Privacy Policy

  1. GENERAL
    1. It is of utmost importance to the European Parliamentary Forum for Sexual & Reproductive Rights ("EPF", "we", "us") to protect the personal data of our members and partners.
    2. This privacy notice ("Notice") explains the nature, extent, and purposes of the processing of visitors' personal data when using the European Parliamentary Forum for Sexual & Reproductive Rights Website (" Website", "EPF Website").
    3. The Website provides a platform for EPF members ("user", "users", "you", "your") to access information on what EPF does, who its members are, how it operates, and which research outputs it produces.
    4. We comply with the applicable data protection laws, in particular, the EU General Data Protection Regulation 2016/679 ("GDPR") concerning the protection, lawful processing and confidentiality of personal data provided through the Website.
  2. Who are we and how to contact us

    EPF is a not for profit organisation with its registered office at Rue Montoyer, 23 1000 Brussels, Belgium. If you have any comments, concerns, complaints or questions regarding this Notice or how we use your personal data please contact us at secretariat@epfweb.org.

  3. WHAT PERSONAL DATA DO WE COLLECT, FOR WHICH PURPOSES, AND ON WHICH LEGAL BASIS DO WE PROCESS IT?
    1. When you use the EPF Website, you may be asked to provide the following categories of personal data:
      1. Your contact information, such as your first name, surname, email address, when you choose to sign up to the newsletter. If you sign up to the newsletter on someone else’s behalf, you must have their authority to provide such personal data to us, to enable us to use it as set out in this Notice. Prior to providing any personal data relating to another individual you must provide them with a copy of this Notice.
      2. Special categories of Personal Data. In certain circumstances, where required by law or where you have provided your consent, we may collect special categories of your personal data (i.e. information relating to your political opinions or philosophical beliefs, data concerning health or data concerning sexual orientation).  

    When you participate in campaigns, petitions or provide comments, you consent to your political opinions or philosophical beliefs being made available to members of the public as set out in this Notice.

    Our signed petitions and "calls to action" are made available to the public and sent to specified politicians as set out in the relevant document. As a signatory to a petition or "call to action", you acknowledge and consent to making any special category personal data included in the relevant document available for use by us as set out in this Notice.

    We are not able to include anonymous support on petitions or campaigns. Therefore if you do not want your name included or affiliated with a petition, campaign or "call to action" we ask that you do not sign-up. If you have signed up to a petition and subsequently change your mind and would like to withdraw your support please contact us at secretary@epfweb.org and we will remove your name.

    1. When you use the Online Services and Website, we may also automatically collect the following information about your use of such services:
      1. Data relating to access to and use of our Website, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when  and how you interact with marketing and advertising materials, click rates, purchases or next steps you may make after seeing an advertisement, and marketing preferences), and similar data.
      2. Online identifiers, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data.

    In some cases we aggregate and anonymise this data for our own internal analysis and statistical purposes, including to identify trends and ways to further develop or services.

    We retain personal data in accordance with our legal and regulatory obligations. We calculate retention periods based upon and reserve the right to retain personal information for the periods that the personal information is needed to: (a) fulfil the purposes described in this Notice, (b) meet the timelines determined or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.

  5. The Purposes and Legal Bases on which we process your Personal Data
    1. To provide our services

      When you access the Website and accept the terms and conditions [Note to EPF: insert link to terms and conditions.][RS1] , it is important that if you do not agree with the terms and conditions or the way in which we use your personal data that you do not use the Website.

    2. For analytical purposes and to improve our Website services

      It is in our legitimate interest to continue to develop the Website so that it is designed to best serve you. In order to do this we use information collected automatically through the website, such as online identifiers and information about the way in which you interact with the Website.

    3. To comply with our legal and regulatory obligations and requests anywhere in the world

      It is in our legitimate interest, where there is a law in a non-European Member State with which we need to comply, to retain certain categories of your personal data such as your contact information, in order to comply with such legal and regulatory obligations.

      We may also retain such personal data in order to comply with a legal or regulatory obligation under European Member State Law.

      If you would like further information about any of the ways in which we process your personal data please contact us at secretariat@epfweb.org.

  6. WHO WE SHARE YOUR PERSONAL INFORMATION WITH
    1. We will share your personal data with other users to the extent necessary to provide our services. Such data includes but is not limited to your name, surname, contact details, details of events you are attending, and petitions you have signed.

    2. We entrust your personal data to the extent necessary to the following external service providers (data processors) that support us with the performance of our services:

      • IT-service providers and/or providers of data hosting solutions or similar services;
      • Other service providers, providers of tools and software solutions that support us with the performance of our Online Services and operate on our behalf.

      All our data processors process the personal data only on our behalf and on the basis of our instructions so that we can provide you with our online services. Save as set out in this Notice, we do not sell or share your personal data with third parties.

    3. Apart from that, we transmit your anonymised data to the extent necessary to the following recipients:

      1. EPF official staff, solely for the purpose of providing good quality services via the Website and ensuring its stability.
      2. Potential third parties that are participating in the provision of services for the fulfilment of our contractual obligations (e.g. IT support);
      3. Authorities, courts and other public entities to the extent legally necessary (e.g. financial authorities).
  7. IS THE PERSONAL DATA TRANSFERRED OR PROCESSED OUTSIDE THE EU?

    We will not routinely transmit your data outside of the European Union (EU) or the European Economic Area (EEA). In case such transmission is necessary, EPF will notify Users about such transfer and shall ensure that any international transfers of personal data are implemented in accordance with appropriate safeguards and in accordance with applicable data protection laws.    

  8. HOW LONG DO WE STORE THE PERSONAL DATA?
    1. We store your personal data for as long as is necessary for the purposes as set out in this Notice and in accordance with our legal obligations.  
    2. We store and process anonymised user data for archiving purposes in the public interest, scientific research, statistical or other purposes.
    3. In some circumstances it may also be in our legitimate interest to retain personal data for such periods as required in order to:
      1. enforce, clarify, defend or establish a legal claim between a user and us and until such time as the definitive clarification of an incident or legal dispute; or
      2. respond to requests from government administrations and courts in the exercise of their functions and to defend ourselves against possible claims.
  9. WHICH DATA PROTECTION RIGHTS DO USERS HAVE?

    Under applicable data protection laws, including the GDPR, you have a number of rights, including:

    1. Right of access: you have the right to obtain from us confirmation of whether or not we are processing your personal data and where we are, you are entitled to a copy of such personal data and certain other details about our processing of such personal data. You can make a request for access to any of your personal data we are processing free of charge by contacting us.
    2. Right of rectification: it is your responsibility to keep your personal data up to date. If any of your personal data changes, such as your contact information, please contact us as soon as possible to let us know to update our records. In addition, if you become aware that any information we hold about you is inaccurate, you have the right to request that we rectify any mistakes or complete any incomplete personal data we store.
    3. Right of erasure: in certain circumstances, you have the right to request that we erase any personal data of yours that we hold. We are only required to comply with such a request in certain circumstances – if you would like to make such a request, please contact us to discuss whether we can comply.
    4. Right to restrict processing: in certain circumstances, you have the right to restrict how we process your personal data. Again, we are only required to comply with such a request in certain circumstances-– if you would like to make such a request, please contact us to discuss whether we can comply.
    5. Right to data portability: in certain circumstances you have a right to (i) receive from us any of your personal data we hold, in a structured, commonly used and machine-readable format; and (ii) transmit such personal data to another data controller without interference from us. As with the above, we are only required to comply with such a request in certain circumstances-– if you would like to make such a request, please contact us to discuss whether we can comply.
    6. Right to object: in certain circumstances you can object to our processing of your personal data, such as where our processing is based on your consent or our legitimate interest. As with the above, we are only required to comply with such a request in certain circumstances-– if you would like to make such a request, please contact us to discuss whether we can comply.
    7. Right to withdraw consent: where we process your personal data on the legal basis of consent, you may withdraw your consent at any time. Where you withdraw your consent, such withdrawal with not affect the lawfulness of our processing based on consent prior to such withdrawal.
    8. Right to complain: if you are unhappy about how we have processed or are processing your personal data, please contact us in the first instance and we will try our best to resolve the issue. If we are unable to resolve the issue, or if you do not wish to raise the issue with us directly, you have the right to complain to the relevant competent supervisory authority.

    Our contact details are:

    European Parliamentary Forum for Sexual & Reproductive Rights secretariat@epfweb.org Rue Montoyer 23 1000 Brussels, Belgium Phone: +32 (0)2 500 86 50

  10. HOW DO WE SECURE THE PERSONAL DATA?

    We have implemented appropriate technical and organisational security measures considering the risks, and we guarantee an appropriate data protection level, especially to protect personal data against accidental or unlawful destruction, alteration or against loss and against unauthorised disclosure or unauthorised access. Our security measures include:

    1. The use of secure and proven solutions for database service, server website, web container, user interface and integration.
    2. System design and implementation procedures based on good practices and guidelines to protect the system against the most common attacks.
    3. Systematic anonymisation or deletion of personal data, which is no longer necessary for the purposes for which they were collected and processed.
  11. AMENDMENTS OF OUR PRIVACY NOTICE FOR USERS AND ADMINISTRATORS

    This Notice was last updated on 15 July 2023. We reserve the right to update and change this Notice from time to time as required to reflect any changes to the way in which we process your personal data or changing legal requirements. Any amended Notice will apply from the date it is posted on our Website or made available to you.