This Privacy Notice explains how DAPA collects, uses, shares and otherwise processes your Personal Data in accordance with applicable data privacy laws and regulations, which include the General Data Protection Regulation 2016/679 (“GDPR”) which is applicable as of 25 May 2018.
The purpose of this Privacy Notice is to inform you about the information we may gather about you, how we may use that information, whether we disclose it to anyone, and the choices you have regarding our use of the information we collect.
When using the term “Personal Data” in our Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold, as defined by the GDPR. From a general perspective, we base the processing of Personal Data that may be done in order for us to perform our contractual obligation(s) as the publisher of this Website (“Contractual Obligation(s)”) and to enable us to be compliant with any legal or statutory obligation(s) (“Legal Obligation(s)”).
We may also process Personal Data when we have assessed that such processing can be based on our legitimate interest(s) (“Legitimate Interest(s)”) and only when we assessed that your interests and fundamental rights do not override ours. For example, it may be of our Legitimate Interest to process certain Personal Data to continue to develop our business activities (quantitatively and qualitatively), and/or to improve our business performance etc.
Finally, please note that we may also need to process Data to respond to and to defend us against any legal claim that may arise.
The personal data that we collect
We shall use the Personal Data only for the purposes for which it was collected unless we consider that we may need to use it for another purpose which is compatible with a current and original purpose. Should such a new purpose be unrelated to the existing purposes, we commit to notify you and to explain such new purpose together with the legal ground with which we intend to base that new purpose.
We may collect personal information through your use of our Website, when you contact or request information from us or when you subscribe to our newsletter.
The data category collected is the following:
Responding to questions and requests
If you send a question or a request to us via our Website we process your personal data to respond to the question or request.
Evaluate and follow-up the use of our Website
In order to evaluate and follow-up on the use of our Website, we process your personal data, e.g. in connection with collection of visitor statistics on our website.
Handle and defend legal claims
We process your personal data, to the extent it is necessary, to handle and defend legal claims, e.g. in case of a dispute or litigation.
Fulfill legal obligations
We process your personal data in order to fulfill legal obligations, e.g. bookkeeping and accounting requirements and obligations under data protection regulations.
Manage and protect IT systems and services
In order to manage and protect our IT systems and services, e.g. upon logging, troubleshooting, backup, change and problem management in systems and in connection with potential IT incidents, we process, to the extent necessary, your personal data.
Where necessary, we share your personal data with others. The recipient is the data controller for the processing of your personal data, unless we have stated otherwise.
In order to fulfill the purposes of the processing of your personal data, we share your personal data with service providers that we have engaged. These service providers provide services to us such as operation, technical support and maintenance of IT systems. The service providers may only process your personal data for these purposes and in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that the service providers carry out on our behalf, acting as data processors.
In certain cases we share, if necessary, your personal data with other recipients for certain purposes (e.g. to fulfill legal obligations and to handle and defend legal claims).
Public authoritiesWe share necessary personal data with public authorities if we are obligated under law to disclose the information.
External advisorsWe share necessary information with external advisors, e.g. audit firms, and law firms if we are obligated under law to share the information or in order to manage and defend legal claims.
Legal obligation and legitimate interest.
Courts, counterparties etc.In order to manage and defend legal claims we share personal data to other parties.
Law enforcement authorities, e.g. policeWe share personal data with law enforcement authorities, e.g. the police if we are obligated under law to disclose information
Personal identification information: name, surname, first name, postal and e-mail address, phone number, content or messages you send to us or provide otherwise directly to us such as inquiries, questions, comments, answers to questions.
Where we process personal data
We always strive to store and process personal data within the EU.
However, you are informed that our Website was created and is maintained through our service provider, Webflow. Some of Webflow‘s infrastructures are located in the USA, and your personal data may thus be transferred to the USA. Further information is available in Webflow's Privacy Notice: https://webflow.com/legal/eu-privacy-policy.
How and why we use personal data
We may use data we obtain for purposes relating to our Website and services, including (a) providing the Website and services to you, (b) raising queries with you, and responding to issues you may raise, whether relating to our services or otherwise, (c) processing job applications and (d) generating anonymized statistics and analysing anonymized statistical usage data of our web site. We may use the following third-party service providers named below to process and store your data:
The disclosure of your personal data
DAPA does not sell, rent or provide in any form any of your information to third parties for any advertising or marketing purposes.
However, we may use external services such as Google Analytics for providing statistical and analytical services and process data on our behalf, without being allowed to share it with third parties.
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed above. Any email marketing messages we send are done so through an EMS, email marketing service (“EMS”) provider.
E-mail marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
E-mail marketing messages we send are in accordance with the GDPR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.
Our EMS provider is Mailchimp.
The Services enable Members to, among other things, send and manage email campaigns and serve advertisements.
Mailchimp collects information about the device and applications you use to access emails sent through our Services, such as your IP address, your operating system, your browser ID, and other information about your system and connection.
Mailchimp collects usage data about you whenever you interact with emails sent through the Services, which may include dates and times you access emails and your browsing activities (such as what pages are viewed).
Mailchimp also collects information regarding the performance of the Services, including metrics related to the deliverability of emails and other electronic communications we send through the Services. This information allows Mailchimp to improve the content and operation of the Services, and facilitate research and analysis of the Services.
Your rights in relation to your Personal Data
Under the GDPR you have various rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:
If you want to exercise one of these rights please contact us via email@example.com.
Security of your Personal Data
We are committed to take appropriate technical and organisational measures to protect your Personal Data against unauthorised or unlawful processing and against accidental loss, disclosure, destruction or damage.
We will only retain your Personal Data for as long as we need it in order to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
If you are a client, former client, interested party or prospective client or a contact person of one of the aforementioned, we store your Personal Data for marketing purposes until revocation or the revocation of your consent if the marketing measures were carried out.
Changes to this Notice
We may change this Notice from time to time. The latest version will be posted on our website.
What if I have a question?
Please email firstname.lastname@example.org if you have any questions about our Notice. You may also make a complaint, in accordance with applicable Privacy Laws, to a supervisory authority in your country of residence. The Luxembourg supervisory authority is the National Commission for Data Protection (“CNPD”).