Privacy Policy

1. Introduction

The EUROPARC Federation is committed to safeguarding the privacy and security of personal data. This Data Protection Policy outlines how we collect, use, store, and protect personal data in compliance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Scope

This policy applies to all personal data processed by the EUROPARC Federation, including data related to members, partners, employees, volunteers, and other stakeholders.

3. Principles of Data Protection

We adhere to the following principles as set out by the GDPR:

Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.
Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data Minimization: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: Personal data will be accurate and, where necessary, kept up to date.
Storage Limitation: Personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
Accountability: We will be responsible for, and be able to demonstrate compliance with, these principles.

4. Legal Basis for Processing

We will ensure that all personal data processing activities have a valid legal basis under the GDPR, such as:

Consent: The data subject has given clear consent for us to process their personal data for a specific purpose.
Contract: The processing is necessary for a contract we have with the data subject, or because they have asked us to take specific steps before entering into a contract.
Legal Obligation: The processing is necessary for us to comply with the law.
Vital Interests: The processing is necessary to protect someone’s life.
Public Task: The processing is necessary for us to perform a task in the public interest, and the task or function has a clear basis in law.
Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

5. Data Subject Rights

Data subjects have the following rights under GDPR and BDSG:

Right to Access: Data subjects have the right to access their personal data and obtain a copy of it.
Right to Rectification: Data subjects have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure: Data subjects have the right to request the deletion of their personal data under certain conditions.
Right to Restriction of Processing: Data subjects have the right to request the restriction of processing of their personal data under certain conditions.
Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
Right to Object: Data subjects have the right to object to the processing of their personal data under certain conditions.
Rights in Relation to Automated Decision-Making and Profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

7. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Encryption: Personal data will be encrypted where necessary.
Access Controls: Access to personal data will be limited to authorised personnel only.
Regular Testing: We will regularly test, assess, and evaluate the effectiveness of technical and organisational measures for ensuring the security of the processing.

8. Data Breach Notification

In the event of a data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also inform the affected data subjects without undue delay.

9. Data Transfers

We will ensure that any transfer of personal data to a third country or an international organisation complies with GDPR provisions on data transfers, including the use of Standard Contractual Clauses, Binding Corporate Rules, or other appropriate safeguards.

10. Training and Awareness

We will provide regular training and awareness programs for employees and other relevant parties to ensure understanding and compliance with data protection principles and policies.

11. Review and Updates

This policy will be reviewed annually and updated as necessary to reflect changes in data protection laws and practices.

12. Contact Information

For any questions or concerns regarding this policy or our data protection practices, please contact our team: events@europarc.org

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.