Privacy Policy

Privacy Policy

 

 

    ECGI Privacy Policy

     

    Updated: 23 May 2018

     

    This Policy describes the information we process to support ECGI events, website and other services and features offered by the European Corporate Governance Institute ("ECGI"). You can find additional tools and information in our Terms of Use document.

    We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the best decisions about the information that you share with us. That is the basic purpose of this Privacy Policy.

    We require certain information to provide our services to you. For example, you must have an account in order to hold a profile on our website or to pay membership invoices. When you choose to share this information with us, we collect and use it to operate our services.

    ECGI is committed to maintaining your confidence and trust with respect to your privacy.  Please read this privacy policy carefully to understand our practices about how we collect, use and share your personal information.

    This privacy policy applies when you visit or use our websites and other services, including events, that refer or link to this privacy policy (each, a “Service”).  This policy may be supplemented by additional privacy statements, terms or notices provided to you. ECGI, as identified therein, is the primary controller of your personal information provided to, or collected by or for, the Service.

     

    What kinds of information do we collect?

    We collect information about you in three ways: directly from your input, from third-party sources, and through automated technologies.

    Information you provide to us

    The types of personal information that we collect directly from you depends on the content and features of the Service you use and how you otherwise interact with us and may include:

    • Contact details, such as your name, email address, postal address, phone number and social media handles;
    • Account login credentials, such as usernames and passwords, password hints and similar security information;
    • Other account registration and profile information, including educational, professional and other background information, such as your field of study, current position, practice area and areas of interests, Researchgate URL, Google Scholar URL, SSRN URL, ORCID ID and photo;
    • Content that you upload and share or store in your account, such as annotations, comments, contributions and replies;
    • Payment information, such as a credit or debit card number;
    • Information that you communicate to us, such as questions or information you send to ECGI;
    • Data that you provide to us as part of interacting with the Service, such as your favourites and search queries; and/or
    • Communications preferences, such as your preferred language and the frequency, type and format of the alerts you sign up to receive.

    Data from your institution

    We may obtain information about you from the institution with which you are employed or affiliated in order to activate and manage your access to and use of the institution’s subscription to the Service, including:

    • Contact details, such as your name and institutional email address, postal address and phone number;
    • Other account registration information, such as job title; and/or
    • Institutional user ID.

    Data from other sources

    We also may obtain contact details and other information about you from third parties, including:

    • Social networks that you grant permission to the Service to access your data on one or more networks;
    • Service providers that help us determine a location in order to customize certain services to your location;
    • Partners with which we offer co-branded services or engage in joint marketing activities; and/or
    • Publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold.

    Device and usage data

    The Service may automatically collect information about how you and your device interact with the Service, such as:

    • Computer, device and connection information, such as IP address, browser type and version, operating system and other software installed on your device, unique device identifier and other technical identifiers, error reports and performance data;
    • Usage data, such as the features you used, the settings you selected, URL click stream data, including date and time stamp and referring and exit pages, and pages you visited on the Service;
    • For location-aware Services, the physical location of your device.

    We may collect this data through our servers and the use of cookies and other technologies. You can control cookies through your browser's settings and other tools.  However, if you choose to block certain cookies, you may not be able to register, login, or access certain parts or make full use of the Service. For more details, see the Cookies section below.

    How do we use this information?

    We use the data we collect from the above sources:

    • to administer our website, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
    • to improve our website to ensure that content is presented in the most effective manner for you and for your computer;  
    • as part of our efforts to keep our website safe and secure.
    • We may use the data we collect to set up a user account.
    • We may also use the data you send to us via our website and/or services, to communicate with you via email and, possibly, other means, regarding events, publications, blogs and newsletters we think may be of interest to you. However, you will always be able to opt-out of such communications at any time (see How can you exercise your rights provided under the GDPR? section below).

    We are committed to delivering a relevant and useful experience to you. Depending on how you interact with us and the Service, we use your personal information to:

    • provide, activate and manage your access to and use of the Service;
    • process and fulfill a request, order, download, subscription or other transaction;
    • offer you customised content and other personalisation to make the Service more efficient for you and more relevant to your interests and geography;
    • enhance and improve the Service, such as add new content and features;
    • notify you about changes, updates and other announcements related to the Service;
    • deliver targeted advertisements, promotional messages, and other information related to the Service and to your interests;
    • provide technical, product and other support and help to keep the Service working, safe and secure; and/or
    • identify usage trends and develop data analysis, including for the purposes of research, audits, reporting and other business operations, such as to pay royalties and license fees to third-party content providers, determine the effectiveness of our promotional campaigns, evaluate our business performance, or in other ways pursuant to a customer agreement.

    We may also use your personal information to:

    • Respond to your requests, enquiries, comments or concerns;
    • Conduct and administer user testing and surveys and promotional offers;
    • Provide you with relevant promotional messages and other information about products, events and services of ours, our partner organisations and third parties such as event partners and sponsors;
    • Enhance and improve our products, events and services and develop new ones; and/or
    • Comply with our legal obligations, resolve disputes and enforce our agreements.

    How is this information shared?

    We do not sell your Personal Data to anyone nor do we routinely share it with other organisations. However, there may be circumstances under which we may have to share your information:

    Your institution

    If you access the Service through a subscription administered by your institution, your personal information and certain usage data gathered through the Service may be accessed by or shared with the administrators authorised by your institution for the purposes of usage analysis, subscription management, and remediation. We may also disclose to your institution or other third parties non-personally identifiable information, such as anonymous usage data reports and aggregated information, subject to any applicable legal or contractual obligations.

    Our partner organisations and service providers

    Depending on the Service provided, we share your personal information with our:

    • Affiliates, sponsors and partners such as the Global Corporate Governance Colloquia (GCGC), the European Corporate Governance Research Foundation (ECGRF), and certain organisations that provide technology, customer service and other shared services functions, for example, Mannheim University which provides administrative support for the working paper series; and/or
    • Suppliers and service providers, including editors, reviewers, payment processors, customer support, email service providers, event venues and service providers, mailing houses, shipping agents and IT service providers;

    to process the information as necessary to provide the Service, complete a transaction or fulfill your request or otherwise on our behalf based on our instructions and in compliance with this privacy policy and any other appropriate confidentiality and security measures.

    Your choices

    As stated, we may share your personal information with our affiliates and sponsors, joint venture partners and other third parties, including entities for which we are acting as an agent, licensee, application host or publisher, that wish to send you information about their products and services that may be of interest to you as determined by your choices in managing your communications preferences and other settings. The Service may let you post and share personal information, comments, messages, materials and other content. Any such information that you disclose publicly or in discussion fora in the Service may be collected and used by others, may be indexed by search engines, and might not be able to be removed.  Please be careful when disclosing personal information in these public areas.

    Legal reasons

    We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:

    • meet any applicable law, regulation, legal process or other legal obligation;
    • detect, investigate and help prevent security, fraud or technical issues; and/or
    • protect the rights, property or safety of ECGI, our users, employees or others;

    and as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.

    How do the ECGI partners work together?

    ECGI sometimes shares infrastructure, systems and technology with its affiliates and partners, such as the Global Corporate Governance Colloquia (GCGC), the European Corporate Governance Research Foundation (ECGRF), and Mannheim University, to provide an innovative, relevant, consistent and safe experience across all platforms that you use. We also process information about you across these affiliate groups for these purposes, as permitted by applicable law and in accordance with their Terms and Policies. For example, we may collect information using an ECGI email address or registration forms that may be used for a GCGC or ECGRF Service.

    Administrator data

    If you are an administrator of an institution with a subscription to a Service, we will use your details to communicate with you about your institution’s subscription and related services. If you supply us contact information of your colleagues, we may include a reference to you when we contact those individuals with communications about the Service.

    What is our legal basis for processing data?

    When we collect, use and share from you any personal information within the scope of European data protection laws, we do so:

    • where necessary to provide the Service, fulfill a transaction or otherwise perform a contract with you or at your request prior to entering into a contract;
    • where necessary for our compliance with applicable law or other legal obligation;
    • where necessary for the performance of a task carried out in the public interest;
    • where applicable, with your consent; and/or
    • as necessary to operate our business, protect the security of our systems, customers and users, detect or prevent fraud, or fulfill our other legitimate interests as described in the sections above, except where our interests are overridden by your privacy rights.

    Where we rely on your consent to process personal information, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.

     

    How can you exercise your rights provided under the GDPR?

    Under the General Data Protection Regulation, you have the right to access, rectify, port and delete your data. You also have the right to object to and restrict certain processing of your data. This includes:

    • the right to object to our processing of your data for direct marketing, which you can exercise by using the "unsubscribe" link in such marketing communications, and
    • the right to object to our processing of your data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can exercise this right by contacting us by email (admin(at)ecgi.org).

    The Service may allow registered users to directly access their personal account information and make corrections or updates at any time.

    Keeping such information up to date is solely the responsibility of the user. Registered users may also close their account directly through the Service or by contacting ECGI.

    You have the right under European and certain other privacy and data protection laws, as may be applicable, to request free of charge:

    • Access to and correction and deletion of your personal information;
    • Restriction of our processing of your personal information, or to object to our processing; and/or
    • Portability of your personal information.

    We provide individuals with the opportunity to access, review, update, and delete any personal data we hold on them. You can send an email to the address below for this purpose. If you ask us to delete your data, we will do so. Please note that we may be required to retain and use your information if necessary to comply with legal obligations or to resolve disputes.  We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.

    You can customize and manage your communications preferences and other settings by emailing the address below or by using the “opt-in/out” or subscribe/unsubscribe mechanisms or other means provided within the communications that you receive from us or by contacting us.  We reserve the right to notify you of changes or updates to the Service whenever necessary.

    You can always opt not to disclose information to us, but keep in mind some data may be needed to register with us or to take advantage of some of our services.

    For your convenience, hyperlinks may be posted on the website that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect data in addition to that which we collect on the website. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy policy of each Linked Site that you visit to understand how the data that is collected about you is used and protected.

     

    Data retention, account deactivation and deletion

    We retain your personal information for as long as necessary to provide the Service and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.

     

    How do we respond to legal requests or prevent harm?

    We may choose to access, preserve and share your information with regulators, law enforcement or others:

    • In response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards.
    • When we have a good-faith belief that it is necessary to: detect, prevent and address fraud, unauthorised use of the Service, breaches of our Terms or Policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Service), you or others, including as part of investigations or regulatory enquiries; or to prevent death or imminent bodily harm. For example, if relevant, we provide information to and receive information from third-party partners about the reliability of your account to prevent fraud, abuse and other harmful activity on and off our Services.

    Information that we receive about you (including financial transaction data related to purchases made with ECGI) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation or investigations of possible breaches of our Terms or Policies, or otherwise to prevent harm. We also retain information from accounts disabled for term breaches for at least a year to prevent repeat abuse or other term breaches.

     

    How do we operate and transfer data as part of our global services?

    We share information globally, both internally within the ECGI infrastructure and externally with our partners. Information controlled by ECGI may be transferred or transmitted to, or stored and processed in, Belgium, Ireland or other countries outside where you live for the purposes as described in this Policy. These data transfers are necessary to provide the services set forth in our Terms of Use, and to globally operate and provide our services to you.

    Your personal information may therefore be stored and processed in your region or another country where ECGI and its service providers maintain servers and facilities.

    We take steps, including through contracts, to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law. Where personal information is transferred from the European Economic Area (“EEA”) or Switzerland to a country that has not received an adequacy decision by the European Commission, we will rely on appropriate safeguards such as the European Commission-approved Standard Contractual Clauses and Privacy Shield Frameworks to transfer the data.

     

    Cookies

    A cookie is a small data file that is placed on your computer or other device to allow a platform to recognise you as a user when you return using the same device and web browser, either for the duration of your visit (using a ‘session cookie’) or for repeated visits (a ‘persistent cookie’). When you visit our websites, we collect certain data related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our website. We won’t use cookies to collect personally identifiable information about you. However, if you want to restrict or block the cookies which are set by this platform you can do it through your browser settings, or you may also choose to install Google Analytics’ opt-out browser add-on but remember that restricting cookies may mean that you will not be able to take full advantage of all the features available on our page.

    The cookies used on this website are as follows:

    • Strictly necessary cookies. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. For example, authentication and security cookies are used to identify and recognize registered users and to enable them to gain access to requested content or features. Without these cookies, services you have asked for cannot be provided.
    • Functionality cookies. These cookies allow our websites to remember the choices you make and your account preferences and to provide enhanced, more personal features. For example, these cookies will remember your log-in details.
    • Performance cookies. These are analytics and research cookies that allow us to collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. This helps us to improve the way the website works and allows us to test different ideas on the site.
    • Targeting cookies. These cookies record your visit to the website, the pages you have visited and the links you have followed. We will use this information to make the website and any advertising displayed on it more relevant to your interests.

    The links below will help you find the settings for some common browsers:

     

    Data security

    We take precautions to safeguard your personal information against loss, theft and misuse and unauthorized access, disclosure, alteration and destruction through the use of appropriate technical and organizational measures. Unfortunately, no company or service can guarantee complete security, unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user data at any time.

     

    Children

    We do not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that data.

     

    How will we notify you of changes to this Policy?

    We will update this privacy policy from time to time.  Any changes will be posted on this page with an updated revision date. If we make any material changes, we will provide notice through the Service or by other means when we are required to do so by applicable law.

     

    How to contact ECGI with questions

    If you have any questions, comments, complaints or requests regarding this privacy policy or our processing of your information, please contact:

     

    ECGI Data Protection Officer

    European Corporate Governance Institute (ECGI)

    ℅ The Royal Academies of Belgium

    Palace of the Academies

    Rue Ducale 1 Hertogsstraat

    1000 Brussels

    Belgium

     

    admin(at)ecgi.org

     

    You also may lodge a complaint with the data protection authority in the applicable jurisdiction.