Compliance to the General Data Protection Regulation (GDPR), (ΕU 2016/679)
Data controller: PEEMPIP BoD
Data processor: PEEMPIPBoD
Data protection officer: Mary Kyriakopoulou, member of PEEMPIP BoD
1. Compliance policy
1.1. Personal data processing and protection policy:
1.1.1. Data we collect and process: Data we collect and process from you include, among others, your first and last name, your address, your work address, your address of communication (if different from work address), your telephone number (landline and/or mobile), your email address, your tax identification number, any deposit receipts of your membership payments or donations, your gender, your degrees and training certificates, your country of residence, your legal form, your job title, and more.
Among others, such data are used for the following purposes: keeping of PEEMPIP record on a special database-management registry of the Association, creation of member accounts, transaction history between the members and PEEMPIP, issuance of invoice/receipts for the members, report to the Audit Committee and/or Disciplinary Board as provided by the by-laws, fulfillment of the obligations between PEEMPIP and the members according to PEEMPIP by-laws, forwarding job announcements and other notifications to the members, and more.
Following initial collection and entry of such data in the Registry or in protected files on Google Drive, PEEMPIP does not process such data any further, apart from using some of them (e.g. email) to interact with its members, pursuant to what is mentioned above. The data you provide us with are used to fulfil the purposes of the by-laws.
Information may be forwarded to third parties with whom we collaborate to provide our members with beneficial services. Such third parties comply with similar privacy and confidentiality agreements.
Information may also be forwarded to third parties who perform tasks on our behalf and provide services to us as PEEMPIP, such as accountants, consultants, technical support and information systems specialists, e-mail account management software companies or accounting software companies performing system maintenance works, etc. Such third parties comply with similar privacy and confidentiality agreements signed between them and PEEMPIP.
All data provided by you, the Member, are manually entered in the Registry of PEEMPIP and/or stored in protected files on Google Drive so as to facilitate the work of the Board and other PEEMPIP working groups. Data remain unaltered and are not erased for the purposes mentioned in par. 1.1.1. All data are stored for legal purposes as referred to in the Association’s by-laws.
1.2. Your personal data protection
PEEMPIP ensures protection of your personal data by using:
Password protection for computers, servers and software
Password protection for email accounts
Password protection with a specialized double identification system password protection software
1.3. Application-Measures to ensure proof of compliance (“accountability”):
Personal data processing and protection policy is directly put into effect as soon as the candidate member registration application is received and/or immediately after the members consent to their data entering in the Registry and other management systems of PEEMPIP.
2. Storage limitation
We retain your data for as long as there is a legal requirement to do so or for as long as it is necessary in order to fulfill the provisions of the by-laws. This usually requires that we retain your personal data after your deletion from PEEMPIP for the purposes of keeping accounting books, history and records, as well as managing any queries you may have.
3. Rights and special requests of the data subjects
To the extent permitted by law and the GDPR, you have the right to request access to your data from PEEMPIP by submitting a written request via email to firstname.lastname@example.org
3.1.3. Right to rectification
You may ask for rectification of any inaccurate personal data exclusively by email.
3.1.4. Right to erasure (“right to be forgotten»)
You have the right to request the erasure of your personal data in accordance with Article 17 of the GDPR and par. 3.1.2 above.
3.1.5. Right to restrict processing
You have the right to request restriction of your personal data processing in accordance with Article 18 of the GDPR and par. 3.1.2 above.
3.1.6. Right to data portability
You have the right to receive the personal data you have provided PEEMPIP with, in a structured, commonly used and machine-readable format. You are also entitled to transmit such data to another controller without any objection being raised by the Board of Directors of PEEMPIP which was provided with the personal data in accordance with Article 20 of the GDPR.
3.1.7. Right to object
You are entitled to oppose, at any time and for reasons related to your particular situation, to the processing of your personal data in accordance with Article 21 of the GDPR.
3.1.8. Rights in relation to Automated Individual Decision Making, including profiling
PEEMPIP and the BoD do not implement automated individual decision-making or profiling.