EADL Statement of GDPR Compliance
As part of our preparations for GDPR, the Executive of EADL agreed to lead EADL’s approach, roll out, provision of advice and monitoring of progress. The Executive of EADL will continue to do so once GDPR comes into effect on 25 May 2018 and as such will, through it Executive Director. assume the responsibilities of the ‘DPO’; including maintaining and implementing our policies and procedures relating to GDPR and ensuring we remain compliant. This work is overseen by our Executive Director.
If you have any enquiry regarding GPDR and its application within the EADL you can address the Executive Director at firstname.lastname@example.org
When processing personal data, EADL has adopted the following principles, as laid down in the EU GDPR Regulation:
- Personal Data shall be processed lawfully, fairly and in a transparent way.
- Personal Data shall be collected for specified, explicit and legitimate purposes only.
- Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Personal Data shall be accurate and, kept up to date. This means EADL must have in place processes for identifying and addressing out-of-date, incorrect and redundant Personal Data.
- Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed.
- The integrity and confidentiality of Personal Data is maintained at all times through appropriate technical and organisational measures, including protection against unauthorised or unlawful Processing, and against accidental loss, destruction or damage.
Data subject rights
GDPR is intended to give our members and potential members, more power over how we manage their personal data. In-line with the GDPR we are reviewing and where necessary enhancing our procedures to enable such data to be located and anonymised or erased, in order to respond to requests to delete, rectify, transfer, access or restrict the processing of data. This will enable us to facilitate the below enhanced rights:
- Handling Data Subject Access Requests
- Handling data portability and rectification requests
- The application of retention periods and the secure erasure of personal data
In the unlikely event that a data breach should occur, we have implemented a procedure for rectification, reporting to the ICO and, where required, to the data subject in accordance with the regulation.
Transfer of data
EADL are an international association with members all over the world and, as such the data we collect may be transferred to, and stored at, a destination outside the European Economic Area (‘EEA’). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. In line with the GDPR, EADL have the necessary safeguards in place to ensure data is safely and appropriately transferred.
Compliance will be supported by a review of existing contracts with data controllers, processors, the use of sub-contractors and any data export arrangements.
Depending on the purpose for which you are providing your personal data, for the purpose of the Data Protection Act (the ‘Act’), the data controller (or entity responsible for the data collected) will be us. Within the context of this policy ‘we’ means the European Association of Distance Education.
The EADL may collect and process the following data about you:
- Information acquired/provided through our Website. This includes information provided at the time of registering to use the Websites and becoming a member of EADL, participating in discussion boards or other social media functions, posting material or requesting further services. We may also ask you for information when you enter a competition or survey promoted by EADL.
- If you contact us, we may keep a record of that correspondence. If you send us personal information which identifies you via email, we may keep your email and email address. We may also collect information that is available from your browser.
- We may ask you to complete optional surveys for research purposes.
- Details of your visits to the Websites including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.
- Details of your access to our online resources or other materials.
- Providing other information about yourself for specific purposes.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to either EADL or our contracted partners. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
How we use your data
We use personal information held about you in the following ways:
- to update and enhance our records
- to compile information relating to your use of our services and make recommendations about goods and services and other areas that may interest you
- to ensure the content from the Websites is presented in the most effective manner for you and your computer
- to carry out our obligations arising from any agreements entered into between you and us to provide you with the information and services that you request from us
- to provide you, or permit selected third parties to provide you, with information about EADL which may interest you. If you are an existing member we will contact, you by electronic means (e-mail or SMS) with information about membership and services relating to membership. If you are a new or potential member we or permitted third parties will contact you by electronic means only if you have consented to this.
- inviting you to participate in research studies and/or market research activities
- we may analyse your data to create a profile of your interests and preferences so that we can contact you in the most appropriate way and with the most relevant information; to respond to queries from members of the public about your membership status
- to provide information about and communications from your local branch network
- to serve notice in accordance with the requirements of our Charter and Code of Conduct, where applicable.
Disclosure of data
We may disclose your personal information to third parties without obtaining further consent from you including:
- to our business partners, suppliers and subcontractors for the performance of any contract we enter into with you
- where we outsource any of our business functions under which we collect or store your data, in which case we will ensure that any such service provider adheres to at least the same obligations of security with regard to your data as undertaken by us
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms & Conditions and other agreements; or to protect our rights, property, or safety of our employees, our members, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will never sell your data to third parties for the purposes of marketing.
Where we store your data
Any payment transactions will be encrypted using SSL technology.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we wish to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and request your consent to these activities. If you wish to change your mailing preferences or opt-out of specific marketing communications sent from EADL, you may notify us via our Contact us form. Alternatively, you may contact us at email@example.com It may take up to 21 days for the changes to come into effect. Please note that this will not alter your current email subscription preferences.
The Websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.
If you would like to request a copy of your personal data under the Act or have any other related queries, please email firstname.lastname@example.org
We will take reasonable steps to create an accurate record of any personal data you have submitted. However, we do not assume responsibility for confirming the ongoing accuracy of your personal data. You can update your personal data by emailing us at gdpr.org Please note that it will take up to 21 days for the changes to come into effect.
11 Thorpe Lane