European Compliance Professionals Association Privacy Policy
1. GENERAL PROVISIONS
European Compliance Professionals Association (hereinafter ECPA), registration code 306961037, address Aguonų st. 8B-13, LT-03213, Vilnius, email address info@ecpa.pro, is a membership association for professionals in the field of compliance. We are committed to supporting your growth as a compliance professional by organizing mentorship programs, training sessions, conferences, and other events.
Through our activities, we are dedicated to protecting your privacy and ensuring the security of your personal data. This privacy policy (hereinafter Privacy Policy) outlines how we collect, process, and safeguard your personal data.
Your personal data is processed in accordance with this Privacy Policy, the General Data Protection Regulation (2016/679) (hereinafter GDPR), the Republic of Lithuania Law on the legal protection of personal data, and other applicable legal acts regulating the protection of personal data.
2. YOUR PERSONAL DATA THAT WE COLLECT AND PROCESS
The ECPA collects personal data about its members and other individuals who have interactions with the ECPA. Most of the personal data that we process is provided directly from you. In some instances, third parties may provide us with your personal data (for example, your employer signs up you to participate in one of our organized events).
Your personal data shall not be used for purposes other than those specified during data collection unless we have another lawful basis for processing your personal data.
If you choose not to provide us with your personal data, much of ECPA’s content, resources on our website, and newsletter subscription will still be available. However, certain services require personal information to authenticate you or perform specific actions.
Below, we outline the personal data we process, the purposes for processing it, and the legal grounds for doing so.
3. MEMBERSHIP
When you become a member of ECPA by filling out the application form, we may collect the following personal data about you:
-
Identifying data, such as your first and last name, date of birth, and country of residence.
-
Contact data, such as your email address and phone number.
-
Professional and educational data, such as the sector you work in, company/organization name, your position, years of professional experience in your current position, education, areas of competence, areas of responsibility, and your purpose for joining ECPA. Members may also voluntarily provide their LinkedIn profile link.
-
Payment data, such as credit/debit card information, billing details, transaction records, account information, and payment method.
We use identifying, contact, professional, educational, and payment data to register you as a member of the ECPA (according to Article 6(1)(b) of the GDPR, processing is necessary for the performance of a contract to which the data subject is party). We use this data to verify your identity, process your registration application, and manage your membership. This enables us to provide you with members-only benefits and maintain accurate membership records.
We use professional and educational data to tailor our events, content, and benefits to your career background and needs (according to Article 6(1)(f) of the GDPR, processing is necessary for the purposes of the legitimate interests pursued by the controller). By understanding your needs, we can offer relevant and valuable services focused on your professional development.
4. LIVE EVENTS
By attending our live events, we may process the following personal data about you:
-
Identifying data, such as your first and last name.
-
Contact data, such as your email address and phone number.
-
Professional and educational data, such as the sector that you work in, company/organization name, your position.
-
Payment data, such as credit/debit card information, billing details, transaction records, account information, and payment method.
-
Sensitive personal data, such as your meal preferences.
We use identifying, contact, professional, educational, and payment data to register you as a participant in our live events (according to Article 6(1)(b) of the GDPR, processing is necessary for the performance of a contract to which the data subject is party). This data helps us confirm your participation, ensure you receive the latest relevant information and updates, and provide a smooth personal experience at our events. Please note that this type of personal data provides only non-members of the ECPA, as members have already provided this information in their membership registration form.
We use professional, educational, and sensitive personal data for event management and personalization (according to Article 6(1)(f) of the GDPR, processing is necessary for the purposes of the legitimate interests pursued by the controller). This data allows us to be prepared for a specific number of participants in particular sessions and ensures adequate food and dietary provisions.
5. ONLINE EVENTS
When you attend our online events, we may collect the following personal data about you:
-
Identifying data, such as your first and last name.
-
Contact data, such as your email address and phone number.
-
Professional and educational data, such as the sector that you work in, company/organization name, your position.
-
Payment data, such as credit/debit card information, billing details, transaction records, account information, and payment method.
We use identifying, contact, professional, educational, and payment data to register you as a participant in our online events (according to Article 6(1)(b) of the GDPR, processing is necessary for the performance of a contract to which the data subject is party). This data helps us confirm your participation, ensure you receive the latest relevant information and updates, and provide a smooth personal experience at our events. Please note that this type of personal data provides only non-members of the ECPA, as members have already provided this information in their membership registration form.
6. NEWSLETTER
When you subscribe to our newsletter, we may process the following personal data about you:
-
Contact data, such as your email address.
We use your contact data to maintain communication with you and engage you in ECPA’s activities by sending newsletters (according to Article 6(1)(a) of the GDPR, the data subject has given consent to the processing of the personal data for one or more specific purposes). Our newsletters provide news and updates related to the ECPA, information about upcoming events, and relevant content related to the compliance field. Additionally, we share best practices and insights that may benefit your professional career and keep you well informed about new trends and changes in the compliance industry. Please note that you can withdraw your consent at any time by contacting us at info@ecpa.pro.
7. MARKETING
For marketing purposes, we may collect the following personal data about you:
-
Identifying data, such as your first and last name, and photographs taken of you during online or live events.
We use identifying data to share highlights from previous events and promote upcoming ones (according to Article 6(1)(a) of the GDPR, the data subject has given consent to the processing of the personal data for one or more specific purposes). We may also use your first and last name, and/or photograph to share your impressions and experiences from previous events. This helps us keep the community engaged and attract potential new members to the ECPA. Please note that you can withdraw your consent at any time by contacting us at info@ecpa.pro.
8. YOUR CORRESPONDECE WITH ECPA
When you communicate with us via email, postal service, or any other form of communication, we may process the following personal data about you:
-
Identifying data, such as your first and last name.
-
Contact data, such as your email address or postal address.
We use identifying and contact data to respond to your inquiry and keep a record of your complaint, concern, or other similar matters (according to Article 6(1)(f) of the GDPR, processing is necessary for the purposes of the legitimate interests pursued by the controller). This allows us to provide accurate and timely responses in an effective and transparent manner. Additionally, above-mentioned data helps us improve our services and prevent similar issues from arising in the future.
9. RECIPIENTS OF PERSONAL DATA
We may share your personal data with third parties, such as external service providers and other entities. These third parties have the obligation to ensure the security of your personal information and handle it in accordance with applicable legal requirements.
We may disclose your personal information to third parties under certain circumstances, such as when we are required to comply with a legal obligation, enforce or uphold our agreements with you, or safeguard the rights, property, or safety of ourselves, our members, or others.
We may also need to share your personal data with third-party service providers, such as contractors and authorized agents, to enable them to perform their services. The following tasks are managed by third-party service providers: ([mokėjimo įskiepis/bilietų prekyba/etc.?]).
Additionally, we may share your personal information with other third parties, for example, in the context of relations with regulatory authorities or as required to meet legal obligations.
10. TERMS OF STORAGE OF PERSONAL DATA
ECPA stores customer personal data for no longer than is necessary. The duration of personal data processing is set with consideration of the legitimate interests of ECPA, legal requirements or other circumstances. For instance:
-
Identifying, contact, professional, and educational data for membership purposes – duration of the membership and after it additional 10 years.
-
Payment data for membership, live, and online event purposes – duration of the event/membership and after it additional 7 years.
-
Identifying and contact data for correspondence with ECPA – duration of the correspondence and after it additional 2 years.
-
Contact data for newsletters subscription – duration of the subscription and after it additional 2 years, or until you withdraw your consent, whichever occurs first.
-
Identifying data for marketing purposes – duration of the marketing campaign and after it additional 2 years, or until you withdraw your consent, whichever occurs first.
-
Identifying, contact, professional, and educational data for live and online events – duration of the event and after it additional 1 year.
-
Sensitive personal data for live events – duration of the event and after it deleted immediately, unless other circumstances arise that require a longer storage period.
In extremely rare cases, ECPA may need to retain your personal data for a longer period to comply with legal or other requirements, or to fulfill the purposes of processing personal data.
11. COOKIES
For a better browsing experience and personalized services, we use cookies on our website. Cookies are small text files that websites place on your device while you are browsing. They are processed and stored by your web browser.
Cookies start functioning when you access our site, enabling us to remember your preferences, analyze your interactions, and improve overall functionality and performance.
Detail information about the cookies used on our website, their purposes and expiration period is provided at ECPA’s cookie policy.
You can manage the use of cookies and disable these cookies by changing your browser settings. However, please note that by disabling necessary cookies you may be unable to fully use our website. For more information on how to manage cookie preferences in popular browsers, you can visit the following links: Internet Internet Explorer, Chrome, Firefox, Safari, Opera. These links lead to third-party websites, and we do not take the responsibility for their accuracy and effectiveness.
12. SECURITY MEASURES IN PLACE
ECPA has implemented a comprehensive set of organizational and technical security measures to protect your personal data from accidental or prohibited destruction, alteration, disclosure, access, or any other unauthorized processing.
It shall be taken into account that in certain cases the transmission of information via electronic means of communication (for example, email address, mobile phone) may be less secure due to factors beyond the control of the technical or organizational measures implemented by ECPA. To ensure the security of your confidential data, we recommend that you avoid sharing sensitive information through less secure electronic systems or any electronic systems not used by ECPA.
13. YOUR RIGHTS AND THEIR IMPLEMENTATION
As outlined in the GDPR, you have the following rights regarding your personal data:
-
Right to access. You have the right to access your personal data and understand how it is being processed. This includes the ability to request information about the types of personal data we collect, the purposes of processing, and any third parties with whom your data may be shared.
-
Right to rectification. If you believe that the personal data we process about you is inaccurate, incorrect, or incomplete, you have the right to request that it be modified, corrected, or updated.
-
Right to erasure. Under certain circumstances (such as when personal data is processed unlawfully or when the grounds for processing no longer exist), you have the right to request the deletion of your personal data.
-
Right to restrict processing. In specific situations (such as if you contest the accuracy of the data or if the data is processed unlawfully), you have the right to request a restriction on the processing of your personal data.
-
Right to submit a complaint to the State Data Protection Inspectorate. More information can be found on their website at www.vdai.lrv.lt/. However, we strongly recommend that you contact us first to seek a prompt and effective resolution before submitting an official complaint to the supervisory authority.
-
Other rights. In certain circumstances, as outlined in the GDPR, you have additional rights, including the right to data portability and the right to request the restriction of data processing.
In order to exercise your above rights, please contact us at email info@ecpa.pro. Upon receiving your request, and in accordance with applicable laws and professional practices, we shall undertake all necessary actions to ensure that your rights are fulfilled.
14. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy shall come into effect as of 2024-09-01. If we amend this Privacy Policy, we shall publish the updated version on https://www.ecpa.pro/. In this case, we shall notify you about the respective amendments to the rules and publish the new wording of the rules in our website as well as email you about it in case the changes are significant.
Last update date 2024-09-01.