Privacy Policy
I. Who we are and how to contact us
International Port Community Systems Association (IPCSA) is a European Economic Interest Grouping (EEIG) governed by EEC Regulation 2137/85 and by the laws of England. The European Port Community Systems Association EEIG Contract of Formation was signed on the 15th June 2011 with an amendment agreed by all EEIG members signed on 15th August 2014 to form IPCSA EEIG as from 1st September 2014.
IPCSA Registered Office: The Chapel, Maybush Lane, Felixstowe, IP11 7LL, United Kingdom
IPCSA EEIG Number: GE000268
For any privacy related enquiries please contact us at: info@ipcsa.international
II. Data keeping purpose, categories and retention period
General data processing purpose – internal and external communication with the Members, IPCSA partners, stakeholders and relevant community in order to achieve IPCSA mission and objectives.
Specific Purpose | Data subject categories | Data categories | Retention period or criteria used to determine the retention period | Legal bases for data processing |
E-mail correspondence | IPCSA employees or other way authorised representatives, IPCSA Member organisations representatives, stakeholders, website visitors and any other relevant community members. | E-mails might contain the personal data such as name, surname, position, phone number, address. E-mail correspondence on financial matters, including project and action implementation might contain also financial data such as data on salaries, payments, bank details etc. | General e-mails: as long as the matter is relevant. e-mails related to the Members approval: IPCSA life time.e-mails on financial matters, including project and action implementation: action and/or project life time + post implementation auditing period unless the relevant financial and accounting statutory rules require longer data storage period. | Consent1 Conclusion or performance of the contract2 Legal obligation of controller in relation to the correspondence on financial matters.3 Legitimate interests4 |
Contacts on daily operational matters | IPCSA representatives, IPCSA Member organisations representatives, Contract Parties, stakeholders, website visitors and any other relevant community members | As long as contact details are relevant | Consent Legitimate interests | |
Surveys and Questionnaires’ | IPCSA Member organisations representatives, any stakeholder participating in the Survey | might contain the personal data such as name, surname, position, phone number, address. e- mail, and opinions of organisations representative on business related matters covered by particular survey or questionnaire | Survey responses will be kept for 3 years, Survey Reports for as long as they are relevant. | Consent Legitimate interests |
Contacts for Newsletters | IPCSA Member organisations representatives, any stakeholder subscribing to the newsletter | Name, Surname, e – mail address, Job position, Company name. | As long as contact details are relevant or unsubscription request is received | Consent |
Contacts for Members updates | IPCSA Member organisations representatives | Name, surname, position, phone number, work address, e- mail. | As long as contact details are relevant | Consent Legitimate interests |
IPCSA website (Members only section- password protected access) Provides easy access to all relevant IPCSA internal documents, events, opinions etc. | IPCSA Member organisations representatives | name, surname, position, phone number, work address, e- mail, password. person’s free option to add, edit and remove – personal photo, facebook, twitter, google plus, linked in and other social media accounts. | As long as contact details are relevant | Consent Legitimate interests |
Event invitations Applicable in cases where IPCSA is organising, participating or invited to participate in international events. In relation to these cases IPCSA may or may not act as Your Personal Data Controller depending on actual circumstances. Whenever your personal data is requested by event host, relevant government officials and similar bodies, it would be clearly specified within information request. | IPCSA Member organisations representatives, any stakeholder participating in the event | name, surname, position, phone number, work address, home address, nationality, any passport and or identification card details, visa details, travelling details, including air, train, bus tickets, reservations, personal insurance details, hotel accommodation details, traveling dates and any other information related to the foreign travel, including formalities necessary to obtain invitation and/or permission to enter the particular country or to obtain the permission to speak at the conference. | Event duration +3 months enabling to solve out any pending issues in relation to the particular travel if such arise. | Consent |
Participants lists at conferences, IPCSA meetings | IPCSA Member organisations representatives, any stakeholder participating in the event | name, surname, position, work address, phone number and e – mail address, if provided. | For conferences: as long as conference materials are relevant or where conference is organized using public project money – as long as relevant project documentation is kept. For IPCSA meetings – as long as meetings materials are relevant, for IPCSA meetings dealing with governance matters – IPCSA life time. | Consent Legitimate interests |
IPCSA Meeting minutes, Conference Protocols etc. | IPCSA employees or other way authorised representatives, IPCSA Member organisations representatives, any stakeholder participating in the event | name, surname, position, work address, phone number and e – mail address. Meeting minutes may contain the information and any views and/or opinions on particular business matters expressed by individuals attending the meeting on behalf of their organisation. | For conferences: as long as conference materials are relevant or where conference is organized using public project money – as long as relevant project documentation is kept. For IPCSA meetings – as long as meetings materials are relevant, for IPCSA meetings dealing with governance matters – IPCSA life time. | Consent Legitimate interests |
Witness, affirmation a.o. documents signed on behalf of IPCSA Members or organisations invited to IPCSA meetings such as papers on fair competition, neutrality etc. | name, surname, position, work address, phone number and e – mail address. | IPCSA life time | Legitimate interests |
III. IPCSA Legitimate interests
IPCSA is processing only the minimal amount of your personal information such as your name and surname, position, working address and working contact details, as well documents signed by you and/or written records on your opinions expressed in IPCSA meetings on behalf of the organisation you are representing on the grounds of legitimate interests. For details please refer to the Section 2 “Data keeping purpose, categories and retention period” of this document. The ultimate aim for such processing is to achieve the IPCSA objectives and goals as per EEIG Contract of Formation signed on the 15th June 2011 with an amendment agreed by all EEIG members signed on 15th August 2014 to form IPCSA EEIG as from 1st September 2014.
E – mails you are sending on behalf of your organisation to conform new IPCSA Member, Minutes of IPCSA Executive Committee meeting are the most typical examples of the personal data processing on the grounds of legitimate interests.
The personal information we are keeping is always related to you as a representative and/or employee of IPCSA Member orgnisation. We never hold any information on private matters on the grounds of legitimate interests. Please be aware that we will keep this information in our accounts even if you will no longer continue to represent particular IPCSA Member organisation only so far as far documents signed by you, opinions expressed by you are relevant to the IPCSA relationship with that particular organisation. If you would like to receive additional information on this matter, please do not hesitate to contact:
Inga Morton, General Manager, inga.morton@ipcsa.international, +371 2 9273218
IV. Recipients of personal data
IPCSA and its affiliated companies, IPCSA selected third party suppliers only for particular and specific data processing purposes.
Participants lists for conferences will be available to the meeting organizers’, meeting participants as well as media representatives.
We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
V. Data transfers to the third countries and safeguards
As a safeguard standard for any data transfer outside EU/EEA IPCSA follows either standard contractual clauses for transfers from data controllers to data controllers established outside the EU/EEA5 or standard contractual clauses for the transfer to processors established outside the EU/EEA6.
Available at: https://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm
Specific situations:
For Surveys and Questionnaires’ we use SurveyMonkey Europe UC. Survey Monkey privacy policy is available at: https://www.surveymonkey.com/mp/policy/privacy-policy/.
For Newsletters (available only if you request this service through sign to) we use Mail chimp. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Mail chimp privacy policy is available at: https://mailchimp.com/legal/privacy/
Easy access to the large documents on which IPCSA and its Member organisations’ are requested to provide comments is provided via Dropbox. Within Members area on our websitewe use Dropbox for various working documents. Dropbox is certified and complies with the EU-U.S. Privacy Shield Program (“Privacy Shield”) framework and the U.S.-Swiss Safe Harbor (“Safe Harbor”) framework. Dropbox Privacy policy is available at: https://www.dropbox.com/security#privacy. This option will be replaced with social media Platform managed by Winkwaves BV. Winkwaves is a company based in the Netherlands that specialise is bespoke social media platforms for business. Winkwaves holds and manages the platform on behalf of IPCSA members and invited guests. Winkwaves are fully compliant with the GDPR. We expect the IPCSA members platform to be ready in late 2018 and the IPCSA privacy policy will be updated accordingly when the platform goes live.
VI. Your rights:
– The right to access the data stored about you. At any time, you may request a copy of the information that IPCSA holds about you. This includes the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning your data or to object to processing as well as the right to data portability pursuant to the Article 20 of the General Data Protection Regulation7.
Effective from May 25, 2018.
– The right to withdraw consent at any time. You may withdraw your consent to the individual processing of your information at any time. This will not affect the lawfulness of the relevant data processing based on consent before its withdrawal. However, where your consent is withdrawn, and IPCSA has a legitimate interest to process certain data, you will be informed in writing accordingly. We will inform you on exact scope of the data we will continue to process on a bases of legitimate interests.
– The right to lodge a complaint with a supervisory authority.
ICO. The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
You can report your concern online or call ICO helpline helpline: +44 0303 123 1113. More information available at: https://ico.org.uk/concerns/.
1 Article 6 (1) a of the General Data Protection Regulation (effective from May 25, 2018), 2 Article 6 (1) b of the General Data Protection Regulation (effective from May 25, 2018), 3 Article 6 (1) c of the General Data Protection Regulation (effective from May 25, 2018), 4 Article 6 (1) f of the General Data Protection Regulation (effective from May 25, 2018), 5 Commission Decision 2001/497/EC and Commission Decision C(2004)5721, 6 Commission Decision C(2010)593, 7 Article 20 of the General Data Protection Regulation, Effective from May 25, 2018