Privacy Notice
- OBJECTIVE
- DEFINITIONS
- CONTACT DETAILS
- PRINCIPLES OF PROCESSING PERSONAL DATA
- OUR PROCESSING ACTIVITIES
- RECIPIENTS OF THE INFORMATION WE COLLECT
- RETENTION PERIODS OF YOUR PERSONAL DATA
- LINKS TO EXTERNAL SITES
- INFORMATION SECURITY
- RIGHTS OF DATA SUBJECTS
1. OBJECTIVE
The aim of this Privacy Notice is to provide adequate and consistent safeguards for the handling of personal data (as defined below) by CropLife International A.I.S.B.L. (“CropLife International” or “we” in all its declensions) in accordance with GDPR (as defined below).
2. DEFINITIONS
- Data controller: means the person or organization who decides why and how personal data is used.
- Data processor: means a third party (such as a service provider) who processes personal data on behalf under the instructions of the data controller.
- Data subject: an individual who is identified or identifiable and whose personal data is processed.
- GDPR: stands for Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
- Personal data: means any information relating to a data subject.
- Special categories of personal data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
3. CONTACT DETAILS
The data controller is:
CropLife International A.I.S.B.L.
326 Avenue Louise, Box 35
1050 Brussels
Belgium
CropLife’s representative is its President and Chief Executive Officer, Emily Rees.
If data subjects have any questions about this Privacy Notice, including any requests to exercise their legal rights, they should contact CropLife International at GDPR@croplife.org.
4. PRINCIPLES OF PROCESSING PERSONAL DATA
CropLife International respects data subjects’ privacy and is committed to protecting personal data in compliance with the applicable legislation in the EU with the desire to keep its data subjects informed and to recognize and respect their privacy rights. We observe the GDPR principles when processing personal data, including the following principles:
- Personal data will be processed fairly and in accordance with applicable law.
- Personal data will be collected for specified, legitimate purposes and will not be processed further in ways incompatible with those purposes.
- Personal data will be relevant to and not excessive for the purposes for which it is collected and used.
- Personal data will be accurate and, where necessary kept up to date. Reasonable steps will be taken to rectify or delete personal data that is inaccurate or incomplete.
- Personal data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes are described in this Privacy Notice.
- Personal data will be processed in accordance with the data subjects’ rights (as described in this Privacy Notice or as provided by law).
5. OUR PROCESSING ACTIVITIES
5.1 Newsletter subscription
You have the option to subscribe to our newsletter informing you about our activities and developments in our field of activity.
a. Purpose of processing
We may send you newsletters to provide updates, news, and information relevant to our mission, activities, our industry, positions and opportunities.
b. What information do we process
We collect the following personal data for the purpose of emailing our newsletters to you:
- Company/organization.
- First name and surname.
- Email address.
c. Legal basis
We would only process your personal data for the purpose of sending newsletters upon obtaining your consent, in accordance with Art. 6(1)(a) of GDPR.
You may withdraw your consent at any time by clicking the relevant link at the footer of the newsletter you receive. The withdrawal of consent does not affect the lawfulness of the processing based on consent that has taken place up until receipt of the notification of withdrawal.
5.2 Data collected when you contact CropLife International
In the event you contact us, for example, email, telephone, or postal mail, we will process the information you provide.
a. Purpose of processing
Initially, we will process your data in order to provide a response to your request and otherwise interact with you following your message.
Then, we may save your data in a relation management system or any comparable tool.
b. What information do we process?
We may collect the following data collected when you communicate with us:
- First name and surname
- Company/organization
- Email address
- Phone number
- Your query
c. Legal basis
The legal basis for processing such personal data is our legitimate interests (as provided under art. 6(1)(f) of GDPR). The legitimate interests pursued are communicating with and answering queries from CropLife International members, members of the public with an interest in CropLife International’s activities and other third parties, as well as analyzing interests.
5.3 Data processed when individuals apply for a position with CropLife International
When candidates apply for a position with CropLife International either by submitting their résumé/curriculum vitae and other documents or by means of a recruitment agency, we process the information contained in those documents as well as the supporting documentation we require.
a. Purpose of processing
We process the information related to the applications in order to assess them and select candidates for interview and for a position (such as intern, consultant, employee).
b. What information do we process?
We process all the information that the candidate volunteers to provide when submitting a résumé/curriculum vitae and cover letter. We process any supporting documents that the candidate volunteers to send us. In addition, we may process, as required, the following documents:
- Evidence of education and qualification;
- Evidence of work experience; and
- References from former employers.
Please note that, unless required by law, we do not process special categories of personal data. Therefore, unless such information is manifestly public (as per art. 9(2)(e) of GDPR), candidates should refrain from providing information revealing their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. They should also refrain from disclosing genetic, biometric or health data or data about their sex life or sexual orientation.
c. Legal basis
The legal basis for processing such personal data from applicants is contractual and pre-contractual necessity (as provided under art. 6(1)(b) and 9(2)(b) of GDPR).
However, verifying references from former employers is on the basis of consent.
5.4 Data processed in our operations and interactions with our registered members and our network
a. Purpose of processing
We process our members’ personal data in order to offer them all the benefits and advantages related to their membership, including allowing them to attend some industry events.
We may process the personal data of individuals we network with, including personal data we collect during networking events, in order to follow up on our discussions and develop our mutual interests in networking.
b. What information do we process?
During networking events, we may collect business cards (physical or electronic), photographs we take with and/or of attendees and therefore collect their full name, company/organization, business address and professional telephone number and social media handles (including LinkedIn).
With regard to CropLife International’s registered members, we process their contact details such as full name, company/organization, business address and professional telephone number, social media handles (including LinkedIn). Where necessary for administrative purposes, such as applications to attend some specific events (including events hosted by the United Nations) we may request a written authorization to process identification documents such as a passport or national identity card.
c. Legal basis
The processing of registered members’ personal data is necessary for the conclusion and performance of a contract. The processing of the personal data of persons in our network is based on the legitimate interest to foster and advance our mutually expected interests.
5.5 Data processed in our operations with our suppliers, vendors and service providers
Within the context of our operations, personal data of our partners, suppliers, vendors or services providers as well as other interested parties can be collected by e-mail, mail, fax, as well as conversations over the phone and in person.
a. Purpose of processing
We process our vendors’ data for the purpose of selecting, negotiating and receiving the goods and services we need, in order to be operational.
b. What information do we process?
The following categories of data may be collected and received:
- Name
- Company / organization
- Address
- E-mail address
- Telephone
- Fax
- Financial information, including but not limited to account information.
c. Legal basis
The provision of this personal data is necessary for the conclusion and performance of a contract and may be required by law or contract. If the data is not made available in whole or in part, it may not be possible to conclude a contract, or a contract may not be performed.
When using our website, we will also place cookies on your browser. Please see our cookie page for more information about the cookies we use and how you can change your cookie settings.
6. RECIPIENTS OF THE INFORMATION WE COLLECT
We may disclose your personal data to third parties, including in the following circumstances:
We use data processors to carry out certain activities on our behalf that involve the processing of personal data. For example, we may engage third-party service providers to provide cloud-based IT, financial, human resources or accounting services, fulfil orders, deliver packages, send postal mail, SMS text messages and email, maintain and update our databases of member details (including the removal of repetitive or incorrect information), analyze data to help us develop, provide and improve our queries, process the booking of appointments and handle claims. These third parties only have access to the personal data needed to perform their functions and may not use it for other purposes.
To the extent permitted by applicable law, we may pass personal data to external agencies and organizations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal data to the police and other law enforcement authorities in connection with the prevention and detection of crime.
We may pass personal data to our insurers in the event that a claim is made or could be made against us.
We may pass your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (including in connection with a court order), or to protect our rights, property or safety or those of our customers, employees or other third parties.
Your personal data may be transferred to, and stored and processed in one or more countries outside the European Economic Area, including to countries that are not deemed to provide an adequate level of protection by the European Commission. In these circumstances, we will implement appropriate measures to ensure that your personal data is adequately protected in accordance with the law. These measures generally include transferring personal data where the recipient has agreed to an approved data transfer agreement in the form of the standard contractual clauses approved by the European Commission.
7. RETENTION PERIODS OF YOUR PERSONAL DATA
We are required to keep your personal data only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal data will be determined by a number of criteria, including the purposes for which we are using the data, the amount and sensitivity of the data, the potential risk from any unauthorized use or disclosure of the data, and our legal and regulatory obligations. Where we no longer require your personal data, we will ensure it is securely deleted or anonymized.
8. LINKS TO EXTERNAL SITES
From time to time, we may also establish relationships with parties outside that will enable you to access the websites or applications of such third parties. Such third parties are data controllers and operate their own policy regarding the processing of personal data and the use of cookies on their website(s) or through their applications and you are advised to read the third parties’ privacy policy and cookies policy.
Please note that third-party websites and applications are not under our control. When you click through to these websites or access these applications, you leave the area controlled by us.
The importance of security for all personal data is of highest concern. CropLife International is committed to safeguarding the integrity of personal information and preventing unauthorized access to information maintained in CropLife International’s databases.
To safeguard against unauthorized access to personal data by third parties, all electronic personal data held by CropLife International are maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected to unauthorized personnel, fire detection and response systems. Access to the computerized database is controlled by a log-in sequence and requires users to identify themselves and provide a password before access is granted. CropLife International may need to request specific information from data subjects in order to help them confirm the identity of that data subject and to ensure the right of that data subject to access its personal data (or to exercise any of its other rights).
10. RIGHTS OF DATA SUBJECTS
You have the right to lodge a complaint with the supervisory authority if you are not satisfied with the manner in which CropLife International has handled your personal data. The list of websites for the EU-based supervisory authorities that regulate our processing of your personal data is available here.
You have the right to ask us to:
- Confirm what personal data we hold about you and provide you with a copy of that data, as per Art. 15 of GDPR;
- Correct any personal data that is inaccurate, as per Art. 16 of GDPR;
- Remove your personal data where there is no good reason for us to continue to hold that data, as per Art. 16 of GDPR;
- Temporarily stop using your personal data if you are questioning our right to use that data and in other circumstances where that right is applicable, as per Art. 18 of GDPR;
- Stop using your personal data unless we can demonstrate a valid reason why we need to continue to hold that data e.g. to support a product warranty, as per Art. 21 of GDPR;
- Stop using your personal data to send you marketing materials such as our newsletter, as per Art. 7(3) of GDPR; and
- Provide you with the personal data that you have provided to us, in a structured and commonly-used electronic format, or transmit that information directly to another company if that is technically feasible, as per Art. 20 of GDPR.
Our security procedures mean that we may request proof of identity before we are able to disclose your personal data to you or comply with other requests.
To exercise the rights above you may contact us at GDPR@croplife.org.