Data Protection Policy
The European Psychoanalytical Federation and/or its affiliates (hereinafter referred to as the ‘EPF-FEP’ or ‘we/us’) undertake to protect and respect your privacy.
1. The identity of the controller
By virtue of the present Policy, the controller is the European Psychoanalytical Federation with company registration number 0629.986.195 and registered address Hambergersteig 23, CH-8008 Zurich, Switzerland.
2. How do we collect your data?
Based on the nature of your relationship with the EPF-FEP, we are likely to collect your personal data in several ways when:
- You create a new account and/or edit your profile on our Website;
- You complete forms on our Website;
- You communicate with us by telephone, e-mail or another means;
- You register for the annual conference organised by the EPF-FEP or for a scientific event organised by the EPF-FEP (for example, the NMS, NQTM, EPCUS);
- You subscribe to our online newsletter.
3. The information we collect
We collect and process the following data:
- Your personal data (name, surname, e-mail address, language, country, town, postcode, address, telephone number, fax number and status of your affiliation with the EPF-FEP, your professional and/or personal contact details);
- Your payment information (for example your card number);
- Information about you when you contact us by e-mail, letter, telephone, or any other communication channel;
- At the time of each visit to our Website, we automatically collect the following information through our data analysis partner (Google Analytics):
- Technical information including the IP address used to connect your computer to the internet, your browser type and version, time zone, type and versions of your browser plug-ins, operating system and platform;
- Your device ID;
- Information on your visits, including the clicks from Uniform Resource Locators (URL) to, through and from our Website (including the date and time); the products/services viewed or searched for; page response time, download errors, duration of visits to certain pages, information on interaction with pages (such as scrolling, clicks, mouse placement), and the methods used to exit the page, telephone numbers used to call our customer service.
5. Use of your data
In accordance with the legal bases stipulated in section 6 below, we use your information in the following way:
- To fulfil our obligations arising from agreements entered into between you and us (such as management of members and sign-up to the members-only section of our Website) and checking your registrations with the International Psychoanalytical Association (IPA);
- To inform you of any changes to the organisation of the EPF-FEP;
- To check and execute financial transactions linked to your payments;
- For marketing: to contact you, after your consent where necessary, to invite you to scientific events, send you the Newsletter, and offer you appropriate and personalised marketing content that may be of interest to you;
- To generate contracts and relationships with our suppliers and partners;
- To ensure that the content of our Website is presented in the most efficient way for you and your computer/device;
- To manage our Website and for internal operations, including troubleshooting, data analysis, tests, research, and statistical and research ends;
- To improve our Website and ensure that the content is presented in the most efficient way for you and your computer/device;
- As part of our efforts to keep our Website secure and prevent fraud;
- To make suggestions and recommendations that may be of interest to you or other users of our Website as well as scientific events;
We may also combine this information with the information you provide and information we collect. We may use this information and the information combined for the purposes stated below to make suggestions and recommendations that may interest you or other users of our Website.
6. Legal bases
Your information is collected and processed by virtue of the following legal bases:
- If it is necessary to pursue our legitimate interests, on the condition that your fundamental rights and freedoms are not affected (e.g. we use your information to find out about your preferences to better personalise our product offers, prevent fraud and make our Website secure);
- As part of the fulfilment of the contract entered into with you, for example registrations as a member of the EPF-FEP, or sign-up to a scientific event organised by the EPF-FEP, such as the annual conference;
- If it is necessary to adhere to a legal obligation to which we are subject (e.g. for invoicing):
- Where you have given your consent for such collection and processing, e.g. if you have given your express consent to this, we are likely to use your e-mail address to send you material (scientific or otherwise).
7. Sharing your information
For the purposes mentioned below, we may share your information with:
- Our IT services suppliers (e.g. Nectil S.A.);
- Our marketing services suppliers (e.g. Mailchimp, Geber&Reusch);
- Providers of analysis and search engines that help us improve and optimise our website such as Google Analytics;
- Banks and insurers;
- Professional advisors;
- Online payment services providers
We also share information with third parties:
- If we are obliged to divulge or share your data to meet a legal obligation or to protect the rights, property or security of the EPF-FEP, our members or others. This includes sharing information with public authorities (including legal and law-enforcement authorities), for example in case of a cyber-attack;
- In the case of a sale or purchase of a company or assets, we reserve the right to divulge your personal data to the seller or buyer of this company or assets;
- In the case of such transactions, if the EPF-FEP or all of its assets were to be purchased by a third party, the information on its members will form part of the transferred assets;
- If deemed necessary to achieve one of the purposes described in section 4 of the present Policy.
8. Transfer of your data
We may transfer your data outside the European Economic Area (EEA) including to Australia, Israel, Lebanon, Russia, South Africa, Switzerland, the United States of America, China, Turkey, Brazil, Argentina, Peru, Colombia, Uruguay, if necessary (i) to achieve one of the objectives stipulated under section 5 and/or (ii) to share your information with a third party in accordance with section 7 of the present Policy.
If your information is transferred outside the EEA, we will ensure that it is protected through the following guarantees:
- the laws of the country in which your information is transferred ensure an adequate level of data protection (Article 45 of the GDPR); or
- The transfer is governed by data protection provisions approved by the European Commission (Article 46.2 of the GDPR) or is subject to the EU-US Privacy Shield);
If you wish to know more about the transfer of your information and/or the safeguards put in place (including the way in which to obtain a copy), please do not hesitate to contact us using the contact details specified in section 14 below.
9. Your rights
You have certain rights concerning the information we hold about you. You may exercise these rights by getting in touch with us (see contact details below):
- You have the right to access the information we hold on you. We want you to be aware of the information we hold about you and allow you to check that we are handling your information in accordance with the applicable data protection legislation;
- You are entitled under certain circumstances to ask for your data to be restricted or deleted. In case of restricted processing, we will continue to keep your data but will no longer use it;
- You are entitled to ask for your information to be rectified if it is inaccurate or incomplete;
- You are entitled under certain circumstances to ask for your data to be removed from our systems;
- You are entitled to lodge a complaint about the way in which we use or process your data to the national authority in charge of data protection;
- If our processing of your personal data is based specifically on your consent, you have the right at all times to withdraw your consent. This includes your right to withdraw your consent for the use of your data for direct marketing purposes;
- In certain circumstances you are entitled to receive your data in a structured, commonly used, machine-readable and interoperable format so that you may re-use it for your own reasons for different services. For example: if you wish to work with another service provider, you may transfer your data in a simple and secure manner to your new service provider.
You are also entitled to object to certain types of processing, including processing for direct marketing purposes.
Please note that we are likely to keep certain data for legal or administrative reasons (e.g. for accounting and record-keeping purposes).
To make any of the aforementioned requests, please send us an e-mail stating ‘data protection request’ in the subject and include a copy of your ID card or another proof of ID (e.g. driving licence) to help us prevent access to, amendment or deletion of your information by unauthorised persons. We will respond as quickly as possible. If we need more than one month (from receipt of your request) to respond to your request, we will keep you informed.
10. Security of data collected
We have implemented certain security measures on our Website to prevent unauthorised sharing of or access to information collected and/or received. We have made all possible efforts to build a secure and reliable Website. Please note, however, that the confidentiality of any communication or other material that is sent to us or that we send to third parties through our Website or by e-mail is unable to be guaranteed. We accept no liability concerning the security of the information sent by these methods.
All information you send to us is kept on secure servers. When you have received (or chosen) a password that allows you to access certain parts of our Website, it is up to you to keep this password confidential. We ask you not to share your passwords.
11. Keeping your information
The information we collect will be kept as long as necessary to achieve the ends described in section 5 ‘Use of your information’ above and in accordance with the applicable legislation on data protection.
When determining the pertinent record-keeping periods, we take into account factors such as:
- Our contractual rights and obligations relating to the information concerned;
- Time-barring periods by virtue of the applicable law(s);
- Our legitimate interests when we have conducted tests to weigh up interests, which implies analysing the legitimacy of our interests in relation to the interests, rights and freedom of the persons concerned;
- The guidelines issued by the competent data protection authorities.
- the processing of your data is necessary for a real or potential legal dispute (e.g. we need information to establish or defend rights), in which case we will keep your data until the end of such a dispute; and/or
- record keeping is necessary to enable us to comply with any legal or regulatory obligation (e.g. for tax reasons), in which case we will keep your data for as long as necessary for this obligation.
We will erase your personal data in a secure manner when we no longer have any use for your information for the ends for which it was collected.
12. External websites
Our Website may occasionally include links to or from Websites of our network of partners, advertisers or affiliates. If you follow a link to one of these Websites and/or applications, please be aware that these Websites and/or applications have their own data protection policies which are beyond our control. They do not form part of the present Policy and we accept no liability for these policies. Please check these policies before sending information to these Websites and/or applications.
13. Consent for the collection and use of your information - amendments to our Policy
We may amend the present Policy at any time, especially to take into account any changes to the law or regulations. Any amendment we make to our Policy will be published on our Website provided to this effect and, where applicable, will be communicated to you by e-mail. We describe these changes in the ‘Amendment History’ tab https://www.epf-fep.eu/eng/page/data-protection-policy.
Please regularly check this page to follow any updates or amendments made to our Policy. By continuing to use our Website following the publication of these amendments to the present Policy you accept these amendments.
The present Policy was last updated 26 October 2018.
14. Contact us
Any questions, comments and requests concerning the present Policy must be sent to Mr Frank Goderniaux by post to the following address: rue Gérard, 35, 1040 Brussels, Belgium; or by e-mail: firstname.lastname@example.org.