Privacy policy

1. INFORMATION RELATING TO THE FOLLOWING TEXT

 

1.1. In this page, visitors of the tcbl.eu website can find some useful information to understand which of their Personal Data will be collected and processed, only by their demand, for which purposes, for how long and by whom. They can also learn about their rights in relation to the aforementioned Personal Data and how to exercise them.

1.2. The contents of this page are current at the date of its navigation. Changes and updates will be effective as soon as they are published herein.

1.3. The entirety of this text has been drafted pursuant to and for the purposes of articles 12 and 13 of the European Regulation 27 April 2016, n. 679 (henceforth: the GDPR), as well as the applicable legislation on Personal Data in the respective countries of the Data Controller and Data Processor, mentioned in the following clauses.

 

2. INFORMATION RELATING TO THE DATA CONTROLLER

 

2.1. A Data Controller is the entity on behalf of which Personal Data is collected and processed, which retains full responsibility for that. The Data Controller for this website is the TCBL Association, holding its seat in The Netherlands, Nieuwmarkt 4, 1012CR Amsterdam. For more information on the TCBL Association, please contact the following page: https://tcbl.eu/about-tcbl-association                  

2.2. The contact person at the Data Controller for any question or issue related to this Privacy Policy is Mr Francesco Molinari (mail@francescomolinari.es) in his capacity of Data Protection Officer.

2.3. Inquiries sent to the Data Protection Officer will be handled as soon as possible, in any case within 30 days.

 

3. INFORMATION RELATING TO THE DATA PROCESSOR

 

3.1. A Data Processor is the entity that collects and processes Personal Data on behalf of the Data Controller. The Data Processor for this website is CEDECS-TCBL SAS, holding its seat in France, 68 bis boulevard Pereire, FR 75017 Paris. For more information on CEDECS-TCBL SAS, please contact the following page: https://www.cedecs-tcbl.com/en-gb              

3.2. The contact person at the Data Processor for any question or issue related to this Privacy Policy is Mr Athanase Contargyris (athanase.contargyris@cedecs-tcbl.com) in his capacity of Editorial Manager.

3.3. Inquiries sent to the Editorial Manager will be handled as soon as possible, in any case within 30 days.

 

4. INFORMATION RELATING TO THE WAY DATA IS COLLECTED, STORED AND PROCESSED

 

4.1. A visitor to this website may decide at all times, on a voluntary basis, to join the TCBL Association and therefore provide some Personal Data (better listed in the following clause) via the interface available at this link: https://tcbl.eu/join-us

4.2. The information in question is collected, stored and processed by the Data Processor on behalf of the Data Controller.

4.3. The purpose of such treatment is to assess the credentials set out by potential candidates to join the Association, with the exclusion of any commercial interest.

4.4. The secure server where the information is stored resides in France. Members of the Data Controller’s and/or Data Processor’s technical teams who have access to that server only reside in other countries of the EEA (European Economic Area).

4.5. Disclosure of the information provided as described above to any third parties is not foreseen for any reason – without the permission of the Member of the TCBL Association – unless in aggregated and anonymous form, e.g. for statistical purposes. The information relating to visitors whose candidature has been rejected, or to those who have not finalized the process initiated at the link provided above, is not retained in our server.

 

5. INFORMATION RELATING TO WHICH DATA IS COLLECTED, STORED AND PROCESSED

 

5.1. The Personal Data provided in the context of a request to join the TCBL Association consists in the name, surname, social media / web link and email address of the individual applicant (in the case of organizations, this information is complemented by some public business identifiers).

5.2. The candidate is also asked to respond to a number of questions, with closed answers, which are used for profiling purposes and specifically to evaluate his or her suitability to become a Member, being sufficiently close to the principles and values of our Association.

5.3. In case of disagreement with this interviewing and profiling approach, visitors may decide not to provide the requested information, wholly or in part, knowing that their behavior may reduce or annul the chances of their Membership to be approved.

 

6. INFORMATION RELATING TO OTHER DATA COLLECTED, STORED AND PROCESSED IN OR OUT OF THIS WEBSITE

 

6.1. For the avoidance of any doubt, this Privacy Policy only refers to the Data Controller’s website, with the exclusion of (e.g.) the Data Processor’s website or other forms of interaction that may lead to the collection, storage and processing of Personal Data. However, by way of exemplification, some of those interactions are listed below.
6.2. In case of e-mails spontaneously sent to the Data Controller’s (or the Data Processor’s) address, for any reason / purpose and always on a voluntary basis, including as provided for by some of the previous clauses, the optional, explicit and voluntary submission of Personal Data such as the name, surname, telephone number and e-mail address of the sender will entail the subsequent acquisition and handling of such Data, as necessary to respond to requests received (Article 6, paragraph 1, letter b) of the GDPR). Subsequently, the received information will be archived.

6.3. In case of contact forms displayed on the Data Controller’s (or the Data Processor’s) website, serving the same or different purposes, the visitor will be free to provide the requested Personal Data. However, failure to do so may prevent his or her from obtaining the information or service requested. Subsequently, the received information will be archived.

6.4. In case of registration forms displayed on the Data Controller’s website, with the purpose of receiving a Newsletter, the visitor will be free to provide the requested Personal Data. However, failure to do so may prevent his or her from obtaining the requested registration. Additionally, the received information will continue being used for the purpose of Newsletter distribution.

6.5. Disclosure of the information provided as described above to any third parties is not foreseen for any reason, with the partial exception of the receivers of the Newsletter, who may be disclosed only in aggregate form, e.g. for statistical purposes.

 

7. COOKIES AND SOCIAL MEDIA LINKS

 

7.1. There is no collection of Personal Data via Cookies on this website.

7.2. This website may provide links (represented by the logos of the respective owners) that allow interactions with external web platforms or social networks. The visitor is warned that the collection and processing of Personal Data is governed by third parties’ privacy policies to which they are invited to refer. In some cases, the information acquired by the respective social media links are subject to the privacy settings that the user may have chosen in advance. Such information is not known by the Data Controller with the necessary detail.

 

8. DATA PROCESSING METHODS / TOOLS AND ACTORS HAVING ACCESS TO RAW DATA

 

8.1. The processing of collected Personal Data is performed via paper-based and computerized methods and tools, following an organizational logic strictly related to the specified purposes and through the adoption of appropriate security measures before and during data exchange.

8.2. Raw Personal Data is processed exclusively by authorized members of the Data Controller’s and/or Data Processor’s teams (including of appointed subcontractors, e.g. hosting service providers, web designers, etc.) who must perform specific duties and have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality.

8.3. No other entity that operates independently from the Data Controller and/or Data Processor (for example, business partners or service providers, other members of the TCBL Association, etc.) may be granted access to raw data, unless in aggregated and anonymous form, i.e. for statistical purposes.

8.4. Commercial use of raw Personal Data or any form of indiscriminate sharing is forbidden.

8.5. No transfer of raw Personal Data outside the EEA (European Economic Area) is foreseen.

 

9. EXCEPTIONS TO THE NON-DISCLOSURE COMMITMENT

 

9.1. The Data Controller, and/or the Data Processor on their behalf, will only share some Personal Data with third parties in the following instances:

  • By a judiciary order, or in the context of a police inquiry
  • To protect their interests in judicial proceedings before the competent courts
  • To fulfil an obligation provided for by applicable norms, laws and regulations, in particular on, but not limited to, tax and fiscal matters
  • To guarantee the security of the Data Controller’s (and/or Data Processor’s) assets, infrastructures and networks) against malevolent cyber attacks or other fraud risks
  • To carry out statistical analyses on aggregated and anonymous data.

 

10. DATA CONSERVATION PERIOD AND RIGHTS OF THE PERSONAL DATA OWNERS

 

10.1. Generally speaking, Personal Data will be conserved for the period of time that is required to fulfill the purposes for which it was collected. In particular this is set at:

  • The time corresponding to the duration of the business relationship (e.g. the membership of the TCBL Association, or the time needed to ask and receive a certain clarification/service) between the Data Controller and the Personal Data owner (aka “Data Subject” according to the GDPR)
  • Additional 10 years of archiving period, corresponding to the ordinary prescription term
  • In the event of legal disputes, the above are extended for the entire duration of such disputes, until the time limit for appeals has expired
  • For purposes related to legitimate interests of the Data Controller, Personal Data will be stored until the fulfilment of such interest.

10.2. At the end of the conservation period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.

10.3. At any time, Data Subjects may ask the Data Controller to delete their own, previously stored Personal Data, without a particular motivation or justification.

10.4. Additional rights of the Personal Data Owners include:

  • Being informed about the processing of their Personal Data
  • Withdrawing consent at any time
  • Restricting the processing of their Personal Data
  • Objecting to the processing of their Personal Data
  • Accessing their Personal Data wherever stored
  • Verifying and requesting the rectification of their Personal Data
  • Obtaining the deletion of their Personal Data
  • Asking for the transfer of their Personal Data to another Data Controller
  • Filing a complaint with the Personal Data Protection supervisory authority of the country where the Data Controller or Processor are established and/or take legal action against them.

10.5. In case the Personal Data for which there is a pending request for e.g. modification, or restricted processing, or deletion, are associated with a legal or contractual obligation of the Data Controller or if they constitute a necessary requirement for the maintenance of a business relationship with the Data Controller, the latter will promptly notify the Data Subject that their request makes it impossible for the Data Controller to continue the relationship and explain the consequences in detail.

10.6. Likewise, the Data Controller may refuse the request in compliance with legal obligations, by order of an authority and for legal protection, or in any other relevant specific case described in Clause 9 above.