertheless require them for the establishment, exercise or defence of legal claims;
  4. you have objected to processing pursuant to Art. 21 para. 1 GDPR, pending the verification whether the legitimate grounds of the controller override yours.

V. Right to object

Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 para. 1 GDPR, including profiling based on those provisions. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where you object to processing for direct marketing purposes, we will no longer process the personal for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 para. 1 GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

VI. Automated individual decision-making, including profiling

Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We currently do not perform automated decision making based on the personal data we collect and process.

VII. Right to withdraw data processing consent

You have the right to revoke your consent to the processing of personal data at any time.

VIII. Right to complain

You have the right to complain to a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed the law, if you believe that the processing of personal data concerning you is unlawful.

F. Data safety

We are committed to protecting the security of your data in accordance with the applicable data protection laws and in light of current technical possibilities.

On our website, we use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar. The certificates will verify against our internet domain, which is eyce.org.

When you submit personal date through our website, your date will be transmitted encrypted. However, other forms of data transmission via internet, in particular via unencrypted e-mail, may have security gaps. A complete protection of data against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we regularly update to the state of the art.

Furthermore, we do not guarantee that our website will be available at certain times; we cannot exclude malfunctions, interruptions or failures. The servers used by us are regularly and carefully secured.

G. Review of this privacy policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to save or print a copy for your records.

If you have any question regarding our privacy policy, please contact us through the means indicated in the introduction to this document.

Last revision of this notice: 25 May 2018