PRIVACY & DATA PROTECTION

1. Purpose

The present privacy policy aims at meeting our obligations resulting from the French Data Protection law Act No. 78-17 on Information Technology, Data Files and Civil Liberties dated 6 January 1978, as amended by Act No. 2018-493 dated 20 June 2018 on Personal Data Protection (DPA) and from the Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation (GDPR)), which came into application on 25 May 2018, as well as any subsequent amendments or related regulations:

Personal data will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website including its contents and the services offered by us.

Personal data further referred to as Data is defined as any information relating to a natural person who is or can be identified, either directly or indirectly, by reference to an identification number or to one or more factors specific to them (Article 4 GDPR). This includes, for example, a person’s name, date of birth, telephone number, email address, social security number and IP address. To determine whether a person is identifiable, all the means that the data controller or any other person uses or has access to must be taken in consideration.

Processing of Data is broadly defined under the GDPR and means any operation or set of operations in relation to the data, regardless of the mechanism used, especially (Article 4 GDPR): collection, recording, organization, storing, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

This Privacy & Data Protection Policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of Data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

2. Information about Us as Controller of your Data

The data controller is ECFIA – Representing the High Temperature Insulation Wool Industry.
The person responsible for purposes of the data protection law is:

Ms Nicola Robinson
c/o ECFIA
3, rue du Colonel Moll
75017 Paris
France
Phone: + 44 7931 963973
Email: dataprotection@ecfia.eu

ECFIA commits to your Data being:

• Collected and processed fairly, lawfully and in a transparent manner,
• Collected for specified, explicit and legitimate purposes, and subsequently processed in a manner that is compatible with those purposes,
• Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed,
• Accurate, complete and kept up to date (every reasonable step must be taken to ensure that Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy)),
• Kept in a form that allows identification of the data subjects for no longer than is necessary for the purposes for which the Data is processed,
• Processed in a manner that ensures appropriate security of the Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

3. Your Rights on Your Data

You have the following rights on your Data:

• To request information from the data controller
  • on whether and how Data will be processed at the time the Data is collected unless you have already received all relevant information
  • confirmation as to whether the Data is to be used;
  • the purpose of the processing, the categories of Data processed and the recipients or categories of recipients to whom the Data are communicated;
  • whether the Data will be transferred outside the European Economic Area (EEA);
  • the communication, in an accessible machine-readable format, of processed Data and of any available information as to their origin; and
  • information on, and how to object to, the logic involved in the processing.
• When the processing of your Data is based on your consent, to withdraw said consent at any time and oppose the future processing of your Data
• Request the data controller to rectify, complete, update, block or delete Data relating to them that are inaccurate, incomplete, equivocal, expired, or whose collection, usage, disclosure or retention is prohibited

In addition, the data controller is obliged to inform all recipients to whom it discloses Data of any such corrections, deletions, or restrictions placed on processing the same. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

These rights can be accessed by addressing a written request to the following email address: dataprotection@ecfia.eu

You also have the right to file a complaint to the French Data Protection Authority (Commission Nationale de l’Information et des Libertés (CNIL)) about the rights mentioned above, either on

https://www.cnil.fr/fr/plaintes/

or by contacting:

Commission Nationale de l’Information et des Libertés  3 Place de Fontenoy – TSA 80715 – 75334 Paris CEDEX 07 ; phone + 33 1 53 73 22 22.

4. Information on Data Processing

We will limit Data collection to a minimum.

The legal basis for our data processing is based on your voluntarily granted consent. Consent can be given either in writing or by a click-through if given over the internet.

Furthermore, we may process Data for the following reasons (Article 6 GDPR.)

• Compliance with any legal obligation to which the data controller is subject
• Protection of your life or that of any other natural person
• Performance of a public service mission
• Performance of a contract to which you are a party (or of steps taken at your request before entering into a contract)
• Pursuit of the data controller’s or data recipient’s legitimate interest, provided that it is not incompatible with the interests or fundamental rights and liberties of you.

Occasionally, we may also use information about you from other sources and add it to the information held by it. In particular, this includes information from public directories (e.g., commercial registers). We will not use your information for purposes that are not clear when you provide your details and will not use information held on you for commercial purposes.

4.1. Collection, Nature, Purpose and Storage of Data

a) When Visiting the Website

When visiting the website www.ecfia.eu ,the browser used on your device automatically sends information (such as IP address, date and time of access, name and URL of retrieved file, status of access, etc.) to the server of our website. This information is temporarily stored in a so-called log file. The information is collected without your intervention and stored until automated deletion. This is necessary for a trouble-free connection to and a comfortable use of the website.

In addition, ECFIA’s website provider uses cookies and analysis services when our website is visited. Further details can be found under No. 5 and 6 of this policy.

The information that our website collects in this process will not identify you as an individual. We do not seek to identify individual visitors unless they volunteer their contact details through one of the forms on the site. Data will therefore be only collected if you have provided them voluntarily while contacting us via the contact form on the ECFIA website or sending us emails.

b) By Using the Contact Form

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. We will collect the following information:

• Last and first names (mandatory)
• Name and contact details of the company (optional)
• Function within the company (optional)
• Phone number (optional)
• Valid email address (mandatory)

The information is necessary to allow us to answer the request. Additional data can still be collected by us if you choose to fill the optional fields of the web form.

The Data collected for the use of the contact form will be stored for the time necessary to provide the information/service required or until the expiration of any subsequent storage periods (according to contractual, fiscal or other legal storage periods).

For technical reasons the software of our homepage stores all information that the user has provided via the form plus the IP address, date and time of usage.

c) Contacting us by Email

Data that you send to us by email will be used for the purposes of communication and data exchange and future promotional purposes. These data are stored as long as their processing is required for these purposes or until expiration of any subsequent storage periods (according to contractual, fiscal or other legal storage periods). Your Data will not be used for commercial reasons.

4.2. Disclosure of Data

We will not disclose your Data outside ECFIA, except to service providers acting on our behalf in which case we will ensure that service providers are bound to the same obligations as ourselves. We may disclose Data in other very limited circumstances, for example, if:

• you have given your express consent,
• the disclosure is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing the data,
• in the event that disclosure is a legal obligation,
• this is legally permissible and is required for the settlement of contractual relationships with you.

4.3. Data Transfer outside the EU

We can call on service providers established outside the European Union, for software supply or data hosting, among other things. We commit to only contracting with such service providers if they present sufficient guarantees in terms of security and data confidentiality and verify this throughout the contractual relationship.

5. Cookies

Our website provider uses cookies on different pages to make your visit on its website attractive and to allow the use of certain functions. It also uses the collected information for improving its website. Furthermore, we use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimising its communication (see Section 6)

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when visiting our website. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. Most of the cookies our website provider uses are deleted from your hard disk after ending the browser session (session cookies); other cookies stay on your computer and allow us to recognise your computer at your next visit (permanent cookies). If you wish to remove them, you can manage this via the settings on your browser, but note that this may impact your ability to utilise this and other websites.

The information that we collect in this process will not identify you as an individual unless you volunteer your contact details through one of the forms on the site. We do not collect any information about visitors that could be used for commercial purposes.

6. Analysis Tools

We use the open-source software Matomo (formerly known as Piwik) to analyze the usage of our website. Matomo uses cookies (see section 5) to collect information about your use of the website, including your IP address, the pages you visit, the time and date of your visit, and other related information. The information collected by Matomo is stored on our servers and is not shared with any third parties.

We use Matomo to improve the user experience on our website and to optimize our communication. The legal basis for the use of Matomo is our legitimate interest in analyzing the usage of our website (Article 6(1)(f) GDPR).

The information collected by Matomo is used to generate statistical reports about the usage of our website. We do not use the information to identify individual users, and we do not combine the information with any other data that could be used to identify individual users.

You can prevent the collection of data by Matomo by setting your browser to block cookies (see section 5). Additionally, you can opt-out of the collection of data by Matomo by clicking on the following link: [insert opt-out link]. This will set an opt-out cookie that will prevent the collection of data by Matomo on our website.

For more information about Matomo and its data collection and processing practices, please visit the Matomo website at https://matomo.org/privacy/.

7. Privacy of Minors

We do not knowingly collect or solicit any information about persons under the age of 16 or knowingly allow such persons to submit Data to us. Our website and its contents are not aimed at children under the age of 16. If we discover that it has collected Data from a person under the age of 16 without the consent of the guardian, it will delete that information as soon as possible; unless required by law to keep the Data.

8. Data Security

We take physical, technical and administrative security measures to protect your Data against loss, misuse, unauthorised access, disclosure and alteration. These security measures include regular backups, firewalls, data encryption, physical access restrictions to its data centre, and permission control to access data.

The data controller and data processor keep a register of data processing activities. The register must contain the following information:

• A general description of the measures aimed at ensuring a level of security appropriate to the risk in particular with regard to the processing of special categories of personal data,
• An indication of the legal basis of the processing including any intended transfers of Data.

9. Updating and Changing this Policy

We may adapt our Privacy and Data Protection Policy as a result of the further development of its website or due to changes in legal or official requirements. The current policy can be viewed and printed by you at any time.

10. Contact

If you have any questions about our Privacy & Data Protection Policy, wish to exercise one of your rights such as seeing a copy of the information that we hold about you, or you think that information we hold about you may need to be corrected, or you want all or any part of the information be deleted, you wish to object to the processing on legitimate grounds, please contact us with the enquiry topic „Privacy and/or Data Protection“ at  dataprotection@ecfia.eu or send a signed letter addressed to the office of ECFIA as indicated above.

Sources:
This Privacy and Data Protection Policy has been drafted by ECFIA, it has made use of the following sources:

• https://www.cnil.fr/professionnel
• Data protection in France: Overview by Myria Saarinen, Elise Auvray and Floriane Cruchet, Latham & Watkins; Practical Law Country Q&A 6-502-1481 (2018)
• Model Data Protection Statement for Anwaltskanzlei Weiß & Partner