Effective Date: May 17, 2018

JCI Europe GDPR & Privacy Policy

Updated 17/05/2018

Privacy Notice

JCI Europe will be what’s known as the ‘Controller’ of the personal data you provide to us. JCI Europe also contains local branches, for the purposes of clarity, references to JCI Europe below include all branches of JCI Europe as well as the Board of Officers. We are committed to the security of your data and have appointed a Data Protection Officer in this role. They may be reached at info@europe.jci.cc.

We collect data from the following types of people:

 

General Users

We do not collect personal information from general users. We use Google Analytics on our website to track visit information for analysis of traffic and this does not include personal information. Further information on Google GDPR compliance is available to read here https://privacy.google.com/businesses/compliance/

 

Competition Entries

From time to time, JCI Europe runs projects in which persons and businesses may be nominated for an award or competition. Only the information necessary for the competition to be awarded or judged is entered through the website. This information is stored in our encrypted database, accessed only by the project manager and deleted when no longer necessary to the project. Each project contains its own DIPA document detailing the use of personal data during the project.

 

Email Marketing

JCI Europe conducts email marketing to inform you of upcoming events & projects and JCI Europe past activity using the Mailchimp system. Signing up to receive emails from JCI Europe is only available through an opt in form on the JCI Europe website. The Mailchimp GDPR policy is available here https://mailchimp.com/legal/privacy/. Your email address will be kept with Mailchimp until you unsubscribe from the mailing list using the unsubscribe link provided in all Mailchimp emails.

What Is Sensitive Data?

Sensitive data is any data that can be used to identify a person and includes but is not limited to your:

  • Name
  • Phone number
  • Email address
  • Date of birth
  • Photograph
  • Video
  • Personal biography
  • Passport
  • Driver’s License or other ID card
  • IP address
  • Biometric data
  • Information on a person’s physical or mental health

Why we need your data

We need to know your basic personal data in order to provide you with ongoing organisational updates and funding information. We will not collect any personal data from you that we do not need to do this. For the contact form the data we collect is required to verify your identity and may be submitted electronically via the jci.cc website to JCI Europe and JCI World, who have their own GDPR policies need data. Each project DIPA document will outline the data collected and if it will be shared with JCI Europe and / or JCI World.

How We Store Data in JCI Europe

Website

Our data is encrypted and stored on servers located within Ireland, provided by AWS. Further information on the AWS GDPR policy may be found here https://aws.amazon.com/privacy/. No 3rd parties have access to your personal data unless the law allows them to do so. Any data submitted through the website is done on an opt-in basis, provided at the time of data submission. Users and members may opt-in to receive marketing information from JCI Europe via email.

 

Google Drive

All JCI Europe data, including Information gathered during JCI projects is stored on Google Drive. Google Drive is fully GDPR compliant and is part of Google’s cloud platform, which is covered by Google GDPR compliance. (https://privacy.google.com/businesses/compliance/)

Only JCI Officers responsible for projects and membership have access to your data and all access is protected using 2-step verification.

 

Mailchimp

If you have opted in to receive information from JCI Europe via email, your email addresses will be stored on Mailchimp. The Mailchimp GDPR policy is available here https://mailchimp.com/legal/privacy/.

 

Event Brite

JCI Europe uses Event Brite to manage its events and payments. If you are attending a JCI Event, you will need to enter your personal information into Event Brite. This information is never shared and is protected by the Event Brite GDPR policy and is available here https://www.eventbrite.ie/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_IE

How long do we keep your data?

JCI Europe does not keep your personal data longer than necessary for projects, events or your JCI membership.

All personal data on members who choose not to renew their JCI Europe membership is removed automatically from our database three months after their membership lapses.

All personal data collected during the course of a JCI Europe project is deleted after it is no longer necessary to the project. This date will be made available as part of the project DIPA, which is provided before the data is collected.

If you have opted in to receive information emails from JCI Europe, your email address will be kept with Mailchimp until you unsubscribe from the mailing list using the unsubscribe link provided in all Mailchimp emails.

Security & Authentication

All personal data stored in our website database is encrypted to protect against unauthorized access.

All personal data stored on Google Drive and Mailchimp is protected by secure login and 2-step verification, which greatly reduces the risk of unauthorized access by asking users for additional proof of identity when logging in.

Procedures For Data Requests

Under GDPR, you have the right to:

  • confirm that your data is being held
  • request a copy of any personal data we have retained on you
  • request that your personal information be deleted

Non-JCI Members

To confirm your data is being held or request a copy of any personal data we have on you send an email request to info@europe.jci.cc. We will provide the information by email within 21 days.

To request that your personal data be deleted, send an email request to info@europe.jci.cc. Your personal data will be deleted from our Google Drive and confirmed by email within 21 days.

To unsubscribe from JCI Europe emails sent through Mailchimp, click the unsubscribe link at the bottom of the email.

Authentication

To authenticate the identity of the requester, we will check the email address against the email address we have on file. In the case that the name of the requester matches the information we have, but the email address does not match, we may ask that the request be resent from the email address we have on file.

Repeat requests

In the case that requests are unfounded or excessive, in particular in the case of repeat requests, we will charge a €6.35 administration fee for each repeat request for the same data. This is to cover the administration costs of multiple requests, as provided for in Article 15 of the EU GDPR policy https://gdpr-info.eu/art-15-gdpr/

Personal information required for projects

If your personal data is deleted at your request, but is necessary for participation in a project or competition, this may disqualify you from being involved further in the project or competition.

Procedures For Data Breach

If a data breach occurs which poses a risk to individuals then the Data Commissioners  (https://www.dataprotection.ie/docs/Home/4.htm) will be notified within 72 hours of the organisation becoming aware of the breach. In certain circumstances the individuals themselves must also be notified.

JCI Europe will comply with all directions from the Office of the Data Commissioner in relation to the breach. Every attempt will be made to retrieve and / or delete the data that was breached and all security logins and access controls will be updated with new passwords.

In addition an investigation will be conducted into how the breach occurred, with the goal of preventing a similar reoccurrence.

Communication Guidelines Within JCI Europe

For non-JCI members, your personal data is never sent through any communication channels within JCI Europe, apart from Gmail, which is part of Google’s cloud platform and covered by Google GDPR compliance (https://privacy.google.com/businesses/compliance/). It is sometimes necessary to mention your name in our communications, in order for us to confirm who we are referring to when discussing an event or project.

For JCI members, only the personal data which you have provided to JCI Europe during sign up or through your membership area on jci.cc, or that which you have provided to other members as a contact method may be shared internally on communication channels.

 

Gmail

All official JCI Europe communication takes place within Gmail, which is part of the Google cloud platform and conforms to Google’s GDPR compliance policy https://privacy.google.com/businesses/compliance/.

 

Facebook

JCI Europe uses Facebook as a communication method internally between members and also to promote our events. Facebook is GDPR compliant and further information is available here https://www.facebook.com/policy.php

 

Whatsapp

JCI Europe uses Whatsapp as a communication method internally between members and your personal data is never shared over Whatsapp.

 

Google Drive

JCI Europe uses Google Drive to store and share internal access to your personal information only to those members that are authorized and require access to it to carry out projects. Google Drive is part of the Google cloud platform and conforms to Google’s GDPR compliance policy https://privacy.google.com/businesses/compliance/.

Photos & Videos

JCI Europe takes and shares photos & videos of its events and projects on its website and on Facebook. These are for promotional purposes only in order to promote the activities of
the organization. At all events, an announcement is made to state that photos
and videos will be taken and used in this manner.

Member Information

For JCI members, as stated above your personal data is stored on the JCI.cc website database. You have access to this data and may edit and delete it should you choose to do
so. You may also opt in or out of receiving payment confirmation nd membership
renewal notifications through your website members area

Payment Processing

All payment processing on the JCI Europe website is carried out securely by Stripe Payments who are fully GDPR compliant https://stripe.com/ie/privacy. Payment card details are never stored by JCI Europe.

Events

JCI Europe takes and shares photos & videos of its events and projects on its website and on Facebook. These are for promotional purposes only in order to promote the activities of
the organization. At all events, an announcement is made to state that photos
and videos will be taken and used in this manner.

Upon entering the event, for Fire & Safety reasons, guests and members are asked to sign in and provide their name only on a physical sign in sheet. This sheet is then destroyed after the event. If you wish to opt in for JCI Europe promotional and information emails, you may do so on the JCI Europe website on the appropriate JCI Local Branch page. If the event is related to a JCI Europe project in which personal data has been obtained, the project DIPA policy will be displayed at the event.

Projects

All JCI Europe projects will have a DIPA document, detailing what personal data will be requested, why it is needed, what will be done with it, where it will be stored, who will have access to it and when it will be deleted. If the project involves a public event, this DIPA document will be displayed at the event.

Timelines & Dates

All personal data collected during the course of a JCI Europe project is deleted when no longer necessary to the project. This date will be made available as part of the project DIPA, which is provided before the data is collected.

All personal data on members who choose not to renew their JCI Europe membership is removed automatically from our database 3 months after their membership lapses.

In December of each year, an audit is carried out by all Board Officers and Staff, to ensure that the Google Drive account they are responsible from no longer holds any unnecessary personal data.

More Information

For more information and all enquiries email: info@europe.jci.cc