Data Protection
ReachOut’s data protection policy is compliant with the European General Data Protection Regulation (GDPR) which came into force on the 25th of May 2018 and as implemented by the OW2 the main hosting organisation of the project. The paragraphs below provide details on the GDPR measures that apply to ReachOut. If you have any question please or write to the ReachOut Data Protection contact.
GDPR is the short name for REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. The regulation concerns the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The text of the regulation is broadly publicised and can be found in extenso on the European Commission website.
ReachOut will keep a simplified registry of its processing resources, as per Recital 13 of the GDPR which states that "To take account of the specific situation of micro, small and medium-sized enterprises, this Regulation includes a derogation for organisations with fewer than 250 employees with regard to record-keeping.".
ReachOut does not need to designate a Data Processing Officer as per Article 37: ReachOut is not a "public authority or body", we host no processing that "require regular and systematic monitoring of data subjects", nor do we process "special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.".
ReachOut’s data protection policy follows the GDPR guidelines regarding quality of data and data processing, legitimacy and categories of data processing, right of access to the personal data, subject’s right of information and objection, confidentiality and security of processing:
- Quality of data and data processing: Data will be collected and processed for the sole use of the ReachOut project and according to its objectives. Data processing will be simple, explainable and understandable.
- Legitimacy and categories of data processing: Only data with a strict connection with the aim of the research will be collected. No data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, healthy and sex life shall be processed.
- Right of access to the personal data: Any individual will have full right to access related data. The “right to be forgotten” will be enforced.
- Subject’s right of information and objection: Any individual will have full right of information on the related data and of objection. Information and modification requests will be promptly handled by the Data Processing Officer.
- Confidentiality and security of processing: All personal data will be handled and processed confidentially. Use of personal data will be restricted to the sole use of the direct research team. There will be no communication of personal data to any third party.
This notice is to comply with Article 13 of the GDPR regulation. It requests that ReachOut, "at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: "
GDPR Disclosure | ReachOut |
---|---|
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; | Personal data is stored for as long as necessary to fulfil the purpose for which it is being processed and as long as the member, user or subscriber does not require deletion whether the account is active or not. |
(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; | Loading... |
(c) - where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), - the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; | - Data is stored on the OW2 infrastructure however we use third party providers for certain of our services that may store and process some personal data; these services include: our newsletter e-mailing system, our event programme management system, our annual conference registration system and a social networks management service. We also use global platforms and social networks such as Twitter, YouTube, SideShare, Google and LinkedIn. -Yes full right to withdraw is granted, please contact the OW2 Management Office at Conseil & Management, 7, Rue de Phalsbourg, 75017, Paris, France or please send an email to the OW2 GDPR address. |
(d) the right to lodge a complaint with a supervisory authority; | Yes full right is granted. Please write to the French data protection authority: CNIL. |
(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data; | The data we collect at ReachOut is the minimum requirement to enable either the benefits of membership, usage of our services or sharing useful information. Failure to provide such data will hamper access to our services or useful information. |
(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. | No such automated decision-making or profiling exists at ReachOut. |